Recommended Network Solution For Continuous Company

Download Report

Transcript Recommended Network Solution For Continuous Company

Recommended Network Solution
for Continuous Company
Kaplan University Group A
Consulting, Inc (KGAC)
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
1
Wired and Wireless
LOCAL AREA NETWORK
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
2
Setting Up A Wireless LAN
This is to evaluate the role
which wireless
networking technologies
might play in your
organization's overall
networking solution. It
also helps you to
understand the hardware,
software, and planning it
will take to implement a
wireless network.
Image © Microsoft Corporation
Figure 1. Evaluating a plan
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
3
Understanding A Wireless LAN
While wires are the traditional
medium for creating networks,
they aren’t always the best.
Wireless networking is a viable
and affordable alternative to
traditional wired networks that
gives you the same benefits
without cumbersome and limiting
wires.
In a wireless network, all of the
computers broadcast their
information to one another using
radio signals. This can make
networking extremely easy,
especially when you have
computers throughout your office.
Image © Microsoft Corporation
Figure 2. Wired Network
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
4
Understanding A Wireless LAN
When you don’t have to work
with wires you can more easily
reconfigure your office space
as your company grows and
changes, and you can also
extend connectivity to new or
visiting staff quickly and
easily. A wireless network
gives employees increased
mobility and allows them to
share files, printers, other
computing devices, and
Internet access without wires.
Image © Microsoft Corporation
Figure 3. Wireless Network
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
5
Understanding A Wireless LAN
For example, your staff can use
laptops with a wireless network
card at a conference room table
and still be connected to your
network—without worrying about
whether the conference room is
actually wired for access. From
their networked computer they
can share files, printers, and
Internet access just as they would
if they were connected to the
LAN (Local Access Network)
with wires. Meetings can be more
productive as participants have
access to the information they
need when they need it and can
begin work on, if not complete,
action items right in the meeting.
Image © Microsoft Corporation
Figure 4. Working on a wireless network
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
6
Plan It
As you consider wireless
networking as a LAN
solution you should first
assess its suitability for your
organization and then
investigate what it will take
to integrate wireless
technologies with your
existing infrastructure. Once
you’ve determined that
wireless is a viable solution,
you can begin to formulate
your customized wireless
plan.
Figure 5. Planning
Image © Microsoft Corporation
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
7
Plan It
No technology solution, regardless of its
application or potential, is a good solution for
your organization if it doesn’t meet a need,
improve productivity and efficiency, or otherwise
contribute to your Return on Investment. As you
consider wireless networking as a LAN solution
you should first assess its suitability for your
organization and then investigate what it will take
to integrate wireless technologies with your
existing infrastructure. Once you’ve determined
that wireless is a viable solution, you can begin to
formulate your customized wireless plan.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
8
Assess the Fit
A wireless network has
several major
advantages over a wired
network. As you review
them, consider how they
might benefit your
organization.
Image©Microsoft Corporation
Figure 6. Capabilities of connecting with outliers
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
9
Assess the Fit
• Reduced cost of installation. It can be expensive to wire
your building with Category 5 cabling to enable Ethernet
capability or extend your existing capabilities. It may be
significantly less expensive to install wireless access points
and enable wireless support for notebooks, desktops, and
printers (discussed in the Do It section).
• Flexibility. If you regularly expand or reorganize your
office, or need to accommodate a variety of network
configurations, the rapid transition time from one
configuration to another that wireless provides can help
reduce your network down time. In addition, you won’t
have to incur the costs associated with rewiring office
space.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
10
Assess the Fit
• Convenient information access. The most exciting advantage of wireless
networking is the ability to extend access to key information to any
member of staff from anywhere in the office, even when they are not
physically connected to your wired LAN.
• Do members of CC staff regularly work away from their desks or
stations, but could benefit from anytime-anywhere access to
important data?
• Could you improve productivity by increasing access to important
company systems?
• Do you have business processes you could streamline by reducing time
wasted gaining access to the wired LAN?
As you begin to understand how wireless networking might play a role in
your larger networking solution, you should next consider what integration
points you’ll need to address for the solution to work.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
11
Assess the Integration Points
To evaluate your current general networking
capabilities and your future networking needs
with wireless integration in mind, ask yourself the
following:
• How is your current networking infrastructure
configured? How many workstations, offices, and
conference rooms are connected to the network?
How many are not connected that you would like
to connect?
• How many people use the computers and
communications systems in your company now?
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
12
Assess the Integration Points
• Does your staff conduct business at locations
away from their primary work area?
• What kind of equipment does your staff use?
Are they mobile with notebook computers and
PDAs or do the majority of your workers use
desktop systems? Do those who would benefit
most from wireless access already use
notebooks?
