SlideShare a Scribd company logo

JaySexton_IT326_IP5

Download as DOCX, PDF
J
Jay T Sexton

This document outlines the proposed network infrastructure for the 3rd Cavalry Aviation Brigade stationed at Hunter Army Airfield. The solution involves replacing older server hardware with new Dell server blades, NetApps storage devices, and Cisco switches housed in ruggedized cases. The network will use VMware virtualization and Windows Server 2008 operating systems. Key components include Active Directory, DHCP, DNS, and certificate services. The document describes the installation and configuration of the hardware, storage, switches, and protocols needed to set up the new tactical network.

1 of 37
Running head: NETWORK INFRASTRUCTURE ADMINISTRATION 1 IT326-1401B-01: Network Infrastructure Administration Phase 5 Individual Project Jay T Sexton March 24, 2014 Portions of this assignment had previously been submitted during IT245 Introduction to Network Management on 26 December 2013 with Mohammed Majid.
NETWORK INFRASTRUCTURE ADMINISTRATION 2 Table of Contents Target Organization ..................................................................................................................... 3 Proposed Network Solution......................................................................................................... 5 Proposed Hardware Components........................................................................................... 5 Proposed Software Components ............................................................................................ 6 Network Design ........................................................................................................................... 7 Network Hardware Components............................................................................................ 7 Network Software Components............................................................................................. 8 Network Diagram....................................................................................................................... 10 Installation and Configuration ................................................................................................... 11 Maintenance and Troubleshooting............................................................................................. 17 Daily Maintenance ............................................................................................................... 17 Weekly Maintenance............................................................................................................ 18 Monthly and Quarterly Maintenance ................................................................................... 19 Network Monitoring ............................................................................................................ 20 Network Problem Scenarios................................................................................................. 21 Remote Access........................................................................................................................... 23 Remote Access Connectivity ............................................................................................... 23 Administration Remote Connectivity .................................................................................. 24 Network Pro Prep Toolkit.......................................................................................................... 27 References.................................................................................................................................. 28
NETWORK INFRASTRUCTURE ADMINISTRATION 3 Target Organization The organization that this network implementation plan will cover is a military Army Aviation Brigade that is a subordinate unit to 3rd Infantry Division. The Brigade’s name is 3rd Calvary Aviation Brigade (3CAB). This army unit is based at Hunter Army Airfield. It is a satellite installation in downtown Savannah, Georgia that is controlled by Fort Stewart’s 3rd Infantry Division. “3CAB join the 3rd Infantry Division on February 16, 1996 and became the air asset for the 3ID” (Stewart, 2014). The organization has five subordinate organizations that are commanded by the Brigade but are stationed at Hunter Army Airfield as well. The Brigade is comprised of 10,450 soldiers and 1287 civilian contractors that conduct daily aviation operations. Most of these personnel need internet and phone access during their periods of work both at Hunter Army Airfield and while deployed to foreign countries. The unit has two network infrastructure requirements that they need in order to conduct mission essential operations. The organization requires an unclassified network to operate when back at home station. This network is in place and controlled by the Department of Information Management (DOIM) government agency. They also need a classified network infrastructure. Sexton’s Inc was hired to design and develop a network infrastructure to bring 3CAB into the fast paced digital network communications century. Currently the Brigade has eight Hewlett Packer 308 server blades with two NetAPPS, Fast Access San (FAS) 270 Storage devices, and four Cisco 12 port 10T based switches that they use while at home station and when deploy to support their war time missions. When the Brigade deploys all the subordinate Battalions deploy also and can be spread across extremely large areas of operations. Sexton’s Inc, the 3 CAB Commander, subordinate Battalion Commanders and each organizations staff’s in order to work out all hardware, software, and support requirements for two new tactical network infrastructures.
NETWORK INFRASTRUCTURE ADMINISTRATION 4 3CAB will need a deployable unclassified network infrastructure providing internet connections to the worldwide web so soldiers can communicate back home with family and friends as well as stay up with world events and even pay bills and manage finances. 3CAB will also need a classified network infrastructure that will be a standalone network infrastructure, but connect to higher organizations to share tactical information with any and all units that need that secure classified information.
NETWORK INFRASTRUCTURE ADMINISTRATION 5 Proposed Network Solution Sexton’s Inc., after the meeting with the senior management, stakeholder’s, hardware, software’s, location, and user’s assembled all the wanted and needed requirements that was presented for the design, development and implementation of the two new network infrastructures that would best suite 3 CAB both at home station and deployed. The solution that Sexton’s Inc. proposes to #CAB is that we implement a complete Hardware and software upgrade while continuing to use the older systems until all new systems are setup, configured, and all data has been migrated from the older systems to the newer systems. Proposed Hardware Components It is proposed that all current servers be replaced with Dell 1130 Dart Frog rugged server blades which has “2 X intel Xeon processors, 96 gigabyte of memory, 2 X 40gigabyte 2.5 Serial ATA II solid state drives, 10 network interface cards, intel Gigabit quad port Ethernet adapter, and an LSI 3081E-R add-in Raid controller” (Dell, 2014), in a ruggedized carry case. The NetAPPS FAS270 storage devices be replaced with the NetAPPS FAS2240 storage area network device. The FAS2240 has “24x 3terabyte hot swappable SATA 300 hard drives, 4 Ethernet 10base-T/100Base-T/1000Base-T ports, 6 gigabytes of cache, and configurable as RAID 4, 6, or DP”(CNET, 2014). The four Cisco 12 port switches will be replaced with Cisco Catalyst 2950 switches. These switches have 24 ports which are fast Ethernet , full duplex capability, VLAN supportable, Auto sensing, auto negotiation with 16 megabytes of random access memory (RAM), and 8 megabyte of flash memory.
NETWORK INFRASTRUCTURE ADMINISTRATION 6 Proposed Software Components It is also proposed that this network operate in a virtual environment using VMWare 5.1 version ESXi virtual software. Within this virtual environment each virtual machine will use Windows Server 2008 R2 operating systems. All enterprise applications such as Active directory, Exchange 2010, SharePoint 2010, SQL 2008, DOMAIN Name Systems (DNS), Dynamic Host Configuration Protocol (DHCP), and Windows Internet Name System (WINS). As the network is setup it is proposed to use IP routing be configured to allow all necessary protocols to be opened, accessible and used as applications need them when transferring data. It is important to use DHCP to retrieved system IP addresses for the both network but there will be some client workstations that will require static IP addressing in order to route to the proper servers and to allow interaction between clients. It is also proposed that during logging into the clients and those clients sending traffic across the network that certificate service be active and require authentication across the network. Finally it is proposed that during the implementation of the newer network that the older network continues to operate to allow for continue network operations. This technique will allow proper setup and configuration of the new systems. While operating both for a short timeline data will be able to be migrated from the older software platforms into the newer virtualized operating system virtual machines. The process of operating both server environments together will migrating data will prevent or reduce operational downtime for the organization. This new upgrade will provide a more robust network infrastructure while reducing the overall footprint of servers for the unit. Since these server suites are in rugged plastic carrying cases it makes it easier to use in home station and while deployed to off-site locations
NETWORK INFRASTRUCTURE ADMINISTRATION 7 Network Design The network Design for 3rd Cavalry Aviation Brigade (3CAB) of the United States Army stationed at Hunter Army Airfield in down town Savannah will provide a detailed description of the proposed network infrastructure. 3CAB is a unit that is assigned to provide helicopter support to any mission anywhere in the world. 3CAB needs a network infrastructure that is both used in home station and can rapidly be deployed to support conflicts as needed. Anytime you talk about a network infrastructure you must also talk about DOMAIN forest, Active Directories, Network Protocols, Dynamic Host Configuration Protocol (DHCP), Internet Protocol Routing, Domain Name System (DNS), Windows Internet Name Service (WINS) and Certificate Services. One might ask why these are important. These are the backbone protocols, systems and services that are required for a network to operate. Network Hardware Components The 3CAB organization will require an independent network which will use a specific Internet Protocol (IP) address Schema and IP routing to communicate across the network. The purposed network architecture will consist of four deployable tough boxed server stack’s which will contain two Dell 1130 1U Rugged Dart Frogs server blades sporting two Intel Xeon E5645 Processors that has 12M Cache, 2.40 GHZ operation speed. Each blade has “96 Gigabyte of DDR3 Memory operating at 1333MHz LV, two 40 Gigabyte 2.5 Serial ATA II Solid State Drives, ten Network Interface cards (NICs), an Intel Gigabit Quad Port Ethernet adapter, using a LSI 3081E-R add-in RAID controller” (Dell, 2014). Each Stack will also have a NetApps Flash Accel Server (FAS) 2240 unified storage device for Storage Area Network (SAN) or Network- attached Storage. This storage device will contain a “dual controller which will support 24 hard drives (12 per controller) for a total of 576 terabyte of storage for all kinds of data. The FAS
NETWORK INFRASTRUCTURE ADMINISTRATION 8 2240 will also have 12 gigabyte of ECC memory 8 onboard GbE and 4 onboard SAS ports, 2 dual-port 8/4/2 gigabyte FC disk and 2 Dual port 10GbE Ethernet adapters” (NetApp, 2014). All four stacks will also have a Cisco Catalyst 2960-48TC 48 port “Fast Ethernet remote manageable switches with 32 megabyte of flash memory, 8K MAC address table entries that uses SSL encryption as well as having the secure shell (SSH), RADIUS, and TACACS authentication methods” (Vology, 2014). Each server stack will also have a APC universal power supply for extended power availability in case of a loss of power source. To complete the network infrastructure the 3CAB will have two Cisco routers, a Intrusion Detection System, a Intrusion Prevention System, and a firewall device to use between their network architecture and their Joint Network Node which has a transceiver and receiver server that will be the packet switching device for the network. The network will also have cisco IP phones for telephony communications across the network Infrastructure. Network Software Components These servers will use the VMware Linux shell operating virtualization system software on the hardware but will use Microsoft Windows server 2008 R2 in the virtual machines that will be loaded for operations. The unit will need a Active Directory DOMAIN which will use a DHCP server to assign IP addresses to any and all connecting systems. Once the Active Directory has been configured then Organizational units must be established. To connect this DOMAIN to the outside world 3CAB will have to establish a DNS account with the national Communication Center at Fort Gordon and then setup a DNS server connection to publish the units IP routing schema to the outside agencies. Since this network infrastructure will be on a classified closed network there will be no requirement for WINS services. The main protocols that are already built inside of Windows server is Internet Protocols (IP) Transmission Control
