cpe 5013 assignment number 2 network administration project
DESCRIPTION
CPE 5013 Assignment Number 2 Network Administration Project. Presentation Contents. Organisational Context IP Addressing Scheme Selected site technologies LAN/WAN Connections Devices Employed Security Overall Network Topology Other Considerations Cost and Time to Deploy. - PowerPoint PPT PresentationTRANSCRIPT
CPE 5013Assignment Number 2
Network Administration Project
Presentation Contents• Organisational Context
• IP Addressing Scheme
• Selected site technologies
• LAN/WAN Connections
• Devices Employed
• Security
• Overall Network Topology
• Other Considerations
• Cost and Time to Deploy
The Organisation - WorthWools• 10 Business Units (BU) + 1 Corporate Group
• Each BU has 15 Retail Sites
• 4 Large Local BUs
• 4 Small Local BUs
• 2 Large Overseas BUs
• Each Local BU has 3 Retail Sites in each State
• 7 Headquarters Offices
• 2 Overseas Regional HQs
• 4 State Regional HQ
• 1 Corporate HQ – also a State Regional HQ
WorthWools - Business UnitsBusiness Unit Local Size Type
WaySafe Local Large Supermarket
WBig Local Large Hardware
WorksOffice Local Large Office Supplies
LoBi Local Large Supermarket
SpencerMarks Overseas Large Department Store
WareHouseThe Overseas Large Hardware
SmithDick Local Small Electronics
LandLiquor Local Small Liquor
TexCal Local Small Gasoline
RoosterRed Local Small Fast Food
Corporate Local NA Corporate
Office/Site Structure
Corporate Headquarters
Overseas
Region HQ
State
Region HQ
Large
Retail Site Unit
Large
Retail Site 15
Large
Retail Site 1
Large
Retail Site 1
Large
Retail Site 15
Large
Retail Unit
Small
Retail Unit
Small
Retail Site 1
Small
Retail Site 15
1
4 2
244
15 1515
IP Addressing – 10.x.x.x
• Minimise internet routable addresses – cost/security
• External IP address for each retail outlet and each HQ only
• Also needed for externally accessible servers - SSL gateway
• Option of 3rd party hosting for external web site
• All hosts to be assigned a private IP address 10.x.x.x
• Each site to be internally routable
• 10 Business Units – allow maximum 32 – requires 5 bits
• 15 Retail Outlets per BU – allow maximum 32 – requires 5 bits
• 7 Headquarters sites also need to be allocated
• Allocate 10 bits (/18 subnet mask) for site ID using VLSM
IP Addressing – 10.x.x.x /18BU/Outlet Illustration
BU Outlet Host ID
• 10. 11111 111.11 000000.00000000
IP Network Address for BU #1, Outlet #1 ?
• 10. 00001 000.01 000000.00000000
• 10. 00001 000.01 000000.00000000
• 10.1000.1000000.0
• 10.8.64.0
Business Unit/Retail Site IP Addressing – 10.0.0.0 /18
Bus Unit Bus Unit Network Store Store Store
Number Name Address Number Net No. B/Cast
1 WaySafe 10.8.0.0 1 10.8.0.0 10.8.63.255
32 10.15.192.0 10.15.255.255
2 WBig 10.16.0.0 1 10.16.0.0 10.16.63.255
32 10.23.192.255 10.23.255.255
3 WorksOffice 10.24.0.0 1 10.24.0.0 10.24.63.255
32 10.31.192.0 10.31.255.255
4 LoBi 10.32.0.0 1 10.32.0.0 10.32.63.255
32 10.39.192.0 10.39.255.255
5 SpencerMarks 10.40.0.0 1 10.40.0.0 10.40.63.255
32 10.47.192.0 10.47.255.255
6 WareHouseThe 10.48.0.0 1 10.48.0.0 10.48.63.255
32 10.55.192.0 10.55.255.255
7 SmithDick 10.56.0.0 1 10.56.0.0 10.56.63.255
32 10.63.192.0 10.63.255.255
8 LandLiquor 10.64.0.0 1 10.64.0.0 10.64.63.255
32 10.71.192.0 10.71.255.255
9 TexCal 10.72.0.0 1 10.72.0.0 10.72.63.255
32 10.79.192.0 10.79.255.255
10 RoosterRed 10.80.0.0 1 10.80.0.0 10.80.63.255
32 10.87.192.0 10.87.255.255
11 Headquarters 10.88.0.0 1 10.88.0.0 10.88.63.255
32 10.95.192.0 10.95.255.255
12 Unused 10.96.0.0 1 10.96.0.0 10.96.63.255
32 10.103.192.0 10.103.255.255
31 Unused 10.248.0.0 1 10.248.0.0 10.248.63.255
32 10.255.192.0 10.255.255.255
IP AddressingVLAN/Host Addresses
• Still have 14 bits available
• Much more than needed for number of hosts at each site
• Can use some bits for further subnetting – VLANs
• VLANs useful for security and decreased congestion
• eg. Accounting different VLAN to other departments
• Reduced traffic visibility to internal staff or hackers
• Able to develop firewall rules to provide further controls
• Reduces broadcast traffic – restricted to host on same VLAN
• Allocate 6 bits for VLAN Number – maximum 64 per site
• Remaining octet used for host ID – maximum 254 hosts per VLAN
IP Addressing – 10.x.x.xFurther Subnetting via VLAN
BU Outlet VLAN Host ID
• 10. 11111 111.11 111111. 11111111
IP Address for BU #1, Outlet #1, VLAN #1, Host #1?