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
13
Formulate the Plan
• After you understand how wireless can improve your business
processes and gain some insight into the necessary integration
points. CC can begin to formulate a business plan for your
wireless solution. The equipment you buy and the way you
configure your wireless network will be driven by your
business needs, business plan and budget, so it is important
you have a clear plan before you spend any money on
hardware, software, and other resources.
• Carefully define all of the ways CC would like to use wireless
networking and related technologies in your organization. If
the company has several ideas for ways wireless can improve
your business write them all down and rank them in order of
importance. Identify a potential pilot program you can use to
test a wireless integration.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
14
Suggestions for Your Company
•
•
•
•
•
•
A network integration system that tracks your orders from the time
you order supplies to the finished product to shipping to the
customer’s door. This system streamlines your business and can be a
real cost saver as it can:
Track your inventory
Order supplies when needed
Keep track of costs and shop for the best prices
Create invoices
Ship your finished product using the most cost effective shipping
method
Notifies when orders have been received by the customer
This system can be delivered over the network at all of your sites so
there is a constant flow of communication between your distribution
centers and the rest of the business
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
15
Do It
Once you have a business plan in place that
defines how you want to add wireless
networking capabilities to your office, you can
start building your wireless network. Wireless
networks are always an extension of your
broadband wired connection. Before the
wireless network is installed, be sure you have
a T1, DSL, or cable, or other broadband
connection in place in your office (Comer,
2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
16
Do It
Step 1: Equip yourself.
• A wireless LAN consists of two main
components: wireless-enabled devices and
wireless access points. Before you can set up
your wireless network, you should acquire at
least one wireless access point—more if your
office space is very large. Then, be sure that
every user who will connect to the network has
a wireless enabled device.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
17
Do It
Step 2: Configure your wireless LAN.
• Install the access point. Connect the access point to your wired LAN
with an Ethernet cable. Use the software that ships with the access
point to assign a network name and an encryption key. We can help
you identify the best place to put your access point and design a
network that will give you maximum range within your building.
There are some other considerations:
• The greater the distance is between wireless device and wireless
access point, the poorer the signal and the slower the connection
(Comer, 2009).
• Make sure that the wireless access point is installed in as open an
environment as possible to reduce interference between the access
point and usage points (Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
18
Do It
• In an open-space environment free of obstruction, access points can
be as much as 300 feet apart. Where walls and ceilings jut out, 50
feet is a useful maximum range. Be sure to turn on and properly
configure your wireless access point security settings so your
internal network and the data that flows across it are inaccessible by
the rest of the world (DeLaGarza, 2010).
Activate the connections.
• Next, turn on the wireless access point, activate the wireless
connections for your devices, and verify that they are all
transmitting a wireless signal.
Connect other devices to the wireless network.
• Other devices like printers and PDAs use different methods to make
a wireless connection. Review your device manuals for specific
instructions on how to connect each one.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
19
Do It
Step 3: Test your setup.
• Once we set up your wireless network and devices, you
should test your new wireless setup. You will want to
make sure everything is working before you go live.
With several users and devices, work up a realistic
scenario for an exchange of data such as email and
large files over the wireless LAN. Using link test
software provided by vendors, you should test for the
percentage of data sent correctly, the time it takes to
receive a response from the destination device, and the
strength of the transmitted signal (Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
20
Do It
To start with, based on the size of the company and the fact
that the company has several manufacturing facilities as well
as public storage facilities, we will wire the main facility with
Cat 5e wiring for Ethernet capabilities and the manufacturing
facilities with wireless access points as the main bulk of the
computer and Internet access will be needed at the main
facility as the Finance, Operations, Distributions, Sales and
Marketing, and Logistics departments will be located there.
The manufacturing facilities will be equipped with wireless
access points in areas of Receiving, Shipping, and Customer
Service. The open warehouse styling of the manufacturing
plants make them ideal for wireless access points as opposed
to a wired network which is more suitable to the main office
building. This is also a cost saving measure.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
21
Do It
We will use Cat5e twisted pair cable which is ideal for
required data rate and aids noise reduction. The reasoning
behind this is as follows:
Cat5 vs Cat5e
• Network support - CAT 5 cable will support the10BASE-T
and 100BASE-T network standards. This means the
network will be capable of 10 Mbps or 100 Mbps data
rates. CAT 5e is an enhanced version of Cat5 that adds
specifications for crosstalk (see below). Cat5e cable is
completely backwards compatible with Cat5, and can be
used in any application in which you would normally use
Cat5 cable. However, the added specifications of Cat5e
enable it to support Gigabit Ethernet (1000BASE-T), or
networks running at 1000 Mbps (Frank, 2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
22
Do It
• Crosstalk - Crosstalk is the "bleeding" of
signals between one cable into another, due to
a process called induction. This effect can
result in slow network transfer speeds, and can
even completely block the transfer of signals
over the cable. Cat5e cable has been improved
over Cat5 cable in this respect, and crosstalk
has been greatly reduced (Frank, 2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
23
Do It
• Bandwidth - The bandwidth of a given network media
is its information carrying capacity. The greater the
bandwidth of a system, the faster it is able to push data
across a network. Cat5 is rated at 100 MHz while Cat5e
is rated at 350 MHz. This coupled with other more
stringent specifications makes Cat5e ideally suited for
networks which plan to operate at Gigabit Ethernet
speeds (Frank, 2010).