NETWORK INFRASTRUCTURE ADMINISTRATION 9 Protocol (TCP) User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), and File Transfer Protocol (FTP) are just a few named. During the configuration of the network switches and routers the ports that these protocols use to communication must be opened for sending and receiving packets through those ports or nothing will work this is known as the IP routing scheme. Other protocols that are considered lower level are Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP). When clients are added to the network each system’s system will establish a link with the local switch or router to retrieve a IP address from the DHCP server and then the DHCP server records the clients MAC address to allow that system to continue to use the specific IP address it collected. Each client will join the DOMAIN and will have to load the DNS servers IP address into either the IPv4 or IPv6 configuration table of that client so it can communication with other sites on the internet. The network will use the Secure Shell (SSH), RADIUS and TACAS authentication processes to gain access to the client system, network and interaction with any and all servers on the network. Each of these systems will have certification services on to allow client to server connections as well as connections to other domains across the network so that data and messages can transit without being halted by improper IP routing protocols.
NETWORK INFRASTRUCTURE ADMINISTRATION 10 Network Diagram
NETWORK INFRASTRUCTURE ADMINISTRATION 11 Installation and Configuration During this section the 3CAB network implementation plan will cover the major component and protocols installation for the network systems. As described in a previous section the Dell dart Frogs server blades and cisco switch are already mounted in a deployable tough box carry case. The NetApps FAS 2240 is also in its own tough box carrying case. Finally the APC universal power supply is in its own tough box carrying case. Each of these three tough boxes stack on top of each other with the UPS as the base with the server blades and cisco switch on top of it and then the NetApps on top of the servers box. Since 3CAB has four stacks all they have to do is remove the front and back covers of each tough box and then make four separate stacks as described in the before sentences. Each server blade is already wired to the switch using Cat 5 shielded twisted pair cabling. Each NetApps FAS 2240 is connected to the switch by fiber optic cabling and all power cables are plugged into a power strip that is plugged into the UPS at the bottom of the stack which draws it power from either a generator or fixed facility power source. The servers already have a Linux shell operating system which is the VMWare ESXi software which allows the use of Microsoft Windows Server 2008 R2 operating system. To install the operating system simply insert the OS disk into the virtual DVD drive and then reboot the server and press F12 to select the CD/DVD drive and then allow the server operating system to complete its installation and prep. Once the server OS is install then it is important to have an idea of what major protocols are already designed in windows server. The following is a list of the some of the most used protocols:  Transmission Control Protocol/Internet Protocol (TCP/IP) suite,  User Diagram Protocol (UDP),
NETWORK INFRASTRUCTURE ADMINISTRATION 12  NetBios Enhanced User Interface (NetBEUI),  Internet Network Packet Exchange/Sequential Packet Exchange (IPX/SPX)  File Transfer Protocol (FTP)  Hypertext Transfer Protocol (HTTP)  Simple Mail Transfer Protocol (SMTP)  Domain Name Service (DNS)  Dynamic Host Configuration Protocol (DHCP)  Routing Information Protocol (RIP)  Simple Network Management Protocol (SNMP)  Internet Control Messaging Protocol (ICMP)  Address Resolution Protocol (ARP)  Bootstrap Protocol (BOOTP)  Real-time Transport Protocol (RTP) These are just a handful of protocols that will be used or need configuration for them to operate. A protocol is “Set of rules or language use by computer and networking devices to communicate with one another” (escotal, 2013). Most of the protocols are already for use with the installation of the windows server and client operating systems. The NetApps uses a “Linux shell” (Sandirect, 1999) that provides windows operating system support. This device comes from the manufacturer with it own internetwork operating system. There is no installation required. The Internetwork operating system requires the use of HyperTerminal and putty application to gain access to storage device to conduct reset and configuration procedures. The protocols used by the NetApps are Common Internet File System (CIFS) Protocol, Fiber Channel protocol, Internet Small Computer Systems Interface (iSCSI), and Network File System V2, V3, V4 Protocols. All Cisco switches use the Cisco internetwork operating system. These devices also come preloaded from the manufacturer as well and they also require the use of HyperTerminal or putty to conduct reset and configuration of the switches
NETWORK INFRASTRUCTURE ADMINISTRATION 13 and routers. The servers and FAS2240 storage area network devices connect directly to the switches and the switches connect to the routers for the transmission of data and message traffic. These are some protocols “Routing Information Protocol (RIP), Open Shortest Path First (OSPF) , TCP/IP (Transmission Control Protocol/Internet Protocol), EIGRP (Enhanced Interior Gateway Routing Protocol), passive FTP, Intermediate system to intermediate system (IS-IS), Exterior Gateway Protocol (EGP), Interior Gateway Protocol (IGP), registered port numbers, IPX (Internetwork Packet Exchange), frame” (escotal, 2013). The IDS, IPS, and Firewall will be installed along the network path between the outside router and the demilitarized Zone just before the Joint Network Node trailer mounted satellite Disc Each of these devices also come pre-installed with their operating systems but still require the same applications to reset and configure as the before mentioned hardware devices. As for the clients system to accomplish the operating system you repeat the same steps with each laptop as you did with the servers. Place the OS disk in the DVD drive and reboot the system pressing F12 and choosing the DVD drive to begin the installation process. Then system prep is required prior to operations. The clients use similar protocols as the servers do to be able to operate. In the configurations considerations for each server and client it is important to ensure that all protocols ports are open and allowing the flow of data through them. Most are already preset as open, but there are a few that require configuration. The first thing that must be accomplished when configuring the server and client systems is to provide a computer name for the server so it will be identified on any network. Configure the date and time and time zone. Then the monitor resolution settings need to be set. The network card needs to be activated and the network connection configured. To accomplish this, the technician must go to network connections select the properties of either IPv4 or IPv6 configuration option and then assign a
NETWORK INFRASTRUCTURE ADMINISTRATION 14 static IP address subnet mass, gateway and DNS IP address to make connection to the network. The server can also be configured by adding the server to a domain that is using DCHP and allow the connection to find its own network IP address, subnet mask, gateway, and DNS address. The host file also will need updating with any other host that may need access to the server or client. The firewall and windows defender need to be set to a secure level to prevent any and all attacks. The internet browser will need configuration to ensure the HTTP and HTTPs protocols will allow connections The protocols are used in the configurations of most server and client systems are DHCP, DNS, WINS, BOOTP, ARP, RARP, ICMP, HTTP, HTTPS, and SNMP just to name a few. Routers and switches will require configurations of ports, password establishment, firewall, Internet Group Multicast Protocol(IGMP), Telnet, Network Time Protocol (NTP), Network Address Translation (NAT), and Internet Connection Sharing (ICS) protocols along with the before mention routing protocols. All hardware comes preconfigured with memory, and SATA hard drives that are already formatted with NTFS formats. The following is a list of protocols and their port numbers each use. During the configuration process ensure these ports are open for use: 1 TCP Port Service 21 FTP 22 SSH Remote Login Protocol 23 Telnet 25 Simple Mail Transfer Protocol (SMTP)
NETWORK INFRASTRUCTURE ADMINISTRATION 15 53 Domain Name System (DNS) 67 Dynamic Host Configuration Protocol (DHCP) 69 Trivial File Transfer Protocol (TFTP) 80 Hypertext Transfer Protocol (HTTP) 110 POP3 115 Simple File Transfer Protocol (SFTP) 123 Network Time Protocol 137 NetBIOS Name Service 143 Interim Mail Access Protocol (IMAP) 150 NetBIOS Session Service 161 Simple Network Management Protocol (SNMP) 190 Gateway Access Control Protocol (GACP) 389 Lightweight Directory Access Protocol (LDAP) 443 Secure Hypertext Transfer Protocol (HTTPS) 445 Active Directories and Server Message Block (SMB) Protocol One last area to discuss is the ability to remotely access devices and clients across the network. Most people feel that in the configuration of servers and clients as a technician sets the computer name they have the ability to turn on Remote Desktop Protocol (RDP) which allows
NETWORK INFRASTRUCTURE ADMINISTRATION 16 clients and servers to remotely login to each other to share data and allow repairs of the software operating systems. The protocols used in gaining remote access are “RDP, Telnet, Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), Point to Point Protocol over Ethernet (PPoE), and File Transfer Protocol (FTP)” (AnswersThatWork, 2008).
NETWORK INFRASTRUCTURE ADMINISTRATION 17 Maintenance and Troubleshooting This section of the Network implementation Plan will cover the most important part after the design and that is the maintenance and troubleshooting of the network. Let us break down the network into three areas: Workstation, Server, and Network maintenance. When should each of these required maintenances take place? Here in this document we break down these three areas into four stages of scheduled maintenance for 3 CAB’s network. The four stages are Daily, weekly, monthly and quarterly maintenance. We will also mention all the network operations that will be monitored, all collected information and what that information might mean as it relates to potential issues. Daily Maintenance During daily maintenance every operator of each will wipe down the outside of each hardware piece and give it a daily once over to ensure there are no broken pieces of exterior hardware. Then the operator will start each workstation and monitor the startup making sure there are no operating system malfunctions during startup. Once the workstation is up and operational then the operator will ensure they can log into the network using their username and password and monitor any and all errors that might be shown in the task bar bubble message. Then the operator will constantly monitor the operations of each software application to ensure it works as it is supposed to. The operator should be trained to check the event and application logs of the workstation as well to identify problem areas. If there seems to be a problem then the operator will submit a trouble ticket to the system administrator for maintenance support. The maintenance support team will perform daily checks of the servers conducting exterior inspections for the servers, switches, routers, UPS, and NetApps looking for any fault
NETWORK INFRASTRUCTURE ADMINISTRATION 18 light indicator that would present a potential issue. Then the team adds any new user to the active directory and establishes a new user/computer account for each new user. Then the team will check the events and applications server logs, firewall logs, intrusion detection system (IDS) logs, intrusion prevention system (IPS) logs, logical unit number (LUN) logs, core file permissions, hard disk space, access control list, and all information assurance violations. Once that is complete the support team will troubleshoot and repair all hardware and software issues submitted found in any logs or referenced by the trouble ticket process. The 3CAB maintenance support team will use the “Server Center operations Manager 2012 application which performs monitoring and management of applications like Active directory, SQL server, Exchange Server, IIS web server, SharePoint, Office suite applications as well as configuration logs of all network hardware devices” (eG, 2014). Weekly Maintenance Weekly maintenance will cover workstation, server and network maintenance procedures performed by the maintenance support team. They will conduct remote management maintenance, run antivirus software checkups, and virus scans. They will ensure scheduled defragmentation processes and hard disk cleanups are conducted during low peak hours. They will physically and visibly check disk space utilizations, application functionality, switches, routers, hubs, print servers, printers, plotters, and conduct internet file purges. The maintenance support team will perform incremental backups and snapshots of Exchange, SharePoint and SQL databases, and incremental backups of Microsoft server operating systems.
NETWORK INFRASTRUCTURE ADMINISTRATION 19 Monthly and Quarterly Maintenance During this maintenance time the unit will submit a automation service interruption request to the senior staff to approve downtime for the servers to conduct a complete cleaning of all server blades, NetApps, and UPS to remove sand, dust, and dirt to help reduce the operating temperature. During this time any hardware failures will be removed and repaired or replaced and all data migrated over to the new hardware. The maintenance support team will troubleshoot hardware and software issues, conduct antivirus software checkups, check firewall rules and logs, syslogs, conduct IDS and IPS log analysis. The team will perform full backups of each server system, check complete security policies and rules, perform redundancy checks and apply all necessary updates, service packs and security patches to make sure the network is in information assurance compliance. The team will scan all clients to ensure they all have their newest updates, service packs and security patches and then “deploy them downward through the Windows Server Update Services (WSUS)” (technet, 2014) and System Center Configuration Manager (SCCM) which “enables third party software deployment, system compliance setting management, and assessment management of servers, desktops, laptops and mobile devices on the network” (technet. 2014). During this maintenance time the maintenance support team will check all traffic transmission logs using and application called wire shark. Then they will remove old accounts from active directory, remove old mailboxes from exchange, clean out the trash cans and conduct content management of SharePoint application as well as and conduct SQL shrink commands and then snapshot all to the disaster recovery storage server.
