MyCo Network Design Proposal

Presented By Group 10

Group Introduction • • • • Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui .

• Best possible solution with reasonable cost.Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. • Our solution will meet current and future needs. .

.Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support.

.

Design Key Aspects • • • • Scalability High Availability Security Ease to Manage .

• Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions. • Cisco 4503 are modular switches and can support 2 line cards. • Cisco 2960’s are used as layer2 switches for DMZ and Finance users. This fits our need for servers. .Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports.

High Availability • We have tried to designed all the networking gear in HA mode i. • Internet segment is fully redundant. circuit. IPS’s. . routers. • Similar servers are connected to different switches. redundant firewalls. switches. • Half of the users are connected to one switch and half to the other.e. Internet circuits from two different ISP’s terminating into two different routers.

• Internal traffic get routed to the active switch based on the OSPF algorithm.Routing • Internally we are using OSPF and Externally we are running BGP. • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP. • Internet traffic get routed based on the decision made by BGP. . • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables.

• Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the end. • DMZ zone is setup for servers accessible from Internet.Security • Financial systems are separated by firewalls. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes. • Remote access is allowed by using IPSEC or SSL client with token based authentication. later on can be changed to IPS”) .

Cost Analysis Product Cisco Catalyst 4506-E Price $11.672 $14.127 Quantity 2 Total $22.357 $3.191 $1. one of the world’s leading cisco suppliers.244  Cisco price specifications listed above are from router-switch. .254 Cisco Catalyst 4503-E HP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router $6.450 $3.  The price of HP ProLiant DL 165 listed above is from newegg. 528 $4.350 $13.714 $25.com.com.363 2 8 3 4 2 Total $12. a leading e-retailer.726 $93.418 $7.

Active Directory Layout .

Conclusion • Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution .

Questions .