CPIN 269 Final Documentation

CPIN 269 Documentation

Spring 2016

INSTRUCTOR, JUSTIN BAITZAlexander KorichProject Manager

We Frame UComprehensive IT Solution

Project Documentation

Ivy Technical Consulting3101 S CREASY LN

LAFAYETTE, IN 47905

May 5, 2016

1

Contents Executive Summary…..3 Request for Proposal…..5 Project Charter…..17 Ethical Use Policy…..23 Scope Statement…..25 Work Breakdown Structure…..31 Milestone List…..47 Budget Breakdown…..52 Gantt Charts

o Preliminary Gantt Chart…..55o In Progress Gantt Chart…..83o Finalized Gantt Chart…..111

Change Requests…..139 Technical Documentation

o Network Documentation…..144o Server Documentation…..164o Software Documentation…..178

Lessons Learned and Conclusiono Network Lessons Learned…..208o Server Lessons Learned…..210o Software Lessons Learned…..212o Overall Project Lessons Learned and Conclusion…..215

Appendices…..219

2

Executive Summary

3

The Ivy Technical Consulting Group has been contracted to develop, install, test, and configure

and complete IT infrastructure and solution for WeFrameU.com. This solution is to adhere to the

requirements of the project sponsor to the closest degree possible, while leveraging the skills of it’s team

members to their utmost.

Primary objectives for the project are delineated into three major groupings. A network

infrastructure is to be developed, allowing for communication and scalability between three physical

locations, each with their own difficulties and specific requirements. A server infrastructure is to be

implemented, allowing for services to be provided across the network for all representatives of the project

sponsor. Finally, a software solution is to be developed, implemented, and made available publicly,

enabling employees of WeFrameU to manage operations internally, as well as allowing customers to

place orders in an online marketplace, thus reducing the load on telephone operators, and increasing

accuracy and efficiency of orders.

The project team will consist of the following structure. As primary project sponsor and

representative of WeFrameU.com, Justin Baitz. The Ivy Technical team will be broken up into three

organizational groupings. At their head, Alex Korich, project manager. Leading the network team,

Shane Adams and Ryan Taylor. Leading the server team, Haylie Pangle, and Cody Tormoehlen.

Leading the software development team, Joey Davis.

Resources are to be delegated to teams based upon appropriate skillsets. The following resources

have been made available to the Ivy Technical Consulting group for this project: Scott Busch, Keith

Williams, Darin Gravitt, Christopher Platt, Mohammad Es-Sabri, Jennifer Muray, Trent Cohernour,

Hayden Kirchner, Randy Doughty, Sabrina Tarin Chowdhury, and Charles Johnson.

4

Request for Proposal – Business Case ScenarioOriginal Assignment Document

5

IVY TECH COMMUNITY COLLEGE / LAFAYETTECPIN 269 Spring 2016 Project

Overview:From this point forward, the class will be an IT consulting firm. Your team has been contracted

to plan and implement an entire IT infrastructure. You will be given specific requirements in this document, and will then make your own decisions about how these will be met. There will also be opportunities to add functionality, but be sure not to exceed the scope without justification and approval. All project related communication will go through the established chain of command. Remember; use what you have learned, what you are learning and your knowledge of resources to do research when necessary. Most importantly be professional and have a little fun.

Step 1, Read and understand the requirements. Decide who will be responsible for what and develop a plan of attack.

Step 2, Begin work on a Project Charter and a Project Schedule (Timeline).

Documentation Deliverables:This outline is not exhaustive you may find some other pieces to add as you see fit. However it should contain at least these components:

Executive summary

Business case

*Project Charter

*Scope statement

*WBS (Work Breakdown Structure)

*Project Schedule

Disaster Recovery Plan

Ethical Usage Plan

Policy Control Plan

Progress Reports

Conclusion

6

Appendices: all applicable diagrams (AD structure, Topology, Data flows, ERDs, UML, Flow charts, etc…)

* Need to be included in Timeline Presentation

Demonstration Environment:You will create a scaled-down environment to illustrate the functionality you have created. This is your chance to show off the things you have been working so hard on all semester. Think of this as a proof of concept or prototype.

Presentations:There will be 3 presentations during the semester. Everyone is required to be present for EVERY presentation. Again, there will be a 50 point deduction for not being in class on presentation days. The presentations are broken down as follows:

Timeline: Share your plan; discuss your timeline and team and individual assignments. Describe what you are going to do, how you are going to do it, and why you chose to do it that way opposed to other methodologies that could work. Team leaders and the project manager will participate, but everyone must be present.

Progress: Progress report; define where you are compared to where your plan said you would be. Elaborate on any issues you have had or changes that have been made since the timeline presentation. Team leaders and the project manager will participate, but everyone must be present.

Final Presentation: Formal, professional presentation to the customer, EVERYONE must participate equally. You will describe what you have accomplished and how you accomplished it including a live demonstration of your functionality. This is your chance to demonstrate to me and anyone else who attends what you have been working so hard on for all these months.

Description:We recently secured a new client by the name of WeFrameU.com. They manufacture high-end picture frames. They have asked us to design a brand new network and IT infrastructure for their business. You will also plan for a long-term service contract that will include technical support and update management.

7

They would also like you to develop a Disaster Recovery plan that includes a sound back up strategy. They have included requirements and have asked that you plan, design, and develop a prototype within approximately 12 weeks. They wish to keep a reasonable balance between cost and performance, and ask you to justify all technological decisions made. I am confident that the deadline and requirements can be met. Be creative, simply meeting the minimum requirements may not be good enough for this client, Good Luck!!

Requirements:

WeFrameU Industries has 735 employees spread across 3 sites. The company’s headquarters is located in Detroit and new branch offices are opening soon in Sacramento and New Orleans. Although currently smaller than New Orleans, Sacramento has been chosen to be the main Branch office in order to secure contracts with companies in the western portion of the United States. As such, scalability is crucial for the Sacramento location as growth in that branch is inevitable.

Your job is to bring the branch offices online as soon as possible, as well as provide connectivity among all departments in all locations. You will design a new addressing scheme, configure WAN links, configure the LAN and WLAN, set up NAT and implement some standard security measures.

They are expecting the following roles to be fulfilled; again any other functionality may be added with justification and approval. There will be a minimum of 2 domain controllers at each site; the remote site in Sacramento does not have sound physical security so any DCs there will need protected somehow. They will need a web server, file and print services for all sites, media server to house training videos, backup and update (WSUS) servers, Microsoft Exchange email, they also need to serve several applications including a sales app and Quicken for their accounting department and any applications that your team implements.

Scalability at all sites is absolutely necessary because the company has requested that you implement as many “advanced” technologies as possible after installation of the required LAN/WAN infrastructure These advanced technologies include; wireless, IP telephony, Tele-Presence, video surveillance, and security technologies. In other words, no portion of the LAN/WAN infrastructure should be implemented without consideration of how advanced technologies will be integrated into the system in the future.

The customer also specified that each user has their own private folder, departmental shares and a management share. Each of these should only be accessible by those in the given departments. These should be stored and backed up centrally and accessible to users no matter where they log in to the domain.

The web sites and database must be scalable to handle thousands of records, millions of customers, and very high traffic levels. Security and availability must be balanced.

8

They will also need new client stations for all employees; each station will have a desktop system. You should also create a plan for future hardware upgrades on a recurring cycle. It is also imperative to plan for software upgrades; not only for the OS and Office products but for Adobe products (Flash, Reader, etc...), Java, Firefox, and all other software on the PCs.

All managers will require laptops along with their desktops and the expectation is that they will have seamless access to their desktop and document along with other resources from both. The managers in New Orleans will require sturdy models that can withstand some abuse. The security machines need to be high-end with high resolution video and large multiple monitors to view security feeds.

You will establish and enforce through group policies an ethical usage plan for all levels of users that lays out what is acceptable and unacceptable use of company resources. You will also plan and implement a trouble ticket handling system and process.

The headquarters site wishes to enable all employees to have easy and secure network/internet access with mobile devices such as laptops. Requirements also indicate that visitors should have internet access with mobile devices, while being isolated from the corporate network until they can meet security requirements. The Sacramento site also needs secure access to mobile devices. Visitors are not allowed internet access in Sacramento.

You will plan for an enterprise-grade internet solution that will handle the heavy volume of traffic expected including video conferencing between sites. They would also like to utilize the network infrastructure for voice communication. They would like you to explore alternatives and justify your decisions.

The customers are expecting a comprehensive design of the logical infrastructure as well. To this end you will completely design the entire operation from the ground up. This will entail a separate domain for each site that will fall under a single tree housed at the Detroit office. The design should also include an intranet for employee access to applications, email, company policies and such. As well as an internet presence that is interactive, and allows for product sales. These sales should directly deduct inventory and provide notification when an item gets low.

WeFrameU.com sells frames in several sizes, colors and styles. They are priced by size (3*5 = $10, 5*7 = $12, 8*11 = $15, 11*14 = $20, 16*20 = $25). They should be searchable and sort able by all of these factors. They also allow personalization of frames for an initial cost of $2 for the first 5 letters; each additional letter costs a penny. They are expecting you to design a database to house inventory and track gross income. The accounting department will then determine the amount of profit through their application. The system should monitor and maintain inventory in wood, glass and even the amount of

9

paint or varnish being used. For every united inch of framing ¼ pint of paint or 3/8 pint of varnish are used. Wood is measured in board feet, paint and varnish are measured in gallons and glass is measured in united inches.

You will create a functional test environment with the equipment that you are assigned in the lab. This will serve as the prototype and proof of concept for your design. You should virtualize wherever possible to allow the widest available testing. The first presentation will describe your plan to complete the prototype and will be based on the course calendar.

Most importantly you will document the entire process. This includes all planning and implementation guidelines, the usage plan, replacement cycles, network and application diagrams, and any other documents that are needed to complete the project.

Your final document will describe the full-scale implementation. This will include a timeline for deployment at each site. Your prototype plan and documentation (Progress Reports) will appear as Appendix A.

Project Requirements:

Corporate Information:Detroit Site

o National datacenter including corporate services: Email DNS Web/ Database FTP Active Directory

o Should utilize mixed Linux/Windows environment with virtualization (see Microsoft)

o DMZ should be secured with appropriate technologies (ACLs, Firewall, IDS/IPS).

Sacramento (2 buildings)

o 2 LANs

10

o IP Telephony solution for intra LAN and inter LAN (LA to Detroit) using a call-manager implementation at each site. Both hardware and software phones can be used.

o Site-to-Site VPN with Detroit Architecture can use ASA, Router IOS, or any combination.

o Secure autonomous wireless (bridge) connects two buildings. PCs from each LAN are in each building.

New Orleans

o 2 LANs (1 IPv6 wired, 1 IPv4 wireless). 6-to-4 translation method is your choice.o IP Telephony if possible (we may need more IP phones).o At least 1 secure autonomous wireless LAN. Authenticate to Active Directory??

Teleworker

o Remote access VPNSite Breakdown:

Detroit

Department Users Stations Hosts

Staff 300 150 750

Upper Mgmt. 10 10 24

Marketing 25 25 57

Shipping 50 15 120

Accounting 25 25 48

Human Resources 40 30 100

Facilities 25 5 50

Security 5 5 41

IT 5 5 13

Totals: 485 270 1203

WAN Connectivity

The Detroit headquarters needs connectivity to both New Orleans and Sacramento. Choices for WAN connectivity include frame relay and point-to-point “leased lines.” If point-to-point leased lines are used, a robust form of PPP authentication must be used on the links between routers.

11

LAN/VLAN

Connectivity among all departments in the HQ LAN is required through the use of VLANs.

Wireless

Due to space constraints the company recently annexed a nearby building to house 10 of the current 41 security team members. Because this annex does not have a wired infrastructure; a secure, autonomous, wireless LAN solution must be implemented in the annex. Moreover, the annex is across the street from the main Detroit site. Local “right of way” ordinances render wired connectivity to the main Detroit site financially impractical at this time. As a result, a separate, secure, autonomous, wireless solution that connects the annex WLAN to the main Detroit site is also required.

Routing

WAN connectivity among all three sites should be established through the use of a dynamic routing protocol. The choice of routing protocol must be justified by the Cisco team, and IP addressing/network design/routing tables must be efficient as possible inside the network. Consider using summary addresses when/if possible. Appropriate routing must also exist between the ISP router and the company’s edge router.

Global Data Center

The Detroit headquarters houses a corporate data center which includes all servers necessary for day to day HQ operations. This includes Web, email, and FTP services. These servers are located in a Demilitarized Zone (DMZ) and are open to public access.

IP Addressing, NAT and DMZ

Then entire corporate network has been assigned an external NAT pool of 10.200.100/29 by its ISP. This is how the corporation is viewed by the ISP and the rest of the world. This pool of addresses is to be shared between:

Internal hosts needing outside connectivity. Devices within the DMZ

All internal traffic should be translated to an address within this pool for Internet connectivity. Moreover, the Web, email, and FTP servers all need to be reached by hosts on the Internet via domain name (e.g., www.companyx.com, ftp.companyx.com, or mail.companyx.com).

12

ftp://ftp.companyx.com/

http://www.companyx.com/

As a result, the DMZ server addresses must share a portion of the overall /29 public address pool with internal hosts that need translation. To avoid exhaustion of the pool addresses used for internal connectivity to the outside, Port Address Translation (PAT) should be configured on pool addresses to be used for inside to outside connectivity.

Detroit Access Control

To better secure the corporate network, the following policies are to be implemented:

Internet users should only be able to ping the company’s inside public web server, inside public FTP server, and inside email server. Internet users should not be able to ping hosts on the company’s inside LAN.

Internet users are allowed to send ping replies and unreachable messages into the inside LAN.

Internet packets that are part of an already established TCP session should be allowed into the network.

Allow companyx domain users to have web access and send ICMP messages to the Internet. For example, inside users should be able to ping other web sites.

Users in the Custodial and Shipping/Receiving VLANs should not be allowed to telnet anywhere.

Sacramento


Staff 75 50 217

Management 5 5 12


Facilities 4 2 4

Security 2 1 10

IT 2 2 6

Totals: 90 62 257

Description

The Sacramento site consists of a single building, which houses the main employee population; and a small separate building across the street from the main site.

13

LAN/VLAN

Connectivity among all departments in the Sacramento LAN is required through the use of VLANs.

Wireless

The Human Resources and Security VLANs share a secured, autonomous wireless access point. Each VLAN requires authentication for each department to access their respective wireless WLAN.

IP Addressing

As with all corporate LANs, efficient IP addressing should be used. Scalability should be considered when committing to subnet sizes. Cisco team must justify subnet mask choice.

New Orleans


Staff 125 125 300

Management 8 8 17

Marketing 4 4 15


Facilities 4 2 17

Security 9 9 20

IT 4 4 9

Totals: 160 154 396

Description

The New Orleans site consists of a single building which houses the main employee population.

LAN/VLAN

Connectivity among all departments in the New Orleans LAN is required through the use of VLANs.

14

IP Addressing

As with all LANs, efficient IP addressing should be used. Scalability should be considered when committing to subnet sizes. Cisco team must justify subnet mask choice.

Responsibilities:

This list is not exhaustive or inclusive. These are some guidelines to get you going in the right direction. It is imperative that everyone is very clear about the scope of responsibility of each team. You should expand the project in any ways that are feasible. Explore new technologies, find ways to utilize technologies that you know.

Infrastructure:

Active Directory

DNS

Exchange Email

Outlook Web Access (OWA)

DHCP

Folder shares for users and departments

Use virtualization platform (ESXi, HyperV, ZenServer, etc…)

Media server to house training videos

Backup and update (WSUS) servers

Develop an image deployment system.

Establish and enforce a policies and ethical usage plan for all of users.

Plan and implement a trouble ticket handling system and process.

Remote desktop solution

Disaster recovery document

Developement:

Web Sites (Internal and External)

Ability for new users to “register” and create an account with username and password

Design a database to house inventory and track gross income/expenditures.

15

Online catalog of products with price.

Ordering system with real-time inventory control

Sends each order to warehouse as completed (calculates proper springs and frames to include)

Generate a shipping label for order

Removes sold items from inventory

Receipt generation after payment with fake credit card.

System should be able to generate several reports:

Total number of mattresses box springs and frames on hand

Monthly usage patterns

Network:

All internal and external communications

Addressing

WAN links

VLAN

NAT

Wireless network

Routing

Teleworker Solution

Telephony

Internet solution

Security cameras

Telepresence

Network Security

Disaster Recovery

Additional Comments:o You should not “do the minimum.” Additional technologies should be explored and

implemented when appropriate. o For example, use PPP with authentication, rather than just PPP.

o Don’t be afraid to add additional functionality (IP cameras, telephony, telepresence, etc… if you complete the above Responsibilities.

16

17

Project Charter

18

1. Project DescriptionThis project’s end goal is to fully establish and integrate a comprehensive IT solution for WeFrameU, including their primary facilities and the establishment of two new branch offices. The team will collaborate with project sponsors to develop realistic goals and expectations, striving to fulfill all customer needs to the best of their ability.

2. Project PurposeThe purpose of this project, in addition to the initial goal of rolling out two new offices, is to improve business functionality through the use of integrated IT systems. These systems will push down operational costs by improving employee efficiency, and reducing management overhead. We project an increase of sales on the order of 25% as a result of improved customer interaction, and the development of a web based operations system, allowing for customers to order at their leisure.

3. Business CaseIn addition to the aforementioned reduction in operations costs, and increase in potential sales volume, this project will further prepare the company for future growth. Principle to said growth is the implementation of a properly scalable infrastructure, such as that which this project aims to create.

4. Business RequirementsThe project will introduce methods to facilitate customer interaction and sales, a means to maintain and monitor inventory of product, and systems to manage employees.

5. AssumptionsThis project operates under the assumption that project sponsors will authorize appropriate budget as needed for the project, including, but not limited to labor costs, hardware and software requirements. Further, project stakeholders are assumed to have communicated their requirements to the best of their knowledge, allowing for a consistent direction of effort for members of the project team.

6. ConstraintsThis project is subject to several constraints. Chief among them is a hard deadline. The project must be completed on or before May 5th, 2016. In addition to this time constraint, the project is limited in its resources. Acquisition of hardware and software resources is to be vetted through project sponsors, and additional personnel resources will not be available in any form.

7. RisksCurrently known risks to this project’s completion and successful implementation include loss of team members to attrition, limited access to personnel resources owing to their being otherwise allocated to other projects and tasks. In addition, the deadline previously mentioned looms, failure to anticipate events preceding this timeframe may result in additional risks to the status of the project. Budgetary concerns include additional costs being incurred as a result of increasing scope of project goals. All such

19

budgetary risks will be channeled through project sponsors for approval before any implementation may go forward.

8. Project DeliverablesUpon completion of the project, the team will present the following deliverables: a functional representation of network infrastructure, exhibiting communication and integration of sites in Detroit, Sacramento, and New Orleans. A server infrastructure will be in functional working order, providing domain services, security and accessibility, including remote access, internally hosted Email, local DNS and DHCP, appropriate update functionality, a system to create tickets for IT professional attention in the event of problems, and further infrastructure applications as required in an enterprise environment. Finally, proprietary software solutions will be implemented to address Human Resources needs, inventory management, and customer care, the latter including and online system to place and process orders for products. Documentation of all systems and the development process will be presented upon project completion.

9. Project MilestonesIdentify the project milestones.

Milestone Date Milestone Name Milestone Description[February 20] Project Charter

CompleteReport of project goals and parameters presented to project sponsors for approval.

[February 25] System Requirements Complete

System requirements version 1.0 are approved and baselined so that the project can begin design and development.

[March 1] Implementation Underway

Begin process of project execution.

[April 20] Development Complete Software and hardware development is complete and ready for integration testing.

[May 1] Deployed to Production System passes integration and end-user acceptance testing and is deployed to production.

[May 5] Present Final Product All project goals met, and tested. Present finalized project to project sponsors for approval and review.

10.Project ManagerThe project manager for this project will be one, Alexander Korich. His authority in this project will include preliminary filtering of budget and resource allocation and requisition, subject to approval from project sponsors. All changes and suggestions to the scope of the project must be vetted through project manager before being submitted to the project sponsors. Final responsibility for project completion and phase progression rests with project manager. Personnel allotment following the initial assignment of teams and their leadership may be adjusted as per the needs of the project as identified by the project manager.

20

11.Project Roles and Responsibilities

Name Role ResponsibilitiesAlex Korich Project

Management Lead project team, and develop appropriate

documentation. Interact with project sponsors to identify needs

and requirements.Haylie Pangle Server Team Co-

Lead Plan and document Server related tasks for the

project. Direct implementation of Server Team goals. Assign resources as necessary to tasks for

project completion.Cody Tormoehlen Server Team Co-

Lead Coordinate with Haylie for server team’s

successful deployment and development. Filter requests and suggestions from team for

increase or decrease of scope or resource requisition. Confer with Alex for approval of said requests.

Liaison with Alex for status reports of server team progress.

Report progress of project development and goals periodically to project sponsors.

Shane Adams Network Team Lead Plan and document Network related tasks for the project.

Direct implementation of Network Team goals. Assign resources as necessary to tasks for

project completion. Filter requests and suggestions from team for


Liaison with Alex for status reports of network team progress.

Report progress of project development and goals periodically to project sponsors.

Joey Davis Software Plan and document Software related tasks for

21

Development Team Lead

the project. Direct implementation of Software Team goals. Assign resources as necessary to tasks for

project completion. Filter requests and suggestions from team for


Liaison with Alex for status reports of network team progress.Report progress of project development and goals periodically to project sponsors.

12.Project Life Cycle Methodology and ToolsThis project will implement a Waterfall Life Cycle methodology. The team will make use of myriad tools to assist in its completion. Among them, document templates obtained from ProjectManagementDocs.com, and tools and programs included in Microsoft Project.

22

13.AuthorizationApproved by the Project Sponsor:

______________________________________________ Date:______________________[Baitz, Justin]

Director of Ongoing Operations, WeFrameU.com

Accepted by the Project Manager:

______________________________________________ Date:______________________[Korich, Alexander]

Project Manager, Ivy Technical Consulting

Accepted by the Project Team Leaders:

______________________________________________ Date:______________________[Adams, Shane]

Network Team Co-Leader, Ivy Technical Consulting

______________________________________________ Date:______________________[Taylor, Ryan]

Network Team Co-Leader, Ivy Technical Consulting

______________________________________________ Date:______________________[Davis, Joey]

Software Development Team Leader, Ivy Technical Consulting

______________________________________________ Date:______________________[Tormoehlen, Cody]

Server Team Co-Leader, Ivy Technical Consulting

______________________________________________ Date:______________________[Pangle, Haylie]

Server Team Co-Leader, Ivy Technical Consulting

23

24

Ethical Use Policy

25

The resulting product of this project is to be used only under the strict adherence to

WeFrameU.com’s corporate ethics policy. To that end, the technical capabilities aided and enhanced by

this project’s scope should not be pushed beyond the limits of fair and respectable usage. By the very

nature of a business maintaining communication with clients, sensitive information will be passed along

insecure channels. To prevent unnecessary loss of such sensitive information as credit card information,

all WeFrameU.com employees are to follow the guidelines set forth by their company, and the project

sponsor is to take Ivy Technical Consulting’s security and policy suggestions under advisement.

Following project completion, all administrative passwords used in the implementation of the

systems will be changed to accommodate WeFrameU.com’s local IT staff and administration.

Representatives of Ivy Technical Consulting will not retain access to any system created for the project

sponsor. Support will not be ongoing, preventing potential conflicts of interests.

26

Scope Statement

27

INTRODUCTION

This Project Scope Statement serves as a baseline document for defining the scope of the WeFrameU Comprehensive IT Solution Project, project deliverables, work which is needed to accomplish the deliverables, and ensuring a common understanding of the project’s scope among all stakeholders. All project work should occur within the framework of the project scope statement and directly support the project deliverables. Any changes to the scope statement must be vetted through the approved Project Change Management Process prior to implementation. This completion date for this project is May 5, 2016.

PROJECT PURPOSE AND JUSTIFICATION

Ivy Technical Consulting has been approved to design and implement a comprehensive IT solution for WeFrameU, including hardware infrastructure, server implementation, and software solutions to provide for enhanced employee productivity and customer satisfaction. The purpose of this project is to expand WeFrameU’s operations by establishing two new branch offices and integrating them with the main office. WeFrameU’s expansion into these additional branches provides the perfect opportunity to reinforce their operations through this implementation and expansion of technical solutions. By implementing the project, WeFrameU can better leverage its resources by providing fundamental services for its employees, and establishing essential services for streamlining ordering and support for its customers. The successful implementation of this project is expected to reduce WeFrameU’s cost of operations and schedule delays by 30%, and improve sales through implementation of easy online ordering by 25%.

SCOPE DESCRIPTION

The scope of the WeFrameU Comprehensive IT Solution Project is to plan, design, build, and implement a working infrastructure for WeFrameU, including allowances for two new branch offices, the home office, and potential future expansion. Each site will be equipped with a redundant network infrastructure, with systems in place for data communication between all devices as necessary, integrated voice over network, network supported security cameras, and Cisco Telepresence, and wireless access designed to meet appropriate security requirements. Additionally, each site will be equipped for full communication with the other sites, over WAN links. Upon this network infrastructure will be implemented a robust server infrastructure. Each site will be equipped with severs to function as domain controllers and other essential domain services, including file shares, and domain authentication. Server infrastructure will be implemented in a mixture of both physical and virtual systems, allowing for greater flexibility, and scalability. The entire network will be supplied with an exchange system to handle messaging, a web server to host services both internal and external, and remote access solutions. Wireless communication and authentication will be handled by a RADIUS server. A system will be

28

prepared to implement secure updates and image delivery, minimizing unnecessary bandwidth usage. In order to properly monitor the computing environment, an offline trouble ticket system will be implemented. A database will be developed as a backbone for the front end programs to be developed. The software team will provide and administration portal, in which users will be able to manage employees, materials, products, and customer orders. A storefront will be developed, which will be the outside point of contact for customers, allowing for browsing products, implementation of a shopping cart system, checkout, including payment operations. Customers will be able to create accounts for use within the storefront environment, and view orders as necessary.

HIGH LEVEL REQUIREMENTS

IvyTechnical Consulting has been authorized to prepare and produce an IT solution for WeFrameU according to the following requirements:

Three Sites, home site and two branches. Functional network communication between all sites. Network security available to an appropriate business standard. Implementation of VoiP systems. Telephony implementation. Development of network integrated security cameras. Implementation of a server environment, supplying domain services, email exchange,

authentication, and storage solutions, as well as serving as a platform for software integration. Development of database to maintain and monitor inventory, orders, customers and employees. Implement online presence, allowing customer interaction, and product ordering.

BOUNDARIES

The WeFrameU project includes all features included in the above scope. IvyTechnical Consulting will not provide ongoing support and maintenance for the systems and infrastructure produced by the project, nor will the project include the training of end users in the use of these systems.

STRATEGY

The strategy involved in the WeFrameU project will fall under the following structure. The team will consist of primarily entry level employees, serving as a real world test of abilities, and the implementation of realistic, if challenging goals. In order to facilitate results while working withing the constraints of limited scheduling and availability, as much work will be accomplished outside of typical hours. Should

29

outside advice be needed, local experts may be contacted on a pro bono basis. These contributions will be credited and noted inproject documentation..

DELIVERABLES

There are several deliverables which will be produced as a result of the successful completion of the PMD Project. If all of the following deliverables are not met then the project will not be considered successful. The Project Manager is responsible for ensuring the completion of these deliverables.

1. Deliverable 1 – Functional routing configuration and connectivity between sites.2. Deliverable 2 – Peripheral network applications, wireless access, VoiP and Security cameras.3. Deliverable 3 – Satisfactory network security implementation, firewalls, ACL’s.4. Deliverable 4 – Implementation of a domain structure, with servers and clients joined, exhibiting

base connectivity and authentication.5. Deliverable 5 – Delivery of completed network infrastructure, presented for use by rest of project

team.6. Deliverable 6 – Functional and tested file storage and sharing implementation.7. Deliverable 7 – Remote control, access and remote authentication systems tested and

implemented, including Remote Desktop and Radius implementations.8. Deliverable 8 – Functional WDS solution for image deployment and creation.9. Deliverable 9 – Functioning update infrastructure.10. Deliverable 10 – Working Exchange environment.11. Deliverable 11 – Implemented ticketing system.12. Deliverable 12 – Database Schema established.13. Deliverable 13 – Admin Portal Employee/Material Management.14. Deliverable 14 – Admin Portal Product/Order Management.15. Deliverable 15 – Storefront API Established.16. Deliverable 16 – Storefront Account Creation and Authentication17. Deliverable 17 – Closing Documents and Presentation of Final Product.

ACCEPTANCE CRITERIA

Acceptance criteria have been established for the WeFrameU Project to ensure thorough vetting and successful completion of the project. The acceptance criteria are both qualitative and quantitative in nature. All acceptance criteria must be met in order to achieve success for this project:

1. Meet all deliverables within scheduled time and budget tolerances2. Fully functioning branch sites.3. Demonstrable improvements in infrastructure to provide appreciable benefits to both cost of

operation and increased revenue through online sales.

CONSTRAINTS

30

Several constraints have been identified for the PMD Project. It is imperative that considerations be made for these constraints throughout the project lifecycle. All stakeholders must remain mindful of these constraints as they must be carefully planned for to prevent any adverse impacts to the project’s schedule, cost, or scope. The following constraints have been identified for the PMD Project:

1. Human Resources will only be available 25% of their workable hours.2. Project manager will only work 50% of billable hours on this project.3. Project must be completed by close of business on May 5, 2016.4. Project must be completed within budget tolerance.

ASSUMPTIONS

Several assumptions have been identified for the WeFrameU Project. All stakeholders must be mindful of these assumptions as they introduce some level of risk to the project until they’re confirmed to be true. During the project planning cycle every effort must be made to identify and mitigate any risk associated with the following assumptions:

1. IT group is capable of producing quality and professional documentation of their efforts.2. IT experts working only 25% of their billable hours on this project is adequate to complete the

project by May 5, 20163. The Project Manager working only 50% of billable hours on this project is adequate to complete

the project by May 5, 20164. The WeFrameU Project has full support from senior management across all departments within

Ivy Tech Community College.

COST ESTIMATE

The estimated costs for this project are included in the table below. As the project proceeds and any additional costs become known, this cost estimate will be refined and communicated to all project stakeholders.

Expense Estimated Budget

Labor $60782

Software $8250

Hardware $666739

Other --

Total $735771

31

32

SPONSOR ACCEPTANCE

Approved by the Project Sponsor:

______________________________________________ Date:______________________Baitz, Justin

Director of Ongoing Operations, WeFrameU.com

33

Work Breakdown Structure

34

INTRODUCTION

The Work Breakdown Structure presented here represents all the work required to complete this project.

OUTLINE VIEW

1. Comprehensive IT Solution1.1 Initiation

1.1.1Evaluation & Recommendations1.1.2Develop Project Charter1.1.3Deliverable: Submit Project Charter1.1.4Project Sponsor Reviews Project Charter1.1.5Project Charter Signed/Approved

1.2 Planning1.2.1Create Preliminary Scope Statement1.2.2Deliverable: Submit Scope Statement for Review1.2.3Project Team Kickoff Meeting1.2.4Develop WBS1.2.5Deliverable: Submit WBS for Approval1.2.6Network Team Planning

1.2.6.1 Create Topology 1.2.6.2 Physical Connections 1.2.6.3 Routing and Switching solution1.2.6.4 Wireless Solution1.2.6.5 IP Telephone solution1.2.6.6 Develop Teleworker Solution1.2.6.7 Network Security Solution1.2.6.8 Internet and Disaster Recovery Solution

1.2.7Software Development Team Planning1.2.7.1 Determine Objects1.2.7.2 Determine Tools1.2.7.3 Decide on Front-end JavaScript Framework1.2.7.4 Decide on Front-end GUI Framework1.2.7.5 Decide on Java Server Framework1.2.7.6 Configure Development Environments

1.2.8Develop Project Plan1.2.9Submit Project Plan1.2.10 Milestone: Project Plan Approval

1.3 Execution

35

1.3.1Project Kickoff Meeting1.3.2Verify & Validate User Requirements1.3.3Procure Hardware/Software1.3.4Network Team Execution

1.3.4.1 Install Logical Topology1.3.4.2 Implement Basic configurations1.3.4.3 Configure Routing and Switching1.3.4.4 Implement wireless solution1.3.4.5 Deploy IP telephone solution1.3.4.6 Deploy teleworker solution1.3.4.7 Setup network security1.3.4.8 Setup Internet and Disaster Recovery1.3.4.9 Testing Phase1.3.4.10 Install Live System1.3.4.11 Go Live

1.3.5Server Team Execution1.3.5.1 Server Installation

1.3.5.1.1 Install Server OS1.3.5.1.2 Check Server Updates1.3.5.1.3 Assign Static IP to Server

1.3.5.2 Active Directory/ DNS1.3.5.2.1 Install Active Directory Role1.3.5.2.2 Create GPOs for each department1.3.5.2.3 Add users to each department 1.3.5.2.4 Enforce polices1.3.5.2.5 Setup/Verify DNS

1.3.5.3 DHCP1.3.5.3.1 Install DHCP Role1.3.5.3.2 Add the ranges for each location1.3.5.3.3 Add exclusions- static IPs from server

1.3.5.4 DFS/Shared Files1.3.5.4.1 Install DFS1.3.5.4.2 Configure DFS1.3.5.4.3 Create share files for each department

1.3.5.5 Remote Desktop/Virtualization1.3.5.5.1 Install Remote Desktop1.3.5.5.2 Configure RD1.3.5.5.3 Enable on Client1.3.5.5.4 Install Hyper-V

1.3.5.6 WDS1.3.5.6.1 Install WDS role1.3.5.6.2 Create an image

1.3.5.7 WSUS1.3.5.7.1 Install WSUS role

36

1.3.5.7.2 Configure backup/update on WSUS1.3.5.7.3 Add OUs

1.3.5.8 Radius Server1.3.5.8.1 Install Radius Server Role1.3.5.8.2 Configure to use Authentication by using domain

username/password1.3.5.9 Exchange Email/Outlook

1.3.5.9.1 Install Exchange 1.3.5.9.2 Add the Role1.3.5.9.3 Configure Exchange email

1.3.5.10 SpiceWorks1.3.5.10.1 Download application to server1.3.5.10.2 Create an offline account for ticketing system

1.3.5.11 Disaster Recovery Plan1.3.5.11.1 Collaborate with teams on disaster

1.3.6Software Development Execution1.3.6.1 Database

1.3.6.1.1 Define Attributes1.3.6.1.2 Define Relationships1.3.6.1.3 Define Schema1.3.6.1.4 Create Database Migrations

1.3.6.2 Admin Portal1.3.6.2.1 Authentication

1.3.6.2.1.1 Employee Login1.3.6.2.1.2 Employee Logout

1.3.6.2.2 Employee Management1.3.6.2.2.1 Add Employee1.3.6.2.2.2 View Employees1.3.6.2.2.3 Modify Employee1.3.6.2.2.4 Remove Employee

1.3.6.2.3 Material Management1.3.6.2.3.1 Add Material1.3.6.2.3.2 View Materials1.3.6.2.3.3 Modify Material1.3.6.2.3.4 Remove Material

1.3.6.2.4 Product Management1.3.6.2.4.1 Add Product1.3.6.2.4.2 View Products1.3.6.2.4.3 Modify Product1.3.6.2.4.4 Remove Product

1.3.6.2.5 Customer Order Management1.3.6.2.5.1 Add Order1.3.6.2.5.2 View Orders1.3.6.2.5.3 Modify Order

37

1.3.6.2.5.4 Cancel Order1.3.6.3 Storefront

1.3.6.3.1 Products1.3.6.3.1.1 Display Products1.3.6.3.1.2 Filter Products1.3.6.3.1.3 Product Detail

1.3.6.3.2 Shopping Cart1.3.6.3.2.1 Define Shopping Cart API1.3.6.3.2.2 Add Item1.3.6.3.2.3 Remove Item1.3.6.3.2.4 Modify Item1.3.6.3.2.5 Clear Cart

1.3.6.3.3 Account Creation1.3.6.3.4 Checkout

1.3.6.3.4.1 Accept Shipping Information1.3.6.3.4.2 Accept Payment Information1.3.6.3.4.3 Process Order1.3.6.3.4.4 Display Receipt

1.3.6.3.5 Customer Authentication1.3.6.3.5.1 Customer Login1.3.6.3.5.2 Customer Logout

1.3.6.3.6 Customer Account Management1.3.6.3.6.1 View Orders

1.3.7Go Live1.4 Control

1.4.1Project Management1.4.2Project Status Meetings1.4.3Risk Management1.4.4Update Project Management Plan

1.5 Closeout1.5.1Audit Procurement1.5.2Document Lessons Learned1.5.3Update Files/Records1.5.4Gain Formal Acceptance1.5.5Archive Files/Documents

38

WBS DICTIONARY

Level WBS Code

Element Name Definition

1 1 Comprehensive IT Solution All work to implement a new IT environment for WeFrameU, including the setup of their new branches.

2 1.1 Initiation The work to initiate the project.

3 1.1.1 Evaluation & Recommendations Working group to evaluate solution sets and make recommendations.

3 1.1.2 Develop Project Charter Project Manager to develop the Project Charter.

3 1.1.3 Submit Project Charter Project Charter is delivered to the Project Sponsor.

3 1.1.4 Project Sponsor Reviews Charter Project sponsor reviews the Project Charter.

3 1.1.5 Project Charter Signed/Approved The Project Sponsor signs the Project Charter which authorizes the Project Manager to move to the Planning Process.

2 1.2 Planning The work for the planning process for the project.

3 1.2.1 Create Preliminary Scope Statement Project Manager creates a Preliminary Scope Statement.

3 1.2.2 Submit Scope Statement for Review Submit Scope Statement to Project Sponsor for Review.

3 1.2.3 Project Team Kickoff Meeting The planning process is officially started with a project kickoff meeting which includes the Project Manager, Project Team and Project Sponsor (optional).

3 1.2.4 Develop WBS Work with Team Leads to create WBS for project.

3 1.2.5 Submit WBS For Approval Project Manager submits the WBS

39

for approval.

3 1.2.6 Network Team Planning Deciding on how the network will look and function.

4 1.2.6.1 Create Topology Creating a logical topology of how physical network will look like.

4 1.2.6.2 Physical Connections Design wiring scheme for datacenter layout and WAN links for sites.

4 1.2.6.3 Routing and Switching Solution EIGRP protocol, and switching configurations.

4 1.2.6.4 Wireless Solution Wireless AP for guests and employees.

4 1.2.6.5 IP Telephone Solution VoIP phone systems and telepresence conferencing.

4 1.2.6.6 Develop Teleworker Solution VPN and remote connectivity for teleworkers.

4 1.2.6.7 Network Security Solution Security ideas consisting of MD5, ACLs, firewalls, etc.

4 1.2.6.8 Internet and Disaster Recovery Solution

Provide connection to internet from within network and plan hot/cold site for backup.

3 1.2.7 Software Development Team Planning

Design and development is planned

4 1.2.7.1 Determine Objects Identification of objects within the system

4 1.2.7.2 Determine Tools Determine what development tools will be necessary to complete the project.