NETWORK INFRASTRUCTURE ADMINISTRATION 20 Network Monitoring Once your maintenance and troubleshooting schedule has been laid out the next thing to consider is what will you be monitoring? It is important to monitor user login’s to avoid any security breach issues. In active directory you can set a policy that will lock a user’s account after three wrong username or password entries. This is accomplished by setting a policy rule in the AD telling the system to only allow three login attempts. After the third attempt the user’s account will be disabled and they will be locked out. This will require submitting a trouble ticket and a personal visit to get it re-established. The meaning of this information is to avoid insider attacks. The next thing that is important to monitor is network data. This can be accomplished by many different monitoring applications which work off the SNMP protocol. Using SNMP you can monitor switches, routers, firewalls, IDs, and IPS devices. The top rated network monitoring tool that 3CAB uses is solar winds and wire shark to layout a network mapping diagram and monitor operations. 3CAB can monitor all types of data and messages by capturing packets, filtering packets and inspecting packets that are sent across the network. The information of all transferred data and messages is presented in a display user interface window, displaying information like time source, destination, protocol used, length and other details to help identify who sent it and to whom it was meant for. These two applications allows all information to be color coded to show TCP traffic, DNS, UDP, Telnet, ARP and many other protocol transmissions. The meaning in monitoring this network traffic is to ensure no traffic collisions, no packet losses, and to proper bandwidth capacity and utilization. The final and most important thing to monitor is attacks, this can be accomplished by having an IDS and an IPS in your network. The IDs reviews all in and out bound network activity for
NETWORK INFRASTRUCTURE ADMINISTRATION 21 suspicious patterns that is identifiable as a network attack. You monitor for DDSS, DSS, Buffer flows, man-in-the middle and other attacks that could stop or slow down the network. The meaning for this information is to help stop or prevent network interruptions. Network Problem Scenarios Trouble ticket one states operator’s workstation gives error that There is an IP address conflict with another system on the network. To troubleshoot this issue first asked if this system has been off the network for a period of time if so then the DHCP server issued the IPaddress to another system to troubleshoot who simply go to my computer, right click select manage the view the event viewer until you find the DHCP error entry. Look for the MAC address of the system that is currently using the IP address. Then if you need to fix it right away then from a command prompt just type IPCONFIG/Release to let go of the IP address and then type IPCONFIG/ Renew to establish a new IP address for the user. Trouble ticket comes in user types in an http address and continues to get the Microsoft error screen. Troubleshooting steps are check to see if they have network connectivity in the Open Network and Sharing Center. If they do then select the change adapter settings, look at the IPv4 properties and verify that the system has a DNS address. Or you can from a command prompt type IPCONFIG /ALL to view if they do are not. If all is well then open Internet explorer and check the security settings of the browser and in the options tab ensure all TSL and SSL options are selected. Trouble ticket comes in all traffic is stopping at the DMZ router and being turned back. Remote access the router using HyperTerminal or putty and check the configuration of the IOS
NETWORK INFRASTRUCTURE ADMINISTRATION 22 and access control list to ensure the user can send and receive traffic across the network. If user is in the ACL then check port number to see if it is opened or closed.
NETWORK INFRASTRUCTURE ADMINISTRATION 23 Remote Access In this section of the 3CAB3ID network implementation plan, the unit decided that the most important feature they would need for their network would be to use remote connectivity on their network. What is remote connectivity? “Remote connectivity is a new kind connectivity which is non-dependent on connection locations while still being able to utilize network features” (CTU Online, 2014). Now that we know the definition of remote connectivity, what is it all about? In today’s busy world of networks organizations need to allow technicians remote repair capabilities as well as other employees having access to network features while they are away from the organization. 3CAB feels they will need to manage, troubleshoot, maintain, repair as well as allow access to their network by using remote connectivity features. They will use remote access servers (RAS), remote access protocols, remote control (RDP), Virtual network computing (VNC), Web portals, and Virtual private networks (VPN) to accomplish their needs. Remote Access Connectivity The three remote connectivity features that will be used to allow soldiers to connect back to the network will be the remote access server, Virtual private network, and Web portals. The RAS and the Web portal are virtual machines setup and configured on a dell dart frog hardware server blade. Virtual Private Network is on both a server blade and on each client that is authorized to make connections to the unit’s network. The application that has these features is Microsoft windows. It uses the routing and remote access service software to make connection to
NETWORK INFRASTRUCTURE ADMINISTRATION 24 the network using a DSL or broadband provider. Each user must dial into the Remote access server to authenticate and receive authorization to make their connections to share data and access files. The second type of remote connectivity is the virtual private network. VPN connections allow users to log in to an organizations intranet through a secure connection across a public network. So basically we are looking at a remote access VPN. This connection requires two components to properly work. They are a “network access server (NAS) and a remote access server (RAS)” (Tyson&Crawford, 1998) these two servers will allow connection directly to the intranet and the overall network. The last way users can remotely gain access is through Web portals. Microsoft Exchange and SharePoint allow users to gain direct access to the organizations exchange servers to be able to check emails and to the organizations actual SharePoint portal to access needed data and hang and extract files, pictures, and databases. These remote connectivity features are the most common features used to gain access to an organization you work for. Administration Remote Connectivity As we covered maintenance and troubleshooting there are three remote connectivity features that 3CAB will use only within the organization. These features will allow remote access, repair and troubleshooting to be conduct off site from the actual problem. The three remote connectivity’s features are Remote access protocols, Remote control and virtual networking computing. Telnet is used to make direct connections to features and applications in order to conduct repairs, troubleshoot and maintain proper operations of the network. FTP and
NETWORK INFRASTRUCTURE ADMINISTRATION 25 TFTP can be used to transfer files from one system to the next and then Telnet can be used to deploy those files on a remote system. Remote control is another feature that can be used to gain a direct desktop connection to a system in order to take complete control of an operating system to conduct repairs, troubleshooting and help maintain all software applications on the remote system . This feature is also found in Microsoft windows. It is called remote desktop connection and can be found in the accessories directory. To use all you have to know is the systems IP address or host name to gain access to any remote system. The last feature is a separate application called Virtual Network Computing. This remote access application works identical to remote desktop and will allow the maintenance team takes complete control of a remote computer to conduct repairs, troubleshoot and maintain operating environments and applications integrity. VNC requires a server on a server blade and then the client version be added to all clients so the administrator can remote in and conduct maintenance of the remote system. 3CAB3ID is very big on security that is why they will not use just dial-up networking. It is the least secure method for access any network. The remote access server will use the proper authentication and authorization of a login and password and if setup with a third party token key it could be extremely secure security method of gaining access. “One sure way to secure the RAS is to use a function called call back. This works by when a user calls into the units network they use a login and password, then the server disconnects them and calls their number back. This makes this connection secure because it is hack proof” (PCMicro, 1995). Virtual private
NETWORK INFRASTRUCTURE ADMINISTRATION 26 network is like a network within a network it functions across a public network but the files and data is encrypted as it travels across the network and requires the key at the other end to access. It uses Internet protocol security (IPsec), Layer 2 tunneling Protocol, Transport Layer security (SSL/TLS) Microsoft point-to-point encryption (MPPE), Point-to-point tunneling Secure Shell (SSH) and OpenSSH to secure remote connections. Web portals also require login and passwords to gain access so they are extremely secure. The one major component that will breach security is always the user. The remote access protocols, remote control and VNC will always be secure because they will only be used to gain access to any system on the units network and will not be used as an outside source to remote connectivity. Maintenance and troubleshooting these remote connectivity’s is not really complicated because once all setup and configurations have been set on the servers and clients then as long as no one makes changes to the connection configurations the connection should always work. If one was to ever have an issue then the system administrator should use Telnet, Remote desktop connection or VNC to remote into the client to troubleshoot the VPN or RAS connections and make changes so the client will again be able to connect to the network.
NETWORK INFRASTRUCTURE ADMINISTRATION 27 Network Pro Prep Toolkit Week 1 0.1 Course Introduction No Exam 0.2 Using the Simulator No Exam 1.1 Networking Overview 1.2 Network Topologies
NETWORK INFRASTRUCTURE ADMINISTRATION 28 Week 2 4.1Ethernet 7.1 WAN Concepts
NETWORK INFRASTRUCTURE ADMINISTRATION 29 7.2 Internet Connectivity Week 3 1.3 Protocols
NETWORK INFRASTRUCTURE ADMINISTRATION 30 1.4 Network Connections 1.5 The OSI and TCP/IP Models
NETWORK INFRASTRUCTURE ADMINISTRATION 31 Week 4 2.1 Twisted Pair 2.2 Coaxial Cable
NETWORK INFRASTRUCTURE ADMINISTRATION 32 2.3 Fiber Optic 2.4 Wiring Implementation
NETWORK INFRASTRUCTURE ADMINISTRATION 33 Week 5 6.1 Wireless Concepts 7.1 Remote Access
NETWORK INFRASTRUCTURE ADMINISTRATION 34 8.3 VPNs
NETWORK INFRASTRUCTURE ADMINISTRATION 35 References AnswersThatWork.com. (2008). List of common TCP/IP port numbers, Retrieved 09 March 2014 from http://www.answersthatwork.com/ ownload_Area/ATW_Library/Networking /Network__2-List_of_Common_TCPIP_port_numbers.pdf c/net.com. (2014). NetApp FAS2240-4 specs (network storage server), Retrieved 23 February 2014 from http://reviews.cnet.com/search-results/netapp-fas2240-4-network/4507-5_7- 35175839.html CTU Online. (2014). MUSE. CTUO, Virtual campus, IT326-1401B-01 Network Infrastructure Administration. Phase 5 Remote Connectivity. Retrieved from https://mycampus.ctuonline.edu Dell.com. (2014). Dell OEM 1130, Retrieved 23 February 2014 from http://www.dell.com/learn/us/en/555/oem/dell-oem-1130-server Dell.com. (2014). Dell OEM 1130, Retrieved 02 March 2014 from http://www.dell.com/learn/us/en/555/oem/dell-oem-1130-server eG Inovations.com. (2014). Universal Microsoft SCOM Management Pack Enables End-to-End Monitoring, Retrieved 16 March 2014 from http://www.eginnovations.com/web/eg- microsoft-scom-plugin.htm Escotal.com. (2013). Protocols, Retrieved 09 March 2014 from http://www.escotal.com/protocol.html
NETWORK INFRASTRUCTURE ADMINISTRATION 36 NetApps. (2014). NetApp FAS2200 Series Technical Specifications, Retrieved 02 March 2014 from http://www.netapp.com/us/products/storage-systems/fas2200/fas2200-tech- specs.aspx PCMicro. (1995). Using Microsoft Remote Access Service (RAS), Retrieved 23 March 2014 from http://pcmicro.com/support/ras.html Sandirect.com. (1999). NetApp FAS2240-2 Universal Storage System, Retrieved 09 March 2014 from http://www.sandirect.com/netapp-fas2240-2-universal-storage-system-p- 1765.html?_kk= fas2240&_kt=66354ddf-28bd-41a5-afbe-e28b9bf23197&gclid=CIj6_ OeVib0CFclDMgodqy4A _w Stewart.army.mil. (2014). 3rd Combat Aviation Brigade History, Retrieved 23 February 2014 from http://www.stewart.army.mil/units/history.asp?u=3CAB Technet.microsoft.com. (2014). Windows Server Update Services, Retrieved 16 March 2014 from http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx Technet.microsoft.com. (2014). System Center Configuration Manager, Retrieved 16 March 2014 from http://technet.microsoft.com/en-us/systemcenter/bb507744.aspxVology.com. (2014). Cisco WS-C2960-48TC-L Switch - Cisco 2960, Retrieved 02 March 2014 from http://www.vology.com/cisco/network-switches/ws-c2960-48tc- l?utm_source=Google&utm_medium=Feed&utm_term=WS-C2960-48TC- L&utm_content=628.00&utm_campaign=Cisco&gclid=CNyL3IjD97wCFYZAMgodaB EADQ
NETWORK INFRASTRUCTURE ADMINISTRATION 37 Tyson, Jeff & Crawford, Stephanie. (1998). How VPNs Work Page 3, Retrieved 23 March 2014 from http://computer.howstuffworks.com/vpn3.htm

