Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Cisco unified communications solution reference network design srnd

01/12/2021 Client: muhammad11 Deadline: 2 Day

RUNNING HEAD: AUTHENTIC ASSESSMENT PLAN

CMIT 495 6381

Authentic Assessment Plan to Support WWTC

Week 8

04 March 2017

RFP Response Team 5

Table of Contents

Table of Contents 2

1 Executive Summary 3

1.1 Contact List 3

2 Project Goal 4

3 Project Scope 4

4 Design Requirements 5

4.1 Local Area Network 5

4.2 Security 6

4.3 VoIP 6

4.4 Wireless 7

4.5 Active Directory 7

5 Current State of the Network 8

6 Design Solutions 8

6.1 Local Area Network 8

6.2 Security 15

6.2.1 Roles and Responsibilities 19

6.3 VoIP and Wireless 19

6.4 Active Directory 24

7 Implementation Plan 29

7.1 LAN Implementation 30

7.2 Security 31

7.3 VoIP and Wireless 31

7.4 Active Directory 31

8 Project Budget 32

9 Summary of Proposal 32

10 Design Document Appendix 33

11 References 33

1 Executive Summary
WWTC has issued an RFP to 5 teams to design and implement a network for their New York City regional office and to ensure that it encompasses a secure and unsecure network that will allow WWTC to increase revenue. This paper provides a detailed overview of the business needs and initial design requirements to implement a state of the art, modular network encompassing LAN, Wireless, VoIP, Security Architecture and Active Directory. RFP Team 5 has provided detailed design and implementation information in previous documents. This document is a comprehensive plan of the scope of work that will be completed, which will address the concerns of stakeholders, meet business needs of WWTC, and meet all technical requirements for the WWTC New York Branch.

1.1 Contact List
Team 5 makeup is as follows:

Project Team

Project Team

VoIP Project Manager: Justin Jorden

Telephone: 703-555-1212

E-Mail: jjorden@rfp5.com

Wireless Manager: Abdul Shaat

Telephone: 703-555-1212

E-Mail: ashaat@rfp5.com

LAN Engineer: Stephen Snider

Telephone: 443-555-1212

E-mail: ssnider@rfp5.com

AD Engineer: Brian Holloway

Telephone: 703-555-1212

E-mail: bholloway@rfp5.com

Project Coordinator/Security Engineer: Troy Dahlin

Telephone: 703-555-1212

E-mail: tdahlin@rfp5.com

2 Project Goal
Based on the below business goals, this proposal should offer a modular concept to allow the company to build in phases if needed and to meet the business objectives as outlined by corporate headquarters.

· Increase revenue from $10 billion to $40 billion in three to four years

· Reduce the operating cost from 30 to 15 percent in two to three years by using an automated system for buying and selling for our clients.

· Ensure secure means of customer for purchase and payment over Internet

· Provide access for employees to attach their mobile computers to the WWTC network and Internet services

· Ensure redundant VoIP and Data Network(s)

· Ensure quick reliable Network services

· Ensure speedy and redundant wireless services in the lobby and both conference rooms (100x60)

· Double network capacity to facilitate and support the projected business growth.

3 Project Scope
This is a new network that will be installed in the WWTC New York regional office. They have obtained and leased the entire floor of a building on Wall Street and are planning to place 100 employees in the office and the company wants to have a state of the art network by years’ end. Additionally, there will need to be interconnections to other offices within the WWTC WAN and allow for remote access for their employee’s and a secure means of payment for their customers.

WWTC Corporate has also identified several security instances where they would like to enhance their current security implementation. Data confidentiality and strong authentication will need to be addressed in this plan.

There will need to be a new Active Directory Domain created under the WWTC Forest to create and manage the different OU groups that will reside in the New York office. Those groups will be comprised of, VP/C Level users, Managers, Staff, Brokers and Guests.

4 Design Requirements
WWTC has provided a very detailed list of requirements for the new LAN in the New York City regional office. The technical goals for WWTC include the ability to provide secure, fast, and reliable network services to the company, its employees, and clients. The network must also be highly scalable, to account for the expected growth of the company in the near future. Finally, the network will provide redundancy at every layer to avoid downtime in the event of equipment failure.

4.1 Local Area Network
We will meet the LAN Design Requirements of WWTC, by providing a highly modular and scalable network to allow for immediate operations and allow for growth and reduce downtime by ensuring that there are redundant connections (Mesh Topology) and by using Cisco products, there will be less product interference and technical gaps. Uplink and downlink speeds will be maximized to ensure enough bandwidth is provided to support VoIP. VTC and guests on the Wireless network and interconnection with the WWTC Headquarters and with the streaming applications that will be used to access the World Wide Web for broker’s and guests to get real-time data to perform their duties.

4.2 Security
Recent audit results have found that there are some physical, logical and personnel security concern’s that need to be addressed. Physical and logical vulnerabilities can be corrected by upgrading and making the proposed network design changes. The personnel vulnerabilities will require a change in policy and awareness, and will need top-down management support to ensure that all employees have a clear understanding of the importance of a security mindset.

WWTC needs to ensure that they review their security policies annually to adjust and grow their security program. Some of the policies that should be put into place are:

Acceptable Use, Access and Connectivity (Local and Remote), Secure Network Use, Privacy and Sensitive Data Protection, Email Use, Ethics, Password Use and Protection, Data Breach Response, Server Security, Software Installation and Use, Workstation Use and Security, and Rules of Behavior.

