Meyers_CompTIA_4e_PPT_Ch17x
Download
Report
Transcript Meyers_CompTIA_4e_PPT_Ch17x
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Building a Real-World Network
Chapter 17
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Objectives
• Explain the concepts of basic network design
• Describe unified communication features and
functions
• Describe the components of an ICS/SCADA
system and understand the security risks
involved with ICS/SCADA
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Overview
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Campus Area Network (CAN)
• Medium sized network spanning multiple
buildings
• Chapter example: Bayland Widgets
– Start up business with three new buildings
• Office building housing sales and managerial staff
• Factory space
• Warehouse and shipping facilities
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.1 The new campus
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Test Specific
Designing a Basic Network
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Designing a Basic Network
• Categories to consider
– List of requirements
– Device types/requirements
– Environment limitations
– Equipment limitations
– Compatibility requirements
– Wired/wireless considerations
– Security considerations
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Define the Network Needs
• Bayland Widgets’ needs
– Individual offices need workstations that can do
specific jobs
– Flexible servers
– Buildings need internal cabling and intermediate
distribution frames (IDFs)
– Buildings need solid connectivity
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Documentation
• Needed to support configuration management
– Network diagrams
– Asset management
– IP address utilization
– Vendor documentation
– Internal operating procedures/policies/standards
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Design
• Design must address the following hardware:
– Workstations
– Servers
– Equipment room
– Peripherals
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Workstations
• Choice between Windows or Mac
– Depends on application software needs
– Microsoft Office for the PC traditionally updated a
year or two prior to the Mac version
• Adobe Creative Cloud works equally well with
Windows and Mac workstations
– Choose platform most familiar to workers
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Servers
• Small company: one or two servers
• Bigger networks: most or all server functions
are virtualized
• Server infrastructure can be adapted to
handle multiple client types
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Necessary Server Functions
•
•
•
•
•
•
•
Network authentication
Network management
Accounting
File management (including redundancy)
Intranet services
Development environments
Software repositories
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Equipment Room
• Centralized core for the network
– Location of servers
• May need power converters to change from
AC to DC to fit needs of different equipment
• Uninterruptible power supply (UPS)
– Can handle brief power fluctuations for a single
rack
• Generator needed for power redundancy
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Peripherals
• Printers, scanners, and fax machines
– Needs depend on what the company does in
house
– Consider how many and what size documents
need to be printed
– Fax machine could be hardware or software
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Compatibility Issues
• Important when upgrading a network in an
existing space
• Design considerations vary by location and
scenario
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Internal Connections
• Structured cabling
– Each building in the example could be wired with
CAT 6a to all workstations
– All cabling would terminate in the main
equipment room
– Fiber running 10Gb Ethernet could connect the
buildings
– Building connections would terminate at IDFs in
each building
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.2 Cabling within each building
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.3 Connecting the buildings
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Wireless
• Logical option for Bayland Widgets CAN
– Provide high-speed wireless throughout the area
– Multiple 802.11ac units installed within each
building and outside
– Control with a central or unified wireless
controller
• Connected to the primary equipment room
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.4 Implementing wireless
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
VLANs
• Segment the CAN departments and
components into unique VLANs
– Provides control, security, and optimized
performance
• Create VLANs for network service
– Example: public versus private network access
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Set Up the Network IP Address
Scheme
• Decide on the internal IP addressing scheme
– Pick an arbitrary, unique, internal private IP
network ID
– Preassign static IP addresses to servers and WAPs
– Pick a DHCP server and preassign DHCP scope IP
address ranges
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
External Connections
• Bayland Widget’s options for reducing
downtime on their Internet connection
– Two ISPs—the second as a fallback in case the
primary ISP fails
– Metro Ethernet connection—a dedicated fiber line
from the ISP to the office
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Unified Communication
• TCP/IP-based communications replaced the
traditional PBX-style phone systems
• Voice over IP (VoIP) enables voice
communication over an IP network
• Unified communication field
– Includes voice, video, and messaging
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
It Started With VoIP
• Early VoIP systems separated data and VoIP
– Required multiple cables running to each drop
• VoIP systems use:
– Real-time Transport Protocol (RTP) on TCP ports
5004 and 5005
– Session Initiation Protocol (SIP) on TCP ports 5060
and 5061
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.5 Workstation drop
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Unified Communication Features
• Various services added to classic VoIP
– Presence information
– Video conferencing/real-time video
– Fax
– Messaging
– Collaboration tools/workflow
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.6 Presence at work
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.7 Multicast vs. unicast
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
UC Network Components
• Core components: UC devices, UC servers, and
UC gateways
• A UC device was previously called VoIP
telephone
– Handles voice, video, and more
• A UC server supports UC service, connecting
to every UC device
– Multiple UC servers may be on a separate VLAN
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
UC Network Components (cont’d.)