• Bottom Line: Since we plan on Gigabit Ethernet, we
are going with Cat5e. Also, the small increase in cost of
Cat5e over Cat5 is negated by the ability to increase
network speeds in the future.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
24
Do It
•
A Star topology is going to work best with
your network both in functionality and
appearance. The system will be easy to
troubleshoot should problems arise. It is
easy to install and wire. You can also
connect or remove devices without
disruption to the network. This involves
the computers being connected to a single
hub or switch. The hub device receives the
incoming data from a computer and routes
it to the proper receiving computer. It is a
topology which seems to work well with
computers in different offices and the hub
locked away in a closet which also
increases security. Another advantage to
this topology is the ability to expand on
the network so the system is cost effective
and will grow with the company (Comer,
2009, Exforsys, 2010).
Image © Exforsys
Figure 7. Star Topology
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
25
Do It
To have a successful IT integration it will be necessary to plan
a structured environment for the cabling system and have a
detailed plan of the hardware infrastructure. Not only is it
important for a company to have a decent plan to organize the
cabling and equipment installed locations it is important that
the equipment be pleasing to the eye. In our plan for the
structured cabling environment, we plan to have one room
dedicated on each floor for the sole purpose of housing the
data, telephone and CATV equipment in the buildings. For
practical reasons it is important the rooms be directly above
and below one another so it will be easier to network the
equipment together in the closet using patch panels, but more
importantly to tie the closets to one another using tie cables
(Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
26
Do It
When all of the cabling is brought to the
dedicated equipment rooms located on each floor,
it is important that the cabling is organized and
does not present a health and safety hazard. This
assists in quick network incident resolution and
makes a safer workplace for the company
employees. To bring the cable into the room we
will use Panduit cable trays. This will allow the
cable to be brought into the room in an organized
fashion. Once the cable is laid in the trays it will
be brought down to a Panduit cabinet (Panduit,
2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
27
Do It
• We will be using the c1
cabinet in each room.
This cabinet gives us the
design we need to house
all our Panduit patch
panels and house our
network devices on each
floor. Once the cabling is
patched into the system, it
will be necessary to tie the
floors together using 25
pair tie cables (Panduit,
2010).
Image © Panduit
Figure 8. c1 cabinet
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
28
Do It
To tie the cabinets together on each
floor we will be using 66 blocks. 66
blocks allow the rooms to be tied
together to the main closet which will
house multiple racks and cabinets.
The main closet, located on the first
floor of each building, will house the
equipment in the most efficient and
aesthetically pleasing way. Having a
well organized closet will allow
savings to be made in labor costs due
to fault finding and maintenance.
Instead of a maintenance call taking
two to three hours in an unorganized
closet, the time can be significantly
reduced so the business can resume
normal operations (Panduit, 2010).
Image © Panduit
Figure 9. Server closet
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
29
Do It
The network system that I
have chosen for our
company is ORiNOCO. We
believe it is a Network
application that is well
suited to this function. It
offers security with
encryption, proven network
functionality and will
support all hardware
included in this
recommendation, including
mobile telephones. (Proxim,
2010).
Image © Proxim
Figure 10. Proxim ORiNOCO AP-8000 Router
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
30
Do It
The WEP function offers encryption of data transmissions,
using a method specified in the IEEE 802.11 standard. This
will create on the wireless paths in a LAN network the
equivalent privacy as is present on the wired (Ethernet)
paths in the network (Proxim, 2010).
When planning to setup an ORiNOCO network using WEP,
the following general guidelines apply: It is recommended
to setup the system such that it only allows encrypted data
transmissions; such a system requires Silver cards in all
participating stations and in all WavePOINTs, as well as
knowledge of the encryption key(s) at all participating
stations (ORiNOCO, 2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
31
Do It
It is possible to allow users who cannot support
encryption to use the network; in such a system, nonSilver cards can be used. To support users who do have
encryption capability, it is required that all
WavePOINTs have encryption enabled and are
equipped with Silver cards (ORiNOCO, 2010).
