ISY202 Designing Computer Network for Aih Company Assessment 2 Answer
In this assignment task, we are going to design n computer network for small to medium size network organisation. We have selected aih.com company which is situated in Australia. Aih.com is an information technology based company dealing with IT equipment all around the Australian states. The company recently acquire two new office buildings at nearby state (namely site 1 and site 2). Those offices are required to be configured with a new network design and connected with the main head quarter office, named as site 1. The head quarter office (site 1) is already configured with a network topology but with this configuration, they also required to upgrade some of their basic services to support the new network configuration with redundancy and high performance. All the three sites are connected via a high speed WAN link, provided by the ISP. Security of the network is their main concern that need to be additionally focused on. This include security of their internal devices such as servers, router or switches, authenticated access of organisation resources with meeting good performance. We are tasked to design a logical network that suites their business as well as meeting their current and future requirements. We select a proprietary cisco technology and design the network based on the evaluated business and technical goals of the aih.com organisation. A logical topology diagram is prepared and presented in the report that shows all the different aspects of our selection and topology design. Various networking component i.e. hardware and software, are needed to design this network. A complete detail of the selected network topology and hardware equipment are described in this report in hardware and software section.
In this assignment task, we assume an organisation named aih.com. aih.com is working in sector of information technology and deals with the information technology equipment. The organisation currently situated at single working location and recently acquired two remote offices. The remote office sites are having no basic network connectivity. So, the aih.com want to install a high performance and well secured network for the new sites (site 2 and site 3). With this new network configuration, they also want to upgrade the main office site (site 1) which is running using several older technologies. The aih.com has three main departments where all their employees are resided. The departments are sales and marketing, IT and management. There are 200 employees works in sales department, 45 employees work in IT department and 26 employees are belong to management department, at their main office site. On the new sites, there are same three departments with 50 employees in sales, 12 employees in IT and 8 employees in management, in both the sites. By acquiring the new offices, they desire to increased their area of servicing, to the new geographic and have competitive advantages by implementing new network technologies.
Business and Technical Goals
The key business goals of the organisation are described here –
- By acquiring the new office sites, they have increased number of employees to work with them
- Their area of working will be increased to a large geographical area
- The total business revenue will be increased
- Their level (quality) of service and variety of service will be increased with new business ideas
- Direct or indirect competitive advantages are meet
The key technical goals of the organisation, with the implementation of the new network design, are here –
- All three departments at each site are separated by VLANs for better control of access
- Servers are configured with required services such as email or web
- Security is one of the main concerns to connect multiple sites with each other, security devices like firewall is required in the network
- The new network topology should support better performance and throughput speed, cables or other communication medium should meet this requirement
- A WAN (wide area network) connection is needed to connect the remote site with high speed and redundant link
Designing of Network
After analysing all the technical and business requirements of the aih.com, we did some research on the networking components that can be used in our network designing. For designing a small to medium network, an essential device that need is a router. That provide the basic connectivity between sites via WAN link, connect and communicate different departments that are resides in different subnets and control their access of organisation resources. A router is somehow a starting point of a network and preferably placed at the edge of the network. For a wired ethernet connectivity, we need some switches. Switches are called advance hubs that has so many advance features, now a days. A switch is layer two device of OSI layer that can be work on layer three and handle so many features like a router. Switch is used to connect the end user devices in our topology by ethernet cables. VLANs are configured and managed on these switches. An ethernet cables are used in this network topology design to create connection between devices and end user systems. This cable is responsible of good amount of throughput speed and proper connectivity between devices. To implement security in the network, we use firewall at the starting of the network, just after the edge router. A firewall is a security device that restrict the access of users, internal or external, in the network. Firewall works based on access rules and allow or deny the access of resources i.e. server services, systems or network. It helps restricting any unauthorized user in the network based on the configured firewall rules. The above discussed components are essentially used in our network topology to meet our organisational requirements. Besides this several other components are also used in the network such as server, desktop computers, printer etc.
After analysing the above discussed network components, we search for the best suitable network topology and technology to be used in our network design. The complete network is build using ethernet cables and create a wired network. For this ethernet network, we select hybrid mesh network topology with following the cisco’s three layer hierarchical model. The main network is built using the hierarchical model. This model uses three layers namely core layer, distribution layer and access layer. The core layer resides at the edge of the network and starts with the core switch. This core router is responsible of connecting the internal organisational network with the external or outside network (internet) and configured with several initial security for WAN link and access of internet. After the core layer, a router is placed in the distribution layer. This distribution layer router connects the core router to the access layer switches. This layer is responsible of additional access control between departments for internal organisational resources. So many services can be configured on this layer such as network DHCP, access control list (ACLs) etc. A firewall is placed between both of these layers. That control the access of internal or outside users. There are so many access control policies are configured on this firewall for this purpose, based on the organisation requirement. These configured firewall policies allow or deny the users going out or coming inside the private network of that site. Several access layer switches are placed after the distribution layer router. These switches are belonging to different department and providing cable connectivity to the end user devices. A number of switches can be placed at this layer according to the host and device requirements at that department. The access layer switches create a hybrid mesh topology design. That connect all the ned user devices in any order where they are placed according to user convenience.
After analysing the required components, topology and network technology to be used in the network designing, we prepare a logical network topology for aih.com. here is the proposed logical network topology diagram, we design for aih.com that has all the details of three sites.
