Good Example Of London Properties Network Infrastructure Case Study
London Properties
1 Introduction
London Properties has its Headquarters in London and branches in Manchester and Cardiff. To easy communication between its offices, three LAN based Ethernet technology have to be installed. To avoid the most common mistake made by network designers which is the failure to correctly determine the scope of the network design , the design has to be interactive.
A network infrastructure consists of those basic services like Dynamic Host Configuration
Protocol (DHCP), Domain Name System (DNS), and Internet Protocol (IP) address management. Windows Server 2012 provides all these services. New to Windows Server 2012 is a service called IPAM, short for IP address management. IPAM gives an organization a single location from which the addressing for the entire organization can be managed and monitored . DHCP is a vital service on an enterprise network. Without it, clients can’t obtain IP addresses and information such as DNS servers. The good about DHCP server is that, in case there is a DHCP fail, a new feature called DHCP failover was incorporated in Windows Server 2012, DHCP failover means that two servers are configured with the same DHCP configuration . Windows Server 2012 has two modes for failover: hot standby and load sharing.
2 Objectives
This project involves planning a design for the development of a network infrastructure of London Properties with three different sites.
The design provides a plan to deal with the security threats in the modern networking solutions.
Build a network with automatic IP addressing mechanism and domain naming strategy
The new design will enable each site to provide the required network services with high speeds, enough bandwidth and a healthy network with good monitoring.
3 Network Design
After consideration of the geographic area covered by the three sites of London Properties, with user requirements in each site, we put three networks as illustrated in the figure 1.
3.1 Infrastructure:
Connectivity (Various options based on Cost and Availability in Location). As shown in table 1, the preference ranking is shown and the first preference is to go with fiber optics connectivity followed by microwave. The advice here is that fiber optics take the day. You can build much longer point to point links using fiber than is possible with conventional wire cables, the bandwidth is much wider, it is lighter and it occupies less space .
3.1.1 Connectivity Technologies Comparative Analysis
3.1.2 Proposed network infrastructure connectivity for three sites
Figure 1: proposed network infrastructure connectivity for three sites.
3.2 Servers
Active Directory Services will be provided by a Windows 2012 Server Primary Domain controller.
And all other sites should operate backup domain controller services linked to SITE-A. This will not only avail general back up services for active directory services in the enterprise - but also act as a local authentication service for the respective sites. Each Site's Connectivity Routers will provide DHCP Services over the LAN Ports. Site Firewall services will also be provided by the same Routers. Site-A will also operate an iSCSI enabled storage platform for a centralized back up function.
3.2.1 Server Specifications
Share Mail-email server software, unlimited user
Windows Server 2012, Terminal Server External Connector License
Dell or HP servers as the finances allow.
3.3 Connectivity solutions
Assignment of IP for the users will by DHCP. A delay has to be introduced for DHCP offers from the secondary (the two other sites) using the DHCP management console which accomplishes this task by allowing the primary (headquarter) server to respond first but the secondary to respond after a period of time. Because DHCP clients accept the first response, this achieves the requirements . DHCP configurations can be done using DHCP split-scope configuration wizard as shown in figure 2. Configure each router as in figure 1 to forward requests for IP addresses to DHCP. Create a scope for each subnet on DHCP for site A. DHCP is a vital service on an enterprise network. Without it, clients can’t obtain IP addresses and information such as DNS servers. For this reason, DHCP is frequently deployed in a highly available manner so that if one server becomes unavailable, another can take over. This section examines the considerations involved in designing a high availability solution for DHCP.
With split-scope DHCP, two servers provide address and network information using a portion of the address space or DHCP scope. For example, if an organization assigns addresses from the 192.168.100.0/24 subnet, a split-scope DHCP scenario might call for 80 percent of the addresses to be assigned by one server and the other 20 percent by another server. This is known as the “80/20” rule for DHCP scope assignment, and organizations sometimes place the server with 80 percent of the scope nearest to the clients. However, you don’t need to figure out the 80/20 split; the DHCP Split-Scope Configuration Wizard includes a step to help configure the split .
As for WLAN devices do not support isolated guest access. To secure employee access, use an entirely separate WLAN infrastructure that does not include guest access. The recommended practice is to separate the internal users on a different VLAN.
FIGURE 2 Configuring a split-scope percentage in the Dhcp Split-Scope Configuration Wizard
When migrating IP addresses as stated by to be managed by IPAM, the addresses can be entered manually by address range, address block, and individually by address. You can also import IP addresses into IPAM with a CSV-formatted file. Figure 3 shows the Add or Edit IPv4 Address Range dialog box.
