Professional Documents
Culture Documents
Proposers
Sankar/ Mandeep
Project Proposal NET200
Executive Summary
The there4 travel is a new travel agency to be based at Christchurch airport with a branch in
Nelson. The agency wants to implement Information Technology (IT) services at the Christchurch
head office and operate a server based, centrally managed solution to Head Office and the Nelson
branch.
Internet access
A dedicated line to the Airline Booking System from the Christchurch head office
Email
Research on using virtual private networks for corporate purposes
This proposal aims to design a simple, medium sized network for the there4 travel travel agency
based on their RFP.
networkfalcons.wordpress.com
1
Project Proposal NET200
Table of Contents
Executive Summary................................................................................................................................. 1
Project Charter ........................................................................................................................................ 4
Background ............................................................................................................................................. 6
Analysing Business & Technical Goals .................................................................................................... 7
Business goals ..................................................................................................................................... 8
Technical goals .................................................................................................................................... 8
Scope Statement ..................................................................................................................................... 9
Work Breakdown Structure .................................................................................................................. 10
Physical network diagram ..................................................................................................................... 11
Logical network diagram ....................................................................................................................... 12
Network naming convention ................................................................................................................ 13
Networking device specification and cost ............................................................................................ 14
Router ............................................................................................................................................... 14
Switch ................................................................................................................................................ 15
Router configuration ............................................................................................................................. 16
Router 1 ............................................................................................................................................ 16
Router 2 ............................................................................................................................................ 17
Router 3 ............................................................................................................................................ 17
Subnetting Plan ..................................................................................................................................... 18
Subnet in Christchurch ...................................................................................................................... 18
Subnet in Nelson ............................................................................................................................... 18
Subnet between two Routers ........................................................................................................... 18
Subnet in DMZ .................................................................................................................................. 18
Security plan ......................................................................................................................................... 19
Physical device security .................................................................................................................... 19
Logical security .................................................................................................................................. 19
Logical access controls ...................................................................................................................... 19
Firewalls ............................................................................................................................................ 19
Infrastructure and Data integrity ...................................................................................................... 20
Security awareness training .............................................................................................................. 20
Firewall information/configuration ...................................................................................................... 20
networkfalcons.wordpress.com
2
Project Proposal NET200
Firewall Configuration....................................................................................................................... 21
Software Plan ........................................................................................................................................ 21
User access diagram ............................................................................................................................. 22
Backup/Disaster recovery plan ............................................................................................................. 23
Merits/ Demerits using VPN ................................................................................................................. 24
Introduction ...................................................................................................................................... 24
Site-to-Site VPN................................................................................................................................. 24
Point-to-Point VPN ............................................................................................................................ 24
MPLS VPNs ........................................................................................................................................ 25
Merits / Demerits .............................................................................................................................. 25
Conclusion ......................................................................................................................................... 25
networkfalcons.wordpress.com
3
Project Proposal NET200
Project Charter
Project start date 2st Aug 2010 Projected finish date 27th Aug 2010
Project Objectives
To design a simple, medium sized network for the there4 travel travel agency based on their RFP.
This includes the following tasks,
Approach
Accomplish the above objectives before one week of the proposal submission date
Develop detailed analysis of the companys requirement, design the network and report to
the Project Sponsor
Communicate with the project team and the project sponsor for the updates
Maintain the progress of the project using a blog in a weekly basis
Use the internal staff as much as possible for planning and organising the project
networkfalcons.wordpress.com
4
Project Proposal NET200
Sign-off
(Sankar) (Mandeep)
Comments
This project must be done a week before the date of proposal submission date. Mandeep, Project
Manager.
We are assuming that adequate resource will be available and committed to supporting this project. This
project is expected to complete before the deadline without any barriers. Sankar, Project Manager.
networkfalcons.wordpress.com
5
Project Proposal NET200
Background
Network Falcons (NWF) is one of the leading providers of Information Technology services around
New Zealand for past 10 years. Our clients are all over the globe and still their projects are handled
by our team with 100% success.
