SlideShare a Scribd company logo

Corporation Tech

Download as PPTX, PDF
R
Robert D. Williams

The document proposes a new network for Corporation Techs, a large distribution company. Key points of the proposal include: - Establishing better network access and control to keep networks safe and profitable for the 4000+ employee, 7 city, 6 country company. - Creating VLANs for different departments, a DMZ, and VPN for remote users. Wireless access will be on a separate network with 802.11ac and encryption. - The network will include firewalls, switches, and routers to separate traffic and improve security, performance and redundancy. Core equipment will connect regional offices to allow for communication and file sharing.

1 of 17
Network Proposal Version 3.0 *
* *Corporation Techs (IDI) is a distribution company with over 4000 employees in 7 cities throughout 6 countries. IDI is the largest distributor of goods throughout the world and for the past 15 years has been the leader in logistical disbursement. *Our mission is to be able to provide other companies with efficient, safe and reliable shipping and logistics. IDI strives to keep cost down to make our clients profit. We strive to ensure that all logistical support is kept confidential, safe, and accessible to the client.
* *The purpose of this proposal is to establish better network access and control for the company. This will assist in keeping the networks used safe and profitable. *Scope - In this project, we have identified new needs to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. To ensure that support to any new future branches are met. Ensure that the network meets all needs of our 4000 employees. Finally, ensuring that all information is kept confidential, accessible, and that we maintain the integrity of that information as much as possible.
* *Senior Management *IT Management *IS Management *Functional Management *IS Security Practitioners *IT Technicians *Security Awareness Trainers
* *Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only. *Marketing (VLan 16): All market research, marketing, as well as advertising departments. *Operations (VLan 32): Operations department *Managers (VLan 48): Area, district, and branch managers. *Human Resources (VLan 64): Hiring and training personnel. *Accounting and Finance (VLan 80): All departments that deal with money for the company. *VPN (VLan 96): Remote VPN connection *Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
* *The wireless LAN will be placed separate physically separated from the rest of the network and all access points will carry DCHP. Wireless addresses will not be assigned through the network. We will use the 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This should allow mobile devices to handle any type of multimedia streaming if needed. Authentication
* *Switches *We will use two types of switches that for the network. The first are the 10 GB bridge switches. These will help with allowing all the VLans with communicating back and for the will little congestion. They will be trunked to ensure that all VLans are properly connected. *The 10/100/1000 Ethernet switches will serve the individual VLans. This helps communication with in the VLan to move with very little congestion to the main network. Trunks will not need to be set up on these switches as they only contain one VLan per switch. For the corporate office we will be using two switches in aggregation to help insure that traffic is flowing and to eliminate any failovers short of a complete device failover. The two will act to load balance traffic to the mission critical center.
* *Firewalls *Firewalls in use will be either a unified threat management (UTM) firewall for internet and DMZ traffic, or standard firewalls for internal network filtering. *The UTM firewall will handle traffic coming from, the internet and DMZ. This is the initial point to check for spam, viruses, and other malicious packets coming through. Statefull packet filtering should be used in order to allow trusted traffic to come through with little checks. Nat will be implemented at the UTM so that the main internal network is hidden and to reduce the need for public IP addresses.
* *Configuration of all routers will be with the OSPF for both internal and external traffic. This allows us the option to use more than just Cisco equipment. OSPF is able to handle the VLSM better than RIP.
