SlideShare une entreprise Scribd logo

IT Infrastructure Project

Télécharger en tant que PPTX, PDF
R
Robert D. Williams
1  sur  29
PROPOSAL FOR A NEW UNIFIED COMMUNICATIONS NETWORK Aperture Technologies
Who We Are • Aperture Technologies is a Network design company that started out in the founder’s garage. Since then we have grown from a small organization to a multi-million dollar company that has 225,000 employees, 19 offices, located in five different countries around the world and still growing.
Our Mission • Our mission is to be able to provide other companies with efficient, safe and reliable networks. We help companies keep cost down and revenues high. We specialize in global networks and getting communications from one end of the globe to the other. • Since 2000 we have helped to develop networks for companies such as Gallo Wineries, Modesto Irrigation district, Chicago Title Company, and Global Construction to name a few.
SCOPE • To identifying new needs of being able to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. • To ensure that support to the new branches is met. Ensure that the network meets all needs of our 225,000 employees. • Finally, ensuring that all information is kept safe and secure as much as possible
ROLES • Senior Management – Ensures that the project meets the overall goal of the companies needs to keep the company profitable. • IT Management – Ensures that company guide lines for the network are being followed to keep productivity high. Helps with implementation of policies and procedures. • IS Management – Ensures that all required security requirements and precautions have are met. Develops practices for testing and implementation. Helps to make recommendations about security practices to follow, as well as the development of the DRP.
ROLES • Functional Management – Helps in the overall development to ensure that functionality across the board is met. • IS Security Practitioners – Responsible for putting the implementation together, testing, documenting, and over management of the system when it goes live. Active scanning and evaluation of the network. • IT Technicians – Responsible for the main installation of all network components, initial configurations, and testing of equipment under the direction of the IT Management. • Security Awareness trainers – To make sure that all end users, employees, contractors, or person that will have a need to understand the policy contained here in this plan based on the duty they need to perform.
CURRENT COMMUNICATIONS • Old PSTN Telephones • Still paying for international and long distance • Slow email for to send and gather important information • Still traveling for all meetings • Throwing money away
PROPOSED COMMUNICATIONS Utilizing SIP and H.323 • Implement an IP-PBX phone system – One low monthly cost as not per call • Instant messaging with file transfer ability – The ability to instantly access another person and share files quickly • Video Conferencing – Reduced cost of international and interstate meetings.
VLAN AND WLAN • Dynamic VLans for flexible productivity • VLans assigned through WLan for mobile users • Single sign on Authentication for ESXI, AD, and Radius. •
VLAN CONFIGURATION • Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only. • Marketing (VLan 16): All market research, marketing, as well as advertising departments. Located at the corporate office only. • Operations (VLan 32): Operations department • Managers (VLan 48): Area, district, and branch managers. • Human Resources (VLan 64): Hiring and training personnel.
VLAN CONFIGURATION • Accounting and Finance (VLan 80): All departments that deal with money for the company. • VoIP (VLan 96): IP Telephones • Video (VLan 112): All network components that deal with teleconferencing other than the phone system. • Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
WLAN • For the purpose of inter-departmental meetings and other functions, WLan will be placed on each VLan. • Because dynamic VLans are in use they will only have access to the VLan assigned them. • 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. • Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. • This should allow mobile devices to handle any type of multimedia streaming if needed.
NETWORK CONFIGURATION • Switches – 10GB bridge – 10/100/100 Ethernet • Firewalls – unified threat management (UTM) for the core network • Packet filtering, malware detection, Spam, and virus checks – SIP/H.323 for the VoIP network