NWF sector knowledge spans almost every area of the economy. From the reporting and compliance
requirements of the government and its agencies, through to the highly regulated health sector and
internationally focused needs of our rural companies, NWF combines deep experience with true
understanding to deliver powerful and proven ICT solutions.
NWF have got experience working with Small and Medium level Enterprises (SMEs) using the latest
technologies that are available in the market. Our team has performed well from the day of our first
project and we are happy to share that we have got high user satisfaction rating for the year 2008
and 2009.
NWF is one of the Cisco and Microsoft certified companies in the world. We believe we've
assembled an outstanding group of leaders and managers to guide NWF and its clients. Our motive is
to reduce the cost of the infrastructures and its services in an industry and providing the greater
performance and reliably of our product and services.
networkfalcons.wordpress.com
6
Project Proposal NET200
there4 travel is a new travel agency to be based at Christchurch airport with a branch in Nelson. Its
core business is 40% domestic travel bookings and 60% international travel bookings and packages.
IT services for the company is to be at the Christchurch head office and operate a server based,
centrally managed solution to Head Office and the Nelson branch.
In Christchurch
1 x CEO/Manager
1 x Assistant Manager
5 x Travel Agents
In Nelson
1 x Manager
1 x Assistant Manager
2 x Travel Agents
2 x Mobile Travel Agents
networkfalcons.wordpress.com
7
Project Proposal NET200
Business goals
Analysing the business goals of the company, NWF makes sure that the entire network is built by
keeping the following points in mind,
IT services should help the company to provide good service and excellent value for money
to its customers
Implementing IT services should increase revenue to the agency
Reducing the operating costs using IT services
Improve communications between the company and the public
IT services should reduce the elapse time in the business
IT infrastructures and services should provide features to the company to offer better
customer support or new customer services to its clients
NWF will build this network with the following business priorities,
Mobility
Security
Resiliency
Business continuity after a disaster
Technical goals
Understanding the companys core business, and considering the technical goals such as scalability,
availability, performance, security, manageability, usability, adaptability, affordability; the following
trade-off table is designed.
Availability 30
Network performance 20
Scalability 15
Security 15
Affordability 5
Manageability 5
Usability 5
Adaptability 5
Total 100
networkfalcons.wordpress.com
8
Project Proposal NET200
Scope Statement
Servers: If additional servers are required to support this project, they must be compatible with the
network requirements. If it is more economical to enhance the available servers, a detailed
description of enhancements must be submitted to the CEO for approval.
VPN Routers: If the VPN service needs to be implemented in the network, VPN routers/gateways
needs to be ordered and its detailed description document must be submitted to the CEO for
approval.
Project progress report: The progress of the project should be updated regularly on the blog in
weekly basis and weekly progress report must be submitted to the CIO/Project Coordinator.
Team meetings: Arrange team meetings with the project team on weekly basis and find the success
and failures faced by the team in this project.
Technology threat: Aware of the new hardware and software technology updated or launched in the
market, so that project is not out dated on its complete.
Staff increase: If additional staffs are required to support this project, they must be recruited before
two weeks of the expected project starting date. A detailed description of the staffs must be
submitted to CEO for approval.
A detailed description of network and plan according to the RFP must be submitted to CEO for
approval. The CEO must approve a detailed plan describing the additional requirements at least two
weeks before the date of the project initiation.
