corporation tech
TRANSCRIPT
Network Proposal
Version 3.0
*Corporation Tech
*About Us
*Corporation Techs (IDI) is a distribution company with over 4000 employees in 7 cities throughout 6 countries. IDI is the largest distributor of goods throughout the world and for the past 15 years has been the leader in logistical disbursement.
*Our mission is to be able to provide other companies with efficient, safe and reliable shipping and logistics. IDI strives to keep cost down to make our clients profit. We strive to ensure that all logistical support is kept confidential, safe, and accessible to the client.
*Purpose and Scope
*The purpose of this proposal is to establish better network access and control for the company. This will assist in keeping the networks used safe and profitable.
*Scope - In this project, we have identified new needs to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. To ensure that support to any new future branches are met. Ensure that the network meets all needs of our 4000 employees. Finally, ensuring that all information is kept confidential, accessible, and that we maintain the integrity of that information as much as possible.
*Roles
*Senior Management
*IT Management
*IS Management
*Functional Management
*IS Security Practitioners
*IT Technicians
*Security Awareness Trainers
*Vlan Configuration
*Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only.
*Marketing (VLan 16): All market research, marketing, as well as advertising departments.
*Operations (VLan 32): Operations department
*Managers (VLan 48): Area, district, and branch managers.
*Human Resources (VLan 64): Hiring and training personnel.
*Accounting and Finance (VLan 80): All departments that deal with money for the company.
*VPN (VLan 96): Remote VPN connection
*Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
*WLAN
*The wireless LAN will be placed separate physically separated from the rest of the network and all access points will carry DCHP. Wireless addresses will not be assigned through the network. We will use the 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This should allow mobile devices to handle any type of multimedia streaming if needed. Authentication
*Network Configuration
*Switches*We will use two types of switches that for the network.
The first are the 10 GB bridge switches. These will help with allowing all the VLans with communicating back and for the will little congestion. They will be trunked to ensure that all VLans are properly connected.
*The 10/100/1000 Ethernet switches will serve the individual VLans. This helps communication with in the VLan to move with very little congestion to the main network. Trunks will not need to be set up on these switches as they only contain one VLan per switch. For the corporate office we will be using two switches in aggregation to help insure that traffic is flowing and to eliminate any failovers short of a complete device failover. The two will act to load balance traffic to the mission critical center.
*Network Configuration
cont..
*Firewalls
*Firewalls in use will be either a unified threat management (UTM) firewall for internet and DMZ traffic, or standard firewalls for internal network filtering.
*The UTM firewall will handle traffic coming from, the internet and DMZ. This is the initial point to check for spam, viruses, and other malicious packets coming through. Statefull packet filtering should be used in order to allow trusted traffic to come through with little checks. Nat will be implemented at the UTM so that the main internal network is hidden and to reduce the need for public IP addresses.
*Router
*Configuration of all routers will be with the OSPF for both internal and external traffic. This allows us the option to use more than just Cisco equipment. OSPF is able to handle the VLSM better than RIP.
*IP Schema
Core Network
Routers 10.7.0.1-9
Firewalls 10.7.0.10-19
GB Switches 10.7.0.20-29
Local Switches 10.7.0.30-39
Internal Servers 10.8.0.50-69
DMZ Servers 10.9.0.70-79
*IP SchemaOffice Schema For Departmental Vlans
Office Schema For Departmental VLans
Multi-function devices 10.X.0.1-5
Printers 10.X.0.6-11
Wireless Access Points 10.X.0.12-20
Workstations Via DHCP Scope
VLan 10 10.0.0.40 – 10.0.0.255
Vlan16 10.1.0.40 – 10.1.0.255
VLan 32 10.2.0.40 – 10.2.0.255
VLan 48 10.3.0.40 – 10.3.0.255
VLan 64 10.4.0.40 – 10.4.0.255
VLan 80 10.5.0.40 – 10.5.0.255
VLan 96 10.6.0.40 - .10.6.0.255
*IP SchemaOffice Private Schema
Office Private Schema
Executive office: 10.0.0.1 10.0.0.254 10.x.0.1-254
255.255.255.0
Dynamic addressing unless indicated
Marketing: 10.1.0.1 10.1.0.254
Operations: 10.2.0.1 10.2.0.254
Managers: 10.3.0.1 10.3.0.254
HR: 10.4.0.1 10.4.0.254
Accounting / Finance:
10.5.0.1 10.5.0.254
VPN 10.6.0.1 10.6.0.254
Network Equipment (static)
10.7.0.1 10.0.7.254
*Best Practices
*Management
*Monitoring
*Ticket System
*Network Monitor
*Host Monitoring
*Protocol Monitoring
*Security
*Security will be broken down into seven of the main sections within the network. This will help in ensuring that all precautions and actions are taken.
