Foto
31May

Design Implementation Organisational Network Assignment

This is solution of Design implementation organisational network assignment, discusses about the network architecture methodology, how architecture is developed and implemented.

Requirements Gathering Process:

Before planning the network it is essential to fully understand the requirements. Some of the requirements and data have already been given in the case. The entire campus of the company is situated in an area of 10 Km2. There are two three storey buildings having a distance of 500 meters in between them. There are in total 402 employees including those who work in canteen excluding them the total numbers of employees are 397. Please refer Table 1 for department wise number of employees. These employees need a computer system. Hence total numbers of computers required are 397. Total number of printers required are 24 (refer Table 2 for department wise requirement of the printers). As the numbers of employees are substantial we require servers. One server is required for each of the following purpose: To host share files & central information system application, Central database, Email and Web services. Thus in total four servers are required. Apart from this we require a data warehouse so as to maintain a copy of data so that if due to any unprecedented accident the data are lost then we can always retrieve the data from the data warehouse where a copy of data is stored and maintained regularly. The data warehouse should be located in a different building where the main servers are not located so that if due to fire in one building all the data is not lost. Below is the list of assumptions that were made for above analysis of the given data.

Assumptions made for analysis:

  • There is no need of a computer system and network system in canteen.
  • There is no need of any printer in the canteen.
  • All the departments are in isolations and network has to be established such that these departments have less interdependencies. Thus each department requires at least one printer of its own
  • The ideal ratio of number of employees and number of printers is 20:1. If there is more number of employees then addition printer is required. For example: if numbers of employees are 25 then two printers are required.
  • The growth of 20% for next five years will be in proportionate basis in all the department and thus every department will grow by 20% for next five years.
  • The system will be designed keeping in mind the requirement to be fulfilled for next five years i.e. though the present capacity will be of 397 people but the system should be designed in such a way so that it is easy to modify it for sustaining the growth of 20% in next five years.
  • License planning is done by the company itself and is not covered in this task though suggesting the devices required is part of network & project planning.
  • Wireless connectivity is not required.
  • Data segregation is assumed to be done once the system is up so as to provide additional protection, backup and faster recovery of data.
  • Also, as no data is given about the cost that the company can afford we assume that it is not a restriction in designing a network.

Apart from these data we would require other data also so as plan the network properly and design a floor planning accordingly. For this the requirement gathering process will include.

Organisational requirement gathering: This will focus on gathering the requirement from the organisation such as expected growth rate in terms of number of employees & traffic and the basic requirement for establishing a network as the networking planning might differ based on this (Teare, D., Paquet, C., 2006). For example, if the main business of the company is development & maintenance of IT related products & software then the requirement might be more robust public network infrastructure, if the company is into banking then more secured network and if into academic then one can think of saving cost by providing moderate infrastructure & security as they usually will not have very sensitive data. Thus it is very essential do conduct organisational level requirement gathering.

Department wise requirement gathering: Every department will have different requirement and different traffic. Accordingly one has design the system for that department so that it full fills all their requirements. For example, Software Development and Maintenance department will require more data to be stored and more number of different applications to be shared than Customer Helpdesk department as the complexity of work and number of employees are more in Software Development and Maintenance department compared to Customer Helpdesk department. Following points has to be kept in mind while designing a network for the department: what is the expected performance level and parameters required, what utilisation capacity and how long will the system be used by the user (McCabe, J. D., Kaufmann, M., 2003). Only after getting answers to these questions one can design the system.

Architectural requirement gathering: This will include the requirement for designing the system architect i.e. whether the company requires a collaborative system or a software & technology system or strategic system architect. This will help define the components required for the system and thus very essential step in requirement gathering.

Requirement gathering process: This will include meeting the customer i.e. concerned person in organisation and department and then conducting a brainstorming session which will focus on exploring all the possible areas that would require attention and might affect the decision for network planning (Mann-Rubinson, T. C. Et. al, 1999). Interviews might also be taken from the person if required and focus groups discussions can be done. Then an initial survey will be done and based on the observation made during this survey and above brainstorming, interviews and focus group discussions a document will be prepared stating all the requirements. This document will be then forwarded for finalisation of the requirement to the customer i.e. Academic Support Systems Inc. Once, the document and requirements are finalised then only floor planning will be done.