Figure – network topology design
The above network topology design is prepared for aih.com for its three sites. Site 1 is the main site that is upgraded in terms of security and topology level. Site 2 and 3 are the new sites where we build a new network topology. A core router is placed at the starting of the network at the sites that connected with the ISP via a WAN link. This WAN link connect the three sites with each other. After the core router, a firewall is placed that is further connects with distribution router. Several access layer switches are connected with this distribution router. We use only three switches in this topology that belongs to three departments namely IT, management and sales & marketing department. Every site has its own server that handle email, web or database services for that site. This server is placed at the distribution router and protected with access security. All switches are configured with VLANs, a total of three VLANs are created namely IT, MAN and S&M that belongs to IT, management and sales & marketing department respectively. For better throughput speed, we use advance ethernet cables that provide enough data rate to do their daily tasks of business. While designing the new network, we use proper security via firewall, ACLs, VLANs and DMZ for servers and better performance of network with redundancy and resiliency.
1. Hardware and Software Requirements
In this section, we will discuss about the software and hardware, that are used while designing the required network topology. Here is the detailed list of the required devices.
- Router – routers are a type of networking device that is mainly used to connect different network segments of the network. It routes the traffic among the end user devise and internet. We use cisco’s 4321 integrated circuit router (ISR) in this configuration. All the three sites have two 4321 routers. It is a lightweight device with rich features and capabilities. It is capable of delivering a throughput speed of 50 Mbps to 100 Mbps with its 8 GB memory, 8 GB flash memory. This series support WAN connectivity to other source and have in-built intelligence network capabilities for fast convergence. It supports cloud deployment techniques with enhanced MPLS (multi protocol label switching) technology. It supports VPN connection with several needed IT functions. The 4321 series routers have modular network interfaces that support better load balance, resiliency in network and online insertion and removal of interfaces that help the network admin while instant upgrade of network.
- Switch – these are the end user connectivity devices that work with the ethernet based network. It receives incoming data packets and sent it to the respective destination device. A switch uses unicast method beside broadcast, to populate network topology and search for unknown host. Mainly a switch work on layer 2 (data link layer) of OSI model. But as technology advance, switches are advanced to work on the layer 3 (network layer) and perform several networking tasks that are performed by a router such as routing, access control etc. We use cisco’s 3560 CX catalyst switch in this configuration. This series of switch is latest, compact and support so many new technologies. It supports multi gigabit ethernet connectivity, wireless local area network features are enhanced and benefits by power over ethernet (PoE) features. These are very small in size but support a higher data rate of up to 10 Gbps and support high speed wireless standards such as 802.11ac with wave 2 as combination with the ethernet connection. Some other benefits include support of up to 12 Gbps ethernet packet forwarding data rate with multi gigabit connection, SFP uplinks, use of both DC or AC adapter for powering, instant access modes, layer two and layer three IP base support with upgraded IP service and its comes without fans that work very silently.
- Firewall – a firewall is a mostly used security device used in small to large size networks. It can be software or hardware based that can conduct live monitoring of data packets that are coming in or going out of the network. Firewall works on the pre defined firewall rules that are configured by the network admin based on their access control requirements within the network. Based on this firewall policies, it allows, drop or reject the defined network traffic. We use cisco’s ASA 5585 X firewall in this network configuration. These are the new tech firewalls that supports so many new security features. It can work on both layer two and layer three of OSI model and act as a stateful inspection firewall. It can support access control, policies for regulatory and compliances, network address translation and capable of providing security to the critical data centre resources. These series of firewall support eight time faster data rate, twice the speed of other connection, higher speed connection for virtual private network (VPN) and enhanced connection capacity then other firewalls.
- Cable – cables are very important part of an ethernet network that are used to connect different hosts in the network. There are different types of cables used to connect to the different type of devices such as twisted pair, straight through or cross cable. We use CAT 6a twisted pair cables in this network configuration. These are latest gigabit ethernet cables where a is an abbreviation of augmented. This cable provides double the data transfer rate that is between 250 to 500 MHz that reduce the chances of nosiness and provide greater throughput speed with reliability. The max cable length support by CAT 6a is 100 meters to provide the committed data rate of 10 Gbps. It uses the older RJ 45 connectors for end device connectivity. With the above discussed features, its price is not so high as compare to the conventional category cables.
- Server – servers are the high capacity computers that are running several organisational services, used by the user inside the organisation. There is one server is configured at each site location that is running server services like email, web and handle their database. We use windows server 2016 datacentre edition in this configuration. Due to its high resource requirements, we need some recommended hardware to install server 2016. To install windows server 2016, the minimum hardware is - 64 bit 1.4 GHz processor, 2 GB of RAM, 32 GB of hard disk space, an internet resource connected gigabit network interface card (NIC) and other supported devices such as DVD drive, display unit, keyboard and mouse.
- Desktop computer – these are the end user devices installed at the switches. The desktop computers are used by the VLAN users. These are installed with windows 10 operating system. We need some recommended hardware to install windows 10. These are – 1 GHz or faster processor, 2 GB of RAM, 20 GB or hard disk space, a compatible graphics card that support direct X 9, keyboard, mouse and a display unit.
In this exercise, we design a new network topology for an organisation aih.com, for its three sites. That include its main office site (site 1) and two other sites (site 1 and site 3). We first analyse organisation’s business and technical goals and based on the analysis, research for a preferred networking architecture. The proposed network design is built with cisco’s three tier hierarchical model and hybrid mesh network topology and the user end. This combination of technologies is capable of meeting all their networking demand. According to the three layers of the model, three layers of devices are installed and configure with the required hardware such as switch or router. For security, we implement access control over routers and used a firewall at each site location. To maintain performance of network, high capacity of devices is used that deliver better throughput speed and performance in the network. All the details about the used devices in the new network topology is describe in the hardware and software section of the report. The prepared network design is fulfilling all the current and future requirements of the organisation, aih.com, meeting demands like security, good performance and controlled access of organisation resources.