Islamic Republic Of Afghanistan Kabul University Computer science
Download
Report
Transcript Islamic Republic Of Afghanistan Kabul University Computer science
Islamic Republic Of Afghanistan
Kabul University
Computer science Faculty
Proposal
Implementing LAN Kabul University
Kabul Afghanistan.
Design and Documentation By:
Computer Science Student
Third Class
CONTENTS
PROPOSED Systems
Map
Servers
Design
PROPOSED SYSTEM
The proposed system is capable of meeting all
requirements of Kabul University and eliminates
the drawbacks, which makes LAN efficient and
highly secure and demanding.
It will also result in reduced operating cost and
significant improvement in the ability of
organization to provide more improved and
quick services to users and consequently, to
general public.
ADVANTAGES OF PROPOSED
SYSTEM
Security:
Now days in world of I.T the main concern of
organizations from all over the word is security. There
are two different aspect of security. One focuses mainly
on external threats and other on internal threats with in
the organization. The internal network must be protected
from both these threats. The LAN must be kept highly
secure and in order to ensure that all the important data
and valuable asset of organization are hidden from the
snooping eye.
The proposed system is highly secure and it will impose
all security measures for external and internal threats. It
will consist of strong firewall protection on the gateway to
internet and external access. Network will be controlled
from centralized location using active directory domain.
Centralized control
Proposed system is constructed on the
principle of centralized controlled i.e. the
whole network operation is controlled from
a central location. This will give granolas
control to the system administrator over all
the network resources and no one will be
able to miss use any important assets of
the organization without proper permission
over it.
GREATER PROCESSING SPEED
The proposed system will be constructed
using the latest and fasted technology
available in the market due to which end
users will experience greater processing
speed both in the LAN as well as WAN
side access. Response time will increase
where as decreasing the delay time.
FASTER INFORMATION
RETRIEVEL
Important information will always available
to users in no time. A separate servers is
responsible of hosting different information
and will be capable of handling all users
request smoothly thus minimizing
response time.
99.99% data availability & uptime
The proposed system will be constructed
in such a manner that ensures 99.99%
data availability & uptime. Latest
equipments and technology will be used in
order to achieve this goal.
FLEXIBILITY
The proposed system is very flexible
system and is capable of accommodating
any change that occurs in future both in
the physical and logical layout of the
Building
BETTER ACCURACY AND
IMPROVED CONSISTENCY
Some times information system projects
are initiated to improve the accuracy of the
processing data or ensure that a
procedure prescribing how to do a specific
task is always followed. I f properly
designed and implemented, there is no
change of error on part of computer, A
computer can maintain accurate and
consistent database, hence resulting in an
improved performance.
RELIABILITY
A high degree of reliability is designed in
the system by incorporating good internal
controls.
Map
Map
Faculty Map
Server Farm
DMZ
Domain controller
A collection of computers & servers that are part of the
same centralized database .
Centralized User/Group Authentication -the ability to
log on one .
time and access resources throughout the domain.
Centralized Security -the ability to control the
user/computer environment, from one computer, across
the whole network .
Searchable Database of resources including users ,
computers ,shared folders printers and more.
Very Scaleable - small companies and large companies
Backup domain controller and
secondary DNS
IF a problem occur with server that has
install domain controller and primary DNS
administrator also capable to manage and
control network without a problem.
DNS server
In using of domain it is necessary to use
DNS-server.
This server change ip to name and name
to ip.
For flexibility user used from name instead
of IP.
Log server
It use for monitoring of network.
This server store all information that
occur in the entire network.
For example: if someone want hack
our network it will be store in log server
so we can find hacker.
FTP server
It is use for uploading and downloading
files in network.
In this server, permission create that who
can upload and download data in specific
size of information.
File server
It use for storing data.
This server contain all information and
books for every faculty.
It contain folders for every subject.
Administrator determine who (students
and teachers) should use which folder.
WSUS server
If use license OS .
It is necessary for get updating
You will read how to update and configure
Automatic Updates on client workstations
and
servers that will be updated by WSUS
SQL server
It provides an environment used to
generate databases that can be accessed
from workstations, the web, or other media
such as a personal digital assistant (PDA).
It is used for Kabul-University database
that contain all information about students
and teachers.
Exchange server
Also called mail server.
It make local mail if source and destination
are in same domain.
It make mail secure and fast forward.
Administrator can reset password if user
forgot password.
SMTP server
A SMTP relay is a machine that will accept incoming and
outgoing emails and that will then forward them on to their
configured destinations.
Increases security by preventing Internet SMTP servers from
directly contacting the Exchange Server.