As is common with other similar solutions,
management of the encryption keys will need to be
centrally managed by an approved party. Changes to
this will require an operational key, which prevents
users from making any system-wide changes.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
32
Do It
Changing of encryption keys over time will
require manual reconfiguration of
WavePOINTs and of the ORiNOCO drivers in
the user stations; in most cases, the
reconfiguration of the user stations needs to be
done at the station itself (ORiNOCO, 2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
33
Use It
Data exchange on a wireless network functions just like
data exchange on a wired network. However, because
wireless communications are transmitted through the
air rather than over a closed cable, you will need to
implement some wireless-specific security measures to
ensure that your wireless communications are as secure
as your wired communications. Wireless solutions use
three primary tactics to maintain network integrity
(Comer, 2009):
• MAC addressing
• WEP encryption
• Traditional VPN security
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
34
MAC Addressing
MAC (media access control) addressing restricts network
access to authorized devices by assigning a unique hardware
identification number to each network card. The network
access point can be configured to communicate only with
approved MAC addresses, and it maintains these approved
addresses in a password-protected table. Any attempts to
access the wireless network by devices with unauthorized
MAC addresses are denied. You shouldn’t purchase a
network access point that doesn’t have support for MAC
addressing, and MAC addressing bindings should be
enabled during the initial installation and configuration of
the wireless access point. Acceptable quality wireless access
points should always have support for MAC addressing
(Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
35
MAC Addressing
We will use a universally administered address that is
uniquely assigned to a device by its manufacturer; these
are sometimes called "burned-in addresses" (BIA)
(PGP, 2010). The first three octets (in transmission
order) identify the organization that issued the identifier
and are known as the Organizationally Unique
Identifier (OUI). The following three (MAC-48 and
EUI-48) or five (EUI-64) octets are assigned by that
organization in nearly any manner they please, subject
to the constraint of uniqueness. The IEEE expects the
MAC-48 space to be exhausted no sooner than the year
2100; EUI-64s are not expected to run out in the
foreseeable future.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
36
MAC Addressing
The basic reasoning to using a universally
administered address is a security reason: a
locally administered address would be created
by a network administrator which can be
vulnerable to security breaches and has a
greater possibility of outside hacking (PGP,
2010)
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
37
Encryption
Once they access the network, wireless products
use WEP (wired equivalent privacy or wireless
encryption protocol) encryption to keep your data
transmission safe. The WEP standard delivers the
same security associated with traditional wired
networks. It is a software algorithm that encrypts
data as it is sent and decrypts the data as soon as it
is received, keeping it safe in transit (PGP, 2010).
When you evaluate access points and wireless
network cards, be sure that you can upgrade them
easily as new wireless access standards emerge
(PGP, 2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
38
VPN
The best practice in wireless network security is to
begin your security efforts at the front door to the
network. You can use Virtual Private Network (VPN)
technology to control which users outside of your
system have access to it. A VPN is a gateway to your
network that authorized external users who are not in
the building or working from home have to pass
through before they can access any part of your
network, wired or otherwise. Before anyone gets to
your wireless network, they should have to log onto
your VPN and pass its authentication requirements
(Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
39
VPN
Organizations that allow remote access to
networks almost always use VPN to control that
remote access. VPN isn’t a new technology and
there are many resources and tools available to
help you get one set up. Don’t look at VPN as a
barrier to a wireless network, but rather as a
security feature that will protect your network.
Combined with MAC addresses and either WEP
or new wireless LAN protocols, VPN can make
your network extremely secure (Comer, 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
40
Leave no site behind
WIDE AREA NETWORK
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
41
What will be covered?
• Current Continuous Company (CC) Set Up
• Finalized Requirements
• Recommendation
– How to connect the sites
• Physical Setup
• Logical Setup
– Security Considerations
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
42
CC’s Current Set Up
Figure 11. Corporate Offices, Factories and Sales Offices. This figure illustrates how each site type is not
connected.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
43
Finalized Requirements
• Connection between all sites
– Corporate Offices
– Factories
– Sales Offices
• Critical Connections
– Between Factories and Corporate Offices
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
44
Connecting Locations
PHYSICAL
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
45
Business Critical Site Selection
Figure 12. Leased Line through the Internet.
Figure 13. Leased Line with Dedicated Circuit.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
46
Connecting other Factories
and Corporate Offices
Figure 14. Corporate Offices and Factories. This figure illustrates how each site will be connected to the respective locations.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
47
Leave No Site Behind
• Sales Offices
– Will not have Leased Lines
– Will connect to the Main Corporate Office site
through a VPN.
• Traveling Field Sales Reps
– Will connect to the Main Corporate Office site
through a VPN.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
48
Connecting People
LOGICAL
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
49
Virtual Private Network
• Hardware
– Cisco Routers
• Software
– Cisco IOS
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
50
It’s no longer just about hardware and software
SECURITY
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
51
Ignorance Is Not An Excuse
• Staff Training
– How to Access the VPN
– Basic Security
• Passwords
• Social Engineering
• Loss of equipment
– Laptops
– Phones
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
52
If I could teach the world to sing...
UNIFIED COMMUNICATION
NETWORK
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
53
What will be covered?