Network Design:

Physical Topology:

A centralised server room will be created in a building where all the servers are kept and maintained. This server room will act as A centralised server room will be created in a building where all the servers are kept and maintained. This server room will act as hub for the two buildings. A sub hub will be provided in the two buildings on each floor which will be connected to the main hub. These sub hubs will be used to connect the system in their respective floor. The printer in each department will act as hub to which all other systems will be connected. Special care will be taken to avoid multiple 192.168.x.y and 10.0.x.y subnets (which are for internal LAN) as this will unnecessary cause trouble later on. Also where ever possible small port switches which can be replaced by a bigger one will be avoided as too many small port switches will not only increase the complexity of network and make it difficult for maintenance but will also hinder the performance of the network (Hutton, K. et. al, 2009). For example, instead of three 4-port switches using single 16-port switch will be more effective and will improve the overall performance. If the numbers of employees are small say 10 (as in Human Resource) or 12 (as in Finance) then also these 16-port switches will be useful as the additional ports can be useful for other purposes like Firewall or DSL connectivity. Network design should be such that it should keep in mind the future growth rate of 20% (given in the case) so that not much modification is required with the increase in number of employees else every time adding switches to adjust the increasing number of employees will unnecessary complicate the network. Accordingly number of hops has to be maintained and extra cable drops has to be provided. The objective should be to minimise the number of hops (Gunes, M. H., 2008). [Read more: Analysis UK Unemployability Assignment]

Logical topology:

As there will be four servers in total and all these servers are for different purposes. The two buildings will be connected to these servers by hub-and-spoke topology i.e. these servers will be As there will be four servers in total and all these servers are for different purposes. The two buildings will be connected to these servers by hub-and-spoke topology i.e. these servers will be hub and the two buildings will be the spokes (Thomas, R. E., Rosa, A. J., 2001). Further in each building a sub hub will be there which will connect systems in the building with the main server (Refer Figure 1). The printer in a department will be connected by star topology with the systems. As the number of printer per system is 1:20 (which is very less) star topology will serve the purpose also it performs better than bus topology under heavy work load and does not requires network server to manage the connection. Against the ring topology it prevents the passage of tokens to various nodes thus improves performance and will also be easier to maintain as it is easier to detect the defects in star topology (Miller, F. P. et. al, 2009). The printer will be the hub in this case and all other system will be in isolation (Refer Figure 2).

IP address scheme:

As of now there are 402 employees out of which only 397 requires the system. As given in the case the growth rate for next 5 years is 20% hence total number of employees will be 1000 and those requiring system will be 988. Thus the number is sufficient enough to be handled by only single subnet but an additional subnet can be provided for the personnel handling sensitive data and this subnet will be available to only specific people so that they only can govern the security. Domain names is another concern as there is conflict between Microsoft and Apple as Microsoft uses .local domain and Apple uses .local namespace (Iniewski, K., 2008). Thus either all the systems should be of one company (Microsoft or Apple) or domain name has to be carefully opted for. The best solution will be to opt for different namespace as this will avoid all other conflicts. Also usage of public routed domain names as the internal domain names will be prevented as this will give rise to DNS related issues. Different domain names can be implemented. For example, for administration level .local or .lan can be used as domain name and for testing purpose .test can be used as domain name. For the IP address we will follow three level hierarchy systems i.e. network number followed by subnet number and then the host number (Long, C., 2001).

Devices needed & their Location:

For LAN: For LAN connectivity within a building following devices will be required: Routing Technologies which will be used for LAN connectivity within a building and is for Layer 3 switching, Gigabit Ethernet will be used to increase the speed to 1 Gbps by providing high bandwidth capacity (Wayne, L., 2008), LAN switching technology which includes Ethernet Switching &/or Token Ring switching for Layer 2 switching and ATM switching technologies which will be required for voice, video and data and provides a high speed switching (Mansfield, K. C., Antonakos, J. L., 2009). Each of these devices will be located in each of the floor and department.