NETWORK CONFIGURATION • Routers – OSPF configurations – SIP gateway will be OSPF, but will only route SIP and h.323 Protocols • OSPF allows for other vender equipment • A dedicated line between same country branches will be used for security and bandwidth purposes.
IP Schema Internal Network Schema Core Network VoIP / Video Routers 10.X.128.1-9 10.X.96.1-5 Firewalls 10.X.128.10-19 10.X.96.10-20 GB Switches 10.X.128.20-29 10.X.96.20-29 Local Switches 10.X.128.30-39 10.X.96.30-39 PBX 10.X.96.6-9 Internal Servers 10.0.128.50-69 DMZ Servers 10.0.128.70-79
Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20
Workstations Via DHCP Scope VLan 10 10.X.0.40-10.X.0.160 Vlan16 10.X.16.40-10.X.31.254 VLan 32 10.X.32.40-10.X.47.254 VLan 48 10.X.48.40-10.X.63.254 VLan 64 10.X.64.40-10.X.79.254 VLan 80 10.X.80.40-10.X.95.254 VLan 96 10.X.96.40-10.X.111.254
Office Private Schema Executive office: 10.0.0.1 10.0.15.254 The X indicates the country Code for the subnet 10.0.0 255.255.240.0 Dynamic addressing unless indicated Marketing: 10.0.16.1 10.0.31.254 Operations: 10.X.32.1 10.X.47.254 Managers: 10.X.48.1 10.X.63.254 HR: 10.X.64.1 10.X.79.254 Accounting / Finance: 10.X.80.1 10.X.95.254 VoIP: 10.X.96.1 10.X.111.254 Video: 10.X.112.1 10.X.127.254 Network Equipment (static) 10.X.128.1 10.X.143.254
Global Private Schema Country Office Office Subnet Country Subnets by Office, x indicates the subnet scheme above. 4096 Subnets 4094 host per subnet 225,000 employees 500,000 total ip addresses estimated for equipment and VoIP. Approximately 1974 employees per office subnet. USA Corporate 10.0.x.x LA: 10.1.x.x SF: 10.2.x.x Boston: 10.3.x.x SD: 10.4.x.x NY: 10.5.x.x Austria: Vienna: 10.10.x.x Salzburg: 10.11.x.x Inz: 10.12.x.x Germany Berlin: 10.20.x.x Stuttgart: 10.21.x.x Munich: 10.22.x.x France Paris: 10.30.x.x Bordeaux: 10.31.x.x Nice: 10.32.x.x Japan Tokyo: 10.40.x.x Sapporo: 10.41.x.x Osaka: 10.42.x.x
Global Gateway Router Schema Country Office Dedicated line ISP Gateway USA Dedicated line Main Router 200.200.200.1 200.200.200.2 none Corporate 200.200.200.5 200.200.210.1 LA: 200.200.200.9 200.200.210.5 NY: 200.200.200.25 200.200.210.21 Country Office Dedicated Line ISP Gateway Austria: Vienna: 200.200.200.29 200.200.200.30 200.200.210.25 Salzburg: 200.200.200.33 200.200.200.34 200.200.210.29 Inz: 200.200.200.37 200.200.200.38 200.200.210.33 Germany Berlin: 200.200.200.41 200.200.200.42 200.200.210.37 Stuttgart: 200.200.200.45 200.200.200.46 200.200.210.41 Munich: 200.200.200.49 200.200.200.50 200.200.210.45
BEST PRACTICES • MANAGEMENT – Management team • Overall changes or Major changes • Comprised of the IT management, IS management, The CIO, as well as departmental heads – Implementation team • New software, firmware or hardware • Comprised of the IS and IT departments
Monitoring • Ticketing system – For users to report problems and issues – Automated monitoring use as well • Network monitor – SolarWinds Monitoring software – SNMP traps
SECURITY • Users – Training – RF Badges – Policies • Workstation – Antivirus – Intrusion prevention and detection – UPS’s – VMware for easy workstation restoration
SECURITY • LAN – Dynamic VLans for segmentation – Single sign on for user convenience – IPS and IDS on all network Equipment – All default usernames and passwords changed • WLan – 802.1x Enterprise WAP2 encryption – WAP2 will work with AD and the VLan authentication to make a single sign on for user convenience
SECURITY • LAN to Wan – UTM Firewalls – Default user names and passwords changed – IPS and IDS – Statefull packet filtering – DMZ to be utilized • WAN – SLA agreement to meet company BCP
SECURITY • Remote Access – SSL VPN – Three way Authentication – HDD encryption on mobile devices • Mission Critical Center – IDS and IPS active – Back up Servers – Halon 1301 – Resources not used disabled
SECURITY • Physical Security – All network equipment will be locked • Closet or room – RF badges for access – Cameras in place • Entrance • Inside areas – Locking cabinets with tubular security locks
Overview • Dynamic VLans • DMZ implementation • Bringing in a dedicated line for branch offices in the same country • VPN for cross continental communication • The implementation of VoIP and Video conferencing
Aperture Technologies Thank you for your time.