* Core Network Routers 10.7.0.1-9 Firewalls 10.7.0.10-19 GB Switches 10.7.0.20-29 Local Switches 10.7.0.30-39 Internal Servers 10.8.0.50-69 DMZ Servers 10.9.0.70-79
* Office Schema For Departmental VLans Multi-function devices 10.X.0.1-5 Printers 10.X.0.6-11 Wireless Access Points 10.X.0.12-20 Workstations Via DHCP Scope VLan 10 10.0.0.40 – 10.0.0.255 Vlan16 10.1.0.40 – 10.1.0.255 VLan 32 10.2.0.40 – 10.2.0.255 VLan 48 10.3.0.40 – 10.3.0.255 VLan 64 10.4.0.40 – 10.4.0.255 VLan 80 10.5.0.40 – 10.5.0.255 VLan 96 10.6.0.40 - .10.6.0.255
* Office Private Schema Executive office: 10.0.0.1 10.0.0.254 10.x.0.1-254 255.255.255.0 Dynamic addressing unless indicated Marketing: 10.1.0.1 10.1.0.254 Operations: 10.2.0.1 10.2.0.254 Managers: 10.3.0.1 10.3.0.254 HR: 10.4.0.1 10.4.0.254 Accounting / Finance: 10.5.0.1 10.5.0.254 VPN 10.6.0.1 10.6.0.254 Network Equipment (static) 10.7.0.1 10.0.7.254
* *Management *Monitoring *Ticket System *Network Monitor *Host Monitoring *Protocol Monitoring
* *Security will be broken down into seven of the main sections within the network. This will help in ensuring that all precautions and actions are taken. *Users *Workstation *LAN *LAN TO WAN *WAN *Remote Access *Mobile Devices
* *The new network is a large undertaking for Corporation Techs. It is one that is needed though. In order to stay head of costs and to show our clients and future clients that we are serious a major reconstruction is needed. Support from at the management level is critical in making the company a success. *As an overview we are looking at the following: *VLans *DMZ implementation *VPN for remote users *Encrypted Wireless
* ISP INTERNET / SSL VPN 200.200.210.X VoIP Provider PSTN SIP Firewall 10.X.96.10 6 Multi-function device 11 Ethernet 11 Server 1 FTP server 1 Modem 8 Comm-link 3 Cloud 8 Manages switch 1 PBX 5 Firewall 6 ZERO Client 6 Printer 3 FastGB etherswitch 12 Router 1 Wireless access point 1 Relational database Symbol Count Description Legend Vlan 96 10.X.96.6 Voice over IP And Video Conferencing Through Sip and H.323 protocols Corporate Vlan 16 Vlan32 Vlan 48 Firewall 10.X.128.10 Spanning Tree Secondary link Corporate Vlan 10 Analog POTS RJ11 ADDS / ESXI/ 10.X.128.50 10.X.128.51 Intranet 10.0.128.57 Applications 10.X.128.55 DHCP 10.x.128.54 Media 10.X.128.53 Exchange 10.X.128.52 Database 10.0.128.58 Webserver 10.0.128.70 DNS 10.0.128.71 FTP 10.0.128.72 SMTP 10.0.128.73 DMZ ISP Modem ISP assigned Address Mission Critical Center Vlan Assignments Vlan 10: Executive Offices in Corporate office only Vlan 16: Marketing in Corporate office only Vlan 32: Operations in Corporate and Branch offices Vlan 48: Managers in Corporate and Branch Offices Vlan 64: Human resources in Corporate and Branch offices Vlan 80: Accounting in Corporate and Branch Offices Vlan 96: VoIP VLan 112: WLAN Vlan 128: Servers Vlan 64 Vlan 80 VPN configuration Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20 Workstations Via DHCP. Spanning Tree Primary Link Indicates Corporate Office Only Diagram Key Internal FTP 10.X.128.56 Office Managed Switch 10.X.128.34 Office Managed Switch 10.X.128.35 Border Router 10.X.128.1 DMZ Managed Switch 10.0.128.32 Office Managed Switch 10.X.128.33 Managed Switch Aggregated links 10.X.128.31 Managed Switch Aggregated links 10.X.128.30 MCC GB Switch 10.X.128.20 Indicates Aggregated links Office Managed Switch 10.X.128.37 Office Managed Switch 10.X.128.36 Office GB Managed Switch 10.X.128.21 UTM Firewall 10.X.128.11 Vlan 96 SIP GB Switch 10.X.96..20 Firewall 10.X.128.12 Internal Gateway Router 10.X.128.2 Office internal router 10.X.128.3 Firewall 10.X.128.13 Japan 200.200.200.25 Sydney 200.200.200.21 Tanzania 200.200.200.17 Warsaw 200.200.200.9 Sao Paulo 200.200.200.13 Billings 200.200.200.1 Hong Kong 200.200.2005 China 200.200.200.29 Router Hub at ISP VM Back Up SAN
*

Recommended

How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadband
Westermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
Westermo Network Technologies
 
Frost & Sullivan Global Mobile VPN Products Market
Frost & Sullivan Global Mobile VPN Products MarketFrost & Sullivan Global Mobile VPN Products Market
Frost & Sullivan Global Mobile VPN Products Market
NetMotion Wireless
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
Westermo Network Technologies
 
How it Works
How it WorksHow it Works
How it WorksDigilink, Inc
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
IPMAX s.r.l.
 
Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103
marat1989
 
What is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas IncWhat is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas Inc
Antenna Manufacturer Coco
 

Recommended

How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadband
Westermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
Westermo Network Technologies
 
Frost & Sullivan Global Mobile VPN Products Market
Frost & Sullivan Global Mobile VPN Products MarketFrost & Sullivan Global Mobile VPN Products Market
Frost & Sullivan Global Mobile VPN Products Market
NetMotion Wireless
 
Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
Westermo Network Technologies
 
How it Works
How it WorksHow it Works
How it WorksDigilink, Inc
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
IPMAX s.r.l.
 
Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103Vigor ap810 datasheet_140103
Vigor ap810 datasheet_140103
marat1989
 
What is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas IncWhat is Wi-Fi 6? - C&T RF Antennas Inc
What is Wi-Fi 6? - C&T RF Antennas Inc
Antenna Manufacturer Coco
 
Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
NetX
NetXNetX
NetXCVA757
 
Ap8222 ss
Ap8222 ssAp8222 ss
Ap8222 ss
Advantec Distribution
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?
Jeff Green
 
BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019
Maureen Donovan
 
Managed IP solution
Managed IP solutionManaged IP solution
Managed IP solutionPeter Coffman
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Netgear Italia
 
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and FeaturesZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
Zyxel Communications Corp.
 
Where is the beef
Where is the beefWhere is the beef
Where is the beef
Jeff Green
 
Where is the beef with 6 e
Where is the beef with 6 eWhere is the beef with 6 e
Where is the beef with 6 e
Jeff Green
 
Dir 451 ds
Dir 451 dsDir 451 ds
Dir 451 ds
Eduardo Mammana
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
Marc Nader
 
Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014
Veronica Kennedy-Good
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
Security threats in the LAN
Security threats in the LANSecurity threats in the LAN
Security threats in the LANAgora Group
 
Service Provider Wi-Fi
Service Provider Wi-FiService Provider Wi-Fi
Service Provider Wi-Fi
Cisco Canada
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 DatasheetAbdelkarim Benabdallah
 
CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1
Irsandi Hasan
 
4ipnet_Product_Catalogue_2016
4ipnet_Product_Catalogue_20164ipnet_Product_Catalogue_2016
4ipnet_Product_Catalogue_2016Aaron SU ✪ Edgecore Wi-Fi Accton Technology
 
Capstone Final Part
Capstone Final PartCapstone Final Part
Capstone Final PartNathan Pennington
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
 

More Related Content

What's hot

Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
Ap8222 ss
Ap8222 ssAp8222 ss
Ap8222 ss
Advantec Distribution
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?
Jeff Green
 
BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019
Maureen Donovan
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Netgear Italia
 
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and FeaturesZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
Zyxel Communications Corp.
 
Where is the beef
Where is the beefWhere is the beef
Where is the beef
Jeff Green
 
Where is the beef with 6 e
Where is the beef with 6 eWhere is the beef with 6 e
Where is the beef with 6 e
Jeff Green
 
Dir 451 ds
Dir 451 dsDir 451 ds
Dir 451 ds
Eduardo Mammana
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
Marc Nader
 
Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014
Veronica Kennedy-Good
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliationGurjan Oberoi
 
Security threats in the LAN
Security threats in the LANSecurity threats in the LAN
Security threats in the LANAgora Group
 
Service Provider Wi-Fi
Service Provider Wi-FiService Provider Wi-Fi
Service Provider Wi-Fi
Cisco Canada
 
CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1
Irsandi Hasan
 

What's hot (19)

Vpn
VpnVpn
Vpn
 
NetX
NetXNetX
NetX
 
Ap8222 ss
Ap8222 ssAp8222 ss
Ap8222 ss
 
Where is the 6 GHz beef?
Where is the 6 GHz beef?Where is the 6 GHz beef?
Where is the 6 GHz beef?
 
BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019BSN Security and Wireless presentation Feb 2019
BSN Security and Wireless presentation Feb 2019
 
Managed IP solution
Managed IP solutionManaged IP solution
Managed IP solution
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
 
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and FeaturesZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
ZyXEL MWC 2014 Small Business Gateway (SBG) Product Scope and Features
 
Where is the beef
Where is the beefWhere is the beef
Where is the beef
 
Where is the beef with 6 e
Where is the beef with 6 eWhere is the beef with 6 e
Where is the beef with 6 e
 
Dir 451 ds
Dir 451 dsDir 451 ds
Dir 451 ds
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
 
Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014Steve Chung Ruckus Wireless Presentation CommsDay 2014
Steve Chung Ruckus Wireless Presentation CommsDay 2014
 
Final report firewall reconciliation
Final report firewall reconciliationFinal report firewall reconciliation
Final report firewall reconciliation
 
Security threats in the LAN
Security threats in the LANSecurity threats in the LAN
Security threats in the LAN
 
Service Provider Wi-Fi
Service Provider Wi-FiService Provider Wi-Fi
Service Provider Wi-Fi
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 Datasheet
 
CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1CCNA RS_ITN - Chapter 1
CCNA RS_ITN - Chapter 1
 
4ipnet_Product_Catalogue_2016
4ipnet_Product_Catalogue_20164ipnet_Product_Catalogue_2016
4ipnet_Product_Catalogue_2016
 

Similar to Corporation Tech

Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
 
Communication & information security final
Communication & information security finalCommunication & information security final
Communication & information security finalneerajchor
 
The Ultimate Guide to Business Router
The Ultimate Guide to Business RouterThe Ultimate Guide to Business Router
The Ultimate Guide to Business Router
Sun Telecom
 
Enterprise Connectivity
Enterprise ConnectivityEnterprise Connectivity
Enterprise Connectivity
ST Engineering iDirect
 
Telus - Network as a service
Telus - Network as a serviceTelus - Network as a service
Telus - Network as a service
Gavin M Amos.
 
Ranks ITT Profile Presentation
Ranks ITT Profile PresentationRanks ITT Profile Presentation
Ranks ITT Profile Presentation
Rubaiath Rahman
 
VoIP 101 White Paper
VoIP 101 White PaperVoIP 101 White Paper
VoIP 101 White Paper
Braun Mincher
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
Michelle Holley
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
TelcoBridges Inc.
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
Alan Percy
 
Allied Telesis x610 Series
Allied Telesis x610 SeriesAllied Telesis x610 Series
Allied Telesis x610 Series
alliedtelesisnetwork
 
Zcom Wireless products application overview
Zcom Wireless products application overviewZcom Wireless products application overview
Zcom Wireless products application overviewRajesh Kapoor
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksChristopher Lietz
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksChristopher Lietz
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 

Similar to Corporation Tech (20)

Capstone Final Part
Capstone Final PartCapstone Final Part
Capstone Final Part
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Communication & information security final
Communication & information security finalCommunication & information security final
Communication & information security final
 
The Ultimate Guide to Business Router
The Ultimate Guide to Business RouterThe Ultimate Guide to Business Router
The Ultimate Guide to Business Router
 
Enterprise Connectivity
Enterprise ConnectivityEnterprise Connectivity
Enterprise Connectivity
 
Telus - Network as a service
Telus - Network as a serviceTelus - Network as a service
Telus - Network as a service
 
Ranks ITT Profile Presentation
Ranks ITT Profile PresentationRanks ITT Profile Presentation
Ranks ITT Profile Presentation
 
VoIP 101 White Paper
VoIP 101 White PaperVoIP 101 White Paper
VoIP 101 White Paper
 
NOTES
NOTESNOTES
NOTES
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAP
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
 
