Updating current Network Design It18 roshan basnet
1. Executive summary
AICL , Australian Institute of Commerce and Language is presently located at heart of
the Sydney, George street and was established in the year 2000. Presently the
institution possess 500 students in different courses like English preparation
course(IELTS), Diploma in Accounting, Cert IV of Accounting, Diploma of
IT(networking), Cert IV of IT(networking), Electronics And Communications and many
more.
Due to growing demand of the students the institution is about to establish a new
branch in the Sydney, Pitt street.
Presently they have implemented three server that is Domain controller, Print server
and Proxy server.
At the moment the head office at George Street has four branches:
Account Department, IT Department, Administrative Department, and Staff Department
with student section.
As a server window server 2003 is implemented with windows XP as a client operating
system.
Same scenario will be implemented in the branch office also , but with updated devices.
Introduction:
AICL, Australian Institute of Commerce and Language is presently located at heart of
the Sydney, George street and was established in the year 2000.
AICL has 500 users in different courses such as English preparation course, Diploma in
Accounting, Cert IV of accounting, Diploma of IT (networking), Cert IV of IT
(networking), Electronics and Communications and many more.
Due to growing demand of the students the institution is about to establish a new
branch in the Sydney, Pitt street.
They are also adding new courses which makes student easier and more reliable such
as advanced diploma in accounting, diploma in hair dressing and so many others.
2. Background:
At the moment AICL is using three basic server i.e. domain controller, print server and
proxy server. Because of these servers It will be easy for all of the members in this
institute to easily share document any time anywhere throughout the institute. In the
network windows 2003 server is implemented as a server.
Introduction to servers:
Domain Controller:
A domain controller is a server that is running a version of the Microsoft Windows
Server 2003 or Windows 2000 Server operating system and has the Active Directory
directory service installed.
Print server: A print server, is a computer or device that is connected to one or more
printers and to client computers over a network, and can accept print jobs from the
computers and send the jobs to the appropriate printers.
Proxy server
A server that sits between a client application, such as a Web browser and a real
server. It intercepts all requests to the real server to see if it can fulfill the requests itself.
If not, it forwards the request to the real server.
It has two main purposes:
Improve Performance: Proxy servers can dramatically improve performance
for groups of users. This is because it saves the results of all requests for a
certain amount of time. The major online services such as MSN and Yahoo, for
example, employ an array of proxy servers.
Filter Requests: Proxy servers can also be used to filter requests. For
example, a company might use a proxy server to prevent its employees from
accessing a specific set of Web sites.
ISA Server: Microsoft's ISA Server (Internet Security and Acceleration Server) is the
successor to Microsoft's Proxy Server 2.0 (see proxy server) and is part of
Microsoft's .NET support. ISA Server provides the two basic services of an enterprise
firewall and a Web proxy/cache server. ISA Server's firewall screens all packet-level,
circuit-level, and application-level traffic. The Web cache stores and serves all regularly
accessed Web content in order to reduce network traffic and provide faster access to
frequently-accessed Web pages. ISA Server also schedules downloads of Web page
updates for non-peak times.
3. ISA Server allows administrators to create policies for regulating usage based on user,
group, application, destination, schedule, and content type criteria. ISA Server is
designed to work with Windows 2000 and later operating systems and to take
advantage of Windows' Kerberos security. ISA Server includes a software development
kit (SDK).
ISA Server comes in two editions, Standard Edition and Enterprise Edition. Standard
Edition is a stand-alone server that supports up to four processors. Enterprise Edition is
for large-scale deployments, server array support, multi-level policy, and computers with
more than four processors. Licenses are based on the number of processors.
GFI Web Monitor 2009™ boosts employee productivity by giving you complete internet
access control to monitor what users are browsing and downloading in real-time.
Research by IDC shows that up to 40% of employee Internet access is non-work
related. As a network administrator, internet monitoring software provides you the tools
that enable you to have complete Internet access control to monitor employees' web
browsing activities and to ensure that any files downloaded are free of viruses and other
malware.
Microsoft Exchange Server: Exchange is a popular Microsoft messaging system that
includes a mail server an e-mail program (e-mail cliet) and groupware applications.
Designed for use in a business setting, the Exchange server is often used in conjunction
with Microsoft Outlook to take advantage of Outlook's collaborative features, such as
the ability to share calendars and contact lists.
Microsoft Exchange serves two purposes:
• Mail Server. Exchange supports POP, IMAP,
and web e-mail clients, as well as its own preferred mail client, Microsoft Outlook.
• Collaboration server. Exchange allows users to share information, either using
Outlook on their desktops or Outlook Web Access through a web browser. It
enables Outlook's most important features for collaboration - public folders to
which everyone can contribute and view files, calendars for scheduling meetings
or reserving resources like conference rooms, common address books for
sharing contact information, and much more.
4. Problem:
• Network congestion slow connectivity.
• Bandwidth over consumed / increase rate of trafficking.
• Unavailability of servers.
• Duplicate IP ADDRESS.
• malfunction of connectivity devices, such as in the case of a switch, router
or hub
• Registry problems may also cause a networking issue, as well as a number
of other software-related possibilities.
• Problem with the physical connections (being broken).
Alternate Solution:
• Design an IP addressing plan and select appropriate IP routing protocols
• Check the devices thoroughly to prevent malfunction of connectivity devices,
such as switch, router.
