- Information
- AI Chat
Network Design Proposal Part 3
Fundamentals of Networking (CMIT 265)
University of Maryland Global Campus
Recommended for you
Related Studylists
NetworkingPreview text
Network Design Proposal: Network Customization & Optimization (Part 3) Prepared for: University of Maryland University College Prepared by: Kellie Keiser Network Design Proposal Part 3 A.) Identify Network Services The University needs to function like a well oiled machine, and the implementation of certain network services will help make that possible. In order to fully create a client-server network model, servers must be used so the client, or the user, can access the services they need on the network. The main services UMUC requires are: email, online/internet access and file and print sharing services. [1] An email server is used to send and receive emails. The Microsoft Exchange server works with Microsoft Outlook, the software that comes with Microsoft Office. A mail server also preforms functions such as collaboration features which allows faculty to create tasks and meetings from the calendar portion of the software. It also provides video and audio conferencing and instant messaging (IM) services. A web server is a server computer running software enabling a computer to host a web page. One of the more popular web servers today is an Apache web server, which will be used for the University. One of the most important functions of a server operating system is sharing resources between users. A file server is a computer used specifically for centralized file storage with the ability to share the files between computers and other devices on the network. A print server is a computer utilized specifically for sharing printers on the network. The sole purpose of a print server is to collect the files and documents sent to a printer by a user on the network, send the document to a printer on the network at which point the printer would print it out. [2] B.) Additional Servers or Network Devices In addition to email, internet access, file and print servers, UMUC will also require a directory service, a Domain Controller and DHCP server. A directory service stores user and computer profiles and access privileges on the domain controller (DC). It can be used to authenticate and authorize users to allow secure access to internet services and applications. [3] The Microsoft Active Directory Domain Services (ADDS) is included in the Windows Server 2016 software and will be utilized for the UMUC network. ADDS is installed on a domain controller, which authenticates users and controls access in a network, enforces security policies and installs and updates software for all computers on the network. [4] A separate server will be needed for the Domain Controller (DC). Once the IP address is configured on the DC, DNS will need to be configured. Upon completion of the DC and DNS, the DHCP should be set-up and the scopes configured. [5] automated secure processes for remote command execution and file transfer. In addition to the Tectia SSH, the Universal SSH key manager is required to manage the SSH keys and implement a controlled provisioning process, termination process and assists in the discovery and remediation of existing keys. The Universal SSH key manager is required to maintain government mandated compliance with PCI-DSS, Sarbanes-Oxley, HIPAA and FISMA/NIST 800-53. [6] D.) Justification for Additional Servers and security measures ADDS on the Domain Controller is a necessity for a college campus like UMUC primarily due to the security measures it provides. An administrator alone would not be able to keep track of every employee and their access rights and every student as well as every guest device. The domain controller works as an invisible administrator for all end users on the network, providing or denying access resourced on the network. These resources include everything from email, the Learning Management System A DHCP server automatically configures the IP address for every device on the network which ensures a valid, unique IP address for each and every device. DHCP also automatically configures devices as they are added and dropped from the network which is a big help to a network administrator. Configuring IP addresses statically would be a mistake for any network larger than a few devices. Since the UMUC network contains over 100 devices, a DHCP server is the best option to prevent connectivity issues and troubleshooting issues. [2] A DNS server maps the logical name to its IP address. It is a necessity on a network with internet access because it translates the IP address into the URL and vice versa. [1] Users on a network are not going to remember an IP address but they will remember a website name like UMUC. Also, maintaining two DNS servers on a network provides a back-up in case the primary fails. If one DNS server is configured through the Microsoft Windows Server 2016 software and the other is configured through the router, it could prevent possible connectivity issues on the network. A vulnerability scanner is required because it helps to maintain a network and its devices without having to employ an entire IT department. Being able to run a scan periodically to check for any vulnerabilities on the network is simple and cost-effective when compared to paying additional salaries and benefits. SSH software and key management is required to secure the Universities network using encryption known as Public Key Cryptography (PKI), and uses an authentication mechanism requiring users to authenticate before they are able to transmit data over the transmission channels within the UMUC network. This prevents unauthorized users from accessing data on the network. [1] E.) Network Storage and Cloud Based Services A network attached storage (NAS) device will be used for additional file storage on the network. The NAS will be placed directly to the network through a switch using a wired interface. The NAS provides better performance because its sole purpose is file storage. The NAS is a viable option because it can be integrated into an existing network and the active directory. This prevents IT from having to configure duplicate accounts for each user as they will authenticate to the NAS. [1] The NAS will be primarily