You are on page 1of 26

Project Proposal

NET200 |18th June 2010

Proposers

Sankar/ Mandeep
Project Proposal NET200

Executive Summary

The there4 travel is a new travel agency to be based at Christchurch airport with a branch in
Nelson. The agency wants to implement Information Technology (IT) services at the Christchurch
head office and operate a server based, centrally managed solution to Head Office and the Nelson
branch.

The agency requires,

Internet access
A dedicated line to the Airline Booking System from the Christchurch head office
Email
Research on using virtual private networks for corporate purposes

This proposal aims to design a simple, medium sized network for the there4 travel travel agency
based on their RFP.

networkfalcons.wordpress.com
1
Project Proposal NET200

Table of Contents
Executive Summary................................................................................................................................. 1
Project Charter ........................................................................................................................................ 4
Background ............................................................................................................................................. 6
Analysing Business & Technical Goals .................................................................................................... 7
Business goals ..................................................................................................................................... 8
Technical goals .................................................................................................................................... 8
Scope Statement ..................................................................................................................................... 9
Work Breakdown Structure .................................................................................................................. 10
Physical network diagram ..................................................................................................................... 11
Logical network diagram ....................................................................................................................... 12
Network naming convention ................................................................................................................ 13
Networking device specification and cost ............................................................................................ 14
Router ............................................................................................................................................... 14
Switch ................................................................................................................................................ 15
Router configuration ............................................................................................................................. 16
Router 1 ............................................................................................................................................ 16
Router 2 ............................................................................................................................................ 17
Router 3 ............................................................................................................................................ 17
Subnetting Plan ..................................................................................................................................... 18
Subnet in Christchurch ...................................................................................................................... 18
Subnet in Nelson ............................................................................................................................... 18
Subnet between two Routers ........................................................................................................... 18
Subnet in DMZ .................................................................................................................................. 18
Security plan ......................................................................................................................................... 19
Physical device security .................................................................................................................... 19
Logical security .................................................................................................................................. 19
Logical access controls ...................................................................................................................... 19
Firewalls ............................................................................................................................................ 19
Infrastructure and Data integrity ...................................................................................................... 20
Security awareness training .............................................................................................................. 20
Firewall information/configuration ...................................................................................................... 20

networkfalcons.wordpress.com
2
Project Proposal NET200

Firewall Configuration....................................................................................................................... 21
Software Plan ........................................................................................................................................ 21
User access diagram ............................................................................................................................. 22
Backup/Disaster recovery plan ............................................................................................................. 23
Merits/ Demerits using VPN ................................................................................................................. 24
Introduction ...................................................................................................................................... 24
Site-to-Site VPN................................................................................................................................. 24
Point-to-Point VPN ............................................................................................................................ 24
MPLS VPNs ........................................................................................................................................ 25
Merits / Demerits .............................................................................................................................. 25
Conclusion ......................................................................................................................................... 25

networkfalcons.wordpress.com
3
Project Proposal NET200

Project Charter

Project Title Implementation of IT services for there4 travel

Project start date 2st Aug 2010 Projected finish date 27th Aug 2010

Project Sponsor/ Companys Representative Cordell Mayshack

Proposers Network Falcons (NWF)

Project Managers Sankar / Mandeep

Project Objectives

To design a simple, medium sized network for the there4 travel travel agency based on their RFP.
This includes the following tasks,

Analysing Business & Technical Goals


Logical network diagram
Physical network diagram
Network naming convention
Required internetworking device specifications and costs
Router configurations
Subnetting plan
Security plan (policy & general procedures)
Firewall information and configurations settings
Server, desktop, mobile computer software plan
User access diagram (AD structure, groups, users, resources)
Backup plan
Disaster recovery plan
Benefits and problems with using virtual private networks across the Internet for corporate
purposes

Approach

Accomplish the above objectives before one week of the proposal submission date
Develop detailed analysis of the companys requirement, design the network and report to
the Project Sponsor
Communicate with the project team and the project sponsor for the updates
Maintain the progress of the project using a blog in a weekly basis
Use the internal staff as much as possible for planning and organising the project

networkfalcons.wordpress.com
4
Project Proposal NET200

Roles and Responsibilities

Name Role Responsibility


Cordell Mayshack CEO Project Sponsor
Mark Caukill CIO Monitor project / Project Coordinator
Sankar Project Manager Plan and execute project
Mandeep Project Manager Plan and execute project

Sign-off

(Cordell Mayshack) (Mark Caukill)

(Sankar) (Mandeep)

Comments

This project must be done a week before the date of proposal submission date. Mandeep, Project
Manager.