Additionally, all devices that are accessing the network will be isolated via VLAN’s created on the network switches with routing through VLAN’s controlled via OU and AD GPO’s, and the use of the Cisco ASA Firewalls and Cisco FirePOWER NIDS coupled with HIDS (McAfee) will provide a defense in depth solution to better protect the network.

4.3 VoIP
VOIP is a combination of hardware and software that allows the user to make phone calls via internet transmission. Packets of data containing the voice transmission are sent using IP. Here at WWTC, we are seeking to use this very same technology to reduce operating cost by tapping into a pool of power and communication we already utilize on a daily basis, networking.

In order for us to implement VOIP, we need to consider a few things. First, we need to implement Session Initiation Protocol (SIP). "SIP is a signaling protocol and widely used for setting up and tearing down multimedia communication sessions such as voice and video calls. SIP is merely an initiation protocol for establishing multimedia sessions and SIP uses Session Description Protocol (SDP) that describes the set of media formats, addresses, and ports to negotiate an agreement between the two communication terminals as to the types of media, they’re willing to share." (Chang & Wang, 2009).

4.4 Wireless
A wireless LAN must meet the same sort of requirements typical of any LAN, including high capacity, ability to cover short distances, full connectivity among attached stations, and broadcast capability. (Singh, 2014) In addition, several prerequisites are specific to the environment of wireless LAN. The wireless LAN must be able to accommodate upwards of 80 users with a bandwidth of 54Mbps and using 802.11g standards on the 2.4Ghz frequency to prevent interference. The 802.1x (WPA2 Enterprise) authentication that will be implemented will ensure that only authorized users are accessing the WLAN, and preventing unauthorized users from gaining access to, not only the WWTC network, but also authorized guests having their devices exposed to malicious users.

4.5 Active Directory
When it comes to a company as large as WWTC Active Directory is going to play a large role in order to help manage computer and user policies. The easiest way to implement plans and policy requirements would be to distribute these by using group policy. The Active Directory structure will comprise of a New York Domain that will be broken down into OU Groups and will allow for access to and from the WWTC headquarters and remote users. This Domain will provide for security within the Domain to protect information from those employee’s that do not have a need to know for certain information. This will also allow for the enforcement of GPO’s which will enhance management of security and configuration policies.

5 Current State of the Network
The current state of the network infrastructure is solid and gigabit networking can be set up on existing network wiring. Also, the existing power supply will meet their current and future demand. This current infrastructure should be able to provide LAN speed minimum 100 MB and Internet speed minimum 54 MB. We will also need to provide wireless network access to network users and guest users in limited area (Lobby and Conference room). In conference room and the lobby, the user will get a minimum 54 Mbps of bandwidth.

6 Design Solutions
6.1 Local Area Network
According to our requirements, we have been given the 172.2.0.0/22 network and that should be able to accommodate every device along with the capacity for 100% growth. To begin, we separated the subnets and VLANS along the division of OU groups, since those groups will have resources and policies that will be shared between them. For example, there are policies that will need to be applied to staff that won’t be applicable to brokers and policies that will be applied to servers, but not printers etc. This estimate is based on the unclassified network only.

GUEST NETWORK:

I have assumed the each of the four reception offices can hold a maximum of 10 devices on the Guest wireless connections. This allows for multiple devices per person there needing access to what will be the guest network via a wireless AP that is connected to the DMZ. This will prevent Guest users from having access to company network services, but will allow for external connectivity. This gives an immediate total of 40 connections. To make room for 100% growth, we must create our subnet for an assumed total of 80 devices. We need to create a 172.2.30.0/25 subnet giving us 126 available IP Addresses

VOIP/ VTC/CONFERENCE ROOMS:

For VOIP/VTC, we can look at the chart given and count that we have a current need for 100 Internet connected phones and 6 VTCs. To double that, we need to accommodate room for 200 phones and 12 VTCs. We must use a full octet to accommodate this. Since we will allow the VOIP/VTC to use DHCP and we want to make sure the VoIP are on their own subnet, 172.2.10.0/24 giving us 254 available IP addresses. For the conference room, we assume a max capacity of 10 in each for 20 devices. We must accommodate 40 for the future. That range will be 172.2.4.0/26 giving us 62 available IP addresses.

STAFF:

For the staff, we counted the number of desks in the design giving us 53 connections needed (staff, receptionist, EA). For our printers, we are told that there are currently 20.

SERVERS/NETWORK:

For the servers we have a given 43 servers that will be used to provide web services, custom applications available to brokers and clients, an internal Email Server, DNS, DHCP, and Active Directory and 12 network devices. We must double that to 86 servers for future Active Directory needs and 24 network devices.

EXECUTIVE LEVEL:

For the executive segment, we used the given number of devices needed for the current executive offices and extended that into the vacant offices, assuming that any new executive will sit in one of those. This gives us a total of 10 workstations currently needing addresses (4 CEO and above level with 6 vacant offices) with us needing to provide for 20 for future growth.