Recommandé

Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
devalnaik
 
SD WAN
SD WANSD WAN
SD WAN
Bri Molina
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
Open Networking Summits
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
xKinAnx
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash
 

Recommandé

Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
devalnaik
 
SD WAN
SD WANSD WAN
SD WAN
Bri Molina
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
Open Networking Summits
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
xKinAnx
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
Cisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
Belsoft
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
Joseph Sebastian
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
Vikas Aryan
 
What SD-WAN Means for Enterprise
What SD-WAN Means for EnterpriseWhat SD-WAN Means for Enterprise
What SD-WAN Means for Enterprise
Toshal Dudhwala
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
Emerson Barros Rivas
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
DevOps for Network Engineers
DevOps for Network EngineersDevOps for Network Engineers
DevOps for Network Engineers
stefan vallin
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is SASE
What is SASEWhat is SASE
What is SASE
Adi Ruppin
 
Network management
Network managementNetwork management
Network management
Elena Benson
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
Sowmia Sathyan
 
POWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERPOWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTER
vivekprajapatiankur
 
Colt's evolution from MPLS to Cloud Networking
Colt's evolution from MPLS to Cloud Networking Colt's evolution from MPLS to Cloud Networking
Colt's evolution from MPLS to Cloud Networking
Colt Technology Services
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Esc who we are 2016 rev2
Esc who we are 2016 rev2Esc who we are 2016 rev2
Esc who we are 2016 rev2
thidisbogus
 
Tapsoft network solutions
Tapsoft network solutionsTapsoft network solutions
Tapsoft network solutions
SagarDabhade1
 

Contenu connexe

Tendances

Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
Belsoft
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
Sowmia Sathyan
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 

Tendances (20)

Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
 
What SD-WAN Means for Enterprise
What SD-WAN Means for EnterpriseWhat SD-WAN Means for Enterprise
What SD-WAN Means for Enterprise
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
DevOps for Network Engineers
DevOps for Network EngineersDevOps for Network Engineers
DevOps for Network Engineers
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
What is SASE
What is SASEWhat is SASE
What is SASE
 
Network management
Network managementNetwork management
Network management
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
POWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTERPOWER POINT PRESENTATION ON DATA CENTER
POWER POINT PRESENTATION ON DATA CENTER
 
Colt's evolution from MPLS to Cloud Networking
Colt's evolution from MPLS to Cloud Networking Colt's evolution from MPLS to Cloud Networking
Colt's evolution from MPLS to Cloud Networking
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 

Similaire à IT Infrastructure Project

Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
Stef Coetzee
 
Mohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -fMohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -f
mimo1000
 
Malik it eng 7 years 1
Malik it eng 7 years 1Malik it eng 7 years 1
Malik it eng 7 years 1
Abdul Malik
 
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFEMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
Faleh M.
 
Blake_Johnson_net6-28-15
Blake_Johnson_net6-28-15Blake_Johnson_net6-28-15
Blake_Johnson_net6-28-15
Blake Johnson
 

Similaire à IT Infrastructure Project (20)

Esc who we are 2016 rev2
Esc who we are 2016 rev2Esc who we are 2016 rev2
Esc who we are 2016 rev2
 
Tapsoft network solutions
Tapsoft network solutionsTapsoft network solutions
Tapsoft network solutions
 
RajaSubramanian Resume
RajaSubramanian ResumeRajaSubramanian Resume
RajaSubramanian Resume
 
Net motion mobility_intro_overview
Net motion mobility_intro_overviewNet motion mobility_intro_overview
Net motion mobility_intro_overview
 
CustomerCopy_Final
CustomerCopy_FinalCustomerCopy_Final
CustomerCopy_Final
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs Explained
 
Mohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -fMohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -f
 
Paktel
PaktelPaktel
Paktel
 
CV-ROB
CV-ROBCV-ROB
CV-ROB
 
Malik it eng 7 years 1
Malik it eng 7 years 1Malik it eng 7 years 1
Malik it eng 7 years 1
 
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDFEMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
EMEA ENTERPRISE IT SOLUTIONS AND SECURITY SERVICES PROFILE.PDF
 
Corporation Tech
Corporation TechCorporation Tech
Corporation Tech
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution
 
amir_(1) (1) (1)
amir_(1) (1) (1)amir_(1) (1) (1)
amir_(1) (1) (1)
 
Netop remote control 12.5 Brochure
Netop remote control 12.5 BrochureNetop remote control 12.5 Brochure
Netop remote control 12.5 Brochure
 
SIPfoundry CoLab 2013 - Specific customer case studies for sipXecs and ROI an...
SIPfoundry CoLab 2013 - Specific customer case studies for sipXecs and ROI an...SIPfoundry CoLab 2013 - Specific customer case studies for sipXecs and ROI an...
SIPfoundry CoLab 2013 - Specific customer case studies for sipXecs and ROI an...
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
 