For WAN: For WAN connectivity between two buildings as they are separated by 500 meters following devices will be required: Asymmetric Digital Subscriber Line for high speed data communication and provides up to 6 Mbps of speed, Analog modem, Leased Line for hub-and-spoke topology, Integrated Services Digital Network (ISDN) as it also provides support for voice & video data, Frame Relay for low-latency mesh topology between two buildings, Switched Multimegabit Data Service (SMDS), X.25 as it provides a trustworthy WAN circuit support, WAN ATM for accelerating the bandwidth requirement when the company will grow in coming years (Cahn, R. S., 1998). They will be present mainly in the server room and in connecting the two buildings.

Apart from these network devices we will require 4 servers located in server room, 397 computer systems for every employee on their desk and 24 printers in respective department. The details calculation for number of systems and printers are done in Table 1 & 2.

Network traffic policies:

Network traffic engineering is very important aspect of network designing where one has to design the network while keeping in mind the estimated traffic. However, framing policies that will govern keep check the network traffic is also equally important else the network traffic cannot be controlled and chances of server crashes increases. Following policies should be followed in order to maintain network traffic.

  • Network traffic should be continuously monitored so that one can estimate the maximum network traffic and minimum network traffic. This will help the network management team to understand the network requirements. Any deviation from the expected maximum network traffic will alert the network traffic management team and then they can check for the network usage. Also, time can be noted when the network traffic is at peak. All this helps in monitoring the network. For this network traffic management team can use various tools like Ntop, Ngrep, EtherApe, SolarWinds, Nagios, and Argus (Chen, T. T., 2009).
  • Classification of network traffic should be done based on voice, video, data, image, web etc. The congestion level and bandwidth for all this should be defined and its degree should be controlled (Parisi, T. J., 2008). The track of user using the network along with the classified data should be done thus recording his username, IP address and login account. All this will make it easier for traffic management team to identify the person who is responsible for very heavy traffic and the rationale behind the traffic.
  • If any application is being used then the network against that application should also be monitored. Any such application which uses a lot of traffic should be provided only to person who needs it and has previously asked for permission from the network team. Thus minimizing the traffic against the application server.
  • To avoid the load on the Email server the maximum amount of file that can be attached should be restricted to 2 MB. This will save the server space. Also it should be made compulsory for every employee to use tools like Microsoft Outlook so that load on the Email server is minimized.
  • The server where the file sharing facility is provided should be monitored for unwanted files and every department should be allocated a limited space as per their requirement and employee size so that there is effective usage of the space. This will also avoid duplication of same files. For sharing data between two people the folder share option should be encouraged instead of dumping the files on the server.
  • In order to effectively manage the database server the permission to create new database should be given to only specific people who has been applied through their manager for the same. The space to each and every account or department should be limited and for any additional space a proper application should be filed with the network maintenance department.
  • In order to avoid the load on the server providing web services various applications should be used that blocks unwanted websites for example Websense can be used to block the adult websites and other unproductive websites like social networking websites. This is reduced the unnecessary usage of the web service (Furlong, T. B., 2007). The websites which consumes lot of network bandwidth like Youtube and other video streaming websites should be blocked. Domain restrictions and site restrictions should be applied and for any blocked site access a proper application should be asked from the user. {Explore about AJAX, XML and Web API Terminologies}
  • Constant monitoring for the proxies should be done and they should be blocked as they not only increases the traffic but will also possess security threat.
  • The bandwidth should be dynamically managed i.e. providing the bandwidth as per the usage to every department. For example the customer helpdesk might require less bandwidth than software development department. This will make effective usage of available bandwidth.
  • Billing should be done each department based on the network usage and traffic generated by that department. This will in turn force the managers of each department to force the employees to abstain from unnecessary traffic generation.
  • For the printer restriction should be put on the number of pages that every employee can print in a month. This will prove not only to be a effective cost cutting measure by saving paper and printing ink but will also restrict the unnecessary prints taken by employees thus reducing the traffic at printer.