Recommended

RTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SDRTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SD
Real-Time Innovations (RTI)
 
Webinar: Replication and Replica Sets
Webinar: Replication and Replica SetsWebinar: Replication and Replica Sets
Webinar: Replication and Replica Sets
MongoDB
 
Rha cluster suite wppdf
Rha cluster suite wppdfRha cluster suite wppdf
Rha cluster suite wppdf
projectmgmt456
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPER
Madhav Sharma
 
Hyper v and live migration on cisco unified computing system - virtualized on...
Hyper v and live migration on cisco unified computing system - virtualized on...Hyper v and live migration on cisco unified computing system - virtualized on...
Hyper v and live migration on cisco unified computing system - virtualized on...
Louis Göhl
 
Veryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Veryx, Intel Aid Workload Placement on OpenStack*- Managed CloudVeryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Veryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Selvaraj Balasubramanian
 
Data Center Network Topologies
Data Center Network TopologiesData Center Network Topologies
Data Center Network Topologies
rjain51
 
Migrate server identities and data access 34 percent faster with Cisco UCS an...
Migrate server identities and data access 34 percent faster with Cisco UCS an...Migrate server identities and data access 34 percent faster with Cisco UCS an...
Migrate server identities and data access 34 percent faster with Cisco UCS an...
Principled Technologies
 

Recommended

RTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SDRTI Technical Road Show SPAWAR SD
RTI Technical Road Show SPAWAR SD
Real-Time Innovations (RTI)
 
Webinar: Replication and Replica Sets
Webinar: Replication and Replica SetsWebinar: Replication and Replica Sets
Webinar: Replication and Replica Sets
MongoDB
 
Rha cluster suite wppdf
Rha cluster suite wppdfRha cluster suite wppdf
Rha cluster suite wppdf
projectmgmt456
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPER
Madhav Sharma
 
Hyper v and live migration on cisco unified computing system - virtualized on...
Hyper v and live migration on cisco unified computing system - virtualized on...Hyper v and live migration on cisco unified computing system - virtualized on...
Hyper v and live migration on cisco unified computing system - virtualized on...
Louis Göhl
 
Veryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Veryx, Intel Aid Workload Placement on OpenStack*- Managed CloudVeryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Veryx, Intel Aid Workload Placement on OpenStack*- Managed Cloud
Selvaraj Balasubramanian
 
Data Center Network Topologies
Data Center Network TopologiesData Center Network Topologies
Data Center Network Topologies
rjain51
 
Migrate server identities and data access 34 percent faster with Cisco UCS an...
Migrate server identities and data access 34 percent faster with Cisco UCS an...Migrate server identities and data access 34 percent faster with Cisco UCS an...
Migrate server identities and data access 34 percent faster with Cisco UCS an...
Principled Technologies
 
CDM Playbook
CDM PlaybookCDM Playbook
CDM Playbook
Enea Software AB
 
Unit 3
Unit 3Unit 3
Unit 3
Sangeetha Rangarajan
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
Yatindra shashi
 
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
Jose Antonio Coarasa Perez
 
Data Center Network Trends - Lin Nease
Data Center Network Trends - Lin NeaseData Center Network Trends - Lin Nease
Data Center Network Trends - Lin Nease
HPDutchWorld
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
IRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual ServerIRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET Journal
 
BigData Clusters Redefined
BigData Clusters RedefinedBigData Clusters Redefined
BigData Clusters Redefined
DataWorks Summit
 
Dhcp2003
Dhcp2003Dhcp2003
Dhcp2003
Rakesh Sharma
 
Web-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN ControllerWeb-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN Controller
Eswar Publications
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
Symantec
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Maganathin Veeraragaloo
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Tal Lavian Ph.D.
 
Experience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflowsExperience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflows
Thilina Gunarathne
 
Containing Chaos
Containing ChaosContaining Chaos
Containing Chaos
Juniper Networks
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
Vahid Sadri
 
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Juniper Networks
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
Zivaro Inc
 
Distributed Computing Environment
Distributed Computing EnvironmentDistributed Computing Environment
Distributed Computing Environment
Purushottam Dahal
 
Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...
Principled Technologies
 
Virtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - JoeVirtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - Joe
tovmug
 
#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown
vdmchallenge
 

More Related Content

What's hot

CDM Playbook
CDM PlaybookCDM Playbook
CDM Playbook
Enea Software AB
 
Unit 3
Unit 3Unit 3
Unit 3
Sangeetha Rangarajan
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
Yatindra shashi
 
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
Jose Antonio Coarasa Perez
 
Data Center Network Trends - Lin Nease
Data Center Network Trends - Lin NeaseData Center Network Trends - Lin Nease
Data Center Network Trends - Lin Nease
HPDutchWorld
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
IRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual ServerIRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET Journal
 
BigData Clusters Redefined
BigData Clusters RedefinedBigData Clusters Redefined
BigData Clusters Redefined
DataWorks Summit
 
Dhcp2003
Dhcp2003Dhcp2003
Dhcp2003
Rakesh Sharma
 
Web-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN ControllerWeb-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN Controller
Eswar Publications
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
Symantec
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Maganathin Veeraragaloo
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Tal Lavian Ph.D.
 