Blake_Johnson_net6-28-15
Blake_Johnson_net6-28-15Blake_Johnson_net6-28-15
Blake_Johnson_net6-28-15
 

IT Infrastructure Project

  • 1. PROPOSAL FOR A NEW UNIFIED COMMUNICATIONS NETWORK Aperture Technologies
  • 2. Who We Are • Aperture Technologies is a Network design company that started out in the founder’s garage. Since then we have grown from a small organization to a multi-million dollar company that has 225,000 employees, 19 offices, located in five different countries around the world and still growing.
  • 3. Our Mission • Our mission is to be able to provide other companies with efficient, safe and reliable networks. We help companies keep cost down and revenues high. We specialize in global networks and getting communications from one end of the globe to the other. • Since 2000 we have helped to develop networks for companies such as Gallo Wineries, Modesto Irrigation district, Chicago Title Company, and Global Construction to name a few.
  • 4. SCOPE • To identifying new needs of being able to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. • To ensure that support to the new branches is met. Ensure that the network meets all needs of our 225,000 employees. • Finally, ensuring that all information is kept safe and secure as much as possible
  • 5. ROLES • Senior Management – Ensures that the project meets the overall goal of the companies needs to keep the company profitable. • IT Management – Ensures that company guide lines for the network are being followed to keep productivity high. Helps with implementation of policies and procedures. • IS Management – Ensures that all required security requirements and precautions have are met. Develops practices for testing and implementation. Helps to make recommendations about security practices to follow, as well as the development of the DRP.
  • 6. ROLES • Functional Management – Helps in the overall development to ensure that functionality across the board is met. • IS Security Practitioners – Responsible for putting the implementation together, testing, documenting, and over management of the system when it goes live. Active scanning and evaluation of the network. • IT Technicians – Responsible for the main installation of all network components, initial configurations, and testing of equipment under the direction of the IT Management. • Security Awareness trainers – To make sure that all end users, employees, contractors, or person that will have a need to understand the policy contained here in this plan based on the duty they need to perform.
  • 7. CURRENT COMMUNICATIONS • Old PSTN Telephones • Still paying for international and long distance • Slow email for to send and gather important information • Still traveling for all meetings • Throwing money away
  • 8. PROPOSED COMMUNICATIONS Utilizing SIP and H.323 • Implement an IP-PBX phone system – One low monthly cost as not per call • Instant messaging with file transfer ability – The ability to instantly access another person and share files quickly • Video Conferencing – Reduced cost of international and interstate meetings.
  • 9. VLAN AND WLAN • Dynamic VLans for flexible productivity • VLans assigned through WLan for mobile users • Single sign on Authentication for ESXI, AD, and Radius. •
  • 10. VLAN CONFIGURATION • Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only. • Marketing (VLan 16): All market research, marketing, as well as advertising departments. Located at the corporate office only. • Operations (VLan 32): Operations department • Managers (VLan 48): Area, district, and branch managers. • Human Resources (VLan 64): Hiring and training personnel.
  • 11. VLAN CONFIGURATION • Accounting and Finance (VLan 80): All departments that deal with money for the company. • VoIP (VLan 96): IP Telephones • Video (VLan 112): All network components that deal with teleconferencing other than the phone system. • Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
  • 12. WLAN • For the purpose of inter-departmental meetings and other functions, WLan will be placed on each VLan. • Because dynamic VLans are in use they will only have access to the VLan assigned them. • 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. • Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. • This should allow mobile devices to handle any type of multimedia streaming if needed.
  • 13. NETWORK CONFIGURATION • Switches – 10GB bridge – 10/100/100 Ethernet • Firewalls – unified threat management (UTM) for the core network • Packet filtering, malware detection, Spam, and virus checks – SIP/H.323 for the VoIP network