• Current Continuous Company (CC) Setup
• Finalized Requirements
• Recommendation
– AVST’s Call Express
– Disaster Recovery and Fault Tolerance
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
54
CC’s Current Phone System
• PBX
– Located in Main Corporate Office System
– Uses RJ-11 Connectors
– Connects to the PSTN
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
55
Recommendation
• Unified Communication Network
– Interconnect phone between buildings through
VPN and WAN
– Handles phone features, voice mail, instant
messaging, SMS, video conferencing, and faxes.
– Uses LAN for all data traffic
• RJ-45 Connectors
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
56
AVST CallXpress
•
•
•
•
•
•
•
•
Disaster Recovery and Fault Tolerance
Voice Messaging
Automated Attendant
Call Completion
Personal Call Management
Voice Libraries
Fax Libraries
Interactive Voice Response and Speech
Recognition
• Voicemail
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
57
Disaster Recovery and Fault Tolerance
• System Server
– Installed in one Main location
– Centralized server for administration
• Call Server
– Installed at each site
– Handles phone connections
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
58
Disaster Recovery and Fault Tolerance
(cont.)
• Neverfail High Availability Server
– Works with System Server
– Kicks into life when System Server fails
– Configuration files, voice mails, phone numbers are
exact matches to the System Server
• Disaster Recovery Server
– Placed in different location than System Server and
Neverfail High Availability Server
– If System Server AND Neverfail High Availability
Server fail, this server is logged into and configured to
run the communication network
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
59
Server Location Recommendations
• System Server
– Corporate Office (Main)
• Neverfail High Availability Server
– Corporate Office (Main)
• Call Server
– All sites that will be integrated into the communication
network
• Disaster Recovery Server
– Placed in another state, different site than Corporate
Office (Main).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
60
Recommendation: Cisco
STORAGE AREA NETWORK
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
61
Benefits and Features
• Multi-protocol storage networking
• Unified OS and Management tools for reduced
opex
• Enterprise-class storage connectivity
• Services-Oriented SANs
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
62
What this system provides?
•
•
•
•
•
Disaster Recovery / Business Continuance
Virtualization
Security
Consolidation
Data Mobility
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
63
Increase Data Center Efficiency
Solutions
•
•
•
•
Providing efficient SAN consolidation
Offering investment protection
Addressing data integrity concerns
Participating in the Cisco Energy Assurance
Program (“Cisco Storage Area Networks,”
2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
64
Disaster Recovery/Business
Continuance Solutions
• Synchronized /asynchronized distributed data
centers extension
• Continuous data replication (CDR) and
continuous remote replication (CRR)
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
65
Security
• Storage Media Encryption (SME)
• Secure Erase
• Link Encryption
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
66
Consolidation
• Reduce business risks
• Improve agility
• Reduce costs
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
67
Data Mobility Features
• No configuration changes to the host, the
SAN, or the array
• Minimal disruption to the application
• No need support from systems, database, or
applications administrators (“Cisco Storage
Area Networks,” 2009).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
68
Recommendation: Microsoft Server 2008 R2
NETWORK OPERATING
SYSTEM
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
69
Reliability and Scalability Features
•
•
•
•
•
•
Leveraging sophisticated CPU architectures
Increased operating system componentization
Improved performance and scalability
Improved reliability
Improved storage solutions
Improved protection of intranet resources
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
70
Virtualization – Hyper V
•
•
•
•
•
Increased availability
Improved management for virtual data centers
Increased performance and hardware support
Improved virtual networking performance
Simplified method for physical and virtual
computer deployments
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
71
SECURITY
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
72
Security
• Provide secure communications
– Stop utilizing free email
– Stop utilizing fax machines
– Stop utilizing the US Postal Service
• Proper security will be addressed and enforced
by the implementation of corporate security
strategies and policies.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
73
Security
• Remote access to the corporate network from the US, Canada, and
Mexico will be permitted by the security solutions.
• Authenticate remote connections at several layers of the ISO/OSI
Reference Model.
– The International Standards Organization (ISO)
Open Systems Interconnect (OSI) Reference Model, per Curtin (1997),
provides seven layers of communication types which are
generally presented in a vertical list. (Security Table 1)
– The application layer will provide the most security.
However, Curtin (1997) provides that security can be
provided at the session and transport layers also.
Security Table 1
Application
Presentation
Session
Transport
Network
Data link
Physical
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
Security Table 1
Curtin (1997)
74
Security Issues to Consider
• There are many issues to consider when
implementing LAN and WAN solutions.
• Without proper consideration, a gap in security
may inadvertently be created rendering the
network vulnerable.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
75
Security Issues to Consider
Lessons To Be Learned
• The Alberta, Canada Department of Education
(1999) provides that security risks include:
– The disclosure of private and confidential information due
to unauthorized network access.
