Comprehensive network solution with cable, speed, transmission, and remote access recommendations

Network Design

Network

ABC NETWORK DESIGN

A Comprehensive Proposal and Design for ABC Inc. Network Requirements

Network Proposal Overview

Telecommunication Overview

Telecommunication Proposal

Network Configuration Management Plan

In order to meet the needs of the customers, ABC Inc. must insure that productivity is not hindered by the growth of the company. The employees at ABC Inc. must have a robust network so that customer service is not jeopardized. The accounting firm has grown from five to fifty employees with the acquisition of a large account. Currently, each employee has their own standalone computer which contains Windows 7, Office 2010 and QuickBooks accounting software. The company does not have a network in place. Currently information is shared by copying data to a flash drive and each workstation has a stand-alone printer. The objective of this proposal is to provide a centralized solution for all of ABC's network needs.

Given the highly mobile aspects of the company's workforce, it is recommended that between the options of Dynamic Host Configuration Protocol (DHCP) using Secured Sockets Layer (SSL) or IPSec, that the former is much more aligned to their business strategies today and future growth. The intent of these recommendations is to provide guidance on how to best implement DHCP over a SSL so that Voice over Internet Protocol (VoIP) can also be used. Category 6 cabling allows for future growth because of its extension of available bandwidth of 200 MHz as opposed to 100 MHz for category 5e. Also a Category 6 cable affords for any increases in the speed of other internet devices as technology progresses.

It is also highly recommended by Cisco that for organizations who have a very mobile workforce and strong upside potential for greater growth in terms of headcount in the future, that DHCP dynamic addressing over an SSL configured network protected by VPN connections is the most cost- and performance-effective architecture. The proposed remote access technology needs to be based on a Virtual Private Network (VPN) capable of supporting the Secured Sockets Layer (SSL) and IPSec protocols at a minimum. The strategic IT plan in conjunction with the network configuration management documentation will insure that goals, objectives and frameworks are intact.

Network Proposal Overview

In order to meet the needs of the customers, ABC Inc. must insure that productivity is not hindered by the growth of the company. The employees at ABC Inc. must have a robust network so that customer service is not jeopardized. With the increase in growth, there will also be a rise in the number of transactions processed by the company. Therefore, an internal server must possess processing speeds to accommodate the influx of additional data and solid security measures must be intact to avoid loss of data and system vulnerabilities.

With the expansion to multiple floors in the building, ABC Inc. must evaluate the current infrastructure to determine how the current resources can be leveraged. In fact, with a single converged network, "with an intermediate step of a single converged interface from the server to the access switch" will result "in fewer adapters, cables, and nodes, resulting in more efficient network operations" (Enterasys, 2013). By utilizing this technology, ABC Inc. can restructure the hardware devices of the system by providing a more plausible environment without decrementing the quality and speed of the network. An estimated increase in staff from 200 to 350 is approximately a 60% increase. Growth at this rate within the next year will require ABC Inc. To implement methods to streamline processes.

The network must focus on providing "scalability and agility" with the "flexibility to support various services" for such an increase in personnel (Enterasys, 2013). The ABC Inc. must abandon the traditional architecture and gravitate towards the more innovative approach. The company needs a network structure with "dynamic application provisioning and resource allocation" (Enterasys, 2013). A three tiered network as opposed to a two tiered network should be utilized at the ABC Inc. As it allows for the adoption of new technology, the integration of resources and accommodates the emerging of standards.

This type of network structure focuses on "virtualizing the routing and switching functions into a single tier" (Enterasys, 2013). With this structure, the hardware is optimized due to the integrated components of the switch. According to the research, "virtualized routing provides for greater resiliency and fewer switches dedicated to just connecting switches" by reducing the levels uplinks need to pass through within the data structure and thus improves the performances of applications being used by the staff (Enterasys, 2013, p 4).

In regards to utilizing VoIP at ABC Inc., the benefits must be identified. A major benefit of VoIP is that is cost effective. ABC Inc. can take advantage of using their existing equipment while paying lower monthly fees, cheaper long distance and international rates. This is crucial since the company is growing at a rapid rate. Essentially, "the most attractive feature of VoIP is its cost-saving potential" (Park, 2009). To accommodate the addition of multiple floors at ABC Inc., VoIP is a more viable solution due to its portability and manageability. VoIP is easy to install and switching from the traditional phone lines to VoIP phones is a smooth transition that does not require a steep learning curve.

VoIP also provides "rich media service" which "not only provides multiple options of media to users" (Park, 2009, p 1). Despite the benefits of VoIP, there are some disadvantages. Since VoIP depends on the broadband, if it is down then the internet and the phones would not available. Also, if VoIP is being shared with other data and communication requirements at ABC Inc. such as downloads, server connectivity, chat and email, the call quality of VoIP may deteriorate as it competes for a connection during peak times. The benefits of utilizing VoIP at ABC Inc. definitely outweigh the disadvantages and would be a feasible solution.