Network Security:

  1. Threats Analysis:

    Following are the network security threats that should be taken care of:

1. Physical security threat: These threats are caused by the physical damage of the network and can be classified into four major categories:

a. Natural disasters and environmental problems: Natural disasters like earthquake, flood, hurricanes, fires, tornados can cause serious damage to the network. It may lead to complete collapse of the network and might require rebuilding the entire network after the disasters are over. This can prove to be very costly for the company. Also, environmental problems like extreme humidity or temperature can cause the devices to malfunction or even get permanently damaged. It is necessary to balance between environment and development.

b. Hardware issues: There is always a chance of hardware getting either physically damaged or not function properly or theft of components of hardware. This might result in temporary breakdown of network or not work properly or not work up to its capacity.

c. Electrical vulnerabilities: Failure of electrical power can shut down the network and might be required to restart after the supply of electrical power. This will completely cut off the network for the duration when there is no electrical power supply. Also fluctuations in electricity and voltages can damage the devices and hardware equipments. This can also fail the network connection and might be costly depending upon the number of equipments and kind of equipment that is damaged in the voltage fluctuations.

d. Maintenance issues: If the devices and hardware equipments are not properly maintained or are not properly handled then they might get damaged. Also, if there are not enough spare parts available it might cause delay in repairing of the network connection. Poor cabling and poor device labelling will also affect the performance of the network connection and increase the maintenance time of the network (Convery, S., 2004).

2. Data Security: This is basically due to failure to guard unauthorised access to sensitive data. The intrusion can be in the database and also when the data is being sent over a network. The virus attacks can not only corrupt the data but can also completely delete the data from the system and database. Also any physical damage to database or system can result in complete loss of data (Omar, S., 2007).

3. Application Security: There are various applications that are not authorised by the company to use and these applications can use a lot of resources. Also, there is a possible threat to the security of the data as they might steal the data from the system. Most of the IT companies block such applications to be installed. The unlicensed application or unauthorised applications can cause serious troubles. These can be malwares or ever serious viruses. They can also consume a lot network bandwidth.

4. Network Security: A network can get crashed due to over traffic which the network is not capable of handling. This network collapse and overloading of network can hinder the performance of the system and overall productivity of the employees. Also. there is always threat of potential virus attack or hacking of the entire network. These can seriously damage the network if remained unchecked and can result into intrusion in database and servers causing serious damage to data base (Kaeo, M., 2003).

  1. Security Solutions:

    Following steps should be taken in order to avoid above mentioned security threats:

  • Damages due to natural disasters cannot be completely eliminated but can be minimised by placing additional servers and database backups in some other location far from the place where other server is already placed. It is unlikely that at both the places natural disaster will struck at the same time. Also, it would make is easier to recover the data.
  • All the equipments and servers should be placed in a controlled environment where temperature and humidity is regulated. This will reduced the chances of damage due to environmental issues.
  • Sufficient spare parts should be kept in the inventory or there should be proper arrangement of procuring the parts in case they get damaged.
  • Only authorised persons should be allowed to enter the server rooms and areas of high vulnerability so that the chances of physical damage, theft and mishandling are reduced. This will also make sure that the data is secured and there is no intrusion. For this electronic access control can be implemented and if required security cameras can be installed. The security staff can also be trained and instructed to avoid any trespassing (Yusuf, B., 2008).
  • Additional power supply line can be installed or generators can be installed so that in case of power failure one can use them and continue the job. Also, power supply can be regulated to check the voltage fluctuations.
  • High quality cables should be used and proper labelling should be done so that it is easier to find fault and maintenance is quick.
  • Make regular updates in the database and take a backup database in frequent intervals. Also do not leave the system without locking it. This will prevent the unauthorised access of the system.
  • Always use secured channel to send messages and encrypt the message so as to avoid any theft. Also user authentication should be made compulsory to login in to any system. Also do not provide everybody Administration power in the system as this will prevent installation of unauthorised applications in the system. One can provide various level of access to a user for a system like guest, power user and administration depending upon the requirement.
  • Application and software updates should be frequently installed so as to provide patches for any vulnerability found on a later date. Also install a good anti-virus and use firewalls to restrict any virus or malware to attack the system.
  • Use cross-site scripting and SQL injection techniques to prevent hacking in to the system. Also continuously monitor the network for any external attack, its readiness, its performance and its capacity to take load. A proper audit will prevent most of the threats.
  1. Security Implementation Documentation:

    The implementation plan for maintaining security is:

  • All the employees will be given identification card having electronic access to desired location and he/she cannot enter any other location if the access is not granted to it.
  • Security cameras will be placed to sensitive location and will be continuously monitored. The security staff will be placed outside every department and sensitive locations who will keep record of every person entering in to the location.
  • Access to the system will be given as per the requirement else default access will have minimum authority and every system will essentially have login authentication.
  • Network traffic will be monitored for every user and IP address. The record for printout will also be maintained for every system.
  • Any application is required to be installed will require prior permission from network monitoring staff and a proper anti-virus will be installed in each system with firewall on.
  • The mails will also be monitored so that no data stealing can be done and not more than 2 MB will be allowed to be mailed.
  • Proper equipment maintenance and handling will be taken care of as per above suggested solution and additional server and database will be maintained in a secure location.

Click for Software Project Management and Testing Assignment

Strategy & Plans for Network Performance:

  1. Performance monitoring plans: The network performance monitoring will include the monitoring of traffic overload, constant review of traffic handling capacity, the speed of the network i.e. the speed of data transfer and the performance of various devices and servers (Claise, 2008). There are various tools available to monitoring networks. Some of the networks monitoring platforms are: Andrisoft WANGuard, Axence nVision, EM7, GEM network monitoring, Intellipool Network monitor, NetGong, OPNET nCompass and SpyGlass. Some of the networks monitoring tools are: Anritsu, Anue System, Capsa, EffeDetect, Etherpeek, IP Traffic Monitor, LANExplorer, NetScope, VSS monitoring, Monitis, NetVizor, TelcoAlert and ISDNwatch (Smith, C., Gervelis, C., 2003).

The most important thing is to check for traffic and detection of network failure cause. Bandwidth management technology will be implemented to constantly check the bandwidth usage by the employees. This will not only give idea of the department and person using maximum bandwidth but will also make easy for the network administration staff to check for the reasons for high bandwidth usage for that department or employee.

  1. Disaster Recovery Plan: Following disasters are identified for a network: natural calamity like flood & earthquake, virus attack, hacker attack, electric power failure, underground cable cut and fire. The disaster recovery plan will have four steps: Detect the disaster, notify it to person concerned, isolate the system so that it does not infect other systems and repair the damaged part (Buchanan, R. W., 2002). The three main area of concern during disaster are saving the data, saving the network from collapsing and faster revitalising the system & network (Mahdy, G. E., 2001). It is often difficult to prevent the data loss during natural calamity but one can always have additional servers and databases in some other location so that it is easier to retrieve the data. A regular update in this database is very essential. Fire extinguishers should be placed at every location and department so that fire do not spread quickly and can be controlled. Also placing a back up database at some other location minimises the loss due to fire or any accident.

For virus attacks proper anti-virus should be installed in the system and firewall protection should be used. Also, preventing and blocking potential dangerous websites will help to reduce the attacks. Employees should be made aware of the potential danger of the virus attack & damage caused by it. To prevent attack from hacker the system should be constantly monitored and techniques like SQL injection and Cross Site scripting should be used.

For electricity failure additional supply line should be maintained or generator should be installed. It is very important to address this concern as without electricity all the systems and network connections are of no use. For mitigating the risk involved in underground cable cut, a parallel cable should be installed and used when any cable cut happens. The cable then should be repaired and make it in ready to use condition.

