Explain the network architecture you recommend and the reasons for your choice.
Chris Nelson President Greenfield Properties 123 Sophia Way Minneapolis, MN 55000
Dear Mr. Nelson:
Thank you for the opportunity to provide network planning guidance to Greenfield Properties as you embark on this exciting new venture of combining Bluegrass Rentals and Redstone Property Management.
I have reviewed the information provided about Greenfield Properties’ current staffing and devices, and have given careful thought to the network architecture, organization, and security required to make your network the most secure, available, and easy-to-administer it can be. The attached report includes my recommendations for the network, as a starting point.
The next step would be to meet with your IT staff and key decision-makers to create a more detailed network roll-out plan. Please let me know if you have any questions about this report, or are ready to move to the next step in the process.
Sincerely,
David Bowers
Introduction
This document outlines my recommendations for the new network that Greenfield Properties will be creating to support the company’s new and larger organization as a result of the merger of Bluegrass Rentals and Redstone Property Management.
Network Infrastructure
With 46 employees using a total of 95 devices, and the potential for adding more later, Greenfield Properties has clearly outgrown the peer-to-peer network architecture that Bluegrass Rentals (BR) and Redstone Property Management (RPM) used in their respective facilities. Peer-to-peer networking is best suited for very small networks of 12 devices or less.
I propose a client-server network architecture consisting of two switches, with each wired host connected to the switches by Category 6 cable. Plenum cable should be used when cables run through ceilings, because this type of cable has a fire-resistant shielding that does not emit toxic fumes when burned. This will protect employees from inhaling toxic gases in the event of a fire.
The switches will be connected to a router, which will enable all nodes to access the Internet via a connection from an Internet Service Provider. The main distribution frame will be in a dedicated room for network equipment, including servers.
A client/server network, by definition, has at least one server that manages network activity centrally. I recommend these server functions be included in the network:
· Active Directory, which provides a central point for user authentication, authorization, and accounting.
· A file server for employees to share and access data files needed to do company business.
· A mail server, which administers the company’s email system. Without a mail server, you would need to contract with a web hosting company to host your mail system.
· A web server, which hosts the company’s website, including the management applications that enable tenants and owners to access online management and payment tools. I recommend that the web server be cloud-based. A full web server may not be necessary; it may be more convenient and economical to use a web hosting service.
· A database server to store the databases needed to interface with the web server.
Servers can be either on-premises or cloud-based. On premises servers come with an initial capital equipment expense, but are less costly to operate long-term. Cloud-based servers require less maintenance (including no hardware maintenance), but the network will not function if Internet service goes down. Because so many employees need to work remotely at least part of the time, and because tenants and property owners will need to connect remotely, I recommend starting out with cloud-based servers to simplify administration. It will also decrease the startup costs because you will not have to buy server hardware. Once the IT staff have come up to speed as network administrators, they may recommend moving the servers in-house.
Servers can run either Windows Server or a Linux-based server operating system, such as Ubuntu Server or Red Hat Linux. Given that Greenfield Properties’ IT staff has limited experience managing client/server networks, I recommend Windows Server because its GUI interface is easier to use for people who are not thoroughly comfortable with the Linux command-line interface.
Each server runs only one function, so, for example, you can’t run a database server and a web server on the same server hardware. However, you can optionally virtualize servers using a virtualization platform such as VMware to run multiple server instances on the same hardware. When each of the servers has little traffic (as would be case with your Active Directory and internal file servers), virtualization makes a lot of sense financially because you save on hardware costs.
The edition of Windows Server selected depends on the number of cores, or virtual servers, you run on each hardware server. The standard version of Windows Server is inexpensive but you can only host two virtual servers per licensed copy. The Enterprise version is more expensive but you can have an unlimited number of virtual servers on it.
Network Segmentation and Printing
One way to structure a network is by making all nodes part of the same LAN—in other words, the same broadcast domain. A broadcast domain is a group of computers that receive all the broadcast (addressed to all) messages. However, segmenting a network into multiple subnetworks, or subnets, can make the network more efficient because each node has to receive and evaluate less traffic.
Another reason to have a subnet is to deal more efficiently with differing permissions being assigned. For example, printers and infrastructure devices are treated differently than user PCs, and Wi-Fi connected devices have different security needs than wired ones.
I propose four subnets, as follows:
· PCs that connect via wired connections: Currently need 26, increase to 39 for future expansion needs.
· Wi-Fi user devices: Not all users will connect at the same time, but we need to plan as if they were, to be on the safe side. Currently need 69, increase to 104 for future expansion needs.
· Infrastructure network devices: unsure of the exact number at this point but estimating about 30. Increase to 45 for future expansion needs.
· Printers: Currently 12, increase to 18 for future expansion needs.
My reasoning is that since this network is not large (about 100 devices currently), there is no reason to segment user devices by department, and there is only one location. It would be beneficial, though, to segment hosts that have different functions and require different permissions.