• 10. 00001 000.01 000001. 00000001
• 10. 00001 000.01 000001. 00000001
• 10.1000.1000001.1
• 10.8.65.1
Further Subnetting – VLANs
Store Store VLAN VLAN VLAN VLAN
Name IP Number Name Net No. B/Cast
WaySafe No. 1 10.8.64.0 1 Reserved 10.8.65.0 10.8.65.255
2 Managers 10.8.66.0 10.8.66.255
3 Accounting 10.8.67.0 10.8.67.255
4 Other 10.8.68.0 10.8.68.255
63 Unused 10.8.127.0 10.8.127.255
User Requirements• 2 users per Small BU Retail Site
• Limited traffic, standard applications
• 20 users per Large Retail Site
• Moderate traffic, standard applications
• 20 users per Overseas Regional HQ
• Moderate traffic, standard, custom and ad-hoc applications
• 80 users per State Regional HQ
• Moderate traffic, standard, custom and ad-hoc applications
• 100 users per Corporate HQ
• Moderate traffic, standard, custom and ad-hoc applications
Corporate Objectives• Ensure functionality
• Match application requirements
• Infrastructure match for traffic requirement
• Minimise fixed and variable costs
• Lowest cost hardware
• Low maintenance costs
• Communications and data secure
• Traffic encrypted
• Secure data storage & regular backups
• Robust configuration/patching/upgrade management
• Maximise uptime
• Rapid problem resolution
• Scalability
Selected Technology – Small Retail• Thin client PCs
• Connected to corporate HQ via internet and SSL
• Applications executed remotely - virtualization
• Functionality
• Limited applications available via terminal server
• Low traffic requirement allows ADSL internet connection
• Cost
• Low cost hardware
• Ongoing Citrix Presentation Server licensing fees
• Claimed that support costs cut by 80-90% vs PC
• Security
• Data kept centrally and backed up
• Applications kept, patched, configured centrally
• SSL VPN connection, Unified Threat Management software
• Uptime
• Lower support requirement, all clients the same for sparing
• Extremely scalable
Small Retail Site or Mobile User
Request
Document
Thin Client or Mobile User
SSL Encypted VPN
SSL/Internet
Corporate HQ – Small RetailRegional HQ – Mobile UserVirtual Terminal Sessions
Selected Technology – Large Retail• “Smart Client” PCs
• Connected to Regional HQ via Leased Line with IPSec VPN
• Applications, data streamed from HQ - cached on local PC
• Reduced load on server and communications traffic
• Functionality
•Speed requirement met via leased line and local processing
• Cost
• Low cost hardware
• Ongoing Citrix Presentation Server licensing fees
• Low support costs
• Security
• Data kept centrally and backed up
• Applications kept, patched, configured centrally
• IPSec VPN connection, VLANs, Firewalls
• Uptime
• Lower support requirement, all clients the same for sparing
• Extremely scalable
Large Retail Site
“Smart” Client
Regional HQSoftware Streaming
Leased LineIPSec VPN
Large Retail Topology
Router
Switch
Leased LineHardware IPSec VPN
To Regional HQ