CLASSIFIED NETWORK:

For the classified network, we will have 12 network devices, XX servers and 18 workstations, in addition to 18 VoIP phones, and 13 VTC’s. We will not have a DMZ, and will replace one of the ASA’s with a Dell Sonicwall 3600 (Firewall appliance with VPN capability). We will maintain the same addressing and VLAN scheme since this is a separate network and this will allow for ease of management from the Administrators.

Unclassified Network Diagrams, VLANS, and IP Addresses:

image1.jpg

Unclassified VLAN’s

VLAN Name

VLAN ID

Network

Network Range

Available IP Addresses

Guest

101

172.2.30.0/25

172.2.30.1 – 172.2.30.126

126

Servers/Network

201

172.2.20.0/23

172.2.20.1 – 172.2.21.254

510

VoIP

301

172.2.10.0/24

172.2.10.1 – 172.2.20.254

254

Staff

401

172.2.2.0/23

172.2.2.1 – 172.2.3.254

510

Executive

501

172.2.1.0/25

172.2.1.1 – 172.2.1.126

126

Unclassified IP Addresses and Subnets

Segments

VLAN

ID

Device

quantity

IP addresses required including growth

Subnet

Number of Hosts

First Host - Last Host

Servers/Network

201

71

142

172.2.20.0/23

510

172.2.20.1 – 172.2.21.254

DMZ

N/A

6

62

172.2.40.0/26

62

172.2.40.1 – 172.2.40.64

VoIP/VTC

301

106

212

172.2.10.0/24

254

172.2.10.1 – 172.2.10.254

Guest

101

40

80

172.2.30.0/25

126

172.2.30.1 – 172.2.30.126

Conference Rooms

401

20

40

172.2.2.192/26

62

172.2.2.193 – 172.2.2.254

Printers

401

20

40

172.2.3.0/26

62

172.2.3.1 – 172.2.3.62

Executive Offices

501

4

8

172.2.1.0/26

62

172.2.1.0 – 172.2.1.62

Managers/ Vacant

501

13

26

172.2.1.64/26

62

172.2.1.64 – 172.2.2.128

Staff

401

53

106

172.2.2.0/25

126

172.2.2.1 – 172.2.6.126

Brokers

401

28

56

172.2.2.128/26

62

172.2.5.128 – 172.2.5.190

Classified Network Diagram, VLANs, and IP Addresses

image2.jpg

Classified VLAN’s

VLAN Name

VLAN ID

Network

Network Range

Available IP Addresses

Servers/Network

201

172.2.20.0/24

172.2.20.1 – 172.2.20.254

254

VoIP

301

172.2.10.0/24

172.2.10.1 – 172.2.10.254

254

Staff

401

172.2.2.0/27

172.2.2.1 – 172.2.2.190

190

Executive

501

172.2.1.0/25

172.2.1.1 – 172.2.1.126

126

Classified IP Addresses and Subnets

Segments

VLAN

ID

Device

quantity

IP addresses required including growth

Subnet

Number of Hosts

First Host - Last Host

DMZ

N/A

4

32

172.2.40.0/27

8

172.2.40.1-172.2.40.30

Servers/Network

201

71

142

172.2.20.0/24

254

172.2.20.1 – 172.2.20.254

VoIP/VTC

301

83

166

172.2.10.0/24

254

172.2.10.1 – 172.2.10.254

Printers

401

10

20

172.2.2.128/26

62

172.2.2.129 – 172.2.2.192

Executive Offices

501

4

8

172.2.1.0/26

62

172.2.1.0 – 172.2.1.62

Managers/ Vacant

501

13

26

172.2.1.64/26

62

172.2.1.65 – 172.2.2.126

Staff

401

53

106

172.2.2.0/25

126

172.2.2.1 – 172.2.2.126

Equipment List

image3.jpg

6.2 Security
The scope of this universal policy covers the security and use and protection of all WWTC information and information systems applications and network devices. Each section of the policy is broken down into each defined area, and updates or changes to the policy will be communicated to all employees as soon as those changes are made. RFP Team 5 will include Security Policies as enclosures attached to this outline.

Security Design

image4.png

Certain company assets are going to be ranked more important than others and will need better security for more efficient protection. Assets for the World Wide Training Company include employees, clients, market tracking application, stock and bond analytical application, the online trading application, physical network infrastructure for examples switches and servers.

World Wide Trading Company will also have application servers in place in order to run the companies offered client services. These servers include their Market Tracking application, Stock and Bond Analytical application and their Online Trading Platform. The services are available through the web making it important that they using the Secure Hyper Text Transfer Protocol in order to transmit data over the internet. Using HTTPS will allow encryption of the data be transferred though using Secure Sockets layer protocol or Transport Layer Protocol these protocols encrypt data transfer over and unsecure network.

It is necessary to create a distinct management VLAN from the rest of the network by a firewall or access lists for the reason that the foundation of our network management security will be based on these servers. Only traffic from managed devices or those protected by encryption will gain permission in the management VLAN.

To get rid of the possibility that it could be intercepted in transit, the management traffic will be kept off the production network. Each device will be configured with a physical port on the management VLAN through SSH or IPSEC encryption. Based on the policy of that subnet, only appropriate incoming packets will be permitted. To eliminate spoofing and minimize any malicious or illegitimate activities, outbound traffic will be filtered. Spoofing will be prevented by filtering traffic leaving each subnet. Incorrect source address is an indicator of possible attempt to initiate a DDOS/similar attack or a compromised or a misconfigured machine. One-time password server with RSA Security’s ACE server will be used as a strong authentication.