I would also recommend implementing virtual LANs (VLANs). VLANs create flexible options for separating a host’s physical connectivity to a switch from the VLAN it is logically a part of. For example, with VLANs it doesn’t matter which switch or port a certain host connects with, and as the company grows we may need to connect more hosts to certain subnets than there are physical ports for connecting to certain switches.
Printing
Another consideration is how users will access printers. There are two methods: using a print server and using direct IP printing. A print server is a central way of managing all the printers at once; with IP printing, each printer is connected directly to the network (not through a server) and each client PC accesses each print via the printer’s IP address.
The following table summarizes the pros and cons of each.
Print Server
Direct IP Printing
Pros
Can handle complex environments
Enables you to manage printer settings and permissions easily
Jobs are prioritized according to server rules
Centralized management
Simple for end users
End users have more control; they can send jobs to directly to any printer.
Problems affect only one user at a time, not the whole network of printers
Less network traffic generated
Less burden on IT support staff
Cons
Increased burden on IT department to set up and maintain print servers
Print server required (physical or virtual)
Server policies can sometimes cause problems and require troubleshooting
Single point of failure
Must set up printer drivers on each workstation separately.
Software updates are inefficient; changing out a printer would require each workstation to be updated.
Less IT staff control; users set their own printing rules, which can result in confusion
Because this is not a large and complex network environment (only 12 printers, and only about 100 hosts), I would choose direct IP printing. Some of the benefits of IP printing that are applicable to this use case are:
· Direct printing will decrease the burden on the IT staff because they will not have to set up and maintain a print server.
· Not having a print server will save on IT hardware and software cost.
· There will be no single point of failure for printing; problems will affect only one user at a time.
· Users will have control over their print jobs, being able to send them to any printer.
· Less network traffic will be generated.
Wi-Fi Networking
There are currently 69 wireless devices, which represents over 2/3 of the current devices, so wireless connectivity is critical. For future expansion, the network should be able to support up to 104 wireless devices concurrently.
Multiple WAPs will be needed, approximately 12, along with their mounting hardware and cabling. There must be enough wireless access points (WAPs), placed strategically, so that every area of the building has strong Wi-Fi access. If there are not sufficient power outlets in the ceiling, Power over Ethernet (PoE) can be employed to power the WAPs.
The access points should be assigned one of three channels: 1, 6, or 11. To avoid channel overlap, they should be arranged similar to the following diagram.
Each WAP has a service set ID (SSID), which is a name by which users find it when they look to connect to a WAP. Most of the WAPs will have the same SSID, so users can roam between access points without having to switch between WAPs. The WAPs in areas where sensitive data is managed, such as Human Resources and IT, additional WAPs with different SSIDs can provide extra security.
A wireless LAN controller is also recommended. A wireless LAN controller makes it much easier for the IT staff to manage all WAPs at once.
Because no cable is required to connect to a WAP, it’s important to have robust security on them. I recommend WPA3, the newest encryption standard, because it offers the strongest encryption.
Security Measures
To make sure the network and its users, devices, and data stay confidential, in integrity (that is, undamaged), and available, numerous security measures should be implemented. Here are my recommendations for security measures.
Physical Security
All IT equipment will be stored in the IT area of the building, which has its own door lock activated by radio frequency ID (RFID) badges. This will keep unauthorized people out of the IT area. Within the IT area, there will be a locking rack cabinet to hold infrastructure equipment (including servers if it is decided to go with on-premises servers). This will prevent unauthorized access to the servers.
Infrastructure Access
It’s important to implement software-based controls on the infrastructure devices (such as switches and routers) that will limit which devices can connect. The routers will have access control lists configured that use the MAC addresses of authorized devices. This will ensure that unauthorized devices cannot access the network by patching into the switch or router via cable connection.
Authentication
User identities must be authenticated for a user device to connect to the network. A Kerberos authentication server will be used to authenticate users when they sign in. This will provide a single sign-on to all network systems. User accounts with high levels of security, such as IT staff, will use multi-factor authentication.
Lockout Policy
One way that hackers try to compromise network security is to repeatedly try different passwords until they find one that works. To combat this, accounts will be locked out after 5 failed login attempts.
Password Complexity Requirements
The longer and more complex a password it is, the harder it is to guess. All users must choose passwords that meet the following complexity requirements:
· 12 characters minimum
· At least one uppercase and lowercase letter
· At least one numeric digit
· At least one symbol
Firewall
A firewall restricts access to ports so that hackers cannot access a network as easily. I recommend a stateful network-based firewall. This will protect all network hosts and devices, including printers and infrastructure components. Each host should also have a software firewall installed on it. For Windows hosts, Windows Defender Firewall is enabled by default.
Anti-Malware
Anti-malware software identifies malicious software (malware) attacks, such as viruses, and quarantines it to protect it from affecting systems. Anti-malware can be implemented either at the server level or at the client level (that is on each device). I recommend a server-based anti-malware solution installed. A server-based anti-malware solution will eliminate the need for each host to continually update its anti-malware software. Each client could optionally also have anti-malware tools enabled, such as Windows Defender.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