We are assuming that adequate resource will be available and committed to supporting this project. This
project is expected to complete before the deadline without any barriers. Sankar, Project Manager.

networkfalcons.wordpress.com
5
Project Proposal NET200

Background

Network Falcons (NWF) is one of the leading providers of Information Technology services around
New Zealand for past 10 years. Our clients are all over the globe and still their projects are handled
by our team with 100% success.

NWF sector knowledge spans almost every area of the economy. From the reporting and compliance
requirements of the government and its agencies, through to the highly regulated health sector and
internationally focused needs of our rural companies, NWF combines deep experience with true
understanding to deliver powerful and proven ICT solutions.

NWF have got experience working with Small and Medium level Enterprises (SMEs) using the latest
technologies that are available in the market. Our team has performed well from the day of our first
project and we are happy to share that we have got high user satisfaction rating for the year 2008
and 2009.

NWF is one of the Cisco and Microsoft certified companies in the world. We believe we've
assembled an outstanding group of leaders and managers to guide NWF and its clients. Our motive is
to reduce the cost of the infrastructures and its services in an industry and providing the greater
performance and reliably of our product and services.

networkfalcons.wordpress.com
6
Project Proposal NET200

Analysing Business & Technical Goals

there4 travel is a new travel agency to be based at Christchurch airport with a branch in Nelson. Its
core business is 40% domestic travel bookings and 60% international travel bookings and packages.

IT services for the company is to be at the Christchurch head office and operate a server based,
centrally managed solution to Head Office and the Nelson branch.

The company consists of:

In Christchurch

1 x CEO/Manager
1 x Assistant Manager
5 x Travel Agents

In Nelson

1 x Manager
1 x Assistant Manager
2 x Travel Agents
2 x Mobile Travel Agents

The travel agency requires:

Internet access for both the branches


A dedicated line to the Airline Booking System from the Christchurch head office
Email service
Research on using virtual private networks for corporate purposes

networkfalcons.wordpress.com
7
Project Proposal NET200

Business goals

Analysing the business goals of the company, NWF makes sure that the entire network is built by
keeping the following points in mind,

IT services should help the company to provide good service and excellent value for money
to its customers
Implementing IT services should increase revenue to the agency
Reducing the operating costs using IT services
Improve communications between the company and the public
IT services should reduce the elapse time in the business
IT infrastructures and services should provide features to the company to offer better
customer support or new customer services to its clients

NWF will build this network with the following business priorities,

Mobility
Security
Resiliency
Business continuity after a disaster

Technical goals

Understanding the companys core business, and considering the technical goals such as scalability,
availability, performance, security, manageability, usability, adaptability, affordability; the following
trade-off table is designed.

Availability 30
Network performance 20
Scalability 15
Security 15
Affordability 5
Manageability 5
Usability 5
Adaptability 5

Total 100

networkfalcons.wordpress.com
8
Project Proposal NET200

Scope Statement

Preliminary Scope Statement

Servers: If additional servers are required to support this project, they must be compatible with the
network requirements. If it is more economical to enhance the available servers, a detailed
description of enhancements must be submitted to the CEO for approval.

VPN Routers: If the VPN service needs to be implemented in the network, VPN routers/gateways
needs to be ordered and its detailed description document must be submitted to the CEO for
approval.

Project progress report: The progress of the project should be updated regularly on the blog in
weekly basis and weekly progress report must be submitted to the CIO/Project Coordinator.

Team meetings: Arrange team meetings with the project team on weekly basis and find the success
and failures faced by the team in this project.

Technology threat: Aware of the new hardware and software technology updated or launched in the
market, so that project is not out dated on its complete.

Staff increase: If additional staffs are required to support this project, they must be recruited before
two weeks of the expected project starting date. A detailed description of the staffs must be
submitted to CEO for approval.

A detailed description of network and plan according to the RFP must be submitted to CEO for
approval. The CEO must approve a detailed plan describing the additional requirements at least two
weeks before the date of the project initiation.

