Network design and architecture Essay
Network design and architecture are highly important for business because there are many factors affecting network and design, and the functionality of the network is directly related to the company’s performance. The requirements for a network include fault tolerance, scalability, quality of service and security. In the process of designing a network, it is necessary to pay attention to such factors as geographical location of the main buildings, the load on the network, the number of users and the applications needed for their work, required bandwidth, availability of Internet providers and the environmental factors which might affect connectivity between main points of the network.
The purpose of this assignment is to implement a design for the network with three locations: location one: two buildings, 25 computers in every building, 15 of them being wireless users in each building, location two: one building, 15 servers, 5 servers identified as web servers, 5 as email servers, and 5 as file servers, and location three: one building with 30 computer users (3 floors included, with ten computers on each floor), each floor should have two WAPs, with 5 of the ten users having wireless access to the network. The goal of the project is to select the necessary hardware and middleware, integrate network security and wireless connectivity, and to establish connection between these three locations.
Location 1
In this location, there are two buildings, with 25 users per building, where 10 users in every building are connected to the network using wired connection, and 15 users are using wireless connection. For every building, it is recommended to divide the users of wired network into 2 groups of 5 users(it is unlikely that they all work in one room), and to link these users into a network using Cisco Catalyst 2960 Series Switch. These switches have superior layer 2 defense capability, have 24 Ethernet desktop ports (for expansion/redundancy purposes, 2 switches are recommended), and use Cisco EnergyWise technology. Wired connections inside the buildings will be implemented using UTP cat. 5/5e.
Both Cisco Catalyst 2960 Series Switches are then connected to a Cisco Linksys E420 router, which supports both Ethernet and wireless connections, and has 4 Gigabit Ethernet ports, as well as 1 Gigabit WAN port. This router can work with IEEE 802.11 a/b/g/n standards, and will also be used to connect the wireless network segment to the whole network.
Wireless connection will be maintained by the Cisco Aironet 1200 Series Access Point, which represents an enterprise-class solution for wireless connectivity. This access point can work with IEEE 802.11 a/b/g/n devices, and can theoretically support up to 253 connections. However, in practice it is not recommended to have more than 24 connections per access point. In the case of building 1 and 2, these requirements are fulfilled.
Building 2 has the same inner network structure as building 1 (supposed that geographical and environmental conditions there are comparable), and both building are connected into a larger network segment by Cisco 851 Ethernet SOHO Security Router. This router has an embedded security middleware which will implement the functions of hardware firewall for this network segment; in addition to this, Cisco 851 Router provides IpSec VPN security support, which will also be used to enhance security for remote connections. The buildings will be connected using a wired connection, based on the coaxial cable, because this cable can be used for connections up to 500 meters, and is less vulnerable to the environment compared to UTP.
Location 2
Location 2 includes 1 building with 15 servers, 5 of them being file servers, 5 – web servers, and 5 – e-mail servers. For this building, it is recommended to choose high-bandwidth switches and routers. The servers will be grouped into 5 groups, with 1 file server, web server and e-mail server in each group. Here it is supposed that no clustering is used within these servers.
The groups of servers will be located in different parts of the building and physically separated from each other, for security purposes. Each group of servers will be connected using UTP cat. 5e (Gigabit Ethernet connection) to a Cisco Catalyst 6500 series switch, which can scale and virtualize network segments. These switches provide additional security with regard to encryption, network access control and use virtual switching to protect the system from excess routing. It is supposed that all servers will have IP addresses within 1 subnet in order to make access easier, and to avoid additional routing.
Five groups of servers will be connected using STP cat. 5e (Gigabit Ethernet connection) to a Cisco 7200 Series Router, with embedded security middleware, IpSec support and increased VPN performance, which is a proper choice for enterprise and service provider needs.
Location 3
For building 3, there are the following conditions: there are 3 floors, with 10 users per floor, five of them are using wired connection, and 5 of them are using wireless connection. It is also required to have two wireless access points per floor. The implementation of the design is the following: 5 users with wired connection are united into the network segment using Cisco Catalyst 2960 Series Switch, one of access points is the Cisco Aironet 1200 Series Access Point, and the functions of the other access point are performed by the Cisco 860 Series Router (which can also function as an access point). The characteristics of Cisco Aironet 1200 Series Access Points and Cisco Catalyst 2960 Series Switches were already mentioned in the description of Location 1; Cisco 860 Series Routers have enhanced security features and support Gigabit Ethernet connection. The described structure will be implemented on every floor.
However, the ground floor (indicated as Floor 1 at PowerPoint slides) will have Cisco 890 Series Router instead of Cisco 860 Series Router, which will be used to connect the wired and wireless network segments at Floor 1, and will also unite the whole network segment and act as a gateway. Cisco 890 Series Routers support enhanced data and voice communications security, and have an embedded firewall with e-mail, IM and HTTP traffic control.
Connectivity
The connection used for all three locations depends on the distance between the locations, on the environmental conditions between these places, on budget constraints and required bandwidth for each location. Here it is supposed that the distances between the locations are significant, the budget is not tight, and the network design should be scalable and applicable in case of the company’s growth and expansion.
Basing on these assumptions, fiber optic will be chosen for connecting the segments (most likely, multimode cable will be used). Although the servers are located in the second location and there are no server entities in location 1 and location 3, it is recommended to implement the FDDI structure to connect the segments of the network with each other. FDDI is more secure than Ethernet or Token Ring architecture, and it is optimal for fiber optic connections. Location 4 on PowerPoint slides illustrates the FDDI architecture.