Transcript of IT Infrastructure Project
- 1. PROPOSAL FOR A NEW UNIFIED COMMUNICATIONS NETWORK Aperture
Technologies
- 2. Who We Are Aperture Technologies is a Network design company
that started out in the founders garage. Since then we have grown
from a small organization to a multi-million dollar company that
has 225,000 employees, 19 offices, located in five different
countries around the world and still growing.
- 3. Our Mission Our mission is to be able to provide other
companies with efficient, safe and reliable networks. We help
companies keep cost down and revenues high. We specialize in global
networks and getting communications from one end of the globe to
the other. Since 2000 we have helped to develop networks for
companies such as Gallo Wineries, Modesto Irrigation district,
Chicago Title Company, and Global Construction to name a few.
- 4. SCOPE To identifying new needs of being able to ensure that
corporate has access to all information. That real time
communication is possible for our overseas offices. To ensure that
support to the new branches is met. Ensure that the network meets
all needs of our 225,000 employees. Finally, ensuring that all
information is kept safe and secure as much as possible
- 5. ROLES Senior Management Ensures that the project meets the
overall goal of the companies needs to keep the company profitable.
IT Management Ensures that company guide lines for the network are
being followed to keep productivity high. Helps with implementation
of policies and procedures. IS Management Ensures that all required
security requirements and precautions have are met. Develops
practices for testing and implementation. Helps to make
recommendations about security practices to follow, as well as the
development of the DRP.
- 6. ROLES Functional Management Helps in the overall development
to ensure that functionality across the board is met. IS Security
Practitioners Responsible for putting the implementation together,
testing, documenting, and over management of the system when it
goes live. Active scanning and evaluation of the network. IT
Technicians Responsible for the main installation of all network
components, initial configurations, and testing of equipment under
the direction of the IT Management. Security Awareness trainers To
make sure that all end users, employees, contractors, or person
that will have a need to understand the policy contained here in
this plan based on the duty they need to perform.
- 7. CURRENT COMMUNICATIONS Old PSTN Telephones Still paying for
international and long distance Slow email for to send and gather
important information Still traveling for all meetings Throwing
money away
- 8. PROPOSED COMMUNICATIONS Utilizing SIP and H.323 Implement an
IP-PBX phone system One low monthly cost as not per call Instant
messaging with file transfer ability The ability to instantly
access another person and share files quickly Video Conferencing
Reduced cost of international and interstate meetings.
- 9. VLAN AND WLAN Dynamic VLans for flexible productivity VLans
assigned through WLan for mobile users Single sign on
Authentication for ESXI, AD, and Radius.
- 10. VLAN CONFIGURATION Executive Offices (VLan 10): For the
executive officers and board members that need access to resources.
Located at the corporate office only. Marketing (VLan 16): All
market research, marketing, as well as advertising departments.
Located at the corporate office only. Operations (VLan 32):
Operations department Managers (VLan 48): Area, district, and
branch managers. Human Resources (VLan 64): Hiring and training
personnel.
- 11. VLAN CONFIGURATION Accounting and Finance (VLan 80): All
departments that deal with money for the company. VoIP (VLan 96):
IP Telephones Video (VLan 112): All network components that deal
with teleconferencing other than the phone system. Network (VLan
128): All core network equipment, routers, firewalls switches.
These are statically assigned addresses.
- 12. WLAN For the purpose of inter-departmental meetings and
other functions, WLan will be placed on each VLan. Because dynamic
VLans are in use they will only have access to the VLan assigned
them. 802.11ac standard at 5GHz for all Wi-Fi needs. This is
backwards compatible with all other standards before it. Right now
802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This
should allow mobile devices to handle any type of multimedia
streaming if needed.
- 13. NETWORK CONFIGURATION Switches 10GB bridge 10/100/100
Ethernet Firewalls unified threat management (UTM) for the core
network Packet filtering, malware detection, Spam, and virus checks
SIP/H.323 for the VoIP network
- 14. NETWORK CONFIGURATION Routers OSPF configurations SIP
gateway will be OSPF, but will only route SIP and h.323 Protocols
OSPF allows for other vender equipment A dedicated line between
same country branches will be used for security and bandwidth
purposes.
