You are on page 1of 14

MyCo Network Design Proposal

Presented By Group 10

Group Introduction • • • • Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui .

• Our solution will meet current and future needs.Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. . • Best possible solution with reasonable cost.

.Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support.

.

Design Key Aspects • • • • Scalability High Availability Security Ease to Manage .

• Cisco 4503 are modular switches and can support 2 line cards.Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports. • Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions. This fits our need for servers. • Cisco 2960’s are used as layer2 switches for DMZ and Finance users. .

• Half of the users are connected to one switch and half to the other. • Internet segment is fully redundant.High Availability • We have tried to designed all the networking gear in HA mode i. • Similar servers are connected to different switches. switches. Internet circuits from two different ISP’s terminating into two different routers. IPS’s. routers. redundant firewalls. circuit.e. .

• Internet traffic get routed based on the decision made by BGP. • Internal traffic get routed to the active switch based on the OSPF algorithm.Routing • Internally we are using OSPF and Externally we are running BGP. • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables. . • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP.

• Remote access is allowed by using IPSEC or SSL client with token based authentication. • DMZ zone is setup for servers accessible from Internet. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes. later on can be changed to IPS”) . • Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the end.Security • Financial systems are separated by firewalls.

528 $4. . a leading e-retailer.363 2 8 3 4 2 Total $12.357 $3.350 $13.714 $25.com.191 $1.254 Cisco Catalyst 4503-E HP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router $6.450 $3.244  Cisco price specifications listed above are from router-switch.418 $7.com.672 $14. one of the world’s leading cisco suppliers.  The price of HP ProLiant DL 165 listed above is from newegg.726 $93.Cost Analysis Product Cisco Catalyst 4506-E Price $11.127 Quantity 2 Total $22.

Active Directory Layout .

Conclusion • Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution .

Questions .