– The willful damage or modification to corporate databases
– Damage or modification to CC’s databases could lead to
lost productivity, customer information and legacy sales
data.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
76
Security Issues to Consider
Lessons To Be Learned
• Alberta study continued:
– The willful tampering with network services in an attempt
to interrupt the resources provided on the network.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
77
Security Strategy
• KGAC’s security strategy recommendation is
based on ISECT.com (2004) white paper, “A
6-step strategy for Information Security
Management”.
• ISECT provides the six steps as a best practice
security strategy.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
78
Security Strategy
1) Ensure basic secure measures are not
neglected.
–
–
–
–
–
–
Ensure that all legacy security issues are addressed.
Ensure senior management signs off on the policy.
Ensure that network data is being backed up properly.
Ensure strong user passwords.
Ensure affective virus scanning technologies.
Ensure planned and active management of the network’s
security.
– Track and justify the cost of security.
– Keep management informed.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
79
Security Strategy
2) Analyze information security risks
– By the use of industry standard methods or
outsource to specialist who will facilitate the
assessment.
– CC must accept security responsibility.
– Identify and recognize security breaches. Breaches
include viruses. Analyze the cost of downtime that
the virus caused.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
80
Security Strategy
3) Prepare business case to improve controls.
– Use background data to make the case of the risk
assessment which includes actual breach
information.
– Prioritize improvements vs. the improvements that
will be achieved in terms of risk reduction.
– Don’t always seek to alarm management. These
tactics may not always work.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
81
Security Strategy
4) Initiate an overall information security
improvement program.
– Using the business case, seek management
approval for the security plan.
– Secure the funding.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
82
Security Strategy
5) Manage and deliver the program.
– Just as with all of the network resources, the
security must be watched and management.
– Continuously build out the solution and provide
clear support to managers.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
83
Security Strategy
6) Review progress
– In the effort to continuously identify new risks and
reduce risks, the aspects of the information
security policy must be constantly reviewed.
– Seek additional funding as needed to keep the
network sheltered.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
84
Security Policy
• Company employees are always the biggest
risk to a corporation.
• Per Comer (2009), the first step is to define the
organization’s security policy.
• Provides the corporate policy for:
–
–
–
–
sharing data,
how to properly password protect the computer,
when to shut down the computer, and
proper file sharing and network browsing.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
85
Security Policy
Ensure Corporate IT Control
• Important: No user will have administrator
privileges to install software on their machine.
• Important: All applications and configurations
will be pushed from the Information
Technology department.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
86
Security Application and Hardware
Solution
• Enable security utilizing hardware and
application solutions.
• Per Comer (2009, p. 521) “a firewall protects a
network and its resource from unwanted
Internet traffic”.
• The recommended application solution is
Symantec Endpoint Protection.
• SonicWALL Network Security Appliance
2400MX is the hardware solution.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
87
Security Application and Hardware
Solution
• Symantec Endpoint Protection provides:
– Defense against malware for laptops, desktops and servers.
– Management console for the administrator who can control
the protection of all nodes on the network. Antivirus,
antispyware, firewall, intrusion prevention, and device and
application control.
-Symantec (2010)
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
88
Security Application and Hardware
Solution
• SonicWALL Network Security Appliance 2400MX.
– A the switch which will be utilized for Internet and WAN
connectivity and security.
– Sonicguard.com (2010) provides that the SonicWall provides
“best-in-class threat prevention” across the WAN with:
•
•
•
•
real-time comprehensive network protection (a firewall),
high-speed intrusion prevention, and
file and content inspection.
Furthermore, the network appliance supports VPNs, VLANs, and VoIP. All which will be required for CC’s
network design.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
89
The Firewall At Work
Firewall Animation
© 2010 rad.com
Figure 15. Firewall Animation
The “friendly” data shown in green is permitted within the firewall protected network.
The “foe” data is blocked.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
90
Device Location
• Each CC facility will require a 2400MX for maximum security.
• Cited by Comer (2009, p. 521) in that “an organization that has
multiple Internet connections must have a firewall placed on each”.
• Figure 16. Device Locations provides a visual representation of how
the 2400MX along with the Symantec Endpoint Protection solution
will be deployed.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
91
Device Location
WWW
Internet – Data Circuit
Router and IP address provided by ISP for each location.
US, Canada, Mexico
SonicWall 2400MX Appliance
Local Zone
DMZ Zone
Switch
Switch
Subnets to each division
Wireless Connectivity
for visitors
Printers
Laptops or PDAs
Windows 7 Computers
- Active Directory Authentication
Windows Servers
- Strong password policy
- Database
- Symantec Endpoint Protection
- Applications
- Role-based/Security group
- DHCP Addressing - DNS
access to network
- Active Directory Authentication
- Strong password policy
- Symantec Endpoint Protection
Figure 16. Device Locations. This figure shows a template of how security can applied at each location.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
92
Data Encryption
• Data encryption will be implemented for the VPN connection.
• Per Microsoft (2005), you must use data encryption to ensure
secure and confidential data is sent from the client to the VPN
server.