If over the production network communication will be necessary, SSH among other encrypted communication protocols will be used. Audit requirements will be met by logging to the syslog servers located on the management network. Other techniques can be used to enhance security because most busy network admins may not be able to monitor every unused port. This could be requiring user authentication through RADIUS or LDAP before they are given access to any resources a technology instigated in Cisco’s User Registration Tool (URT) that, depending on the credentials supplied, grants users ability to be assigned to different VLANs.

Layer 2 securities will be enforced by limiting the MAC addressed that is permitted to communicate on the ports. Intrusion or ARP spoofing activities such as sniff utility will be indicated by a flood of MAC addresses or even a single new MAC address. To ensure frames for the designated Ethernet address are always forwarded to the specified port and it can present ARP spoofing attacks, a static MAC assignment will be created. Set cam permanent aa-bb-cc-11-22-22 6/1 is used to set a static port on a Cisco switch.

The MAC addresses appearing on each port will be limited to one or a small number. Configuration of a time out will help prevent a new MAC from appearing until the elapse of a certain time period which can be configured with the set port security statement on a Cisco switch. To establish MAC address forwarding tables and establish a tree-like topology which forwards frames via the faster’s path and eliminate loops switches and bridges will make use of Spanning-Tree Protocol (STP).

The root bridge of the spanning tree will be located near the core of the network on the highest bandwidth links to achieve optimum performance. To enforce the STP topology and prevent the root bridge from appearing on an edge segment or on a lower bandwidth connection we will make use of the STP root guard feature that will be allowed on ports we do not want to see the root. The port will change from forwarding to listening state until the superior BPDU announcements are stopped on the condition that superior BPDUs are received from a port with root guard enabled.

On ports where end stations are attached and slows the port to immediately transition the forwarding state without the delay caused by the STP calculation, the spanning tree portfast command is configured. Upon accessing public server, hackers may logically launch attacks against other hosts on the public segment. This makes it ideal to recommend a private VLAN that provide a means to prevent hosts on the same subnet from communication with each other granting access to required communication to their router and hosts on other network connections.

Implementing security at the network level crowns our security strategies. To prevent the most determined attacker able to penetrate the set perimeter defense walls from compromising our hosts, a strong encryption and authentication will be implemented at the network level. IPSEC IP security, an enhancement to the IP protocol documented in various RFCs by IETF ensures that every packet transmitted to the LAN is encrypted with strong encryption algorithms.

6.2.1 Roles and Responsibilities
· President – Will ensure that all policies are communicated, understood and enforced by the departments that are responsible for maintaining them.

· CIO – Will ensure that there are proper resources and support to enable the IT department to manage and effectively support the company, their clients and employees as directed by the President.

· CISO – Will ensure there is an effective Information Security department to handle all aspects of IT Security within the Company, and address any concerns on management of the IT Security program.

· Administrators – Will follow the Corporate Policies by managing and supporting the Policies in a technical manner.

· Security - Will ensure that all policies are able to be met, and that all employees are complying with the policies in place.

· Users – Will ensure they are working in compliance with all policies and will bring to the attention of management when there are potential questions or deviations from the Corporate Policy.

6.3 VoIP and Wireless
For a productive and functional Wireless Access Points (WAP), it is determined a Cisco Aironet 1250 Series WAP must be designed in each of the rooms and the entryway. The Aironet 1250 will be a perfect decision for the Lobby, because of a great deal of high transfer speed use as far as voice, information and video applications utilized as a part of these regions. The WAP is additionally a double band device with numerous channels able to break point channel covering amid high activity use, bolsters proper location, and ready to distinguish malicious clients and frighten an attacker. A secure Cisco 4400 Series Wireless LAN Controller must be utilized for the WAP to give single administration indicate ongoing correspondence to and from the WAP and will convey incorporated security approaches, interruption recognition and avoidance capacities, nature of administration and proficient versatility benefit.

The WLC interface with the PoE switches are arranged with three VLANs: WWTC representative, WWTC visitor, and voice for remote telephones . Keeping in mind the end goal to guarantee most extreme transfer speed and lessen RF impedance, these APs will be set in the focal point of every area and will be designed to utilize 802.11g (backings the 54 Mbps transmission capacity prerequisite) with the 2.4 GHz recurrence. The 2.4 GHz is the best option to use for different devices, for example, microwaves utilize the 5 GHz, and if the APs utilize the 5 GHz, there will be danger of RF obstruction. The APs will be mounted at every end of the two meeting rooms and the entryway territory rather than overhead with the goal that it doesn't contrarily influence each of the rooms' feel. To boost channel and transfer speed use, the APs will be introduced at eight feet from the floors in every room and will confront descending at 40 degrees. The receiving wires will be directional keeping in mind the end goal to guarantee sufficient scope and the APs in the two rooms will isolate (channels 6 and 11) so as to keep comparative channels from interfering with each other at the covering point. For the entryway APs, they will be put at every end at eight feet from the floor and will confront descending at 40 degrees. Both receiving wires will be directional keeping in mind the end goal to guarantee sufficient scope alongside utilizing separate channels (6 and 11) to relieve channel impedance.

