1. 1. PROPOSAL FOR A NEW UNIFIED COMMUNICATIONS NETWORK Aperture Technologies
2. 2. Who We Are Aperture Technologies is a Network design company that started out in the founders garage. Since then we have grown from a small organization to a multi-million dollar company that has 225,000 employees, 19 offices, located in five different countries around the world and still growing.
3. 3. Our Mission Our mission is to be able to provide other companies with efficient, safe and reliable networks. We help companies keep cost down and revenues high. We specialize in global networks and getting communications from one end of the globe to the other. Since 2000 we have helped to develop networks for companies such as Gallo Wineries, Modesto Irrigation district, Chicago Title Company, and Global Construction to name a few.
4. 4. SCOPE To identifying new needs of being able to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. To ensure that support to the new branches is met. Ensure that the network meets all needs of our 225,000 employees. Finally, ensuring that all information is kept safe and secure as much as possible
5. 5. ROLES Senior Management Ensures that the project meets the overall goal of the companies needs to keep the company profitable. IT Management Ensures that company guide lines for the network are being followed to keep productivity high. Helps with implementation of policies and procedures. IS Management Ensures that all required security requirements and precautions have are met. Develops practices for testing and implementation. Helps to make recommendations about security practices to follow, as well as the development of the DRP.
6. 6. ROLES Functional Management Helps in the overall development to ensure that functionality across the board is met. IS Security Practitioners Responsible for putting the implementation together, testing, documenting, and over management of the system when it goes live. Active scanning and evaluation of the network. IT Technicians Responsible for the main installation of all network components, initial configurations, and testing of equipment under the direction of the IT Management. Security Awareness trainers To make sure that all end users, employees, contractors, or person that will have a need to understand the policy contained here in this plan based on the duty they need to perform.
7. 7. CURRENT COMMUNICATIONS Old PSTN Telephones Still paying for international and long distance Slow email for to send and gather important information Still traveling for all meetings Throwing money away
8. 8. PROPOSED COMMUNICATIONS Utilizing SIP and H.323 Implement an IP-PBX phone system One low monthly cost as not per call Instant messaging with file transfer ability The ability to instantly access another person and share files quickly Video Conferencing Reduced cost of international and interstate meetings.
9. 9. VLAN AND WLAN Dynamic VLans for flexible productivity VLans assigned through WLan for mobile users Single sign on Authentication for ESXI, AD, and Radius.
10. 10. VLAN CONFIGURATION Executive Offices (VLan 10): For the executive officers and board members that need access to resources. Located at the corporate office only. Marketing (VLan 16): All market research, marketing, as well as advertising departments. Located at the corporate office only. Operations (VLan 32): Operations department Managers (VLan 48): Area, district, and branch managers. Human Resources (VLan 64): Hiring and training personnel.
11. 11. VLAN CONFIGURATION Accounting and Finance (VLan 80): All departments that deal with money for the company. VoIP (VLan 96): IP Telephones Video (VLan 112): All network components that deal with teleconferencing other than the phone system. Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
12. 12. WLAN For the purpose of inter-departmental meetings and other functions, WLan will be placed on each VLan. Because dynamic VLans are in use they will only have access to the VLan assigned them. 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This should allow mobile devices to handle any type of multimedia streaming if needed.
13. 13. NETWORK CONFIGURATION Switches 10GB bridge 10/100/100 Ethernet Firewalls unified threat management (UTM) for the core network Packet filtering, malware detection, Spam, and virus checks SIP/H.323 for the VoIP network
14. 14. NETWORK CONFIGURATION Routers OSPF configurations SIP gateway will be OSPF, but will only route SIP and h.323 Protocols OSPF allows for other vender equipment A dedicated line between same country branches will be used for security and bandwidth purposes.