• The Cisco VPN will be configured to enforce clients connect with
encryption. If the client is not configured for encryption, the
connection will not be allowed, per Microsoft (2010).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
93
IPV4 VS. IPV6
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
94
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• CC currently provides products to customers across most of
North America.
• CC plans to continue to expand its sales force globally and sees
technology as a driving force for its expansion.
• CC must ensure that all business and technical considerations
are hashed out as major technology investments continue to be
made over the next 5 to 10 years.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
95
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• IPv4 is universally utilized for virtually every network
installed.
• Per Comer (2009), the rate by which networks are being
installed continues to double in less than one year.
• Comer (2009) further provides that eventually the expansion of
IPv4 networks will not be possible.
• Hence, the need for the creation of the new IP which is IPv6.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
96
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• Nakajimi and Kobayashi (2003), provide that the 32-bit
address length of the IPv4 address structure can mange IP
addressing for about 4 billion people and there are about 6.3
billion living in the world.
• The IPv6 address structure being based on a 128-bit address
length can be used for more tha5x1028 IP addresses for
everyone in the world, Nakajimi et al. (2003).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
97
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• Considering CC will be expanding globally:
– Ensure that CC is aware of IPv6 and the business implications
and technical issues that will arise should CC need to change to
IPv6 at a later date.
– The availability of IPv4 is a technical issue that CC must
consider.
– As CC expands, the ability to continually obtain IPv4 addresses
from the ISP will diminish and eventually not be possible.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
98
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• IPv6, per Fiuczynski, Lam and Bershad (1998), addresses the
shortcomings of the scalability issues of IPv4.
• Fiuczynski et al. (1998), provides that IPv4 and IPv6 are not
compatible.
– CC must consider that the business investment being made today in
IPv4, will at some time in the not too distant future become obsolete.
– Note: There are protocol translators available that will work to maintain
existing IPv4 solutions, Fiuczynski et al. (1998).
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
99
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• Nakajimi et al. (2003) provide that the authors of IPv6 have created a
translator that enables IPv4 networks to communicate with IPv6 networks.
– To utilize these translators, CC will have to make a significant investment to its
entire global infrastructure.
– Additionally per Fiuczynski et al. (1998) research, the translators will slow down the
network’s performance with bandwidth at 10% slower with the translator.
– Additionally Fiuczynski et al. (1998), provide that the translator is also very
processor intensive.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
100
IPv4 vs. IPv6:
Important Considerations and
Motivation for Change
• CC must consider these scenarios where protocol translation and network
address are applicable:
– New IPv6 sites may need to communicate with IPv4 nodes, i.e., this new site may need to
communicate with IPv4 nodes on the Internet and across its WAN.
– CC will largely have IPv4 sites that it would not want to be forced to upgrade.
• Network services will be required from IPv4 and IPv6 nodes.C
– Therefore, the network should remain IPv4 and a translator can be utilized as the
gateway to CC’s WAN, Nakajimi et al. (2003).
– With the latency issues created by IPv4 to IPv6 translation, CC must consider the impact to the
VoIP solution. However, according to Nakajimi et al. (2003), the translator is capable of
handling VoIP.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
101
IPv6: Motivation for Change
•
•
•
•
Ultimately all networks will be installed utilizing IPv6.
As CC becomes more reliant on VoIP and video to transact its business across the globe,
IPv6 will be the option of choice, because it ensures a stable guaranteed stream for
network video services, Comer (2009).
Comer (2009) provides that IPv6 will enable the creation of more collaboration
applications across groups. IPv6 will be able to accommodate advanced addresses and
routing capabilities permitting packets to be copied to participants in a collaboration
group.
KGAC believes that such technologies will enable CC to continue to grow its sales force
and revenue.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
102
Thank you
We appreciate your time and hope our
recommendation is clear and just what
Continuous Company needs to stay
competitive in your market.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
103
References
Alberta Department of Education, Edmonton (1999). Computer Network Security: Best Practices for Alberta School Jurisdictions.
Retrieved July 8, 2010, from http://www.eric.ed.gov/PDFS/ED429572.pdf
Andrade, D.V., & Resende, M.G.C. (2006). A Grasp for pbx telephone migration scheduling. Proceedings of the Eigth INFORMS
Telecommunications Conference, Dallas, Texas, April 2006. Retrieved on June 30, 2010 from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.69.6383&rep=rep1&type=pdf
CallXpress. (n.d.). CallXpress 8.1 specifications. Retrieved on July 5, 2010, from
http://www.avst.com/callxpress_resource_center/callxpress_platform/callxpress_platform_specifications.asp
Cisco. (n.d.). Cisco unified ip phone 7960g. Retrieved on June 30, 2010 from
http://www.cisco.com/en/US/products/hw/phones/ps379/ps1855/
Comer, D. A. (2009). Computer networks and internets. Pearson Prentice Hall, Upper Saddle River, New Jersey.