For security, we will utilize 802.1x (WPA2 Enterprise) authentication where all WWTC clients and visitors must give their username and secret key (visitors will be given a transitory username and watchword) before confirming onto the WLAN. The 802.1x standard additionally includes encryption by means of EAP. This guarantees secretly since unapproved clients, for example, a war driver utilizing a bundle sniffer to see transmitted information over the WLAN, can't see the information. VLANs will be arranged on the WLC that will isolate movement on the WLAN. The names of the VLANS are: WWTC workers, WWTC visitors, and voice. Representatives in WWTC's NYC office will be on the WWTC workers VLAN, external clients who need to get to WWTC's WLAN any of the three areas will be on the WWTC visitors VLAN, and the voice VLAN will be designed to deal with remote telephone correspondence.

Wireless Access Point Configuration with Installation

Location of AP

Name of APs

AP Configuration Summary

Lobby

WWTC_Lobby1.1

Our AP locations is determined to be mounted at each end of our rooms, eight feet from the floor, specifically in the focal point of the room. The receiving wire will be directional for the satisfactory scope of the clients. The APs will utilize isolate diverts keeping in mind the end goal to forestall channel impedance alongside utilizing 802.11g for data transfer capacity and 2.4 GHz recurrence.

Conference Room 1

WWTC_Conf1.1,

Our AP locations is determined to be mounted at each end of our rooms, eight feet from the floor, specifically in the focal point of the room. The receiving wire will be directional for the satisfactory scope of the clients. The APs will utilize isolate diverts keeping in mind the end goal to forestall channel impedance alongside utilizing 802.11g for data transfer capacity and 2.4 GHz recurrence.

Conference Room 2

WWTC_Conf2.1,

Our AP locations is determined to be mounted at each end of our rooms, eight feet from the floor, specifically in the focal point of the room. The receiving wire will be directional for the satisfactory scope of the clients. The APs will utilize isolate diverts keeping in mind the end goal to forestall channel impedance alongside utilizing 802.11g for data transfer capacity and 2.4 GHz recurrence.

WWTC requires a Voice over IP (VoIP) game plan that will decrease expenses and keep up 100% accessibility. The VoIP utilization must be flexible to oblige future advancement and have adjustment to inward adjustments. The New York office must separate VoIP from the framework to expect impedance of the lines and obstruct over the framework. Right when used as a singular substance, VoIP action will encounter the evil impacts of reduced information exchange limit when there are deferrals or diverse issues over the framework. By keeping VoIP isolated in our VLAN, network problems will be avoided. Our VLAN will make it simple & secure for employees to manage VoIP. Communications Manager can be used to both screen and regulate IP correspondence and video benefits. For sufficient use of the Unified Communications Manager support to consolidate VoIP and video illuminating organizations, we will use A Cisco 6000 Business Edition.

Outside telephone lines will be used through open traded telephone sort out (PSTN) stations. WWTC's legitimate staff and authorities will make business calls outside of the affiliation and will require PSTN phone lines. Because of the number of customers (around 28) and the typical considerable call volumes to be made, it is evaluated that official staff and middle people will require around six PSTN channels at a 5:1 man for each channel extent. For redundancy, voice-sort out dial mates can be set up to keep up 100% redundancy.

Utilizing the VoIP transfer speed adding machine, with the G.729 codec the data transfer capacity for a solitary VoIP call will require 12 Kbps. The aggregate data transmission for voice calls should be no less than 840 Kbps, on the presumption that that 70% of the WWTC staff are utilizing VoIP telephones at pinnacle hours.

image5.png

6.4 Active Directory
Setting up Active Directory requires the set up of both a Domain Name Services server and a Dynamic Host Configuration Protocol Server. The DNS server is put into place in order to resolve host names on the network. The DHCP Server will be put into place in order to assign hosts on the network with an IP Address in order to allow them to communicate with other network devices.

Create forest root domain

To begin creating the forest root domain you must deploy the first forest root domain controller. To do this you will log into your server and install Active Directory Domain Services on the server by running Active Directory Domain Services Installation wizard. You should also enable the Group Policy Try Next Closest Site in order to allow clients to locate the closest domain controller. Next you should install a second Domain controller as a backup and follow the same steps above. Next you will reconfigure the DNS server by enabling aging and scavenging in order to eliminate stale DNS records from the server. In the final step you will configure site topology, to do this your start by creating an administration group for the AD DS. Once you create a group you will open AD Sites and Services, go to Administrative Tools, choose Active Directory Sites and Services, right click the sites node and select Delegate control and assign the proper admin group to the site.

Create Top Tier Organization Units

During this step your will be creating the top tier organization units these OU’s consist of New York office, President, Administrators, CEO’s, VP’s, Managers, Brokers, IT Dept, FIN Dept, and HR Dept. To Create these Organizational units will open up Active Directory Users and Computers. Select the domain under which you are creating the OU and right click and select New then click Organizational Unit. We will follow these steps for each of the OU’s listed above and they will be created for each child domain.

Create Second Tier Organization Units

Creating the second tier Organizational Units follows the similar steps as above but for these we will create an Employee OU, a computer OU and a Printer OU for each of the above already created top tier OU’s. In order to do this, we will select the top tier OU we wish to create a second tier OU for and Right Click that select New and choose Organization Unit.