Explore solution of Smart kids App Android Proposal

Management Summary

After analysing the given information it was concluded that only 397 systems, four servers are required and 24 printers are required as of now and with 20% growth rate in next five years the number of system will be increased to 988. Requirement gathering will include gathering the following requirements: organisational requirement, department requirement and architectural requirement which will be done by brainstorming, interviews and focus group discussion. A requirement document will be prepared which when finalised will be used for network design.

The network topology will include a main hub having all the servers and sub hubs in every floor of two buildings in hub-and-spoke topology. The printers will be connected using star topology. Big port switches will be used instead of small port switches and the main objective of the network topology will be to reduce the number of hops. Though one subnet is sufficient but for security reasons another subnet will be used for only authorised persons. To avoid issue with domain name different name space will be used. The IP address will follow three level hierarchy systems. The LAN devices will be located in each floor as per the requirement and the purpose of WAN devices will be to provide inter building connectivity.

The suggested network traffic policies includes: network should be continuously monitored, Proper track of traffic should be there, unauthorised websites and applications should be restricted, Email attachment capacity should be restricted to 2 MB, the database space and server space should be restricted for every department, dynamic allocation of bandwidth should be done as per the usage requirements and number of printouts should be restricted for every system. All this will reduce the network traffic.

Four major threats have been identified and they are: Physical security, Data security, Application security, information security and Network security. In order to take care of these threats following solutions were suggested: database backup in other location, operating equipments in controlled environment, maintaining inventory of spare parts, electronic authorisation and access, provision for additional power supply should be made, firewalls and anti-virus should be used, security cameras should be installed and security staff should be trained.

For performance monitoring various tools shall be used like Anritsu, Capsa, EffeDetect, Etherpeek, IP Traffic Monitor, LANExplorer, NetScope, VSS monitoring, Monitis, and ISDNwatch. Constant review of network traffic should be done and load handling capacity of network should be reviewed and most importantly bandwidth allocation should be managed properly.  Any performance related issues should be address immediately. Disasters identified for a network includes: natural calamity like flood & earthquake, virus attack, hacker attack, electric power failure, underground cable cut and fire. These should be mitigated by maintaining a copy of database in distant location, installing fire extingushier, maintaining other power supply, proper monitoring of network to prevent attack from hacker and virus.

By implementing the above points the company will be able to establish a very secured network which will not provide a faster and enhanced performance but will also be easy to maintain.

Appendices

Department No. of Employees
Management 25
Human Resources 10
Finance 12
Marketing 10
Software analysis and Design 100
Software Development and Maintenance 200
Quality assurance and testing 25
Computer network services 10
Customer Helpdesk 5
Canteen 5
Total Number of employees 402
Employees requiring systems 397

Table 1: Department wise employees

Department No. of printers
Management 2
Human Resources 1
Finance 1
Marketing 1
Software analysis and Design 5
Software Development and Maintenance 10
Quality assurance and testing 2
Computer network services 1
Customer Helpdesk 1
Canteen 0
Total Number of printers 24

Table 2: Numbers of printers required

Growth rate 20% Year 1 Year 2 Year 3 Year 4 Year 5 Year 6
Total employees 402 482 579 695 834 1000
Employees requiring System 397 476 572 686 823 988

Table 3: Forecasting Number of Employees

Network-Connection Design implementation organisational network assignment
Network Connection between two buildings

Bibliography

  • Cahn, R. S., 1998. Wide area network design: concepts and tools for optimization. Morgan Kaufmann publication. pp. 192-391
  • Buchanan, R. W., 2002. Disaster proofing information systems: a complete methodology for eliminating single points of failure. McGraw-Hill Professional. pp. 117 – 183.
  • Chen, T. T., 2009. Network Traffic: Modeling and Control. John Wiley & Sons. pp. 174 -385.
  • Claise, 2008. Network Management: Accounting and Performance Strategies. Pearson Education India. pp. 634 – 693.
  • Convery, S., 2004. Network security architectures. Cisco Press. pp. 299 – 365.