Can filter inbound email for viruses or SPAM BEFORE they
reach the Exchange Server.
Can filter outbound email for viruses before they are sent over
the Internet.
Decreases the workload on the Exchange Server by taking care
of CPU-intensive tasks before forwarding the email on to the
Exchange Server.
Can be configured to provide a secure, SMTP server so that your
remote users can send email over the Internet when they are out
of the office.
Proxy server
For security, legal compliance and also monitoring
reasons, in a business environment, some enterprises
install a proxy server within the DMZ.
Obliges the internal users (usually employees) to
use the proxy to get Internet access.
·
Allows the company to reduce Internet access
bandwidth requirements because some of the web
content may be cached by the proxy server.
·
Simplifies the recording and monitoring of user
activities and block content violating acceptable use
policies.
Reverse proxy servers
A reverse proxy server provides the same service as a
proxy server, but the other way around. Instead of
providing a service to internal users, it provides indirect
access to internal resources from an external network
(usually the Internet). A back office application access,
such as an email system, can be provided to external
users (to read emails while outside the company) but the
remote user does not have direct access to his email
server. Only the reverse proxy server can physically
access the internal email server. This is an extra layer of
security, which is particularly recommended when
internal resources need to be accessed from the outside.
Usually such a reverse proxy mechanism is provided by
using an application layer firewall as they focus on the
specific shape of the traffic rather than controlling access
to specific TCP and UDP ports as a packet filter firewall
does.
Vioce server
Because using of Ip-telephony it is need
for control of calls and signalings.
Web server
Web server may need to communicate
with an internal database to provide some
specialized services.
It has information and news about KabulUniversity that other people can aware.
VPN server
It is used for client that from outside of
network want access.
The access is secure and fast.
There is software base vpn but it make
load to network.
Also can configure this server in firewall if
it support this.
Anti Virus server
It runs anti virus software in all computer
that are under control of domain.
It also send update anti virus software to
all computers in specific time.
It use less bandwidth during update time
for all clients.
OSPF protocol
The biggest advantage of OSPF is that it is efficient; OSPF requires
very little network overhead even in very large networks. The
biggest disadvantage of OSPF is its complexity; OSPF requires
proper planning and is more difficult to configure and administer.
OSPF uses a Shortest Path First (SPF) algorithm to compute routes
in the routing table. The SPF algorithm computes the shortest (least
cost) path between the router and all the subnets of the network.
SPF-calculated routes are always loop-free.
Changes to network topology are efficiently flooded across the entire
network to ensure that the link state database on each router is
synchronized and accurate at all times. Upon receiving changes to
the link state database, the routing table is recalculated.
As the size of the link state database increases, memory
requirements and route computation times increase. To address this
scaling problem, OSPF divides the network into areas (collections of
contiguous networks) that are connected to each other through a
backbone area. Each router only keeps a link state database for
those areas that are connected to the router. Area border routers
(ABRs) connect the backbone area to other areas.
Juniper Firewall
For security of network and prevent of
hacking we install hardware firewall.
Juniper model 5600 is very public today.
It can support proxy server and reverse
proxy server.
Design
Servers:
LAN will include Domain controller, Backup
domain controller, DNS, Log server, FTP Server,
File Server, WSUS server, SQL server,
Exchange server, SMTP server, Anti virus
server, Web servers, VPN server and Anti virus
server.
All servers have install Unix Os.
Design
Add redundant router in NOC.
Add redundant swiths in NOC.
Use redundant UPS in server form.
Add muliplixer, camera and other devices
for video conferancig in server farm of
every faculty and connect to swith.
Add voip device in every faculty.
Use OSPF protocol.
Design
Add patch panel in every faculty and connect two core of
fiber optic cable for power redundancy and load
balancing.
Map one public in NOC router ip address for every video
conferancig device in each faculty that can use video
services.
In NOC router configure bandwidth that every faculty
use specific bandwidth during using of internet.
Configure DHCP in every switch faculty.
Configure NAT mechanism in NOC router.
Design
Remove previous firewall , because
network is secure and they make load.
It is use duel firewall so need two same
juniper firewall.
Configure QOS and periority in swiths and
routers.
If do not use this kind of firewall may need
proxy server and reverse proxy server.
Prepared by:
Fatima ‘Afzali’
Farangis ‘Jamalzada’
Diana ‘Farahmand’
Zahra ‘Shefa’
Zarmina ‘Addel’
Jamila ‘Jalalzai’
Arezo ‘Muahmadi’
Sediqa ‘Ahmady’
Mushtary ‘Khawjazada’
Aria ‘Kazim’