Project Scope Statement, Version 1

-Available after the agreement-

networkfalcons.wordpress.com
9
Project Proposal NET200

Work Breakdown Structure

Project

Pre-Implementation Implementation Post-Implementation

Order Establish connectivity Day 1 live running


Hardware/Software

Day 2 live running


Test & Confirm
Build Servers, Pcs & operations
Laptops Decommission of old
equipment (if any)
Install OS & Ready to go live
Applications
Update
Documentation

Hardware/Software
builds complete
Prepare Project
Report
Backup solution

networkfalcons.wordpress.com
10
Project Proposal NET200

Physical network diagram

networkfalcons.wordpress.com
11
Project Proposal NET200

Logical network diagram

networkfalcons.wordpress.com
12
Project Proposal NET200

Network naming convention

Network Description Naming convention

Domain name t4t.chc.com

Server 1 in Christchurch server1

Server 2 in Christchurch server2

Server in Nelson server3

Router in Christchurch r1chc

Router in Nelson r2nsn

Client Pcs in Christchurch chc-pc-1, chc-pc-2,

Client Pcs in Nelson nsn-pc-1, nsn-pc-2,

Switch in Christchurch s1chc

Switch in Nelson s2nsn

networkfalcons.wordpress.com
13
Project Proposal NET200

Networking device specification and cost


Router
Model Cisco 1941 Integrated Services Router - Router - Ethernet, Fast Ethernet, Gigabit
Ethernet - Cisco IOS IP Base - 2U external

Cost $ 1,115 USD (www.insight.com)

Specification

General
Depth 11.5 in
Device Type Router
Form Factor External - modular - 2U
Height 3.5 in
Weight 12.8 lbs
Width 13.5 in

Expansion / Connectivity
Expansion Slots Total (Free) 2 ( 2 ) x HWIC 2 ( 1 ) x CompactFlash
Card 1 ( 1 ) x expansion slot

Interfaces 1 x network - Ethernet 10Base-


T/100Base-TX/1000Base-T - RJ-45 1 x
management - console - RJ-45 1 x
management - console - mini-USB Type B
1 x serial - auxiliary - RJ-45 2 x USB - 4
pin USB Type A

Memory
Flash Memory 256 MB (installed) / 8 GB (max)
RAM 512 MB (installed) / 2 GB (max)

Networking
Compliant Standards IEEE 802.3ah, IEEE 802.1ah, IEEE 802.1ag

Data Link Protocol Ethernet, Fast Ethernet, Gigabit Ethernet

Features Firewall protection, VPN support, MPLS


support, Syslog support, IPv6 support,
Class-Based Weighted Fair Queuing
(CBWFQ), Weighted Random Early
Detection (WRED)

Network / Transport Protocol IPSec


Remote Management Protocol SNMP, RMON
Routing Protocol OSPF, IS-IS, BGP, EIGRP, DVMRP, PIM-
SM, IGMPv3, GRE, PIM-SSM, static IPv4
routing, static IPv6 routing

networkfalcons.wordpress.com
14
Project Proposal NET200

Status Indicators Link activity, power

Miscellaneous
Compliant Standards CISPR 22 Class A, CISPR 24, EN55024,
EN55022 Class A, EN50082-1, CAN/CSA-
E60065-00, ICES-003 Class A, CS-03,
AS/NZS 3548, FCC CFR47 Part 15, EN300-
386, UL 60950-1, IEC 60950-1, EN 60950-
1, CSA C22.2 No. 60065, BSMI CNS 13438

Switch

Model Cisco SR224 24-port 10/100 Switch - 13-inch chassis

Cost $ 143 USD (www.superwarehouse.com)

Specification

General
Manufacturer Linksys
Device Type 24 Port Switch
Enclosure Type Standalone or Rack mount

Networking
Connectivity Technology 10/100 Ethernet
Data Transfer Rate Up to 200 Mbps (In Full-Duplex
Operation)

Communication Mode Full/Half Duplex

Status Indicators System, 1 through 16

Features Auto MDI/MDI-X Cable Detection,


Full/Half Duplex Auto-Negotiation,
Store-and-Forward Packet Switching,
Signal Regeneration, Auto Partitioning

Compliant Standards IEEE 802.3, 802.3u

Interfaces 24 x 10/100 Ethernet (RJ-45)