In this section we will be creating security groups for the each of the above organizational unit’s users. Here we will have groups listed as follows:

New York – NY_GRP

President – NY_Pres_R, NY_Pres_W

Administrators – NY_Admin_R, NY_Admin_W

CEO’s – NY_CEO_R, NY_CEO_W

VP’s – NY_VP_R, NY_VP_W

Managers – NY_Mgr_R, NY_Mgr_W

IT – NY_IT_R, NY_IT_W

Brokers – NY_Brokers_R, NY_Brokers_W

Finance – NY_Fin_R, NY_Fin_W

HR – NY_HR_R, NY_HR_W

The above groups are created in order to help better keep track of resources that are accessible to each department and it also allows for group policies to be added to each department separately or as whole. The First group NY_GRP is used to apply as a group for all users in the New York area. The next groups are broken down by department or job role each department has an _R and _W these mean read in write I have done this to be able to separate groups that should be able to view data on share drives and groups that will be able to make changes to any data that is stored. Everyone in all departments will be placed in the read only group automatically and those users which require write access will be added to the _W group.

To create the groups, it is very simple you start by opening up your Active directory users and groups snap in. After the snap in has been opened you navigate to the create OU and department, from here you will right click hit new and choose group. For example, for the New York Group you will go right into the first OU and right click and select new then choose group.

Group Policies

Below are the policies required by WWTC:

· Enable BitLocker on all servers and workstations

· Set BitLocker to automatically unlock when connected to internal network

· Enable encryption on drive only if space is used

· Enable branch cache on file servers

· Enable cache encryption

· Enable Smart Card with Pins to access network resources

Active Directory

Below are the requirements for Active Directory Users and Groups

· Must have OU levels for users and computers

· Three types of OU levels Global, Universal and Local Groups

· Restrict Universal group membership must be assigned

· Groups are based on OU’s

· Single forest with multiple domains

Here is a comprehensive list of additional GPO’s that will be configured to ensure a secure computing environment within both WWTC and the WWTC classified LAN. The settings will be altered to adjust different security and protection schemes, but these are the general settings that will be applied and linked throughout the Domain.

GPO Administrative Settings:

· Control Panel

· Desktop (User Configuration only)

· Network

· Domain Controllers

· Domain Member Servers

· Printers (Computer Configuration only)

· Shared Folders (User Configuration only)

· Start Menu and Taskbar (User Configuration only)

· System

· Windows Components

Security Settings:

· Account Policies

· Audit Policy

· User Rights

· Security Options

· Event Logs

Preferences Settings:

· Applications

· Drive Maps

· Files

· Folders

· Registry

· Network shares

· Devices

· Folder Options

· Internet Settings

· Local Users and Groups

· Network Options

· Power Options

· Printers

· Scheduled Tasks

7 Implementation Plan
With the approval of this RFP, the IT department will coordinate with purchasing to identify the third party vendor that will provide all the equipment that was annotated in the equipment list. They will then consult with the RFP team to start the implementation prior to the New York office being staffed. This will allow for receiving, unboxing and performing any installation tasks while not disturbing employee’s or guests during the implementation. Additionally, this will allow the IT department to ensure that all connectivity is achieved prior to causing disruptions or outages.

The IT department will provide the below implementation plan to all Managers and above to allow for proper communication of status and timelines being completed. With the scope of the plan, and the modular and scalable nature of the network, growth should be seamless and transparent to the end users and the need for network upgrades and expansion should not be seen in the first 3-4 years. If it is determined that there needs to be greater capacity, then the IT department will conduct a network upgrade evaluation to expand the existing infrastructure.

Training for administrators will be minimal as they will be involved in the installation, configuration and deployment of the network. End users will be trained as needed to access their personal share drives and email, but all mapping and access will already be established and should be transparent to the end user. Guests and visitors that are accessing the network via the WLAN will have a quick training session on connecting and accessing the WLAN.

A contingency plan, in the case of network failure, will need to be addressed. This plan should begin with shifting access and resources to connect directly to the WWTC headquarters Domain by replicating the OU directory to the WWTC headquarters Domain and providing an internet connection via VPN to headquarters while troubleshooting takes place. Once the issue/s have been resolved, all users will then be shifted back to the New York Domain for continued access.

7.1 LAN Implementation
STEP

TASK

1

Install the racks for network equipment and servers and run power to racks.

2

Mount required networking equipment and servers in racks and connect power.

3

Run and label Cat 6 cabling for all networking equipment and servers.

4

Configure Unclassified routers and switches, including VLAN configurations.

5

Configure Classified routers and switches, including VLAN configurations.

6

Verify connectivity between all networking equipment on both the unclassified and classified networks, using VLAN 201. Troubleshoot and repair any connectivity issues.

7

Run and label all Cat 6 cabling for Desktop Clients

8

Connect all Servers and Desktop Clients to switches and verify communication between all VLANs.

9

Set-up Classified and Unclassified connections between Cisco ASAs located at WWTC NY Office and WWTC Headquarters. Create connection between core routers at each location after ASA connections are made. Troubleshoot and repair any issues.