• Similar testing can be done with switches and routers. If these look to be stable,
then check the configuration of the equipment that’s experiencing the problem. It
could well be that it simply needs to be reconfigured to accommodate the type of
equipment that’s been attached to make the network connection.
• Filtering out traffic at the network edge also eliminates backbone congestion.
• Apply network security design principles to boost network security.
• Install ISA Server with GFI.
5. Current net work diagram:
‘
Current active directory diagram:
aicl.com.au
Domain
Controller
Proxy
Server
Print
Server
Switch Switch
Client
Client
Client
Client
Router
Interne
t
Print Server
Proxy Server
users
6. Proposed network diagram:
client Client client
switch
Domain
Controller
(Primary)
aicl.com.au
Secondary
ISA
Server
Print Server
Interne
t
ISA Server Child Domain
(pitt.aicl.com.au
)
Switch Print Server
client C2 client
Exchange
server
7. Proposed active directory diagram:
Aicl.com.au (Primary) pitt.aicl.com.au (Child domain)
(Secondary)
Print Server UsersISA Server
UsersPrint
Server
ISA
8. Cost analysis/time frame:
Num. Devices Price in AuD Brand
1 Network cable $1 /mt. SFTP CAT 5/6
2 ISA Server $800 Microsoft
3 Domain controller $890 Microsoft
4 Router $1000 Cisco
5 Printer $800 HP Laserjet
6 Switch $500 Cisco
7 Optical fibre $60/m LC
8 Windows 2003 server $890 Microsoft
9 Anti Virus $135 Nod32
10 Application Programs $300 Various
11 Exchange Server $100 Microsoft
Estimated Time Frame for the Completion:
Entire project can be completed within 30 days with the help of 10 professionals.
20 day’s completion of job.
10 day’s for testing and maintenance
Recommendation:
As we are connecting the network of George street (Head Office) to the branch office in
Pitt street. For the consistency and better performance following changes can be
implemented.
1. ISA server can be implemented in place of Proxy server as a web cache and
Firewall. For better performance of the ISA Server GFI can be implemented to
track all the sites and traffics’ inbound and outbound.
2. Secondary domain as well as Heart Beat (Clustering and Load Balancing) can be
implemented, for the backup server. (If in case primary server gets down)
3. Child domain can be configured in Pitt Street.
4. Latest antivirus in each machine can be installed with required policy.
5. Support for a hardware-based "watchdog timer", which can restart the server if
the operating system does not respond within a certain amount of time.
6. For all the clients including staffs and students mail, exchange server can be
configured.
9. Conclusion:
As Aicl is growing day by day, so the network they design should work for at least 2
years. Moreover it is connecting its head office with branch office in Pitt street, so
security should be considered as a major topic to follow up.Here are the few topics
which should be revised thoroughly at the end of project:
• Server should be configured with latest OU and GPO
• Firewall should be configured with good policies.
• Exchange server should be configured with a good disk space
• RAID should be maintained.
• Heartbeat or other clustering server should be maintained properly in case of
server failure.
• Latest Antivirus should be installed.
• If possible thorough testing should be done.
• Heavy duty printer should be installed with priority levels for resource sharing.
• Spam site should be well monitored and blocked.
Reference:
• Computer Network Security Problems and Solutions, viewed on Nov
05,2009
http://www.morebusiness.com/running_your_business/technology/d935705458.b
rc
• Networking Computers and Your Television, viewed on Nov 05,2009
http://www.compnetworking.about.com
• Cisco Network Solution, viewed on Nov 06,2009
http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns431/ns17/net_cu
stomer_profile0900aecd80459891.html
• Active Directory diagrams with ConceptDraw PRO, viewed on Nov 06,2009
http://www.conceptdraw.com/en/products/cd5/ap_active_directory_diagram.php
10. • ACM Publications, viewed on Nov 06,2009
https://campus.acm.org/
• switch (network switch), viewed on Nov 07,2009
http://compnetworking.about.com/od/hardwarenetworkgear/g/bldef_switch.htm
• Exchange Server , viewed on Nov 07,2009
http://searchexchange.techtarget.com/sDefinition/0,,sid43_gci952894,00.html
• ISA Server , viewed on Nov 07,2009
www.microsoft.com/forefront/.../isaserver/en/us/default.aspx
Appendix:
• Internet: the global computer network composed of millions of computers and
thousands of networks.
• Resource: any computing device, peripheral, software, or related consumable
(e.g. paper, disk, space, central processor time, network bandwidth) owned or
controlled by the University.
• Service: any software that makes a computer's files or other locally stored
information available for use by another computer or facilitates the transfer of
data between two remote computers. Services include, but are not limited to,
web, file, and e-mail server software.
• Spam: unsolicited mass e-mail for the purpose of advertising a service, personal
gain, or other inappropriate use.
• ISA : Microsoft Internet Security and Acceleration Server (ISA Server) is
described by Microsoft as an "integrated edge security gateway.
• Domain Controller: On Windows Server Systems, a domain controller (DC) is a
server that responds to security authentication requests
• Router: A device that connects to and receives data from outer networks and
sends data only to network nodes meant to receive them, rather than sending
information to all nodes on the network
• Switch: A network switch is a small hardware device that joins multiple
computers together within one local area network (LAN).