*Users
*Workstation
*LAN
*LAN TO WAN
*WAN
*Remote Access
*Mobile Devices
*Final Thoughts
*The new network is a large undertaking for Corporation Techs. It is one that is needed though. In order to stay head of costs and to show our clients and future clients that we are serious a major reconstruction is needed. Support from at the management level is critical in making the company a success.
*As an overview we are looking at the following:
*VLans
*DMZ implementation
*VPN for remote users
*Encrypted Wireless
*Diagram
ISP INTERNET / SSL VPN
200.200.210.X
VoIP Provider
PSTN
SIP Firewall10.X.96.10
6 Multi-function device
11 Ethernet
11 Server
1 FTP server
1 Modem
8 Comm-link
3 Cloud
8 Manages switch
1 PBX
5 Firewall
6 ZERO Client
6 Printer
3 FastGB etherswitch
12 Router
1 Wireless access point
1 Relational database
Symbol Count Description
Legend
Vlan 96
10.X.96.6
Voice over IP And Video ConferencingThrough Sip and H.323 protocols
Corporate Vlan 16
Vlan32 Vlan 48
Firewall 10.X.128.10
Spanning Tree Secondary link
Corporate Vlan 10
Analog POTSRJ11
ADDS / ESXI/
10.X.128.5010.X.128.51
Intranet10.0.128.57
Applications10.X.128.55
DHCP10.x.128.54
Media10.X.128.53
Exchange10.X.128.52
Database 10.0.128.58
Webserver10.0.128.70
DNS10.0.128.71
FTP10.0.128.72
SMTP10.0.128.73
DMZ
ISP ModemISP assigned Address
Mission Critical Center
Vlan Assignments Vlan 10: Executive Offices in Corporate office only Vlan 16: Marketing in Corporate office only Vlan 32: Operations in Corporate and Branch officesVlan 48: Managers in Corporate and Branch Offices Vlan 64: Human resources in Corporate and Branch offices Vlan 80: Accounting in Corporate and Branch Offices
Vlan 96: VoIP
VLan 112: WLAN
Vlan 128: Servers
Vlan 64 Vlan 80
VPN configuration
Office Schema For Departmental VLans
Multi-function devices 10.X.X.1-5Printers 10.X.X.6-11Wireless Access Points 10.X.X.11-20Workstations Via DHCP.
Spanning Tree Primary Link
Indicates Corporate Office
Only
Diagram Key
Internal FTP10.X.128.56
Office Managed Switch10.X.128.34
Office Managed Switch10.X.128.35
Border Router10.X.128.1
DMZ Managed Switch10.0.128.32
Office Managed Switch10.X.128.33
Managed SwitchAggregated links
10.X.128.31
Managed SwitchAggregated links
10.X.128.30
MCC GB Switch10.X.128.20
Indicates Aggregated links
Office Managed Switch10.X.128.37
Office Managed Switch10.X.128.36
Office GB Managed Switch10.X.128.21
UTM Firewall 10.X.128.11
Vlan 96
SIP GB Switch10.X.96..20
Firewall10.X.128.12
Internal Gateway Router10.X.128.2
Office internal router10.X.128.3
Firewall10.X.128.13
Japan200.200.200.25
Sydney200.200.200.21
Tanzania200.200.200.17
Warsaw200.200.200.9
Sao Paulo200.200.200.13
Billings 200.200.200.1
Hong Kong200.200.2005
China200.200.200.29
Router Hub at ISP
VM Back Up SAN
*Thank You