networkfalcons.wordpress.com
9
Project Proposal NET200
Project
Hardware/Software
builds complete
Prepare Project
Report
Backup solution
networkfalcons.wordpress.com
10
Project Proposal NET200
networkfalcons.wordpress.com
11
Project Proposal NET200
networkfalcons.wordpress.com
12
Project Proposal NET200
networkfalcons.wordpress.com
13
Project Proposal NET200
Specification
General
Depth 11.5 in
Device Type Router
Form Factor External - modular - 2U
Height 3.5 in
Weight 12.8 lbs
Width 13.5 in
Expansion / Connectivity
Expansion Slots Total (Free) 2 ( 2 ) x HWIC 2 ( 1 ) x CompactFlash
Card 1 ( 1 ) x expansion slot
Memory
Flash Memory 256 MB (installed) / 8 GB (max)
RAM 512 MB (installed) / 2 GB (max)
Networking
Compliant Standards IEEE 802.3ah, IEEE 802.1ah, IEEE 802.1ag
networkfalcons.wordpress.com
14
Project Proposal NET200
Miscellaneous
Compliant Standards CISPR 22 Class A, CISPR 24, EN55024,
EN55022 Class A, EN50082-1, CAN/CSA-
E60065-00, ICES-003 Class A, CS-03,
AS/NZS 3548, FCC CFR47 Part 15, EN300-
386, UL 60950-1, IEC 60950-1, EN 60950-
1, CSA C22.2 No. 60065, BSMI CNS 13438
Switch
Specification
General
Manufacturer Linksys
Device Type 24 Port Switch
Enclosure Type Standalone or Rack mount
Networking
Connectivity Technology 10/100 Ethernet
Data Transfer Rate Up to 200 Mbps (In Full-Duplex
Operation)
networkfalcons.wordpress.com
15
Project Proposal NET200
Router configuration
Router 1
Location Christchurch
Login id vyatta
Eth0 172.16.0.10/16
Eth1 192.168.254.193/27
Eth2 192.168.254.161/27
Eth3 172.16.0.30/16
Eth4 192.168.254.97/27
NAT enabled
GW 172.16.0.254
DNS 4.2.2.2
Firewall Enabled
RIP Enabled
networkfalcons.wordpress.com
16
Project Proposal NET200
Router 2
Location Nelson
Login id vyatta
Eth0 192.168.254.162/27
Eth1 192.168.254.129/27
DNS 4.2.2.2
Firewall enabled
Router 3
Location Christchurch
Login id vyatta
Eth0 192.168.254.98/27
Eth1 192.168.254.97/27
DMZ enabled
DNS 4.2.2.2
Firewall disabled
networkfalcons.wordpress.com
17
Project Proposal NET200
Subnetting Plan
No of Hosts: 30
Subnet in Christchurch
Mask 255.255.255.224(27)
Subnet Address 192.168.254.192
First useable Address 192.168.254.193
Last useable Address 192.168.254.222
Broadcast 192.168.254.223
Subnet in Nelson
Mask 255.255.255.224(27)
Subnet Address 192.168.254.160
First useable Address 192.168.254.161
Last useable Address 192.168.254.190
Broadcast 192.168.254.191
Mask 255.255.255.224(27)
Subnet Address 192.168.254.128
First useable Address 192.168.254.129
Last useable Address 192.168.254.158
Broadcast 192.168.254.159
Subnet in DMZ
Mask 255.255.255.224(27)
Subnet Address 192.168.254.96
First useable Address 192.168.254.97
Last useable Address 192.168.254.126
Broadcast 192.168.254.127
networkfalcons.wordpress.com
18
Project Proposal NET200
Security plan
Logical security
Firewalls
Implementing the following rules in the Firewall system
Packet filtering
Circuit filtering
Application gateways
networkfalcons.wordpress.com
19
Project Proposal NET200
Security techniques
Methodologies for evaluating threats and vulnerabilities
Selection criteria and implementation controls
The importance of what is at risk if security is not maintained
Firewall information/configuration
There are two types of Firewall used in this network. They are,
Hardware Firewall
Software Firewall
Hardware firewall is implemented in the routers, and the software firewall is implemented in the
servers and clients.
networkfalcons.wordpress.com
20
Project Proposal NET200
Firewall Configuration
The above rules are configures both in hardware and software firewall in the network to have
additional security.
Software Plan
The following table describes the basic software plan for this network. Depends upon the
requirement, additional software can be installed.
networkfalcons.wordpress.com
21
Project Proposal NET200
Users
networkfalcons.wordpress.com
22
Project Proposal NET200
We use third party software to manage the backup and disaster recovery plan in this network.