Curtin, M. (1997). Introduction to Network Security. Retrieved July 9, 2010, from
http://www.interhack.net/pubs/network-security/network-security.html#SECTION00022000000000000000
DeLaGarza, M. (2010). Interview with University of Iowa, Office of the State Archaeologist, Systems Administrator between June
- July 2010
Elliot, B. (2008). The value of unified communications. (par. 3) Retrieved on July 4, 2010, from
http://www.networksasia.net/content/value-unified-communications
Features and Benefits (n.d.). Callxpress platform – features and benefits. (par. 5). Retrieved July 4, 2010 from
http://www.avst.com/callxpress_resource_center/callxpress_platform/callxpress_platform_features_and_benefits.asp
Fiuczynski, M. , Vincent, L., Bershad, B. (1998). USENIX Papers: The Design and Implementation of an IPv6/IPv4 Network
Address and Protocol Translator. Retrieved July 5, 2010, from
http://www.usenix.org/publications/library/proceedings/lisa97/failsafe/usenix98/full_papers/fiuczynski/fiuczynski_h
tml/fiuczynski.html
Frank, C. (2006). Cat5 vs Cat5e vs Cat6. Retrieved on July 7th, 2010 from http://ezinearticles.com/?CAT5-vs-CAT5E-vsCAT6&id=322715
Implementation of an IPv6/IPv4 Network Address and Protocol Translator. Retrieved July 5, 2010, from
http://www.usenix.org/publications/library/proceedings/lisa97/failsafe/usenix98/full_papers/fiuczynski/fiuczynski_h
tml/fiuczynski.html
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
104
References (cont.)
Introducing. (n.d.). Introducing callxpress 8.1. Retrieved on July 5, 2010 from
http://www.avst.com/latest_AVST_News/Introducing_CallXpress_81.asp
ISECT.com (2004). A 6-step strategy for Information Security Management. Retrieved July 9,
2010, from http://www.isect.com/html/strategy.html
Kostek, J. (2009). Frost & Sullivan: unified messaging to become ubiquitous enterprise communication solution. (par. 1) Retrieved on
July 4, 2010 from http://reseller.tmcnet.com/topics/unified-communications/articles/51217-frost-sullivan-unifiedmessaging-become-ubiquitous-enterprise-communication.htm
Microsoft (2005). Data encryption between VPN server and client. Retrieved July 5, 2010, from
http://technet.microsoft.com/en-us/library/cc778013(WS.10).aspx
Microsoft Server 2008 R2. (n.d.). Retrieved on July 6, 2010, from http://www.microsoft.com/windowsserver2008/en/us/default.aspx
Nakajimi, M. and Kobayashi, N. (2003). IPv4/IPv6 Translation Technology. Retrieved July 9, 2010, from
http://www.fujitsu.com/downloads/MAG/vol40-1/paper21.pdf
ORiNOCO, The New Wavelan. (n.d.). Retrieved June 27, 2010, from http://www.practicallynetworked.com/downloads/Other/tb027.pdf
Panduit. (n.d.). Product Search. Retreived on June 20, 2010, from
http://www.panduit.com/search/search_results.asp?Ne=1&recName=CWMPH1&N=5000001+1070+3002021+&region
=USA
PGP Whole Disk Encryption. (n.d.). Retrieved June 29, 2010, from http://www.pgp.com/products/wholediskencryption/index.html
Plank, J. S., Beck, M., Elwasif, W. R., Moore, T., Swany, M., Wolski, R., (1999). The internet backplane protocol: storage in the
network. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.34.8419
Proxim Wireless. (n.d.). Retrieved 29 June 2010, from http://www2.proxim.com/wireless-lan/orinocor-ap-8000-and-ap-800.html#
Rad.com (2010). firewall_animation_without_fire.gif. [Animated Gif]. RAD data communications: Firewall. Retrieved: August 1,
2010. From: http://www3.rad.com/networks/1997/nettut/firewall.html
Rist, O. (2008). A faster, safer network os. PC Magazine, 27(8), 35. Retrieved from Academic Search Premier database
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
105
References (cont.)
Star Topology. (n.d.). Retrieved July 2, 2010, from http://www.exforsys.com/tutorials/networking/star-topology.html
Symantec.com. (2010). Symantec Endpoint Protection: Key Features. Retrieved July 3, 2010, from
http://www.symantec.com/business/endpoint-protection
Thurman, M. (2009). Let's Be Reasonable, And Save Money, Too. Computerworld, 43(8), 32. Retrieved from Academic Search
Premier database.
Varshney, U., Snow, A., McGivern, M., & Howard, C. (2002). VOICE OVER IP. Communications of the ACM, 45(1), 89-96.
Retrieved on June 30, 2010, from Academic Search Premier database.
Eleisha Barnett, Greg Bush, Krystal Cherry,
& Josey Clark
106