Experience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflowsExperience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflows
Thilina Gunarathne
 
Containing Chaos
Containing ChaosContaining Chaos
Containing Chaos
Juniper Networks
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
Vahid Sadri
 
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Juniper Networks
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
Zivaro Inc
 
Distributed Computing Environment
Distributed Computing EnvironmentDistributed Computing Environment
Distributed Computing Environment
Purushottam Dahal
 
Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...
Principled Technologies
 

What's hot (20)

CDM Playbook
CDM PlaybookCDM Playbook
CDM Playbook
 
Unit 3
Unit 3Unit 3
Unit 3
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
 
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
The CMS Online Cluster: 
 Setup, Operation and Maintenance 
 of an Evolving C...
 
Data Center Network Trends - Lin Nease
Data Center Network Trends - Lin NeaseData Center Network Trends - Lin Nease
Data Center Network Trends - Lin Nease
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
IRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual ServerIRJET- Load Balancing Cluster based on Linux Virtual Server
IRJET- Load Balancing Cluster based on Linux Virtual Server
 
BigData Clusters Redefined
BigData Clusters RedefinedBigData Clusters Redefined
BigData Clusters Redefined
 
Dhcp2003
Dhcp2003Dhcp2003
Dhcp2003
 
Web-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN ControllerWeb-Based User Interface for the Floodlight SDN Controller
Web-Based User Interface for the Floodlight SDN Controller
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
 
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
Popeye - Using Fine-grained Network Access Control to Support Mobile Users an...
 
Experience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflowsExperience with adapting a WS-BPEL runtime for eScience workflows
Experience with adapting a WS-BPEL runtime for eScience workflows
 
Containing Chaos
Containing ChaosContaining Chaos
Containing Chaos
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
 
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...Network Configuration Example: Configuring Assured Forwarding for High-Defini...
Network Configuration Example: Configuring Assured Forwarding for High-Defini...
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
Distributed Computing Environment
Distributed Computing EnvironmentDistributed Computing Environment
Distributed Computing Environment
 
Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...Dell CloudIQ provides a single console for proactive monitoring and had negli...
Dell CloudIQ provides a single console for proactive monitoring and had negli...
 

Similar to JaySexton_IT326_IP5

Virtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - JoeVirtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - Joe
tovmug
 
#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown
vdmchallenge
 
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptxAdvanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
Service Solutions Pvt. Ltd. (SSL)
 
jsansevero9_23_16
jsansevero9_23_16jsansevero9_23_16
jsansevero9_23_16
Joe Sansevero
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
todd581
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
glendar3
 
#VirtualDesignMaster 3 Challenge 1 – James Brown
#VirtualDesignMaster 3 Challenge 1 – James Brown#VirtualDesignMaster 3 Challenge 1 – James Brown
#VirtualDesignMaster 3 Challenge 1 – James Brown
vdmchallenge
 
Examen1ccna3v5.0
Examen1ccna3v5.0Examen1ccna3v5.0
Examen1ccna3v5.0
Juan Carlos Banegas
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answers
ccna4discovery
 
Distrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_PaperDistrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_Paper
Thomas Mehlhorn
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related Issues
Eswar Publications
 
SDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic ConceptsSDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic Concepts
Eswar Publications
 
Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.
Waqar Sheikh
 
PCA_Admin_Presentation-1.pptx
PCA_Admin_Presentation-1.pptxPCA_Admin_Presentation-1.pptx
PCA_Admin_Presentation-1.pptx
ssuser21ded1
 
Resume
ResumeResume
Resume
yadavprem
 
ComputerNetworksAssignment
ComputerNetworksAssignmentComputerNetworksAssignment
ComputerNetworksAssignment
Rebecca Patient
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
GREAT MINDS
GREAT MINDSGREAT MINDS
GREAT MINDS
Sione Taukinukufili
 
En35793797
En35793797En35793797
En35793797
IJERA Editor
 

Similar to JaySexton_IT326_IP5 (20)

Virtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - JoeVirtual Design Master Challenge 1 - Joe
Virtual Design Master Challenge 1 - Joe
 
#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown#VirtualDesignMaster 3 Challenge 3 – James Brown
#VirtualDesignMaster 3 Challenge 3 – James Brown
 
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptxAdvanced Design and Optimization of Data Center Interconnection Networks.pptx
Advanced Design and Optimization of Data Center Interconnection Networks.pptx
 
jsansevero9_23_16
jsansevero9_23_16jsansevero9_23_16
jsansevero9_23_16
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
 
#VirtualDesignMaster 3 Challenge 1 – James Brown
#VirtualDesignMaster 3 Challenge 1 – James Brown#VirtualDesignMaster 3 Challenge 1 – James Brown
#VirtualDesignMaster 3 Challenge 1 – James Brown
 
Examen1ccna3v5.0
Examen1ccna3v5.0Examen1ccna3v5.0
Examen1ccna3v5.0
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answers
 
Distrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_PaperDistrix_Software_Defined_Infrastructure_White_Paper
Distrix_Software_Defined_Infrastructure_White_Paper
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related Issues
 
SDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic ConceptsSDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic Concepts
 
Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.
 
PCA_Admin_Presentation-1.pptx
PCA_Admin_Presentation-1.pptxPCA_Admin_Presentation-1.pptx
PCA_Admin_Presentation-1.pptx
 
Resume
ResumeResume
Resume
 
ComputerNetworksAssignment
ComputerNetworksAssignmentComputerNetworksAssignment
ComputerNetworksAssignment
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
GREAT MINDS
GREAT MINDSGREAT MINDS
GREAT MINDS
 