  • 14. NETWORK CONFIGURATION • Routers – OSPF configurations – SIP gateway will be OSPF, but will only route SIP and h.323 Protocols • OSPF allows for other vender equipment • A dedicated line between same country branches will be used for security and bandwidth purposes.
  • 15. IP Schema Internal Network Schema Core Network VoIP / Video Routers 10.X.128.1-9 10.X.96.1-5 Firewalls 10.X.128.10-19 10.X.96.10-20 GB Switches 10.X.128.20-29 10.X.96.20-29 Local Switches 10.X.128.30-39 10.X.96.30-39 PBX 10.X.96.6-9 Internal Servers 10.0.128.50-69 DMZ Servers 10.0.128.70-79
  • 16. Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20
  • 17. Workstations Via DHCP Scope VLan 10 10.X.0.40-10.X.0.160 Vlan16 10.X.16.40-10.X.31.254 VLan 32 10.X.32.40-10.X.47.254 VLan 48 10.X.48.40-10.X.63.254 VLan 64 10.X.64.40-10.X.79.254 VLan 80 10.X.80.40-10.X.95.254 VLan 96 10.X.96.40-10.X.111.254
  • 18. Office Private Schema Executive office: 10.0.0.1 10.0.15.254 The X indicates the country Code for the subnet 10.0.0 255.255.240.0 Dynamic addressing unless indicated Marketing: 10.0.16.1 10.0.31.254 Operations: 10.X.32.1 10.X.47.254 Managers: 10.X.48.1 10.X.63.254 HR: 10.X.64.1 10.X.79.254 Accounting / Finance: 10.X.80.1 10.X.95.254 VoIP: 10.X.96.1 10.X.111.254 Video: 10.X.112.1 10.X.127.254 Network Equipment (static) 10.X.128.1 10.X.143.254
  • 19. Global Private Schema Country Office Office Subnet Country Subnets by Office, x indicates the subnet scheme above. 4096 Subnets 4094 host per subnet 225,000 employees 500,000 total ip addresses estimated for equipment and VoIP. Approximately 1974 employees per office subnet. USA Corporate 10.0.x.x LA: 10.1.x.x SF: 10.2.x.x Boston: 10.3.x.x SD: 10.4.x.x NY: 10.5.x.x Austria: Vienna: 10.10.x.x Salzburg: 10.11.x.x Inz: 10.12.x.x Germany Berlin: 10.20.x.x Stuttgart: 10.21.x.x Munich: 10.22.x.x France Paris: 10.30.x.x Bordeaux: 10.31.x.x Nice: 10.32.x.x Japan Tokyo: 10.40.x.x Sapporo: 10.41.x.x Osaka: 10.42.x.x
  • 20. Global Gateway Router Schema Country Office Dedicated line ISP Gateway USA Dedicated line Main Router 200.200.200.1 200.200.200.2 none Corporate 200.200.200.5 200.200.210.1 LA: 200.200.200.9 200.200.210.5 NY: 200.200.200.25 200.200.210.21 Country Office Dedicated Line ISP Gateway Austria: Vienna: 200.200.200.29 200.200.200.30 200.200.210.25 Salzburg: 200.200.200.33 200.200.200.34 200.200.210.29 Inz: 200.200.200.37 200.200.200.38 200.200.210.33 Germany Berlin: 200.200.200.41 200.200.200.42 200.200.210.37 Stuttgart: 200.200.200.45 200.200.200.46 200.200.210.41 Munich: 200.200.200.49 200.200.200.50 200.200.210.45
  • 21. BEST PRACTICES • MANAGEMENT – Management team • Overall changes or Major changes • Comprised of the IT management, IS management, The CIO, as well as departmental heads – Implementation team • New software, firmware or hardware • Comprised of the IS and IT departments
  • 22. Monitoring • Ticketing system – For users to report problems and issues – Automated monitoring use as well • Network monitor – SolarWinds Monitoring software – SNMP traps
  • 23. SECURITY • Users – Training – RF Badges – Policies • Workstation – Antivirus – Intrusion prevention and detection – UPS’s – VMware for easy workstation restoration
  • 24. SECURITY • LAN – Dynamic VLans for segmentation – Single sign on for user convenience – IPS and IDS on all network Equipment – All default usernames and passwords changed • WLan – 802.1x Enterprise WAP2 encryption – WAP2 will work with AD and the VLan authentication to make a single sign on for user convenience
  • 25. SECURITY • LAN to Wan – UTM Firewalls – Default user names and passwords changed – IPS and IDS – Statefull packet filtering – DMZ to be utilized • WAN – SLA agreement to meet company BCP
  • 26. SECURITY • Remote Access – SSL VPN – Three way Authentication – HDD encryption on mobile devices • Mission Critical Center – IDS and IPS active – Back up Servers – Halon 1301 – Resources not used disabled
  • 27. SECURITY • Physical Security – All network equipment will be locked • Closet or room – RF badges for access – Cameras in place • Entrance • Inside areas – Locking cabinets with tubular security locks
  • 28. Overview • Dynamic VLans • DMZ implementation • Bringing in a dedicated line for branch offices in the same country • VPN for cross continental communication • The implementation of VoIP and Video conferencing