- 15. IP Schema Internal Network Schema Core Network VoIP / Video
Routers 10.X.128.1-9 10.X.96.1-5 Firewalls 10.X.128.10-19
10.X.96.10-20 GB Switches 10.X.128.20-29 10.X.96.20-29 Local
Switches 10.X.128.30-39 10.X.96.30-39 PBX 10.X.96.6-9 Internal
Servers 10.0.128.50-69 DMZ Servers 10.0.128.70-79
- 16. Office Schema For Departmental VLans Multi-function devices
10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points
10.X.X.11-20
- 17. Workstations Via DHCP Scope VLan 10 10.X.0.40-10.X.0.160
Vlan16 10.X.16.40-10.X.31.254 VLan 32 10.X.32.40-10.X.47.254 VLan
48 10.X.48.40-10.X.63.254 VLan 64 10.X.64.40-10.X.79.254 VLan 80
10.X.80.40-10.X.95.254 VLan 96 10.X.96.40-10.X.111.254
- 18. Office Private Schema Executive office: 10.0.0.1
10.0.15.254 The X indicates the country Code for the subnet 10.0.0
255.255.240.0 Dynamic addressing unless indicated Marketing:
10.0.16.1 10.0.31.254 Operations: 10.X.32.1 10.X.47.254 Managers:
10.X.48.1 10.X.63.254 HR: 10.X.64.1 10.X.79.254 Accounting /
Finance: 10.X.80.1 10.X.95.254 VoIP: 10.X.96.1 10.X.111.254 Video:
10.X.112.1 10.X.127.254 Network Equipment (static) 10.X.128.1
10.X.143.254
- 19. Global Private Schema Country Office Office Subnet Country
Subnets by Office, x indicates the subnet scheme above. 4096
Subnets 4094 host per subnet 225,000 employees 500,000 total ip
addresses estimated for equipment and VoIP. Approximately 1974
employees per office subnet. USA Corporate 10.0.x.x LA: 10.1.x.x
SF: 10.2.x.x Boston: 10.3.x.x SD: 10.4.x.x NY: 10.5.x.x Austria:
Vienna: 10.10.x.x Salzburg: 10.11.x.x Inz: 10.12.x.x Germany
Berlin: 10.20.x.x Stuttgart: 10.21.x.x Munich: 10.22.x.x France
Paris: 10.30.x.x Bordeaux: 10.31.x.x Nice: 10.32.x.x Japan Tokyo:
10.40.x.x Sapporo: 10.41.x.x Osaka: 10.42.x.x
- 20. Global Gateway Router Schema Country Office Dedicated line
ISP Gateway USA Dedicated line Main Router 200.200.200.1
200.200.200.2 none Corporate 200.200.200.5 200.200.210.1 LA:
200.200.200.9 200.200.210.5 NY: 200.200.200.25 200.200.210.21
Country Office Dedicated Line ISP Gateway Austria: Vienna:
200.200.200.29 200.200.200.30 200.200.210.25 Salzburg:
200.200.200.33 200.200.200.34 200.200.210.29 Inz: 200.200.200.37
200.200.200.38 200.200.210.33 Germany Berlin: 200.200.200.41
200.200.200.42 200.200.210.37 Stuttgart: 200.200.200.45
200.200.200.46 200.200.210.41 Munich: 200.200.200.49 200.200.200.50
200.200.210.45
- 21. BEST PRACTICES MANAGEMENT Management team Overall changes
or Major changes Comprised of the IT management, IS management, The
CIO, as well as departmental heads Implementation team New
software, firmware or hardware Comprised of the IS and IT
departments
- 22. Monitoring Ticketing system For users to report problems
and issues Automated monitoring use as well Network monitor
SolarWinds Monitoring software SNMP traps
- 23. SECURITY Users Training RF Badges Policies Workstation
Antivirus Intrusion prevention and detection UPSs VMware for easy
workstation restoration
- 24. SECURITY LAN Dynamic VLans for segmentation Single sign on
for user convenience IPS and IDS on all network Equipment All
default usernames and passwords changed WLan 802.1x Enterprise WAP2
encryption WAP2 will work with AD and the VLan authentication to
make a single sign on for user convenience
- 25. SECURITY LAN to Wan UTM Firewalls Default user names and
passwords changed IPS and IDS Statefull packet filtering DMZ to be
utilized WAN SLA agreement to meet company BCP
- 26. SECURITY Remote Access SSL VPN Three way Authentication HDD
encryption on mobile devices Mission Critical Center IDS and IPS
active Back up Servers Halon 1301 Resources not used disabled
- 27. SECURITY Physical Security All network equipment will be
locked Closet or room RF badges for access Cameras in place
Entrance Inside areas Locking cabinets with tubular security
locks
- 28. Overview Dynamic VLans DMZ implementation Bringing in a
dedicated line for branch offices in the same country VPN for cross
continental communication The implementation of VoIP and Video
conferencing
- 29. Aperture Technologies Thank you for your time.