En35793797
En35793797En35793797
En35793797
 

JaySexton_IT326_IP5

  • 1. Running head: NETWORK INFRASTRUCTURE ADMINISTRATION 1 IT326-1401B-01: Network Infrastructure Administration Phase 5 Individual Project Jay T Sexton March 24, 2014 Portions of this assignment had previously been submitted during IT245 Introduction to Network Management on 26 December 2013 with Mohammed Majid.
  • 2. NETWORK INFRASTRUCTURE ADMINISTRATION 2 Table of Contents Target Organization ..................................................................................................................... 3 Proposed Network Solution......................................................................................................... 5 Proposed Hardware Components........................................................................................... 5 Proposed Software Components ............................................................................................ 6 Network Design ........................................................................................................................... 7 Network Hardware Components............................................................................................ 7 Network Software Components............................................................................................. 8 Network Diagram....................................................................................................................... 10 Installation and Configuration ................................................................................................... 11 Maintenance and Troubleshooting............................................................................................. 17 Daily Maintenance ............................................................................................................... 17 Weekly Maintenance............................................................................................................ 18 Monthly and Quarterly Maintenance ................................................................................... 19 Network Monitoring ............................................................................................................ 20 Network Problem Scenarios................................................................................................. 21 Remote Access........................................................................................................................... 23 Remote Access Connectivity ............................................................................................... 23 Administration Remote Connectivity .................................................................................. 24 Network Pro Prep Toolkit.......................................................................................................... 27 References.................................................................................................................................. 28
  • 3. NETWORK INFRASTRUCTURE ADMINISTRATION 3 Target Organization The organization that this network implementation plan will cover is a military Army Aviation Brigade that is a subordinate unit to 3rd Infantry Division. The Brigade’s name is 3rd Calvary Aviation Brigade (3CAB). This army unit is based at Hunter Army Airfield. It is a satellite installation in downtown Savannah, Georgia that is controlled by Fort Stewart’s 3rd Infantry Division. “3CAB join the 3rd Infantry Division on February 16, 1996 and became the air asset for the 3ID” (Stewart, 2014). The organization has five subordinate organizations that are commanded by the Brigade but are stationed at Hunter Army Airfield as well. The Brigade is comprised of 10,450 soldiers and 1287 civilian contractors that conduct daily aviation operations. Most of these personnel need internet and phone access during their periods of work both at Hunter Army Airfield and while deployed to foreign countries. The unit has two network infrastructure requirements that they need in order to conduct mission essential operations. The organization requires an unclassified network to operate when back at home station. This network is in place and controlled by the Department of Information Management (DOIM) government agency. They also need a classified network infrastructure. Sexton’s Inc was hired to design and develop a network infrastructure to bring 3CAB into the fast paced digital network communications century. Currently the Brigade has eight Hewlett Packer 308 server blades with two NetAPPS, Fast Access San (FAS) 270 Storage devices, and four Cisco 12 port 10T based switches that they use while at home station and when deploy to support their war time missions. When the Brigade deploys all the subordinate Battalions deploy also and can be spread across extremely large areas of operations. Sexton’s Inc, the 3 CAB Commander, subordinate Battalion Commanders and each organizations staff’s in order to work out all hardware, software, and support requirements for two new tactical network infrastructures.
  • 4. NETWORK INFRASTRUCTURE ADMINISTRATION 4 3CAB will need a deployable unclassified network infrastructure providing internet connections to the worldwide web so soldiers can communicate back home with family and friends as well as stay up with world events and even pay bills and manage finances. 3CAB will also need a classified network infrastructure that will be a standalone network infrastructure, but connect to higher organizations to share tactical information with any and all units that need that secure classified information.
  • 5. NETWORK INFRASTRUCTURE ADMINISTRATION 5 Proposed Network Solution Sexton’s Inc., after the meeting with the senior management, stakeholder’s, hardware, software’s, location, and user’s assembled all the wanted and needed requirements that was presented for the design, development and implementation of the two new network infrastructures that would best suite 3 CAB both at home station and deployed. The solution that Sexton’s Inc. proposes to #CAB is that we implement a complete Hardware and software upgrade while continuing to use the older systems until all new systems are setup, configured, and all data has been migrated from the older systems to the newer systems. Proposed Hardware Components It is proposed that all current servers be replaced with Dell 1130 Dart Frog rugged server blades which has “2 X intel Xeon processors, 96 gigabyte of memory, 2 X 40gigabyte 2.5 Serial ATA II solid state drives, 10 network interface cards, intel Gigabit quad port Ethernet adapter, and an LSI 3081E-R add-in Raid controller” (Dell, 2014), in a ruggedized carry case. The NetAPPS FAS270 storage devices be replaced with the NetAPPS FAS2240 storage area network device. The FAS2240 has “24x 3terabyte hot swappable SATA 300 hard drives, 4 Ethernet 10base-T/100Base-T/1000Base-T ports, 6 gigabytes of cache, and configurable as RAID 4, 6, or DP”(CNET, 2014). The four Cisco 12 port switches will be replaced with Cisco Catalyst 2950 switches. These switches have 24 ports which are fast Ethernet , full duplex capability, VLAN supportable, Auto sensing, auto negotiation with 16 megabytes of random access memory (RAM), and 8 megabyte of flash memory.
  • 6. NETWORK INFRASTRUCTURE ADMINISTRATION 6 Proposed Software Components It is also proposed that this network operate in a virtual environment using VMWare 5.1 version ESXi virtual software. Within this virtual environment each virtual machine will use Windows Server 2008 R2 operating systems. All enterprise applications such as Active directory, Exchange 2010, SharePoint 2010, SQL 2008, DOMAIN Name Systems (DNS), Dynamic Host Configuration Protocol (DHCP), and Windows Internet Name System (WINS). As the network is setup it is proposed to use IP routing be configured to allow all necessary protocols to be opened, accessible and used as applications need them when transferring data. It is important to use DHCP to retrieved system IP addresses for the both network but there will be some client workstations that will require static IP addressing in order to route to the proper servers and to allow interaction between clients. It is also proposed that during logging into the clients and those clients sending traffic across the network that certificate service be active and require authentication across the network. Finally it is proposed that during the implementation of the newer network that the older network continues to operate to allow for continue network operations. This technique will allow proper setup and configuration of the new systems. While operating both for a short timeline data will be able to be migrated from the older software platforms into the newer virtualized operating system virtual machines. The process of operating both server environments together will migrating data will prevent or reduce operational downtime for the organization. This new upgrade will provide a more robust network infrastructure while reducing the overall footprint of servers for the unit. Since these server suites are in rugged plastic carrying cases it makes it easier to use in home station and while deployed to off-site locations
  • 7. NETWORK INFRASTRUCTURE ADMINISTRATION 7 Network Design The network Design for 3rd Cavalry Aviation Brigade (3CAB) of the United States Army stationed at Hunter Army Airfield in down town Savannah will provide a detailed description of the proposed network infrastructure. 3CAB is a unit that is assigned to provide helicopter support to any mission anywhere in the world. 3CAB needs a network infrastructure that is both used in home station and can rapidly be deployed to support conflicts as needed. Anytime you talk about a network infrastructure you must also talk about DOMAIN forest, Active Directories, Network Protocols, Dynamic Host Configuration Protocol (DHCP), Internet Protocol Routing, Domain Name System (DNS), Windows Internet Name Service (WINS) and Certificate Services. One might ask why these are important. These are the backbone protocols, systems and services that are required for a network to operate. Network Hardware Components The 3CAB organization will require an independent network which will use a specific Internet Protocol (IP) address Schema and IP routing to communicate across the network. The purposed network architecture will consist of four deployable tough boxed server stack’s which will contain two Dell 1130 1U Rugged Dart Frogs server blades sporting two Intel Xeon E5645 Processors that has 12M Cache, 2.40 GHZ operation speed. Each blade has “96 Gigabyte of DDR3 Memory operating at 1333MHz LV, two 40 Gigabyte 2.5 Serial ATA II Solid State Drives, ten Network Interface cards (NICs), an Intel Gigabit Quad Port Ethernet adapter, using a LSI 3081E-R add-in RAID controller” (Dell, 2014). Each Stack will also have a NetApps Flash Accel Server (FAS) 2240 unified storage device for Storage Area Network (SAN) or Network- attached Storage. This storage device will contain a “dual controller which will support 24 hard drives (12 per controller) for a total of 576 terabyte of storage for all kinds of data. The FAS
  • 8. NETWORK INFRASTRUCTURE ADMINISTRATION 8 2240 will also have 12 gigabyte of ECC memory 8 onboard GbE and 4 onboard SAS ports, 2 dual-port 8/4/2 gigabyte FC disk and 2 Dual port 10GbE Ethernet adapters” (NetApp, 2014). All four stacks will also have a Cisco Catalyst 2960-48TC 48 port “Fast Ethernet remote manageable switches with 32 megabyte of flash memory, 8K MAC address table entries that uses SSL encryption as well as having the secure shell (SSH), RADIUS, and TACACS authentication methods” (Vology, 2014). Each server stack will also have a APC universal power supply for extended power availability in case of a loss of power source. To complete the network infrastructure the 3CAB will have two Cisco routers, a Intrusion Detection System, a Intrusion Prevention System, and a firewall device to use between their network architecture and their Joint Network Node which has a transceiver and receiver server that will be the packet switching device for the network. The network will also have cisco IP phones for telephony communications across the network Infrastructure. Network Software Components These servers will use the VMware Linux shell operating virtualization system software on the hardware but will use Microsoft Windows server 2008 R2 in the virtual machines that will be loaded for operations. The unit will need a Active Directory DOMAIN which will use a DHCP server to assign IP addresses to any and all connecting systems. Once the Active Directory has been configured then Organizational units must be established. To connect this DOMAIN to the outside world 3CAB will have to establish a DNS account with the national Communication Center at Fort Gordon and then setup a DNS server connection to publish the units IP routing schema to the outside agencies. Since this network infrastructure will be on a classified closed network there will be no requirement for WINS services. The main protocols that are already built inside of Windows server is Internet Protocols (IP) Transmission Control
  • 9. NETWORK INFRASTRUCTURE ADMINISTRATION 9 Protocol (TCP) User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), and File Transfer Protocol (FTP) are just a few named. During the configuration of the network switches and routers the ports that these protocols use to communication must be opened for sending and receiving packets through those ports or nothing will work this is known as the IP routing scheme. Other protocols that are considered lower level are Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP). When clients are added to the network each system’s system will establish a link with the local switch or router to retrieve a IP address from the DHCP server and then the DHCP server records the clients MAC address to allow that system to continue to use the specific IP address it collected. Each client will join the DOMAIN and will have to load the DNS servers IP address into either the IPv4 or IPv6 configuration table of that client so it can communication with other sites on the internet. The network will use the Secure Shell (SSH), RADIUS and TACAS authentication processes to gain access to the client system, network and interaction with any and all servers on the network. Each of these systems will have certification services on to allow client to server connections as well as connections to other domains across the network so that data and messages can transit without being halted by improper IP routing protocols.
  • 11. NETWORK INFRASTRUCTURE ADMINISTRATION 11 Installation and Configuration During this section the 3CAB network implementation plan will cover the major component and protocols installation for the network systems. As described in a previous section the Dell dart Frogs server blades and cisco switch are already mounted in a deployable tough box carry case. The NetApps FAS 2240 is also in its own tough box carrying case. Finally the APC universal power supply is in its own tough box carrying case. Each of these three tough boxes stack on top of each other with the UPS as the base with the server blades and cisco switch on top of it and then the NetApps on top of the servers box. Since 3CAB has four stacks all they have to do is remove the front and back covers of each tough box and then make four separate stacks as described in the before sentences. Each server blade is already wired to the switch using Cat 5 shielded twisted pair cabling. Each NetApps FAS 2240 is connected to the switch by fiber optic cabling and all power cables are plugged into a power strip that is plugged into the UPS at the bottom of the stack which draws it power from either a generator or fixed facility power source. The servers already have a Linux shell operating system which is the VMWare ESXi software which allows the use of Microsoft Windows Server 2008 R2 operating system. To install the operating system simply insert the OS disk into the virtual DVD drive and then reboot the server and press F12 to select the CD/DVD drive and then allow the server operating system to complete its installation and prep. Once the server OS is install then it is important to have an idea of what major protocols are already designed in windows server. The following is a list of the some of the most used protocols:  Transmission Control Protocol/Internet Protocol (TCP/IP) suite,  User Diagram Protocol (UDP),
  • 12. NETWORK INFRASTRUCTURE ADMINISTRATION 12  NetBios Enhanced User Interface (NetBEUI),  Internet Network Packet Exchange/Sequential Packet Exchange (IPX/SPX)  File Transfer Protocol (FTP)  Hypertext Transfer Protocol (HTTP)  Simple Mail Transfer Protocol (SMTP)  Domain Name Service (DNS)  Dynamic Host Configuration Protocol (DHCP)  Routing Information Protocol (RIP)  Simple Network Management Protocol (SNMP)  Internet Control Messaging Protocol (ICMP)  Address Resolution Protocol (ARP)  Bootstrap Protocol (BOOTP)  Real-time Transport Protocol (RTP) These are just a handful of protocols that will be used or need configuration for them to operate. A protocol is “Set of rules or language use by computer and networking devices to communicate with one another” (escotal, 2013). Most of the protocols are already for use with the installation of the windows server and client operating systems. The NetApps uses a “Linux shell” (Sandirect, 1999) that provides windows operating system support. This device comes from the manufacturer with it own internetwork operating system. There is no installation required. The Internetwork operating system requires the use of HyperTerminal and putty application to gain access to storage device to conduct reset and configuration procedures. The protocols used by the NetApps are Common Internet File System (CIFS) Protocol, Fiber Channel protocol, Internet Small Computer Systems Interface (iSCSI), and Network File System V2, V3, V4 Protocols. All Cisco switches use the Cisco internetwork operating system. These devices also come preloaded from the manufacturer as well and they also require the use of HyperTerminal or putty to conduct reset and configuration of the switches
  • 13. NETWORK INFRASTRUCTURE ADMINISTRATION 13 and routers. The servers and FAS2240 storage area network devices connect directly to the switches and the switches connect to the routers for the transmission of data and message traffic. These are some protocols “Routing Information Protocol (RIP), Open Shortest Path First (OSPF) , TCP/IP (Transmission Control Protocol/Internet Protocol), EIGRP (Enhanced Interior Gateway Routing Protocol), passive FTP, Intermediate system to intermediate system (IS-IS), Exterior Gateway Protocol (EGP), Interior Gateway Protocol (IGP), registered port numbers, IPX (Internetwork Packet Exchange), frame” (escotal, 2013). The IDS, IPS, and Firewall will be installed along the network path between the outside router and the demilitarized Zone just before the Joint Network Node trailer mounted satellite Disc Each of these devices also come pre-installed with their operating systems but still require the same applications to reset and configure as the before mentioned hardware devices. As for the clients system to accomplish the operating system you repeat the same steps with each laptop as you did with the servers. Place the OS disk in the DVD drive and reboot the system pressing F12 and choosing the DVD drive to begin the installation process. Then system prep is required prior to operations. The clients use similar protocols as the servers do to be able to operate. In the configurations considerations for each server and client it is important to ensure that all protocols ports are open and allowing the flow of data through them. Most are already preset as open, but there are a few that require configuration. The first thing that must be accomplished when configuring the server and client systems is to provide a computer name for the server so it will be identified on any network. Configure the date and time and time zone. Then the monitor resolution settings need to be set. The network card needs to be activated and the network connection configured. To accomplish this, the technician must go to network connections select the properties of either IPv4 or IPv6 configuration option and then assign a
  • 14. NETWORK INFRASTRUCTURE ADMINISTRATION 14 static IP address subnet mass, gateway and DNS IP address to make connection to the network. The server can also be configured by adding the server to a domain that is using DCHP and allow the connection to find its own network IP address, subnet mask, gateway, and DNS address. The host file also will need updating with any other host that may need access to the server or client. The firewall and windows defender need to be set to a secure level to prevent any and all attacks. The internet browser will need configuration to ensure the HTTP and HTTPs protocols will allow connections The protocols are used in the configurations of most server and client systems are DHCP, DNS, WINS, BOOTP, ARP, RARP, ICMP, HTTP, HTTPS, and SNMP just to name a few. Routers and switches will require configurations of ports, password establishment, firewall, Internet Group Multicast Protocol(IGMP), Telnet, Network Time Protocol (NTP), Network Address Translation (NAT), and Internet Connection Sharing (ICS) protocols along with the before mention routing protocols. All hardware comes preconfigured with memory, and SATA hard drives that are already formatted with NTFS formats. The following is a list of protocols and their port numbers each use. During the configuration process ensure these ports are open for use: 1 TCP Port Service 21 FTP 22 SSH Remote Login Protocol 23 Telnet 25 Simple Mail Transfer Protocol (SMTP)
  • 15. NETWORK INFRASTRUCTURE ADMINISTRATION 15 53 Domain Name System (DNS) 67 Dynamic Host Configuration Protocol (DHCP) 69 Trivial File Transfer Protocol (TFTP) 80 Hypertext Transfer Protocol (HTTP) 110 POP3 115 Simple File Transfer Protocol (SFTP) 123 Network Time Protocol 137 NetBIOS Name Service 143 Interim Mail Access Protocol (IMAP) 150 NetBIOS Session Service 161 Simple Network Management Protocol (SNMP) 190 Gateway Access Control Protocol (GACP) 389 Lightweight Directory Access Protocol (LDAP) 443 Secure Hypertext Transfer Protocol (HTTPS) 445 Active Directories and Server Message Block (SMB) Protocol One last area to discuss is the ability to remotely access devices and clients across the network. Most people feel that in the configuration of servers and clients as a technician sets the computer name they have the ability to turn on Remote Desktop Protocol (RDP) which allows
  • 16. NETWORK INFRASTRUCTURE ADMINISTRATION 16 clients and servers to remotely login to each other to share data and allow repairs of the software operating systems. The protocols used in gaining remote access are “RDP, Telnet, Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), Point to Point Protocol over Ethernet (PPoE), and File Transfer Protocol (FTP)” (AnswersThatWork, 2008).
  • 17. NETWORK INFRASTRUCTURE ADMINISTRATION 17 Maintenance and Troubleshooting This section of the Network implementation Plan will cover the most important part after the design and that is the maintenance and troubleshooting of the network. Let us break down the network into three areas: Workstation, Server, and Network maintenance. When should each of these required maintenances take place? Here in this document we break down these three areas into four stages of scheduled maintenance for 3 CAB’s network. The four stages are Daily, weekly, monthly and quarterly maintenance. We will also mention all the network operations that will be monitored, all collected information and what that information might mean as it relates to potential issues. Daily Maintenance During daily maintenance every operator of each will wipe down the outside of each hardware piece and give it a daily once over to ensure there are no broken pieces of exterior hardware. Then the operator will start each workstation and monitor the startup making sure there are no operating system malfunctions during startup. Once the workstation is up and operational then the operator will ensure they can log into the network using their username and password and monitor any and all errors that might be shown in the task bar bubble message. Then the operator will constantly monitor the operations of each software application to ensure it works as it is supposed to. The operator should be trained to check the event and application logs of the workstation as well to identify problem areas. If there seems to be a problem then the operator will submit a trouble ticket to the system administrator for maintenance support. The maintenance support team will perform daily checks of the servers conducting exterior inspections for the servers, switches, routers, UPS, and NetApps looking for any fault
  • 18. NETWORK INFRASTRUCTURE ADMINISTRATION 18 light indicator that would present a potential issue. Then the team adds any new user to the active directory and establishes a new user/computer account for each new user. Then the team will check the events and applications server logs, firewall logs, intrusion detection system (IDS) logs, intrusion prevention system (IPS) logs, logical unit number (LUN) logs, core file permissions, hard disk space, access control list, and all information assurance violations. Once that is complete the support team will troubleshoot and repair all hardware and software issues submitted found in any logs or referenced by the trouble ticket process. The 3CAB maintenance support team will use the “Server Center operations Manager 2012 application which performs monitoring and management of applications like Active directory, SQL server, Exchange Server, IIS web server, SharePoint, Office suite applications as well as configuration logs of all network hardware devices” (eG, 2014). Weekly Maintenance Weekly maintenance will cover workstation, server and network maintenance procedures performed by the maintenance support team. They will conduct remote management maintenance, run antivirus software checkups, and virus scans. They will ensure scheduled defragmentation processes and hard disk cleanups are conducted during low peak hours. They will physically and visibly check disk space utilizations, application functionality, switches, routers, hubs, print servers, printers, plotters, and conduct internet file purges. The maintenance support team will perform incremental backups and snapshots of Exchange, SharePoint and SQL databases, and incremental backups of Microsoft server operating systems.
  • 19. NETWORK INFRASTRUCTURE ADMINISTRATION 19 Monthly and Quarterly Maintenance During this maintenance time the unit will submit a automation service interruption request to the senior staff to approve downtime for the servers to conduct a complete cleaning of all server blades, NetApps, and UPS to remove sand, dust, and dirt to help reduce the operating temperature. During this time any hardware failures will be removed and repaired or replaced and all data migrated over to the new hardware. The maintenance support team will troubleshoot hardware and software issues, conduct antivirus software checkups, check firewall rules and logs, syslogs, conduct IDS and IPS log analysis. The team will perform full backups of each server system, check complete security policies and rules, perform redundancy checks and apply all necessary updates, service packs and security patches to make sure the network is in information assurance compliance. The team will scan all clients to ensure they all have their newest updates, service packs and security patches and then “deploy them downward through the Windows Server Update Services (WSUS)” (technet, 2014) and System Center Configuration Manager (SCCM) which “enables third party software deployment, system compliance setting management, and assessment management of servers, desktops, laptops and mobile devices on the network” (technet. 2014). During this maintenance time the maintenance support team will check all traffic transmission logs using and application called wire shark. Then they will remove old accounts from active directory, remove old mailboxes from exchange, clean out the trash cans and conduct content management of SharePoint application as well as and conduct SQL shrink commands and then snapshot all to the disaster recovery storage server.
