Updated_MyCo Network Design Proposal

MyCo Network Design Proposal Presented By

Group 10

Group Introduction • Umer Siddiqui • Mbaunguraije Tjikuzu • Marcia Baransano • Asif Siddiqui

Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. • Our solution will meet current and future needs. • Best possible solution with reasonable cost.

Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability

ii) Customer base iii) Support Contracts

iv) Reliability and support.

Design Key Aspects • Scalability • High Availability • Security • Ease to Manage

Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports. • Cisco 4503 are modular switches and can support 2 line cards. This fits our need for servers. • Cisco 2960’s are used as layer2 switches for DMZ and Finance users. • Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions.

High Availability • We have tried to designed all the networking gear in HA mode i.e. redundant firewalls, routers, IPS’s,

switches, circuit.

• Similar servers are connected to different switches. • Half of the users are connected to one switch and half to the other. • Internet segment is fully redundant. Internet circuits from two different ISP’s terminating into two

different routers.

Routing • Internally we are using OSPF and Externally we are running BGP. • Internal traffic get routed to the active switch based on the OSPF algorithm. • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP. • Internet traffic get routed based on the decision made by BGP. • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables.

Security • Financial systems are separated by firewalls. • Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the

end. • DMZ zone is setup for servers accessible from Internet. • Remote access is allowed by using IPSEC or SSL client with token based authentication. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes, later on can be changed to IPS”)

Cost Analysis





Product

Price

Quantity

Total

Cisco Catalyst 4506-E

$11,127

2

$22,254

Cisco Catalyst 4503-E

$6,357

2

$12,714

HP ProLiant DL 165

$3,191

8

$25, 528

Cisco Catalyst 2960

$1,450

3

$4,350

Cisco ASA 5510

$3,418

4

$13,672

7204VXR/400 Cisco 7200 Router

$7,363

2

$14,726

Total

$93,244

Cisco price specifications listed above are from router-switch.com, one of the world’s leading cisco suppliers. The price of HP ProLiant DL 165 listed above is from newegg.com, a leading e-retailer.

Active Directory Layout

Conclusion • Our Proposal is i) Affordable ii) Scalable

iii) Reliable iv) Secure Solution

Questions