Network Proposal Requirements

Category 5+, 5e or 6 cables will meet the requirements for connections with 1 Gbps speeds. However, Category 6 allows for future growth because of its extension of available bandwidth of 200 MHz as opposed to 100 MHz for category 5e. Also, because of the Category 6 improved transmission performance and superior immunity from external noise, systems operating over category 6 cabling will have fewer errors as opposed to category 5e (Mitchell, 2013). Looking towards the future, it would be more practical to install the best cabling available to avoid pulling out old cable and re-installing new cable at a later date. This would require down time and coordination.

Also a Category 6 cable affords for any increases in the speed of other internet devices as technology progresses. As mentioned previously, the three suggested cables would meet the requirement but it would be best to install Category 6 cable. If this is done, it is extremely unlikely that any re-cabling would have to occur for the foreseeable future (Lowe, 2002). In comparing the pricing of the Category 6 cable, the price difference ranged from $15.00 to $20.00 more than the Category 5e cable for the 100-150 feet length. Again, this price difference is trivial compared to the benefits.

In regards to the other devices, that are connected to the network such as the workstations, and the cabling, this equipment needs to be able to accommodate 1 Gbps speeds. Motherboards and network interface cards (NIC) will need to be replaced in those workstations that do not meet the requirements. Replacing these components would be more cost effective than replacing the workstation. It would not be beneficial to install high capacity cable if the system cannot take advantage of speed. Therefore, 1 Gbps NIC would be required. PCI or PCI-E expansions cards can be used to upgrade those workstations in which the motherboards do not have 1 Gbps. These cards are relatively inexpensive and simple to install.

Network security is a crucial element to insure that ABC Inc. information and files cannot be compromised by others who pick up signals from the network. Wireless encryption is needed to protect the company's data against unauthorized access. WiFi Protected Access (WPA and WPA2) is a common wireless encryption that requires users to provide a security key to connect. Once the key has been validated, all data sent between the computer/device and the access point is encrypted (Mitchell, 2013). Companies such as TJX have been victims to this type of unauthorized access because of their usage of an encryption standard that was easily violated by a third party. In short, unless it has to be done wirelessly or it would be counter-productive to require it, all data movement will be wired in nature and the data movement that is wireless will be done with very good encryption and the complexity of the passwords behind that encryption will be top-notch (Horowitz, 2007).

Finally, ABC Inc. will need to insure that the data can be transmitted at 1 Gbps speeds by purchasing the required bandwidth so that the workstations in the office can take full advantage of this speed. ABC Inc. must evaluate the configuration of the wiring and hardware as it relates to the movement of data to and from the network closet to avoid unexpected costs. Bandwidth can always be modified as long as cabling and the infrastructure can accommodate throughput needed as the company's requirements change.

DHCP over SSL-Configured Networks vs. Static Address IPSec Configurations

A technical analysis has been completed, comparing IPSec relative to SSL, the latter of which would require a VPN connection to ensure security and stability of connection. It is highly recommended by Cisco that for organizations who have a very mobile workforce and strong upside potential for greater growth in terms of headcount in the future, that DHCP dynamic addressing over an SSL configured network protected by VPN connections is the most cost- and performance-effective architecture (Cisco Tutorial, 2013). Table 1

Table 2

The table to the right provides a comparison of the technological and operational benefits of SSL vs. IPSec VPN (Opus One, 2013) (Cisco Tutorial, 2013).

Based on the analysis presented in the table, Comparing Technological And Operational Benefits Of SSL And IPSec VPNs, it is clear that SSL running on secured VPN connections is the best possible scenario. For an expanded analysis of the differences between IPSec and SSL, please see the matrix shown in the Appendix. SSL network protocols are configured at the server and propagated throughout a network using wireless and W-Fi network architectures, which minimizes rewiring and significant updates to network hardware (Cisco Tutorial, 2013).

For ABC Inc., to get the most value of the decision to adopt an SSL-based network with VPN-based connections to remote employees and offices, the inclusion of Voice over Internet Protocol (VoIP) also needs to be included. This often requires organizations to transition off of a Public Switched telephone Network (PSTN) and gradually move to a more VoIP-based network. As many states and countries globally tightly regulate telecommunications services, it is advisable for ABC Inc., to define a compliance framework and strategy for their VoIP strategy alone (Cannon, 2005).

Often the conversion from PSTN to VoIP is a multi-cycle one, that often takes several iterations to be completely successful over time. For ABC Inc., the best possible decision is to pilot one specific area of their company first for the PSTN to VoIP transition, then move on to a company-wide transition. By following this approach ABC Inc. will be able to manage the complexities of compliance in addition to getting the most value from the technology from a cost-saving perspective.

