You are on page 1of 14

MyCo Network Design Proposal

Presented By Group 10

Group Introduction • • • • Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui .

• Our solution will meet current and future needs.Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. . • Best possible solution with reasonable cost.

.Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support.


Design Key Aspects • • • • Scalability High Availability Security Ease to Manage .

• Cisco 4503 are modular switches and can support 2 line cards.Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports. • Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions. This fits our need for servers. • Cisco 2960’s are used as layer2 switches for DMZ and Finance users. .

• Half of the users are connected to one switch and half to the other. • Internet segment is fully redundant.High Availability • We have tried to designed all the networking gear in HA mode i. • Similar servers are connected to different switches. switches. Internet circuits from two different ISP’s terminating into two different routers. IPS’s. routers. redundant firewalls. circuit.e. .

• Internet traffic get routed based on the decision made by BGP. • Internal traffic get routed to the active switch based on the OSPF algorithm.Routing • Internally we are using OSPF and Externally we are running BGP. • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables. . • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP.

• Remote access is allowed by using IPSEC or SSL client with token based authentication. • DMZ zone is setup for servers accessible from Internet. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes. later on can be changed to IPS”) . • Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the end.Security • Financial systems are separated by firewalls.

528 $4. . a leading e-retailer.363 2 8 3 4 2 Total $12.357 $3.350 $13.714 $ $1.254 Cisco Catalyst 4503-E HP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router $6.450 $3.244  Cisco price specifications listed above are from router-switch.418 $ $14. one of the world’s leading cisco suppliers.  The price of HP ProLiant DL 165 listed above is from newegg.726 $93.Cost Analysis Product Cisco Catalyst 4506-E Price $11.127 Quantity 2 Total $22.

Active Directory Layout .

Conclusion • Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution .

Questions .