networkfalcons.wordpress.com
15
Project Proposal NET200

Router configuration

Router 1

Router host name r1chc

Location Christchurch

Login id vyatta

Login password 123456

Domain name chc.com

Eth0 172.16.0.10/16

Eth1 192.168.254.193/27

Eth2 192.168.254.161/27

Eth3 172.16.0.30/16

Eth4 192.168.254.97/27

NAT enabled

GW 172.16.0.254

DNS 4.2.2.2

SSH service enabled

DHCP server pools ETH1_POOL 192.168.254.194 to 192.168.254.222

ETH2_POOL 192.168.254.163 to 192.168.254.190

ETH2_POOL_2 192.168.254.130 to 192.168.254.158

ETH4_POOL 192.168.254.99 to 192.168.254.126

Firewall Enabled

RIP Enabled

networkfalcons.wordpress.com
16
Project Proposal NET200

Router 2

Router host name r2nsn

Location Nelson

Login id vyatta

Login password 123456

Domain name nsn.com

Eth0 192.168.254.162/27

Eth1 192.168.254.129/27

DHCP relay enabled

DNS 4.2.2.2

SSH service enabled

Firewall enabled

Router 3

Router host name r3dmz

Location Christchurch

Login id vyatta

Login password 123456

Domain name nsn.com

Eth0 192.168.254.98/27

Eth1 192.168.254.97/27

DMZ enabled

DNS 4.2.2.2

SSH service enabled

Firewall disabled

networkfalcons.wordpress.com
17
Project Proposal NET200

Subnetting Plan
No of Hosts: 30

Subnet in Christchurch

Mask 255.255.255.224(27)
Subnet Address 192.168.254.192
First useable Address 192.168.254.193
Last useable Address 192.168.254.222
Broadcast 192.168.254.223

Subnet in Nelson

Mask 255.255.255.224(27)
Subnet Address 192.168.254.160
First useable Address 192.168.254.161
Last useable Address 192.168.254.190
Broadcast 192.168.254.191

Subnet between two Routers

Mask 255.255.255.224(27)
Subnet Address 192.168.254.128
First useable Address 192.168.254.129
Last useable Address 192.168.254.158
Broadcast 192.168.254.159

Subnet in DMZ

Mask 255.255.255.224(27)
Subnet Address 192.168.254.96
First useable Address 192.168.254.97
Last useable Address 192.168.254.126
Broadcast 192.168.254.127

networkfalcons.wordpress.com
18
Project Proposal NET200

Security plan

Physical device security

Servers, Router should be in restricted access areas


The physical access to the room should be limited
Appropriate environmental safeguards are implemented in and near the room

Logical security

Boundaries between network segments are created


Control the flow of traffic between different cable segments
Appropriate VLAN boundaries should be created

Logical access controls

Passwords for devices changed regularly


Implementing password use guidelines
Users are allowed to create complex passwords

Firewalls
Implementing the following rules in the Firewall system

Packet filtering
Circuit filtering
Application gateways

networkfalcons.wordpress.com
19
Project Proposal NET200

Infrastructure and Data integrity


Ensuring any traffic on the network is valid traffic to its best. Regular audits and packet lookup is
done to make sure the traffic is stable.

Security awareness training


Responsibilities and awareness of network security should be provided to the staffs with in-depth
training regarding the following;

Security techniques
Methodologies for evaluating threats and vulnerabilities
Selection criteria and implementation controls
The importance of what is at risk if security is not maintained

Firewall information/configuration

There are two types of Firewall used in this network. They are,

Hardware Firewall
Software Firewall

Hardware firewall is implemented in the routers, and the software firewall is implemented in the
servers and clients.

The software firewall/antivirus we use in this network is Symantec Endpoint 11

Key features of Symantec Endpoint

Seamlessly integrates essential technologies such as antivirus, antispyware, firewall,


intrusion prevention, device and application control
Requires only a single agent that is managed by a single management console
Provides unmatched endpoint protection from the market leader in endpoint security
Enables instant NAC upgrade without additional software deployment for each endpoint
Lowers total cost of ownership for endpoint security

networkfalcons.wordpress.com
20
Project Proposal NET200

Firewall Configuration

Rule 1 Allow the traffic from the subnets created

(192.168.254.192), (192.168.254.160), (192.168.254.128), (192.168.254.96)

Rule 2 Block the traffic from the list of Blacklists

Rule 3 Allow traffic from the default protocols (e.g., NetBIOS...)

Rule 4 Enable File sharing

The above rules are configures both in hardware and software firewall in the network to have
additional security.

Software Plan

The following table describes the basic software plan for this network. Depends upon the
requirement, additional software can be installed.

Systems Operating Security Backup/ Office Miscellaneous


System (Symantec Disaster applications
Endpoint) recovery
(Symantec
Backup exec)
Windows
Server 1 Server 2008 Yes (Core) Yes Yes (If req.)
Standard
Windows
Server 2 Server 2008 No Yes No No
core
Windows
Server 3 Server 2008 Yes(managed) Yes Yes (If req.)
Standard

Pcs / Laptops Windows 7 Yes(managed) Yes Yes (If req.)


Professional

networkfalcons.wordpress.com
21
Project Proposal NET200

User access diagram

Users

Admin Group L1 Group L2

Administrators Domain Users / Domain Users


Group policy creator
owners
E.g. System admins, E.g. Travel agents and
Network admins mobile Travel agents
E.g. Managers

networkfalcons.wordpress.com
22
Project Proposal NET200

Backup/Disaster recovery plan

We use third party software to manage the backup and disaster recovery plan in this network.

Software Symantec Backup Exec

Features

Backup systems automatically, while you work through scheduled or event-driven backups
Dissimilar Hardware Recovery with Restore anywhere Technology
Offsite Backup Copy to FTP location or secondary disk drive for enhanced disaster recovery
capabilities
Seamless physical to virtual (P2V) and virtual to physical (V2P) conversions for VMware,
Microsoft and Citrix virtual environments
Simplify IT administration by centrally managing backup and recovery tasks for multiple
servers across the entire organization
Replace time-consuming manual and error-prone processes with fast, reliable, automated
recovery to dramatically minimize downtime and avoid disaster

Working

Backup and recovery point is centrally managed from Server1


The recovery points of the server and pcs are stored in a centralized part in Server2
Critical data are backed up regularly on time schedule basis
The disaster recovery is done at any part of the time to any of the systems in the network

Secondary Disaster Recovery plan

The secondary disaster recovery plan is implemented by mirroring the Active Directory
service from server1 to the server2, which will be running he Windows Server 2008 core

So the user groups, policies and critical information are recovered immediately from any point of
time during any disaster in the network.

networkfalcons.wordpress.com
23
Project Proposal NET200

Merits/ Demerits using VPN

Introduction
Virtual Private Network (VPN) encapsulates data transfers between two or more networked devices
not on the same private network so as to keep the transferred data private from other devices on
one or more intervening local or wide area networks. The term "VPN" has taken on many different
meanings in recent years. VPNC has a white paper about VPN technologies that describes many of
the terms used in the VPN market today. In specific, it differentiates between secure VPNs and
trusted VPNs, which are two very different technologies.

For secure VPNs, the technologies that VPNC supports are

IPsec with encryption


L2TP inside of IPsec
SSL with encryption

For trusted VPNs, the technologies that VPNC supports are:

MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
Transport of layer 2 frames over MPLS ("layer 2 VPNs")

Site-to-Site VPN
Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in
use. Each site has its own internet connection which may not be from the same ISP or even the same
type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both
ends do all the work. They do all the routing and encryption. This is an easy way to connect two
offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with
hardware or software-based firewall devices. On the software side, you can use something like
Clarkconnect. On the hardware side, you can have many different devices to choose from.

Point-to-Point VPN
A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs."
Here, two or more networks are connected using a dedicated line from an ISP. These lines can be
packet or circuit switched. The main strength of using a leased line is the direct point-to-point
connection. It does not go out over the public Internet, so there performance is not degraded by
routing problems, latency, and external congestion.

networkfalcons.wordpress.com
24
Project Proposal NET200

MPLS VPNs
MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net"
connection. There is a way to configure this using different ISP's or "off-net" but you never get the
same performance.

Merits / Demerits
VPN is considered as a maturing technology and is answering a lot of business communication
problems that were once considered as unavoidable monopolistic overheads. With VPN technology
there are certainly some disadvantages such a limited security for wireless users although more
enhanced technologies are continually emerging on a frequent basis. The advantages of the
technology are that the data can be sent from one location to another within the world using an
existing and continually growing infrastructure, the Internet.

By using encapsulation, encryption and data tracking the data is sent both securely and accurately to
the next user. The main advantage of using VPN over a dedicated WAN or even an Intranet is mainly
based on the cost. In using an existing network (Internet) the operational costs are much lower than
that used with the WAN alternative. Obviously with a huge organisation a dedicated line between
one site and another has many advantages however when that site is overseas the alternative of
mixing with VPN technologies becomes a much more attractive approach. VPN provides a secure link
by using point-to-point protocols and encryption techniques such as Symmetric-key encryption or
Public-key encryption.

So in summary VPN extends geographic connectivity, provides well established security methods,
reduced operational costs when compared with that of the WAN technology. In addition VPN also
provides reduced set-up times, fast network links for remote users, the network topology is
simplified, productivity improved due to less constraints when compared with other networking
methods, provides Voice over IP protocol (teleconferencing facilities), provides broadband
networking compatibility and when compared with infrastructure set up constraints such as that
seen with WAN technologies and VPN ensures a faster return on investment.

Conclusion
VPN is certainly an emerging technology which provides companies a good alternative to the more
expensive WAN technology. VPN utilises the well-established Internet to securely send its data from
one location to another. The VPN connections between users are secure in that tried and tested
encryption methods have been integrated within the system. In addition, VPN caters for mobile
users on the move this by wireless VPN technology and can transfer data such a text, Voice over IP
(VoIP) and image frames.

networkfalcons.wordpress.com
25

You might also like