Telecommunication Overview

Telecommuting is becoming a common practice. In the United States, about 10% of the workforce reports working from home at least one day a week (Cafaro, 2012). Technology has afforded the increased ability to communicate and share information with the office. However, management must be cognizant of the benefits of telecommuting in order for it to be successful. Some of the potential benefits include the increase in performance and productivity; reduction in costs related to utilities, rent and parking; reduction in the frequency and distance of commuting to work. Another benefit of telecommuting from a productivity standpoint is the flexibility it provides knowledge workers to plan their most challenging tasks during the hours they are the most productive (Harpaz, 2002). With the benefits of saving time and costs, providing remote access would be an effective solution to implement for the organization.

Telecommunication Proposal

In order to implement a sound telecommuting strategy, networking protocols for Virtual Private Networks (VPNs), protocol configuration, encryption technologies and authentication methods must be considered. The following sections of this proposal define each of these technology-based considerations from a protocol, configuration, VPN authentication method and VPN encryption technique perspective. VPN is the foundation of all of these technologies as studies by Cisco these are most secure (Cisco Tutorial, 2013).

Table 3 Comparing SSL and IPSec Protocols Sources: The security protocols for ensuring communications across networks include Secured Sockets Layer (SSL) and IPSec, in addition to many others. (Harpaz, 2002) (Opus One, 2013)

Table 4

The proposed remote access technology needs to be based on a Virtual Private Network (VPN) capable of supporting the Secured Sockets Layer (SSL) and IPSec protocols at a minimum (Cisco Tutorial, 2013). Both of these security protocols run seamlessly on TCP/IP, enabling broad compatibility and integration across network architectures and frameworks (Hegyi, Maliosz, Ladanyi, Cinkler, 2005). The SSL protocol is optimal for those workforces where a large percentage of them are moving between client or customer appointments and locations. SSL also relies on the DHCP protocol for dynamic assignment of IP addresses, which further makes this protocol ideal for supporting smartphones and tablet PCs (Cisco Tutorial, 2013). The downside of the SSL protocol is that it provides only moderate levels of security yet can be layered into a broader security network. IPSec relies on hard-wiring of the IP address of each system on the network. Figure 1, Comparing SSL and IPSec Protocols provides an analysis of the differences.

The majority of VPN networks configured for remote access are running SSL, according to Cisco (Cisco Tutorial, 2013). It is important to note however that Cisco's surveys are more based on commercial companies, not government contractors or those industries that are managing highly complex data. In those instances, the IPSec protocol is the best alternative given it per-IP address configurability and configuration (Opus One, 2013).l Figure 2, Comparing SSL and IPSec VPN Configuration shows how each of these protocols are often configured.

Figure 1 Comparing SSL and IPSec VPN Configurations Sources: (Cisco Tutorial, 2013 (Harpaz, 2002) (Opus One, 2013)

One of the most complex areas of configuring a VPN for telecommuting is the definition of SSL and IPSec Record Headers, including the use of Cyclic Redundancy Checking (CRC) algorithms to ensure the overall stability and reliability of the network. The reliance on encryptions to the pack level is increasingly commonplace as Figure 2 illustrates. This approach to defining security to the packet level also ensures consistency across a Wide Area Network (WAN) as well (Hegyi, Maliosz, Ladanyi, Cinkler, 2005). IPSec is also being configured using this approach to packet-based authentication and support.

Figure 2 Embedding SSL Recorder Header Data To Ensure Encryption Source: (Cisco Tutorial, 2013)

Figure 3 How the SSL Protocol Process Works on a VPN Sources: (Cisco Tutorial, 2013) (Hegyi, Maliosz, Ladanyi, Cinkler, 2005) (Opus One, 2013)

Of the many approaches to defining authentication, the reliance on a Certificate Server has shown the greatest potential for streamlining support for a wide variety of devices (Cisco Tutorial, 2013), IPSec and SSL both rely on certificate servers to complete authentication tasks, with the latter being more attuned to a browser-dependent configuration of a given network. It is recommended that the proposed network use this approach of Certificate Sever Authentication.

Network Configuration Management Plan

When developing a network configuration management plan, it is integral that the goals are in alignment with the strategic plan and objectives of the company. The strategic IT plan in conjunction with the network configuration management documentation will insure that goals, objectives and frameworks are intact. When network configuration management, its documentation and corresponding daily operation are all aligned to the strategic IT plan of a business, greater time and cost efficiencies are achieved (Bray, Hess, 1995). The purpose of this proposal is to outline the network configuration management document in the areas of network monitoring, event logs, hardware and software considerations, maps or configuration analysis, and backup scheduling and logistics. The greater the level of integration in a given network configuration, the more critical it is to have clearly defined escalation procedures and processes in place to simplify the complexities of network management (Muller, 1992).

Network monitoring is the most crucial component of network configuration management. It controls the daily performance, security and stability of an enterprise network. It is recommended that network monitoring documentation include detailed daily performance analysis including packet-level analytics of throughput and performance across diverse network configurations, including Local Area Networks, Wide-Area Network and those configured for use with mobile devices.