7.2 Security
STEP

TASK

1

Asset Protection

2

Install Configure Firewall and Rules

3

Configure DMZ

4

Encrypted Communications

5

VLAN/ Port Security

6

Security Technologies

7

Security Policies Outline

7.3 VoIP and Wireless
STEP

TASK

1

Prepare Reliable Internet connection between offices

2

Introduce a game plan for VoIP

3

Determine VoIP Redundancy

4

Determine best location for WAPs

5

Install Cisco Aironet 1250 Series WAP in appropriate locations

6

Install Cisco 4400 Series Wireless LAN Controller in appropriate location

7

Prepare, Plan, and configure A Wireless Security Plan

8

Use 802.1x (WPA2 Enterprise) authentication

7.4 Active Directory
STEP

TASK

1

Create DNS Server

2

Create DHCP Server

3

Create AD Forrest Root Domain

4

Create forest root domain

5

Create Top Tier OU

6

Create Second Tier OU

7

Create AD Security Groups

8

Create GPO’s based on Groups

8 Project Budget
The goal set forth by WWTC was to reduce overall costs from 30 to 15 percent within the next four years. With the network plans that we have laid out in this document that goal will be achieved in a cost effective and timely manner. Overall cost for the project range around 45 to 50k. The gap is added to somewhat account for labor charges of the workers who will put the plan in motion.

ITEM

COST

Equipment

$30,000

Software

$10,000

Labor

$10 – 25 per hour

Total

$45,000 to 50,000

9 Summary of Proposal
This proposal has discussed the business goals for WWTC and how the goals will be accomplished by setting forth the business requirements specified for this project. This proposal covers the technical capabilities Team 5 will provide to WWTC in order to provide them all of the necessary components of a Local Area Network to enable them to be successful in achieving their goals. Team 5 will improve security, provide faster and more reliable network speeds, wireless and VoIP access, a more redundant network that is built in a modular manner to support future growth, and a classified network for sharing sensitive information with the WWTC Headquarters in Hong Kong and other branch offices. This proposal has also addressed the budget that Team 5 will be working with and an implementation plan providing a timeline for task and project completion.

10 Design Document Appendix
Switch and router configurations

Firewall configurations

Security Policies

11 References
Chang, P & Wang, T. (October 2009) Design and implementation of an integrated RFID and VoIP system for supporting personal mobility. International Journal of Computer Network and Communications. Retrieved from: http://www.academia.edu/17291393/DESIGN_AND_IMPLEMENTATION_OF_AN_INTEGRATED_RFID_AND_VOIP_SYSTEM_FOR_SUPPORTING_PERSONAL_MOBILITY

Cisco Aironet 1250 Series Access Point Data Sheet. (n.d.). Retrieved June 2, 2016, from http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1250-series/product_data_sheet0900aecd806b7c5c.html

Cisco ASA 5500-X Series Next-Generation Firewalls - Products & Services. (n.d.). Retrieved June 1, 2016, from http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html?.

Cisco ASR 1001 Router. (n.d.). Retrieved June 1, 2016, from http://www.cisco.com/c/en/us/products/routers/asr-1001-router/index.html

Cisco Catalyst 3560 Series Switches - Products & Services. (n.d.). Retrieved June 2, 2016, from http://www.cisco.com/c/en/us/products/switches/catalyst-3560-series-switches/index.html

Cisco IPS 4270-20 Sensor. (n.d.). Retrieved June 2, 2016, from http://www.cisco.com/c/en/us/support/security/ips-4270-20-sensor/model.html

Cisco Secure Access Control System - Products & Services. (n.d.). Retrieved June 3, 2016, from http://www.cisco.com/c/en/us/products/security/secure-access-control-system/index.htmlhttp://www.cisco.com/c/en/us/products/collateral/unified-communications/unity-express/reference_guide_c07-566560.html.

Cisco Unified Communications 500 Series Model 560 for Small Business: Platform Reference Guide. (n.d.). Retrieved June 3, 2016, from Technet. (2016). Windows Deployment Services

Cisco Unified IP Phone 7942G Data Sheet. (n.d.). Retrieved June 3, 2016, from http://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7942g/product_data_sheet0900aecd8069bb68.html

Cisco Wireless LAN Controllers. (n.d.). Retrieved June 2, 2016, from http://www.cisco.com/c/en/us/products/collateral/wireless/4100-series-wireless-lan-controllers/product_data_sheet0900aecd802570b0.htm

Cisco. (2011). Wireless LAN Design Guide for High Density Client Environments in HigherEducation. Retrieved June 2, 2016, from Cisco:http://www.cisco.com/c/dam/en_us/solutions/industries/docs/education/cisco_wlan_design_guie.pdf.

Data Communications and computer Networks. Singh, B. (2014). From

https://books.google.com/books?id=p7B2BAAAQBAJ&pg=PA211&lpg=PA211&dq=A

Dell Precision Tower 3000 Series (3420). (n.d.). Retrieved June 5, 2016, from http://www.dell.com/us/business/p/precision-t3x20-series-workstation/pd?&-t3x20-series-workstation&&

HP Color LaserJet Pro MFP M527n. (n.d.). Retrieved June 2, 2016, from http://store.hp.com/webapp/wcs/stores/servlet/us/en/pdp/printers/hp-color-laserjet-pro-mfp-m176n

HP NC365T 4-port Ethernet Server Adapter. (n.d.). Retrieved June 2, 2016, from http://h18004.www1.hp.com/products/servers/networking/nc365t/index.html

TestOut. (n.d.). DHCP Subnetting [Video file]. Retrieved from http://cdn.testout.com/client v5-1-8-81/startlabsim.html?-us.