Workstation 3VLAN 10
Workstation 1VLAN 10
Workstation 2VLAN 20
Selected Technology – HQs• Full PCs
• HQs connected via Leased Lines with IPSec VPN
• Applications kept on local PC
• Data policies for use of local file server vs PC hard disk
• Functionality
• Custom and ad-hoc applications available
• Speed requirement met via leased line and local processing
• Cost
• Highest cost hardware
• Scale economies through centralised IT resource at HQ for support
• Security
• Data policies for use of local file server
• IPSec VPN connections, VLANs, Firewalls, DMZ
• E-Mail Server kept on DMZ at Corporate HQ
• Web Server kept on DMZ at Corporate HQ or hosted externally
• Uptime
• Centralised HQ support
• Scalability
• IP addressing to enable growth
Regional HQ Topology
Router
Switch
Servers IncludingVirtual Terminal Server
Laptop PCVLAN 30
Proxy Server
Router
InternetIncluding SSL VPNFrom Mobile User
Leased LineHardware IPSec VPN
From Large Retail
Workstation 3VLAN 10
Workstation 1VLAN 10
Workstation 2VLAN 20
De-Militarized Zone
Corporate/Overseas HQ Topology
Router
Switch
Servers IncludingVirtual Terminal Server, Mail
Server, Web ServerLaptop PCVLAN 30
Proxy Server
Router
Leased LineHardware IPSec VPN
From Large Retail and Regional HQ
Workstation 3VLAN 10
Workstation 1VLAN 10
Workstation 2VLAN 20
De-Militarized Zone
InternetIncluding SSL VPN
From Small Retail/Mobile
WorthWools – The Network
Internet
Corporate HQ 1 State
Region HQ
4 States
Overseas HQ2 Countries
Large Retail
12 per Region HQ IPSec VPN
IPSec VPN
IPSec VPN
Mobile User
Small Retail
Network TopologyAssignment 1 Link - Wireless
• No wireless at retail sites
• Not necessary for usage
• Wireless perimeter too physically close to public areas
• At headquarters allow wireless
• Able to roam between offices and meeting rooms
• Security implementation – 802.11i
• 802.1X EAP-TLS Authentication – Radius/Certificates
• AES Encryption
• Access Points central – limited signal beyond perimeter
• Rogue access point and intrusion detection sensors
Network TopologyReliability/Uptime
• Measures to consider for increased reliability/uptime
• Server mirroring
• RAID data storage
• Leased Line ISP reliability/redundant routing paths
• Failover to connections via internet
• DNS/Web Caching at regional HQs
• Mailbox servers at regional HQs – Gateway at corporate HQ
• Long DHCP lease periods at retail sites
Data Cabling Cost EstimateCable Lengths – HQ Floor
Office 1 Office 2 Office 3 Office 4 Office 5 Office 6
MDF
23m21m
21m
19m17m15m
19m17m15m13m
24m24m
23m23m
23m23m
20m20m
19m19m
19m19m
16m16m
15m15m
180m10pp
15m15m
348m18pp
10m
18m
Elevator
22m16m 12m 16m 18m 20m104m6pp
8m
11m11m
10m10m
9m9m
7m7m
8m8m
9m9m
48m6pp
7m1pp
60m6pp
755m47pp
16m pp
Data Cabling Cost Estimate• Cat 6 cable to hosts, host leads, wall connectors
• Existing cable needs to be removed ?
• Below floor or in ceiling ?