used by faculty and administration. The switch connecting the NAS will maintain two separate VLANs, one for professors and one for administrators. This will prevent professors from accessing protected information such as financial data, social security numbers, etc. The NETGEAR ReadyNAS RN628X Ultimate Performance 10GbE 4-bay Diskless Network Attached Storage will be implemented onto the network. It provides 80TB of storage with a maximum of 130TB with expansion bays. It features a 2 GHz Intel Xeon quad-core processor and 8GB of DDR4 RAM. It offers 5 levels of data protection including built-in antivirus and incremental backup copies. It also includes Gigabit and 10 Gigabit Ethernet ports, as well as USB 3. It is also VMWare vSphere ESXi 6 certified and is priced at approximately $2000. [10] A private cloud will be implemented for the students and faculty at UMUC. A private cloud provides flexibility of access, ease of use and allows users to provision their own resources. [1] The private cloud will house the Learning Management System to be used by both faculty and students. Amazon Web Services (AWS) provides hybrid cloud computing to connect infrastructure and applications between cloud based computing and existing on premises infrastructure. UMUC will implement platform as a service (PaaS) cloud computing to provide users with the Learning Management System while not having to worry about software maintenance, capacity planning or patching. [7] The monthly average cost of a large web application on Amazon Cloud services is $1000. F.) Data Protection and Back-up Implementation Data protection is the process of safeguarding information from corruption, compromise or loss through operational backup of data. Data protection also includes business continuity/ disaster recovery which ensures the recovery of data quickly after a loss. There are two main areas of data management: Data Lifecycle Management and Information Lifecycle Management. Data lifecycle management automatically moves critical data from online to offline storage. Information lifecycle management is a strategy for valuing, cataloging and protecting information assets from application and user errors, malware and virus attacks, machine failure, or facility outages and disruptions. H.) Storage and Management of Logs System logs are extremely important because they provide a snapshot of all the events that occurred on the system. The log entries are generated by the operating system and any other applications running on the system. A log entry could be caused by a variety of events including, failed login attempts or a change to the system. Each log is created and stored on each device on the network. Implementing centralized logging is the best way to review what’s happening on the system because all the logging files from all devices on the network end up in a centralized device, most often the logging server also known as the Syslog server. [1] Since Windows servers do not contain a version of syslog process, Datagram SyslogServer Suite will be downloaded onto the Windows 2016 server. Once all the logs are on the server, a log file analyzer such as Datagram Syslog agent will be used to create a system wide analysis and store the logs in a SQL database through the Amazon Rational Database Service (RDS) on the Amazon cloud previously implemented. The IT administrator will then review the analysis and make corrections and changes accordingly. Datagram Syslog Server Suite edition will cost approximately $900 for 5000 IP addresses. [12] I.) IT Troubleshooting Methodology The troubleshooting methodology that will be used by IT personnel at UMUC is as follows: • Identify the problem by making a list of the symptoms and identifying who is experiencing those symptoms. Check for changes that occurred prior to the start of the symptoms then try to duplicate the problem. • Establish a theory of probable cause by analyzing the symptoms and determining the most likely cause. Keep in mind the flow of data through the OSI model. Check for the most common issues with the list of symptoms reported first. • Test the theory. If the theory is proven, take the appropriate steps to research fixes to the problem. If the theory is not proven, start the process over again or escalate the issue to a supervisor. • If the theory proven and a resolution found, complete a plan of action. • After the action plan is complete, implement the solution and a series of tests to determine if the action plan worked. • Finally, complete a standard operating procedure guide for this problem in the future containing any preventative measures. [1] References [1] TestOut Network Pro. Pleasant Grove, Utah: LabSim, 2018. [2] D. Lowe, Networking for dummies. . [3] "Chapter 2 Introduction to Directory Services and Directory Server", Docs.oracle. [Online]. Available: docs.oracle/cd/E19396-01/817-7619/intro.html. [4] "Active Directory Collection: Active Directory", Technet.microsoft, 2014. [Online]. Available: technet.microsoft/en-us/library/cc780036(WS. 10).aspx#w2k3tr_ad_over_qbjd. [5] "Configure DHCP Server in Windows Server 2016 Step By Step", ProTechGurus, 2016. [Online]. Available: protechgurus/configure-dhcp-server-in-windowsserver-2016/. [6] "SSH (Secure Shell) Home Page | SSH", Ssh, 2017. [Online]. Available: https:// ssh/ssh/. [7] "Types of Cloud Computing", Amazon Web Services, Inc.. [Online]. Available: https:// aws.amazon/types-of-cloud-computing/. [8] S. Peterson and K. Hefner, "What is data protection?", TechTarget. [Online]. Available: searchdatabackup.techtarget/definition/data-protection. [9] P. Ferrill, "The Best Network Monitoring Software of 2018", PCMAG, 2017. [Online]. Available: pcmag/article2/0,2817,2495263,00. [10] S. Aslam, "The 12 Best NAS (Network Attached Storage) to Buy in 2018", Omnicoreagency, 2018. [Online]. Available: omnicoreagency/bestnas-network-attached-storage/. [11] "PRTG Price List - Overview, Licenses, Prices", Paessler. [Online]. Available: https:// paessler/prtg/price_list. [12] "Datagram Syslogserver Suite Review", Network Admin Tools, 2016. [Online]. Available: netadmintools/syslog-server/datagram/.
Network Design Proposal Part 3
Course: Fundamentals of Networking (CMIT 265)
University: University of Maryland Global Campus
- Discover more from:
