You are on page 1of 14

MyCo Network Design Proposal

Presented By Group 10

Group Introduction • • • • Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui .

.Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. • Best possible solution with reasonable cost. • Our solution will meet current and future needs.

Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support. .


Design Key Aspects • • • • Scalability High Availability Security Ease to Manage .

• Cisco 2960’s are used as layer2 switches for DMZ and Finance users. • Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions. • Cisco 4503 are modular switches and can support 2 line cards. . This fits our need for servers.Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports.

circuit. • Similar servers are connected to different switches. • Half of the users are connected to one switch and half to the other. • Internet segment is fully redundant. . routers.High Availability • We have tried to designed all the networking gear in HA mode i. switches. IPS’s.e. redundant firewalls. Internet circuits from two different ISP’s terminating into two different routers.

Routing • Internally we are using OSPF and Externally we are running BGP. • Internal traffic get routed to the active switch based on the OSPF algorithm. . • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables. • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP. • Internet traffic get routed based on the decision made by BGP.

• Remote access is allowed by using IPSEC or SSL client with token based authentication.Security • Financial systems are separated by firewalls. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes. • DMZ zone is setup for servers accessible from Internet. later on can be changed to IPS”) . • Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the end.

a leading e-retailer.244  Cisco price specifications listed above are from router-switch.  The price of HP ProLiant DL 165 listed above is from newegg.357 $3.726 $93.254 Cisco Catalyst 4503-E HP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router $6.191 $1. 528 $4.418 $7.363 2 8 3 4 2 Total $12.714 $25.Cost Analysis Product Cisco Catalyst 4506-E Price $11. one of the world’s leading cisco suppliers.127 Quantity 2 Total $22.450 $3. $13.672 $14.

Active Directory Layout .

Conclusion • Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution .

Questions .