  • 20. NETWORK INFRASTRUCTURE ADMINISTRATION 20 Network Monitoring Once your maintenance and troubleshooting schedule has been laid out the next thing to consider is what will you be monitoring? It is important to monitor user login’s to avoid any security breach issues. In active directory you can set a policy that will lock a user’s account after three wrong username or password entries. This is accomplished by setting a policy rule in the AD telling the system to only allow three login attempts. After the third attempt the user’s account will be disabled and they will be locked out. This will require submitting a trouble ticket and a personal visit to get it re-established. The meaning of this information is to avoid insider attacks. The next thing that is important to monitor is network data. This can be accomplished by many different monitoring applications which work off the SNMP protocol. Using SNMP you can monitor switches, routers, firewalls, IDs, and IPS devices. The top rated network monitoring tool that 3CAB uses is solar winds and wire shark to layout a network mapping diagram and monitor operations. 3CAB can monitor all types of data and messages by capturing packets, filtering packets and inspecting packets that are sent across the network. The information of all transferred data and messages is presented in a display user interface window, displaying information like time source, destination, protocol used, length and other details to help identify who sent it and to whom it was meant for. These two applications allows all information to be color coded to show TCP traffic, DNS, UDP, Telnet, ARP and many other protocol transmissions. The meaning in monitoring this network traffic is to ensure no traffic collisions, no packet losses, and to proper bandwidth capacity and utilization. The final and most important thing to monitor is attacks, this can be accomplished by having an IDS and an IPS in your network. The IDs reviews all in and out bound network activity for
  • 21. NETWORK INFRASTRUCTURE ADMINISTRATION 21 suspicious patterns that is identifiable as a network attack. You monitor for DDSS, DSS, Buffer flows, man-in-the middle and other attacks that could stop or slow down the network. The meaning for this information is to help stop or prevent network interruptions. Network Problem Scenarios Trouble ticket one states operator’s workstation gives error that There is an IP address conflict with another system on the network. To troubleshoot this issue first asked if this system has been off the network for a period of time if so then the DHCP server issued the IPaddress to another system to troubleshoot who simply go to my computer, right click select manage the view the event viewer until you find the DHCP error entry. Look for the MAC address of the system that is currently using the IP address. Then if you need to fix it right away then from a command prompt just type IPCONFIG/Release to let go of the IP address and then type IPCONFIG/ Renew to establish a new IP address for the user. Trouble ticket comes in user types in an http address and continues to get the Microsoft error screen. Troubleshooting steps are check to see if they have network connectivity in the Open Network and Sharing Center. If they do then select the change adapter settings, look at the IPv4 properties and verify that the system has a DNS address. Or you can from a command prompt type IPCONFIG /ALL to view if they do are not. If all is well then open Internet explorer and check the security settings of the browser and in the options tab ensure all TSL and SSL options are selected. Trouble ticket comes in all traffic is stopping at the DMZ router and being turned back. Remote access the router using HyperTerminal or putty and check the configuration of the IOS
  • 22. NETWORK INFRASTRUCTURE ADMINISTRATION 22 and access control list to ensure the user can send and receive traffic across the network. If user is in the ACL then check port number to see if it is opened or closed.
  • 23. NETWORK INFRASTRUCTURE ADMINISTRATION 23 Remote Access In this section of the 3CAB3ID network implementation plan, the unit decided that the most important feature they would need for their network would be to use remote connectivity on their network. What is remote connectivity? “Remote connectivity is a new kind connectivity which is non-dependent on connection locations while still being able to utilize network features” (CTU Online, 2014). Now that we know the definition of remote connectivity, what is it all about? In today’s busy world of networks organizations need to allow technicians remote repair capabilities as well as other employees having access to network features while they are away from the organization. 3CAB feels they will need to manage, troubleshoot, maintain, repair as well as allow access to their network by using remote connectivity features. They will use remote access servers (RAS), remote access protocols, remote control (RDP), Virtual network computing (VNC), Web portals, and Virtual private networks (VPN) to accomplish their needs. Remote Access Connectivity The three remote connectivity features that will be used to allow soldiers to connect back to the network will be the remote access server, Virtual private network, and Web portals. The RAS and the Web portal are virtual machines setup and configured on a dell dart frog hardware server blade. Virtual Private Network is on both a server blade and on each client that is authorized to make connections to the unit’s network. The application that has these features is Microsoft windows. It uses the routing and remote access service software to make connection to
  • 24. NETWORK INFRASTRUCTURE ADMINISTRATION 24 the network using a DSL or broadband provider. Each user must dial into the Remote access server to authenticate and receive authorization to make their connections to share data and access files. The second type of remote connectivity is the virtual private network. VPN connections allow users to log in to an organizations intranet through a secure connection across a public network. So basically we are looking at a remote access VPN. This connection requires two components to properly work. They are a “network access server (NAS) and a remote access server (RAS)” (Tyson&Crawford, 1998) these two servers will allow connection directly to the intranet and the overall network. The last way users can remotely gain access is through Web portals. Microsoft Exchange and SharePoint allow users to gain direct access to the organizations exchange servers to be able to check emails and to the organizations actual SharePoint portal to access needed data and hang and extract files, pictures, and databases. These remote connectivity features are the most common features used to gain access to an organization you work for. Administration Remote Connectivity As we covered maintenance and troubleshooting there are three remote connectivity features that 3CAB will use only within the organization. These features will allow remote access, repair and troubleshooting to be conduct off site from the actual problem. The three remote connectivity’s features are Remote access protocols, Remote control and virtual networking computing. Telnet is used to make direct connections to features and applications in order to conduct repairs, troubleshoot and maintain proper operations of the network. FTP and
  • 25. NETWORK INFRASTRUCTURE ADMINISTRATION 25 TFTP can be used to transfer files from one system to the next and then Telnet can be used to deploy those files on a remote system. Remote control is another feature that can be used to gain a direct desktop connection to a system in order to take complete control of an operating system to conduct repairs, troubleshooting and help maintain all software applications on the remote system . This feature is also found in Microsoft windows. It is called remote desktop connection and can be found in the accessories directory. To use all you have to know is the systems IP address or host name to gain access to any remote system. The last feature is a separate application called Virtual Network Computing. This remote access application works identical to remote desktop and will allow the maintenance team takes complete control of a remote computer to conduct repairs, troubleshoot and maintain operating environments and applications integrity. VNC requires a server on a server blade and then the client version be added to all clients so the administrator can remote in and conduct maintenance of the remote system. 3CAB3ID is very big on security that is why they will not use just dial-up networking. It is the least secure method for access any network. The remote access server will use the proper authentication and authorization of a login and password and if setup with a third party token key it could be extremely secure security method of gaining access. “One sure way to secure the RAS is to use a function called call back. This works by when a user calls into the units network they use a login and password, then the server disconnects them and calls their number back. This makes this connection secure because it is hack proof” (PCMicro, 1995). Virtual private
  • 26. NETWORK INFRASTRUCTURE ADMINISTRATION 26 network is like a network within a network it functions across a public network but the files and data is encrypted as it travels across the network and requires the key at the other end to access. It uses Internet protocol security (IPsec), Layer 2 tunneling Protocol, Transport Layer security (SSL/TLS) Microsoft point-to-point encryption (MPPE), Point-to-point tunneling Secure Shell (SSH) and OpenSSH to secure remote connections. Web portals also require login and passwords to gain access so they are extremely secure. The one major component that will breach security is always the user. The remote access protocols, remote control and VNC will always be secure because they will only be used to gain access to any system on the units network and will not be used as an outside source to remote connectivity. Maintenance and troubleshooting these remote connectivity’s is not really complicated because once all setup and configurations have been set on the servers and clients then as long as no one makes changes to the connection configurations the connection should always work. If one was to ever have an issue then the system administrator should use Telnet, Remote desktop connection or VNC to remote into the client to troubleshoot the VPN or RAS connections and make changes so the client will again be able to connect to the network.
  • 27. NETWORK INFRASTRUCTURE ADMINISTRATION 27 Network Pro Prep Toolkit Week 1 0.1 Course Introduction No Exam 0.2 Using the Simulator No Exam 1.1 Networking Overview 1.2 Network Topologies
  • 28. NETWORK INFRASTRUCTURE ADMINISTRATION 28 Week 2 4.1Ethernet 7.1 WAN Concepts
  • 29. NETWORK INFRASTRUCTURE ADMINISTRATION 29 7.2 Internet Connectivity Week 3 1.3 Protocols
  • 30. NETWORK INFRASTRUCTURE ADMINISTRATION 30 1.4 Network Connections 1.5 The OSI and TCP/IP Models
  • 31. NETWORK INFRASTRUCTURE ADMINISTRATION 31 Week 4 2.1 Twisted Pair 2.2 Coaxial Cable
  • 32. NETWORK INFRASTRUCTURE ADMINISTRATION 32 2.3 Fiber Optic 2.4 Wiring Implementation
  • 33. NETWORK INFRASTRUCTURE ADMINISTRATION 33 Week 5 6.1 Wireless Concepts 7.1 Remote Access
  • 35. NETWORK INFRASTRUCTURE ADMINISTRATION 35 References AnswersThatWork.com. (2008). List of common TCP/IP port numbers, Retrieved 09 March 2014 from http://www.answersthatwork.com/ ownload_Area/ATW_Library/Networking /Network__2-List_of_Common_TCPIP_port_numbers.pdf c/net.com. (2014). NetApp FAS2240-4 specs (network storage server), Retrieved 23 February 2014 from http://reviews.cnet.com/search-results/netapp-fas2240-4-network/4507-5_7- 35175839.html CTU Online. (2014). MUSE. CTUO, Virtual campus, IT326-1401B-01 Network Infrastructure Administration. Phase 5 Remote Connectivity. Retrieved from https://mycampus.ctuonline.edu Dell.com. (2014). Dell OEM 1130, Retrieved 23 February 2014 from http://www.dell.com/learn/us/en/555/oem/dell-oem-1130-server Dell.com. (2014). Dell OEM 1130, Retrieved 02 March 2014 from http://www.dell.com/learn/us/en/555/oem/dell-oem-1130-server eG Inovations.com. (2014). Universal Microsoft SCOM Management Pack Enables End-to-End Monitoring, Retrieved 16 March 2014 from http://www.eginnovations.com/web/eg- microsoft-scom-plugin.htm Escotal.com. (2013). Protocols, Retrieved 09 March 2014 from http://www.escotal.com/protocol.html
  • 36. NETWORK INFRASTRUCTURE ADMINISTRATION 36 NetApps. (2014). NetApp FAS2200 Series Technical Specifications, Retrieved 02 March 2014 from http://www.netapp.com/us/products/storage-systems/fas2200/fas2200-tech- specs.aspx PCMicro. (1995). Using Microsoft Remote Access Service (RAS), Retrieved 23 March 2014 from http://pcmicro.com/support/ras.html Sandirect.com. (1999). NetApp FAS2240-2 Universal Storage System, Retrieved 09 March 2014 from http://www.sandirect.com/netapp-fas2240-2-universal-storage-system-p- 1765.html?_kk= fas2240&_kt=66354ddf-28bd-41a5-afbe-e28b9bf23197&gclid=CIj6_ OeVib0CFclDMgodqy4A _w Stewart.army.mil. (2014). 3rd Combat Aviation Brigade History, Retrieved 23 February 2014 from http://www.stewart.army.mil/units/history.asp?u=3CAB Technet.microsoft.com. (2014). Windows Server Update Services, Retrieved 16 March 2014 from http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx Technet.microsoft.com. (2014). System Center Configuration Manager, Retrieved 16 March 2014 from http://technet.microsoft.com/en-us/systemcenter/bb507744.aspxVology.com. (2014). Cisco WS-C2960-48TC-L Switch - Cisco 2960, Retrieved 02 March 2014 from http://www.vology.com/cisco/network-switches/ws-c2960-48tc- l?utm_source=Google&utm_medium=Feed&utm_term=WS-C2960-48TC- L&utm_content=628.00&utm_campaign=Cisco&gclid=CNyL3IjD97wCFYZAMgodaB EADQ
  • 37. NETWORK INFRASTRUCTURE ADMINISTRATION 37 Tyson, Jeff & Crawford, Stephanie. (1998). How VPNs Work Page 3, Retrieved 23 March 2014 from http://computer.howstuffworks.com/vpn3.htm