Features
Backup systems automatically, while you work through scheduled or event-driven backups
Dissimilar Hardware Recovery with Restore anywhere Technology
Offsite Backup Copy to FTP location or secondary disk drive for enhanced disaster recovery
capabilities
Seamless physical to virtual (P2V) and virtual to physical (V2P) conversions for VMware,
Microsoft and Citrix virtual environments
Simplify IT administration by centrally managing backup and recovery tasks for multiple
servers across the entire organization
Replace time-consuming manual and error-prone processes with fast, reliable, automated
recovery to dramatically minimize downtime and avoid disaster
Working
The secondary disaster recovery plan is implemented by mirroring the Active Directory
service from server1 to the server2, which will be running he Windows Server 2008 core
So the user groups, policies and critical information are recovered immediately from any point of
time during any disaster in the network.
networkfalcons.wordpress.com
23
Project Proposal NET200
Introduction
Virtual Private Network (VPN) encapsulates data transfers between two or more networked devices
not on the same private network so as to keep the transferred data private from other devices on
one or more intervening local or wide area networks. The term "VPN" has taken on many different
meanings in recent years. VPNC has a white paper about VPN technologies that describes many of
the terms used in the VPN market today. In specific, it differentiates between secure VPNs and
trusted VPNs, which are two very different technologies.
MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
Transport of layer 2 frames over MPLS ("layer 2 VPNs")
Site-to-Site VPN
Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in
use. Each site has its own internet connection which may not be from the same ISP or even the same
type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both
ends do all the work. They do all the routing and encryption. This is an easy way to connect two
offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with
hardware or software-based firewall devices. On the software side, you can use something like
Clarkconnect. On the hardware side, you can have many different devices to choose from.
Point-to-Point VPN
A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs."
Here, two or more networks are connected using a dedicated line from an ISP. These lines can be
packet or circuit switched. The main strength of using a leased line is the direct point-to-point
connection. It does not go out over the public Internet, so there performance is not degraded by
routing problems, latency, and external congestion.
networkfalcons.wordpress.com
24
Project Proposal NET200
MPLS VPNs
MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net"
connection. There is a way to configure this using different ISP's or "off-net" but you never get the
same performance.
Merits / Demerits
VPN is considered as a maturing technology and is answering a lot of business communication
problems that were once considered as unavoidable monopolistic overheads. With VPN technology
there are certainly some disadvantages such a limited security for wireless users although more
enhanced technologies are continually emerging on a frequent basis. The advantages of the
technology are that the data can be sent from one location to another within the world using an
existing and continually growing infrastructure, the Internet.
By using encapsulation, encryption and data tracking the data is sent both securely and accurately to
the next user. The main advantage of using VPN over a dedicated WAN or even an Intranet is mainly
based on the cost. In using an existing network (Internet) the operational costs are much lower than
that used with the WAN alternative. Obviously with a huge organisation a dedicated line between
one site and another has many advantages however when that site is overseas the alternative of
mixing with VPN technologies becomes a much more attractive approach. VPN provides a secure link
by using point-to-point protocols and encryption techniques such as Symmetric-key encryption or
Public-key encryption.
So in summary VPN extends geographic connectivity, provides well established security methods,
reduced operational costs when compared with that of the WAN technology. In addition VPN also
provides reduced set-up times, fast network links for remote users, the network topology is
simplified, productivity improved due to less constraints when compared with other networking
methods, provides Voice over IP protocol (teleconferencing facilities), provides broadband
networking compatibility and when compared with infrastructure set up constraints such as that
seen with WAN technologies and VPN ensures a faster return on investment.
Conclusion
VPN is certainly an emerging technology which provides companies a good alternative to the more
expensive WAN technology. VPN utilises the well-established Internet to securely send its data from
one location to another. The VPN connections between users are secure in that tried and tested
encryption methods have been integrated within the system. In addition, VPN caters for mobile
users on the move this by wireless VPN technology and can transfer data such a text, Voice over IP
(VoIP) and image frames.
networkfalcons.wordpress.com
25