• Raceways and cable trays
• Multimode fibre backbone – laid, not pulled
• Cabinets, redundant power supplies, patch panels, patch leads
• Building modifications and cable shielding in certain places
• Labour cost – design, installation, testing and certification
• Varies Widely - use rule of thumb total cost of $300/connection
• Corporate HQ = 150 connections = $45,000
• Regional HQ = 100 connections = $30,000
• Large Retail Site = 20 connections = $6,000
• Small Retail Site = 2 connections = $600
Costs - Small Retail SiteNo. Equipment Up Front Per Annum
2 Thin Client PC $2,000 0
1 Juniper SSG20 ADSL Router and Unified Threat Mgmt $1,500 $100
1 ISP Connection 0 $500
2 Citrix Presentation Server Client $600 $80
2 Windows Terminal Server $1,500 0
1 Cabling $600 $0
1/15 HP ProLiant Server - 1U @ Corporate HQ $500 $0
1/15 Citrix Metaframe Server @ Corporate HQ $0 $500
Total $6,700 $1,180
Total Per User $3,350 $590
• Low up front cost due to basic PC
• Additional advantage of low ongoing support costs, stable platform
• Gartner estimate of annual cost of $8-10k annually for unmanaged PC
Costs - Large Retail SiteNo. Equipment Up Front Per Annum
20 Diskless Smart Client PC $20,000 $0
1 Juniper SSG140 Router with Hardware IPSec $4,000 $0
1 Leased Line to Regional HQ $0 $12,000
1 Cisco Catalyst 2900 24 port VLAN Switch $1000 $0
20 Citrix Ardence SmartClient Software $0 $3,000
1 Cabling $6,000 $0
1/12 Cisco 3060 100 Mbps VPN Concentrator @ Regional HQ $2,000 $0
1/6 Dell PowerEdge 2950 Server – 4.5 TB storage @ Regional HQ $500 $0
Total $33,500 $15,000
Total Per User $1,575 $750
• Low up front cost due to basic PC and scale economies
• Low ongoing support costs, stable platform vs annual license fees
• Still very economical vs Gartner estimate
Costs – Overseas HQNo. Equipment Up Front Per Annum
20 Normal PCs $30,000 $0
1 Cisco 2800 Router $4,000 $0
1 Cisco 3060 100 Mbps VPN Concentrator See large retail $0
1 Cisco 2800 series Router $4,000 $0
1 Cisco Catalyst 2900 24 port VLAN Switch $1,000 $0
1 Cabling $6,000 $0
2 Dell PowerEdge 2950 Server – 4.5 TB storage See large retail $0
Total $45,000 $0
Total Per User (not incl NAS) $2,250 $0
• Higher up front cost – could be offset via hardware leasing
• Higher ongoing support costs due to additional application requirements
• Support costs will be high due to remote smaller HQ
Costs – Regional HQNo. Equipment Up Front Per Annum
80 Normal PCs $120,000 $0
1 Cisco 3845 Router $12,000 $0
1 Cisco 3060 100 Mbps VPN Concentrator See large retail $0
1 Cisco 2800 series Router $4,000 $0
4 Cisco Catalyst 2900 24 port VLAN Switch $4,000 $0
1 Cabling $30,000 $0
2 Dell PowerEdge 2950 Server – 4.5 TB storage see large retail $0
Total $170,000 $0
Total Per User $2,125 $0
• Higher up front cost – could be offset via hardware leasing
• No client licensing fees after first year
• Higher ongoing support costs due to additional application requirements
• Costs, security contained due to concentrated HQ site
Costs – Corporate HQNo. Equipment Up Front Per Annum
100 Normal PCs $150,000 $0
1 Cisco 3845 Router $12,000 $0
1 Cisco 3060 100 Mbps VPN Concentrator See large retail $0
4 HP ProLiant Server - 1U See small retail $0
1 Cisco 2800 series Router $4,000 $0
6 Catalyst 2900 24 port VLAN Switch $6,000 $0
1 Cabling $30,000 $0
2 Dell PowerEdge 2950 Server – 4.5 TB storage See large retail $0
1 Dell PowerVault NX1950 - Corporate NAS/SAN $30,000 $0
Total $232,000 $0
Total Per User (not incl NAS) $2,020 $0
• Similiar to State regional HQ
• Additional costs due to central services – E-Mail Gateway, Web Site
• Central storage site
• SSL VPN Gateway for small retail sites
Total Up-Front CostNo. Type Unit Cost Total
60 Small Retail $6,700 $402,000
90 Large Retail $33,500 $3,015,000
2 Overseas HQ $45,000 $90,000
4 Regional HQ $170,000 $680,000
1 Corporate HQ $232,000 $232,000
Total $4,419,000
Total per User (2,380 users) $1,860
• Total first year cost of $ 4.5 million
• Up front cost reduced due to adoption of minimalist client philosophy
• Hardware leasing available if further cost smoothing preferred
• Inexpensive given size of organisation
Total Per Annum CostNo. Type Unit Cost Total
60 Small Retail $1,180 $70,800
90 Large Retail $15,000 $1,350,000
2 Overseas HQ $0 $0
4 Regional HQ $0 $0
1 Corporate HQ $0 $0
Total $1,420,800
Total per User (2,380 users) $765
• Annual costs higher due to licensing fees
• Small price to pay if promise of reduced IT visits by 80-90% results
• Lower support costs
• Higher uptime – revenue impact
Network TopologyTime to Roll Out
• Accelerated roll-out
• Minimalist Thin Client implementation at small sites
• Minimalist Smart Client implementation at large sites
• Option to pilot the configurations
• Identical implementations across Business Units
• Rapid roll out once one implementation type stabilised
• Total time for deployment dependent on budget
• For an organisation this large expected time circa two years