MyCo Network Design Proposal

Presented By Group 10

Group Introduction • • • • Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui .

• Best possible solution with reasonable cost.Business Case • Current MyCo network architecture poorly design • No room for scalability and high availability. • Our solution will meet current and future needs. .

.Design Decision • We have picked Cisco as the major vendor for our networking gear because of following reasons i) Company’s Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support.


Design Key Aspects • • • • Scalability High Availability Security Ease to Manage .

• Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions. • Cisco 4503 are modular switches and can support 2 line cards. • Cisco 2960’s are used as layer2 switches for DMZ and Finance users. This fits our need for servers. .Scalability • Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports.

High Availability • We have tried to designed all the networking gear in HA mode i. • Internet segment is fully redundant. circuit. IPS’s. . routers. • Similar servers are connected to different switches. redundant firewalls. switches. • Half of the users are connected to one switch and half to the other.e. Internet circuits from two different ISP’s terminating into two different routers.

• Internal traffic get routed to the active switch based on the OSPF algorithm.Routing • Internally we are using OSPF and Externally we are running BGP. • End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP. • Internet traffic get routed based on the decision made by BGP. . • Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables.

• Firewall rules are setup to allow access based on need to know basis with a “deny all” rule in the end. • DMZ zone is setup for servers accessible from Internet.Security • Financial systems are separated by firewalls. • Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes. • Remote access is allowed by using IPSEC or SSL client with token based authentication. later on can be changed to IPS”) .

Cost Analysis Product Cisco Catalyst 4506-E Price $11.672 $14.127 Quantity 2 Total $22.357 $3.191 $1. one of the world’s leading cisco suppliers.244  Cisco price specifications listed above are from router-switch. .254 Cisco Catalyst 4503-E HP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router $6.450 $3.  The price of HP ProLiant DL 165 listed above is from newegg. 528 $4.350 $13.714 $ 2 8 3 4 2 Total $12. a leading e-retailer.726 $93.418 $7.

Active Directory Layout .

Conclusion • Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution .

Questions .