Connecting sites using VPN
The recommended solution for connecting the branch office to the main HQ would be to use a Site-to-Site network layer VPN. This is shown in the fig.3 below
Fig.3
The reason for choosing this is because it is relatively simple to deploy and is invisible to the user e.g. users do not have to authenticate before being able to use the VPN. The routers at each location will also be configured so they act as a VPN gateway; this means that there would be no need for additional hardware.
The internet routers will e used as endpoints for the VPN connection. Gallo (2002) states that “VPN protocols have been developed to help secure VPN’s as the Internet Protocol was never designed with security in mind”. Each router will support L2TP under IPSec; I feel this will be able to give enough protection for confidentiality and integrity for Btek IT solutions needs. Considering the size of the company’s network and type of usage the routers should be able to handle the network load. Each router will provide NAT services. “NAT enables private networks behind a firewall the ability to use any IP address it wants, once a packet crosses the firewall the NAT device translates the private IP to a public IP” (Lowe 2008).An IPSec tunnel will be implemented between the two external interfaces.
When a user from the Manchester remote branch sends unencrypted information to the London office the router will act as a VPN gateway by encrypting the data and forwarding it to the main office router. When this happens the main office router will then decrypt the data and forward it to the correct destination for example the file server.
The authentication technique that will be used for the VPN connection will be a pre-shared key. This should be sufficient as there is only a connection between two routers, this can be implemented with little effort. The pre-shared keys will be encrypted in storage by the routers to protect it.
Internet Connection
Each company site will have an internet connection from the same ISP although different ISP’s can also be used. Both offices will have T1 internet lines for internet access.
T1 internet lines are normally used in business networks it is a high speed digital telephone line. These high speed lines enable to carry data in higher volumes compared to a DSL line for example. Considering the size of each location this connection would be sufficient. Having a high speed internet connection will benefit Btek IT solutions because employees will be able to work faster due t the increased download and upload speeds of data.
Routers/switches
Each floor of the main office HQ will have 20 clients 10 for each department. These floors of clients will be connected to a Cisco 2960 24 port switch which is then linked to the router. These switches will be able to delivery optimal speeds for an efficient network.
At each company office there will be routers that will do all the routing and encrypting. There are many routers available for different sizes businesses for this company network the recommended router at each location will be the CISCO 1841 Integrated service router. This router will be able to give reliable packet delivery which is needed to scale real time applications. The main reason for choosing this router is because it comes with the necessary security embedded in it, for example
- Encryption acceleration
- Provides IPSec VPN (AES, 3DES, DES )
- Firewall protection
A firewall is necessary in every network because it acts like a security guard between the LAN and the internet. All traffic that comes and leaves the network must pass through the firewall. The integrated Cisco IOS firewall will deliver this protection.
- Inline intrusion detection
Will offer additional security to the network perimeter of the network this will also improve the security of the branch site connecting to the main office.
Desktops
There are 40 client desktops at the main HQ that have a variety of windows operating system installed on them
Each client and server computer on the company network requires a network interface card (NIC) in order to access the network. NIC can be bought separately and inserted into a server but most new severs come with it built in. Any client computer that does not have a gigabit NIC can still operate at reasonable speeds as it is only connecting one user to the network. However if the company requires higher speeds in the future new gigabit NIC’s could be installed on older clients.
Due to the main HQ and branch office having users of different speciality data must not only be shared but most important saved in accessible locations for each department who need to get access to the data. For example the shipping department does not need access to the accounting department, but to keep up to date with the financial data the accounting department would need access to the shipping and receiving department data. This can be achieved by using a file server designed to share data and store files for each department
Servers
There will be 3 dedicated servers configured in the main HQ each performing different functions as the new branch expands servers could also be implemented there also. Having dedicated servers would make the company network more reliable and run faster. The network operating system for these servers will be windows server 2008.
Each server used on the network will need to be powerful enough to handle the requested tasks. A high quality server will benefit the company better than a cheap server. The main components of a server are
Processor – The processor should be very powerful for company servers. Considering the size of Btek IT solutions a Xeon 3000 series processor would be able to handle the network loads but I would recommend the more expensive Xeon 5500 series processor as it has dual layer processing. This would aid the company for future growth.
Memory – Servers should have a minimum of 4GB of RAM. I would recommend 4-8GB of Corsair DDR3 RAM for each server computer.