�Wrong date

�Improper English

�This has been changed.

�So we need 3 more VLAN’s than are created on our VLAN template?

�Yes, you already so this and it has already been graded with an 89%

�???

�This has be modified alrady.

�Use “interfering”

�I used obstruction instead of interfering

�I changed it to interfering

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Study Master
A Grade Exams
Write My Coursework
Pro Writer
Maths Master
Instant Assignment Writer
Writer Writer Name Offer Chat
Study Master

ONLINE

Study Master

After reading your project details, I feel myself as the best option for you to fulfill this project with 100 percent perfection.

$49 Chat With Writer
A Grade Exams

ONLINE

A Grade Exams

After reading your project details, I feel myself as the best option for you to fulfill this project with 100 percent perfection.

$22 Chat With Writer
Write My Coursework

ONLINE

Write My Coursework

I am an experienced researcher here with master education. After reading your posting, I feel, you need an expert research writer to complete your project.Thank You

$29 Chat With Writer
Pro Writer

ONLINE

Pro Writer

I am an experienced researcher here with master education. After reading your posting, I feel, you need an expert research writer to complete your project.Thank You

$33 Chat With Writer
Maths Master

ONLINE

Maths Master

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$38 Chat With Writer
Instant Assignment Writer

ONLINE

Instant Assignment Writer

I have assisted scholars, business persons, startups, entrepreneurs, marketers, managers etc in their, pitches, presentations, market research, business plans etc.

$37 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Preparation of fluoride standard solution - Write a essay - Ethyne dot and cross diagram - Kfc swot analysis ppt - Module 9 workbook answers - Curing the incurable cookbook by gary null - Inferential Statistics - Research Paper - Enhance Viewers Perception - Maxwell high voltage capacitors - Burke litwin model of organisational change - Exercise 1 17 preparing a balance sheet lo p2 - Equilibrium constant keq worksheet answers - The prodiscover utility makes use of the proprietary _______________ file format. - Advantages of straight salary - UDL Modification - Wendy Lewis 3 - Concepts in enterprise resource planning 3rd edition solutions - Humanity - Thomas clarkson academy staff list - Ajinomoto share price bursa - Maslow's hierarchy of needs the blind side - What does the underline mean in little alchemy - Multicultural and social justice counseling competencies - Uc berkeley academic guide - Fe c2o4 3 3 - Download the file below - Peugeot speedfight tuning guide - Plymouth university residence life - God's mission is characterized by - 2 chronicles chapter 20 - Galapagos islands that changed the world movie questions answers - Week 6 Discussion 2 Physiology and Pathophysiology - Therapy for Pediatric Clients With Mood Disorders 2 to 3 pages - How to cite sentinel city in apa format - Hervey bay police radio frequency - Gema optiflex 2 nozzles - Grade 7 reading list - Vanadium iii carbonate formula - Cpt code urolift - Net ionic equation practice worksheet - His divine power has given us everything - Fitness fanatics is a regional chain of health clubs - Glen waverley secondary school - Choose three of the project areas listed below and answer one question from each group of questions found in Chapter 12 of your text. - La señora johnson es diabética y no puede comer azúcar - 2questions - I need a Research Paper - John daly scorecard today - Journal - Leccion 4 contextos correcto o incorrecto - How to balance equations khan academy - Discussion: Implementing a Revision Strategy - Doing ethics 5th edition pdf - Primates - Create a personal vision statement - Compensating balance agreements are held against short term borrowings should - Order 2155769: Read Instructions - What is insufficient logging and monitoring - Short summary of mirror by sylvia plath - Which of the following best describes a critical update? - Pca - 832 - What are some factors that affect social mobility - Sam walton jay z by george packer - Unit conversion worksheet answers - Cobit 5 mapping to nist - Rhetorical critique response (250 - 500 words) - Application for permission for cremation - Prose and verse in much ado about nothing - Quota diagram ib economics - Gainsborough's blue boy is an example of the - Assume that sparks uses a perpetual specific identification inventory system - Futility wilfred owen analysis - Introduction to Christian Mission - Biographical Paper - What factors contributed to eurodisney poor performance - Chapter 12 assignment due in 24 hours - Cutlip center & broom 2006 - Discounting factoring and forfaiting - Quantum dot display ppt - What Is Philosophy? - Utas word count penalty - OPS/350 WK2 Parts Emporium Case Study - Approaches to psychology worksheet - The american dream dead alive or on hold pdf - Dirichlet test for convergence proof - Which transition word correctly links the two sentences - Sf2 polar or nonpolar - Blank coat of arms - University database design example - Cambridge teacher knowledge test - University of bradford summon - Southwestern university's food service case study - Influencer the new science of leading change cliff notes - Air canada organizational structure - 7 paragraph essay - Levels of structural organization in the human body - Hydrogen peroxide decomposes according to the equation - Elements and principles of art line - Examples of primary dimensions of diversity - 3 dicks on a bench remix