15. 15. IP Schema Internal Network Schema Core Network VoIP / Video Routers 10.X.128.1-9 10.X.96.1-5 Firewalls 10.X.128.10-19 10.X.96.10-20 GB Switches 10.X.128.20-29 10.X.96.20-29 Local Switches 10.X.128.30-39 10.X.96.30-39 PBX 10.X.96.6-9 Internal Servers 10.0.128.50-69 DMZ Servers 10.0.128.70-79
16. 16. Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20
17. 17. Workstations Via DHCP Scope VLan 10 10.X.0.40-10.X.0.160 Vlan16 10.X.16.40-10.X.31.254 VLan 32 10.X.32.40-10.X.47.254 VLan 48 10.X.48.40-10.X.63.254 VLan 64 10.X.64.40-10.X.79.254 VLan 80 10.X.80.40-10.X.95.254 VLan 96 10.X.96.40-10.X.111.254
18. 18. Office Private Schema Executive office: 10.0.0.1 10.0.15.254 The X indicates the country Code for the subnet 10.0.0 255.255.240.0 Dynamic addressing unless indicated Marketing: 10.0.16.1 10.0.31.254 Operations: 10.X.32.1 10.X.47.254 Managers: 10.X.48.1 10.X.63.254 HR: 10.X.64.1 10.X.79.254 Accounting / Finance: 10.X.80.1 10.X.95.254 VoIP: 10.X.96.1 10.X.111.254 Video: 10.X.112.1 10.X.127.254 Network Equipment (static) 10.X.128.1 10.X.143.254
19. 19. Global Private Schema Country Office Office Subnet Country Subnets by Office, x indicates the subnet scheme above. 4096 Subnets 4094 host per subnet 225,000 employees 500,000 total ip addresses estimated for equipment and VoIP. Approximately 1974 employees per office subnet. USA Corporate 10.0.x.x LA: 10.1.x.x SF: 10.2.x.x Boston: 10.3.x.x SD: 10.4.x.x NY: 10.5.x.x Austria: Vienna: 10.10.x.x Salzburg: 10.11.x.x Inz: 10.12.x.x Germany Berlin: 10.20.x.x Stuttgart: 10.21.x.x Munich: 10.22.x.x France Paris: 10.30.x.x Bordeaux: 10.31.x.x Nice: 10.32.x.x Japan Tokyo: 10.40.x.x Sapporo: 10.41.x.x Osaka: 10.42.x.x
20. 20. Global Gateway Router Schema Country Office Dedicated line ISP Gateway USA Dedicated line Main Router 200.200.200.1 200.200.200.2 none Corporate 200.200.200.5 200.200.210.1 LA: 200.200.200.9 200.200.210.5 NY: 200.200.200.25 200.200.210.21 Country Office Dedicated Line ISP Gateway Austria: Vienna: 200.200.200.29 200.200.200.30 200.200.210.25 Salzburg: 200.200.200.33 200.200.200.34 200.200.210.29 Inz: 200.200.200.37 200.200.200.38 200.200.210.33 Germany Berlin: 200.200.200.41 200.200.200.42 200.200.210.37 Stuttgart: 200.200.200.45 200.200.200.46 200.200.210.41 Munich: 200.200.200.49 200.200.200.50 200.200.210.45
21. 21. BEST PRACTICES MANAGEMENT Management team Overall changes or Major changes Comprised of the IT management, IS management, The CIO, as well as departmental heads Implementation team New software, firmware or hardware Comprised of the IS and IT departments
22. 22. Monitoring Ticketing system For users to report problems and issues Automated monitoring use as well Network monitor SolarWinds Monitoring software SNMP traps
23. 23. SECURITY Users Training RF Badges Policies Workstation Antivirus Intrusion prevention and detection UPSs VMware for easy workstation restoration
24. 24. SECURITY LAN Dynamic VLans for segmentation Single sign on for user convenience IPS and IDS on all network Equipment All default usernames and passwords changed WLan 802.1x Enterprise WAP2 encryption WAP2 will work with AD and the VLan authentication to make a single sign on for user convenience
25. 25. SECURITY LAN to Wan UTM Firewalls Default user names and passwords changed IPS and IDS Statefull packet filtering DMZ to be utilized WAN SLA agreement to meet company BCP
26. 26. SECURITY Remote Access SSL VPN Three way Authentication HDD encryption on mobile devices Mission Critical Center IDS and IPS active Back up Servers Halon 1301 Resources not used disabled
27. 27. SECURITY Physical Security All network equipment will be locked Closet or room RF badges for access Cameras in place Entrance Inside areas Locking cabinets with tubular security locks
28. 28. Overview Dynamic VLans DMZ implementation Bringing in a dedicated line for branch offices in the same country VPN for cross continental communication The implementation of VoIP and Video conferencing
29. 29. Aperture Technologies Thank you for your time.