Hard disk - The servers should have large disk space about 500GB - 1TB depending on how much space is required. SAS interfaced hard disks would be the recommended choice for the server computers.
Network card - For the server computers the recommendation would be to install gigabit Intel NICs that have 2 or more interfaces. This would enable the server to handle higher network traffic
A mail server will be implemented to serve as an outbound client and a retrieval server for incoming emails. The software that will be used to configure this server will be Microsoft exchange
Sharing printers is required in the company’s network because of this there will be a printer server operating in the main HQ. The main purpose of this server will be to collect information that is sent to the shared printer and print it accordingly. This would be the more efficient option for printing instead of buying cheap inkjet printers 2 LaserJet CM2320 would be recommended in the main HQ office and one in the branch office.
The file server implemented would store client’s documents and programs, this server will also perform DNS and active directory roles. A file server would ensure that clients are unable to update the same file at the same time. For example if an employee in the shipping department was updating a file another employee would not be able to access that file until the update was finish. The file server would prevent this by locking the file this is important in business networks.
An active directory will be used as the database management system. This will be where tracked objects will be stored. The active directly will be used to create domains to group related objects together. Each of the company’s departments will have its own domain e.g. shipping, receiving, accounting and maintenance.
The chosen Cisco 2851 router at each company site comes with DHCP incorporated which will allow easy distribution of IP addresses to the networks clients. If for example a configuration was to change instead of manually having to change each client the DHCP server would be configured to do the task.
User management
User accounts created on the company network need to be managed by permitting or restricting certain actions. This will be implemented using group permissions. This would be more efficient than granting access rights individual users. With group permissions users that need access to more than one department this can be grated. For example the account department can have access to the shipping department if necessary.
Software Deployment
Distributing software will be an important part managing the network. Most software when bought is sold with a licensing agreement which state how many computers it can be installed on. There are different types of licensing available for companies considering the volume of clients on the network the recommended licensing would be the open value subscription. This will give the company the chance of upgrading software during their subscription and being able to change the licensing count.
Once the correct licensing has been obtained then deployment will need the next task, this is how the software will be installed on the clients. Each client desktop will need windows 7 operating system installed. The deployment method that will be used to do this will be the Lite touch, high volume deployment method which involves using Microsoft deployment toolkit (MDT) 2010 to distribute the OS. A deployment share will be created on the file server where created images will be stored to distribute to client desktops.
Group policy will be used by the network administrator to deliver programs to specified users. Group policies are assigned to organisational units (OUs) which are users that are grouped together in active directory. For example the active directory for Btek IT Solutions would have shipping, receiving, maintenance and accounts OU’s. If all accounting clients need access to Microsoft excel this would be specified using group policy. When a client from the accounting department logs on to a computer and attempts to open excel or any file associated with excel windows will begin to install the application automatically.
Security
To protect users when on the internet and there are many different software that could do the job. I have chosen the McAfee extended protection it is an all in one package that is designed for small to medium sized businesses.
Backup
Making system backup will be an important part of the network as the data for Btek IT solutions is the most important asset. Without data backup the company could easily be set back for days until data can be reconstructed. For this network the basic windows server 2008 backup feature can be used. I would recommend the incremental backup which only backs up files that have been modified since the last back up this would be substantial for the size of the business. This will be a feature added to the file server.
Pricing
Conclusion
The VPN solution I believe is the best option for connection the branch office to the main HQ compared to other options for example the leased line as it costs less and its limitations are endless as it’s deployed over the internet. If the company decides in the future to create another branch this would not be a problem as more than one VPN networks could be connected to the HQ.
Having servers to handling the networking tasks will also be very important in making this business perform optimally. This is why 3 servers have been recommended to perform specific tasks.
Overall I believe the recommendations I have suggested will be able to deliver a reliable and efficient network for Btek IT solutions. All the companies clients would be able to communicate with each other share peripheral devices with the recommended solution.
Bibliography
Gallo, M, Hancock, W (2002), computer communications and networking, technologies, Florida Institute of Technology,
Lowe, D (2008), Networking All in one desktop reference for dummies, 3rd Edition, Wiley Publishing, Indianapolis
Tanenbaum, A (2003), Computer Networks, 4th Edition, Pearson Education Inc.
Lewis, C (1997), Cisco TCP/IP Routing Professional Reference, McGraw-Hill, Inc.
Lowe, D (1999), Client/Server Computing for Dummies, 3rd Edition, IDG Books Worldwide.