• A UC gateway is an edge device
– May be a dedicated device or extra services added
to an existing edge router
– The router interfaces with remote gateways and
PSTN systems and services
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.8 Cisco Unified IP Phone
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
UC Protocols
• H.323
– Most commonly used video presentation protocol
– Runs on TCP port 1720
• Media Gateway Control Protocol (MGCP)
– Complete VoIP or video presentation connection
and session controller
– Uses TCP ports 2427 and 2727
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
VTC and Medianets
• Video teleconferencing is particularly sensitive
to disruption and slowdowns
• Medianet
– Network of routers and servers that provide
sufficient bandwidth for VTC
– Works with UC servers to distribute
videoconferences
– Can be complex or simple
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
ISDN vs. IP/SIP
• Many organizations using VTC use ISDN-based
products
– Very slow by modern standards (128-Kbps
bandwidth)
– H.320 standard used multiple ISDN channels with
compression
• ISDN-based VTC is being replaced by highspeed Internet connections
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
QoS and Medianets
• VTC needs a very high level of QoS
• Differentiated Services (DiffServ)
– Underlying architecture for QoS
• Differentiated services field header is on every
piece of data
– Explicit congestion notification (ECN)
– Differentiated services code point (DSCP)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.9 DS field
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
ECN and DSCP
• ECN
– A two-bit field where QoS-aware devices can place
a “congestion encountered” signal to other QoSaware devices
– Four possible values denote the level of
congestion and awareness
• DSCP
– Six bits
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Classes of Service (CoS)
• Two-bit ECN and six-bit DSCP make up the
eight classes of service
• Flexible value to apply to services, ports, and
whatever your QoS device might use
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.10 CoS settings on router
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Industrial Control System (ICS)
• Overall system that monitors and controls
machines
• Has been in existence for over 100 years
• ICS today
– Uses computers combined with digital monitors
and controls
– Moving from stand-alone networks to
interconnect with the Internet
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Basic Components of an ICS
• Input/output functions on the machine
– Sensors and actuators
• Controller
– Computer
• Operator interface
– Monitor
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.11 A simple ICS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.12 An early computer-assisted ICS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Distributed Control System (DCS)
• Smaller controllers at each machine
– Distributes the computing load
• Each local controller connects to a centralized
controller (ICS server)
– Manages global changes
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.13 A simple DCS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Human Machine Interface (HMI)
• Early versions: custom-made boxes with
gauges and switches
• Today: PCs running custom, touch-screen
interfaces
• Not general purpose
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.14 HMI with a touch screen
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Programmable Logic Controller (PLC)
• A computer that controls a machine following
a set of ordered steps
• A PLC monitors sensors and controls timing
and order of processes
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.15 Typical rack-mounted PLCs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SCADA
• Supervisory control and data acquisition
(SCADA)
– Subset of ICS
• Same basic components as DCS but applied to
large-scale, distributed processes
– Examples: power grids, pipelines, and railroads
• Remote devices may or may not have ongoing
communication with the central control
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Remote Terminal Unit (RTU)
• Provides the same function as a controller,
except the RTU has some autonomy if it loses
connection with the central controller
• Uses some form of long-distance
communication
– Examples: telephony, fiber optic, or cellular WANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 17.16 Typical RTU
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Segmentation
• Many ICS systems are crucial for the needs of
everyday living
– Catastrophic failure has large consequences
– Examples: electrical infrastructure, oil refinery
• Segmenting networks increases security and
optimizes performance
– Side benefit: easier troubleshooting
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Segmentation and
the OSI Model
• Layer 1
– Physically separate your network from other
networks (air gap)
• Layer 2
– Separate a physically-connected network into
separate broadcast domains
– VLANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Segmentation and
the OSI Model (cont’d.)
• Layer 3
– Separate broadcast domains by blocking IP routes
• Above Layer 3
– VPNs
– Separate SSIDs
– Separate Windows domains
– Virtualization
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Segmentation and ICSs
• All forms of ICS are closed networks
– The network strictly controls who and what may
connect
• Some examples that include connectivity
– Public wireless networks may connect SCADA
servers to RTUs
– Intranet access by connecting SCADA servers to
the Internet
– VPN connections provide security
Copyright © 2015 by McGraw-Hill Education. All rights reserved.