FIGURE 3 Adding and editing an IP address range in IPAM .
4 A troubleshooting, backup and fault tolerance strategy
4.1 Back Up and troubleshooting
Site-A which is also the primary location, should operate an alternative connectivity Link for backup purposes. Active Directory Services - each site will have a Windows 2012 Server Backup Domain controller. Each site will operate local backup storage that runs daily by close of business, these sites will in turn backup to the primary site-A central storage.
Troubleshooting tools like Netstat, Nslookup, Ping, Tracert, Route, Pathping, Ipconfig, PuTTY, Subnet and IP Calculator, Speedtest.net should be available for the network administrator that will be recruited by London Properties.
4.2 Network health monitoring and analysing
The tools to monitor network and other services availability have to be used. To monitor the performance and availability of networks, applications, servers, and devices, tools and solutions like Cacti, WhatsUp, and PRTG will have to be used.
These platforms will be configured to generate periodic reports as will be determined by the administrator from the user requirements analysis.
The DHCP Management Pack can be used for monitoring. According to
4.3 Fault tolerance strategy
There are several strategies that you can employ in the Windows based network so that the network tolerates some faults. These include but not limited too; SQL Server log shipping, power backup, RAID configurations and Minimizing single points of failure.
5 Security Solutions
There is need for a well guided security architecture for the network to avoid vulnerabilities to exploitation and theft of company and personal information. Having a firewall and antivirus alone cannot be deemed sufficient enough to guard against security threats.
There are various ways we have to guard against security threats to the network. We have to check on the insider attackers by implementing the principle of dual control for instance by having the passwords to Web and SMTP servers to two individuals. There ways to check out on the security of the network is to have clear business plan, intrusion detection plan, and disaster recovery plan with up to date backup.
One of the most common security attacks to web applications is SQL injection (SQLI), which allows an attacker to inject malicious code in form of SQL queries that are in GET or POST HTTP requests. These requests are passed through the insecure web application onto the underlying database, with the aim of obtaining unauthorized access to the database. This in turn compromises the Confidentiality, Integrity and Availability of the stored data, as the attacker has the liberty to steal, insert, delete, alter or disclose data in the database; this may cause adverse effects to an organization and its clients. SQL-Injection which is ranked one of the top-most threats to web application security, is defined as “a hacking technique in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data” . To take care of SQL injection, web app code needs to be audited regularly and the administrator has to implement a web content filtering tools. Also an administrator can maintain details of a web application attacker which consequently helps him to view injection reports. These reports contain the injection identification number, injection type, user identification, date, time, Internet protocol (IP) address, and the web page number where the injection has taken place and so on. From such reports, the administrator can warn the user and can go on to block the IP address of the user. London Properties need to install patch management software which will help the administrators to scan the network to identify missing patches and have the appropriate updates installed.
6 Certificate Services
There is indication from that Certificate Services is the essential component of a Windows based PKI (public key infrastructure). Based on figure 4, the suggested certificate assignments is briefly stated below.
Figure 4: Certificate Authority Hierarchy
The root CA is the primary server at the headquarters (London) whose network has an enterprise architecture therefore, the CA at this level is an enterprise CA is connected to the network with communication with Active Directory. To facilitate user requests for certificates, the CAs are enterprise. Windows Server 2012, you can now deploy DNSSEC (DNS Security Extensions) in Active Directory–integrated zones with dynamic updates.
7 Conclusion
References
Elizabeth, F. & Vadim, O., n.d. Web Application Scanners: Definitions and Functions,”. s.l., Information Technology Laboratory, National Institute of Standards and Technology Gaithersburg.
Muller, R., 2006. How IT Works: Certificate Services. [Online] Available at: http://technet.microsoft.com/en-us/magazine/2006.08.howitworks.aspx[Accessed 3 January 2015].
Stewart, K., Adams, A., Reid, A. & Lorenz, J., 2008. Designing and Supporting Computer Networks, CCNA Discovery Learning Guide. 1st ed. s.l.:Cisco Press.
Strachan, D., 2004. Designing Fiber Optic Systems. [Online] Available at: http://www.evertz.com/resources/Designing-Fiber-Optic-Systems.pdf[Accessed 3 January 2015].
Suehring, S., 2012. Designing and Implementing a Server Infrastructure. s.l.:Microsoft Press.
- APA
- MLA
- Harvard
- Vancouver
- Chicago
- ASA
- IEEE
- AMA