Allied Telesis x610 Series
Allied Telesis x610 SeriesAllied Telesis x610 Series
Allied Telesis x610 Series
 
Zcom Wireless products application overview
Zcom Wireless products application overviewZcom Wireless products application overview
Zcom Wireless products application overview
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area Networks
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area Networks
 
IT Infrastructure Project
IT Infrastructure ProjectIT Infrastructure Project
IT Infrastructure Project
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 

Corporation Tech

  • 2. * *Corporation Techs (IDI) is a distribution company with over 4000 employees in 7 cities throughout 6 countries. IDI is the largest distributor of goods throughout the world and for the past 15 years has been the leader in logistical disbursement. *Our mission is to be able to provide other companies with efficient, safe and reliable shipping and logistics. IDI strives to keep cost down to make our clients profit. We strive to ensure that all logistical support is kept confidential, safe, and accessible to the client.
  • 3. * *The purpose of this proposal is to establish better network access and control for the company. This will assist in keeping the networks used safe and profitable. *Scope - In this project, we have identified new needs to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. To ensure that support to any new future branches are met. Ensure that the network meets all needs of our 4000 employees. Finally, ensuring that all information is kept confidential, accessible, and that we maintain the integrity of that information as much as possible.
  • 4. * *Senior Management *IT Management *IS Management *Functional Management *IS Security Practitioners *IT Technicians *Security Awareness Trainers
  • 5. * *Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only. *Marketing (VLan 16): All market research, marketing, as well as advertising departments. *Operations (VLan 32): Operations department *Managers (VLan 48): Area, district, and branch managers. *Human Resources (VLan 64): Hiring and training personnel. *Accounting and Finance (VLan 80): All departments that deal with money for the company. *VPN (VLan 96): Remote VPN connection *Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
  • 6. * *The wireless LAN will be placed separate physically separated from the rest of the network and all access points will carry DCHP. Wireless addresses will not be assigned through the network. We will use the 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This should allow mobile devices to handle any type of multimedia streaming if needed. Authentication
  • 7. * *Switches *We will use two types of switches that for the network. The first are the 10 GB bridge switches. These will help with allowing all the VLans with communicating back and for the will little congestion. They will be trunked to ensure that all VLans are properly connected. *The 10/100/1000 Ethernet switches will serve the individual VLans. This helps communication with in the VLan to move with very little congestion to the main network. Trunks will not need to be set up on these switches as they only contain one VLan per switch. For the corporate office we will be using two switches in aggregation to help insure that traffic is flowing and to eliminate any failovers short of a complete device failover. The two will act to load balance traffic to the mission critical center.
  • 8. * *Firewalls *Firewalls in use will be either a unified threat management (UTM) firewall for internet and DMZ traffic, or standard firewalls for internal network filtering. *The UTM firewall will handle traffic coming from, the internet and DMZ. This is the initial point to check for spam, viruses, and other malicious packets coming through. Statefull packet filtering should be used in order to allow trusted traffic to come through with little checks. Nat will be implemented at the UTM so that the main internal network is hidden and to reduce the need for public IP addresses.
  • 9. * *Configuration of all routers will be with the OSPF for both internal and external traffic. This allows us the option to use more than just Cisco equipment. OSPF is able to handle the VLSM better than RIP.
  • 10. * Core Network Routers 10.7.0.1-9 Firewalls 10.7.0.10-19 GB Switches 10.7.0.20-29 Local Switches 10.7.0.30-39 Internal Servers 10.8.0.50-69 DMZ Servers 10.9.0.70-79
  • 11. * Office Schema For Departmental VLans Multi-function devices 10.X.0.1-5 Printers 10.X.0.6-11 Wireless Access Points 10.X.0.12-20 Workstations Via DHCP Scope VLan 10 10.0.0.40 – 10.0.0.255 Vlan16 10.1.0.40 – 10.1.0.255 VLan 32 10.2.0.40 – 10.2.0.255 VLan 48 10.3.0.40 – 10.3.0.255 VLan 64 10.4.0.40 – 10.4.0.255 VLan 80 10.5.0.40 – 10.5.0.255 VLan 96 10.6.0.40 - .10.6.0.255
  • 12. * Office Private Schema Executive office: 10.0.0.1 10.0.0.254 10.x.0.1-254 255.255.255.0 Dynamic addressing unless indicated Marketing: 10.1.0.1 10.1.0.254 Operations: 10.2.0.1 10.2.0.254 Managers: 10.3.0.1 10.3.0.254 HR: 10.4.0.1 10.4.0.254 Accounting / Finance: 10.5.0.1 10.5.0.254 VPN 10.6.0.1 10.6.0.254 Network Equipment (static) 10.7.0.1 10.0.7.254
  • 14. * *Security will be broken down into seven of the main sections within the network. This will help in ensuring that all precautions and actions are taken. *Users *Workstation *LAN *LAN TO WAN *WAN *Remote Access *Mobile Devices
  • 15. * *The new network is a large undertaking for Corporation Techs. It is one that is needed though. In order to stay head of costs and to show our clients and future clients that we are serious a major reconstruction is needed. Support from at the management level is critical in making the company a success. *As an overview we are looking at the following: *VLans *DMZ implementation *VPN for remote users *Encrypted Wireless
  • 16. * ISP INTERNET / SSL VPN 200.200.210.X VoIP Provider PSTN SIP Firewall 10.X.96.10 6 Multi-function device 11 Ethernet 11 Server 1 FTP server 1 Modem 8 Comm-link 3 Cloud 8 Manages switch 1 PBX 5 Firewall 6 ZERO Client 6 Printer 3 FastGB etherswitch 12 Router 1 Wireless access point 1 Relational database Symbol Count Description Legend Vlan 96 10.X.96.6 Voice over IP And Video Conferencing Through Sip and H.323 protocols Corporate Vlan 16 Vlan32 Vlan 48 Firewall 10.X.128.10 Spanning Tree Secondary link Corporate Vlan 10 Analog POTS RJ11 ADDS / ESXI/ 10.X.128.50 10.X.128.51 Intranet 10.0.128.57 Applications 10.X.128.55 DHCP 10.x.128.54 Media 10.X.128.53 Exchange 10.X.128.52 Database 10.0.128.58 Webserver 10.0.128.70 DNS 10.0.128.71 FTP 10.0.128.72 SMTP 10.0.128.73 DMZ ISP Modem ISP assigned Address Mission Critical Center Vlan Assignments Vlan 10: Executive Offices in Corporate office only Vlan 16: Marketing in Corporate office only Vlan 32: Operations in Corporate and Branch offices Vlan 48: Managers in Corporate and Branch Offices Vlan 64: Human resources in Corporate and Branch offices Vlan 80: Accounting in Corporate and Branch Offices Vlan 96: VoIP VLan 112: WLAN Vlan 128: Servers Vlan 64 Vlan 80 VPN configuration Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20 Workstations Via DHCP. Spanning Tree Primary Link Indicates Corporate Office Only Diagram Key Internal FTP 10.X.128.56 Office Managed Switch 10.X.128.34 Office Managed Switch 10.X.128.35 Border Router 10.X.128.1 DMZ Managed Switch 10.0.128.32 Office Managed Switch 10.X.128.33 Managed Switch Aggregated links 10.X.128.31 Managed Switch Aggregated links 10.X.128.30 MCC GB Switch 10.X.128.20 Indicates Aggregated links Office Managed Switch 10.X.128.37 Office Managed Switch 10.X.128.36 Office GB Managed Switch 10.X.128.21 UTM Firewall 10.X.128.11 Vlan 96 SIP GB Switch 10.X.96..20 Firewall 10.X.128.12 Internal Gateway Router 10.X.128.2 Office internal router 10.X.128.3 Firewall 10.X.128.13 Japan 200.200.200.25 Sydney 200.200.200.21 Tanzania 200.200.200.17 Warsaw 200.200.200.9 Sao Paulo 200.200.200.13 Billings 200.200.200.1 Hong Kong 200.200.2005 China 200.200.200.29 Router Hub at ISP VM Back Up SAN
  • 17. *