4 1.2.7.3 Decide on Front-end Javascript Framework

Determine which framework will assist in front-end processing.

4 1.2.7.4 Decide on Front-end GUI Framework

Determine a framework for the user interface

4 1.2.7.5 Decide on Java Server Framework Determination of a server-side framework to handle HTTP requests

4 1.2.7.6 Configure Development Development stations are configured

40

Environments

3 1.2.8 Develop Project Plan Under the direction of the Project Manager the team develops the project plan.

3 1.2.9 Submit Project Plan Project Manager submits the project plan for approval.

3 1.2.10 Project Plan Approval The project plan is approved and the Project Manager has permission to proceed to execute the project according to the project plan.

2 1.3 Execution Work involved to execute the project.

3 1.3.1 Project Kickoff Meeting Project Manager conducts a formal kick off meeting with the project team, project stakeholders and project sponsor.

3 1.3.2 Verify and Validate User Requirements

The original user requirements is reviewed by the project manager and team, then validated with the users/stakeholders. This is where additional clarification may be needed.

3 1.3.3 Procure Hardware and Software The procurement of all hardware, software and facility needs for the project.

3 1.3.4 Network Team Execution Work involved to execute the project.

4 1.3.4.1 Install Logical Topology Translate logical topology into physical topology.

4 1.3.4.2 Implement Basic Configurations Configure basic router and switch configurations (hostname, console security, etc).

4 1.3.4.3 Configure Routing and Switching Implement EIGRP, and advanced switching configurations.

4 1.3.4.4 Implement Wireless Solution Deploy APs for guest and employee access.

41

4 1.3.4.5 Deploy IP Telephone Solution Apply VoIP technology for phone system and telepresence for conferencing.

4 1.3.4.6 Deploy Teleworker Solution Apply VPN technology and remote connectivity for employees.

4 1.3.4.7 Setup Network Security Implement ACLs, firewalls, and authentication for network traffic.

4 1.3.4.8 Setup Internet and Disaster Recovery

Setup pathway to internet and backup hot/cold site for recovery.

4 1.3.4.9 Testing Phase The system is tested with a select set of users.

4 1.3.4.10 Install Live System The actual system is installed and configured.

4 1.3.4.11 Go Live System goes live with all users.

3 1.3.5 Server Team Execution All work to implement a new Server Infrastructure

4 1.3.5.1 Server Installation Install OS

5 1.3.5.1.1 Install Server OS Install Windows Server 2012 R2

5 1.3.5.1.2 Check Server Updates Make sure all servers are up-to-date

5 1.3.5.1.3 Assign Static IP to Server Assign static IP address to servers

4 1.3.5.2 Active Directory and DNS Install AD & DNS

5 1.3.5.2.1 Install Active Directory Role Setup & Verify

5 1.3.5.2.2 Create GPOs for Each Department GPOs for each deparment

5 1.3.5.2.3 Add Users to Each Department Add users to each department

5 1.3.5.2.4 Enforce Policies Assign policies to departments

5 1.3.5.2.5 Setup and Verify DNS Setup & verify

4 1.3.5.3 DHCP Install DHCP

5 1.3.5.3.1 Install DHCP Role Setup & verify

5 1.3.5.3.2 Add Ranges for Each Location Ranges will be assign to each location

5 1.3.5.3.3 Add Exclusions – Static IP’s from Static IPs from server

42

Server

4 1.3.5.4 DFS and Shared Files Setup & Verify

5 1.3.5.4.1 Install DFS Install DFS role

5 1.3.5.4.2 Configure DFS Setup DFS at each location

5 1.3.5.4.3 Create Share Files for Each Department

Shared files for each department

4 1.3.5.5 Remote Desktop and Virtualization Install & Verify RD

5 1.3.5.5.1 Install Remote Desktop Setup & verify

5 1.3.5.5.2 Configure RD Configure at each location

5 1.3.5.5.3 Enable on Client Needs enable for function use

5 1.3.5.5.4 Install Hyper-V Install & setup Hyper-V

4 1.3.5.6 WDS Setup & Verify

5 1.3.5.6.1 Install WDS Role Install role at each location

5 1.3.5.6.2 Create an Image Base image for all clients

4 1.3.5.7 WSUS Setup & Verify

5 1.3.5.7.1 Install WSUS Role Install WSUS role

5 1.3.5.7.2 Configure Backup and Update on WSUS

Configure backup/update

5 1.3.5.7.3 Add OU’s Add OUs that need to be backed up

4 1.3.5.8 Radius Server Setup & Verify

5 1.3.5.8.1 Install Radius Server Role Install Radius Server Role

5 1.3.5.8.2 Configure to use Authentication with Domain Credentials

Configure to use Authentication by using domain username/password

4 1.3.5.9 Exchange Email/Outlook Functioning Mail Server

5 1.3.5.9.1 Install Exchange Install Exchange Role

5 1.3.5.9.2 Add the Role Install Exchange Server Role

5 1.3.5.9.3 Configure Exchange Email Configure on mail server

4 1.3.5.10 SpiceWorks Application used for ticketing

43

system

5 1.3.5.10.1 Download Application to Server Download application server

5 1.3.5.10.2 Create an Offline Account for Ticketing System

Create offline account for ticketing system

4 1.3.5.11 Disaster Recovery Plan Plan for Disaster

5 1.3.5.11.1 Collaborate with Teams on Disaster Plan

Collaborate with other teams to create a plan for a disaster

3 1.3.6 Software Development Execution

4 1.3.6.1 Database The database is defined and populated

5 1.3.6.1.1 Define Attributes The definition of database table attributes

5 1.3.6.1.2 Define Relationships The definition of database table relationships

5 1.3.6.1.3 Define Schema Database queries will be written

5 1.3.6.1.4 Create Database Migrations Creation and population of database(s)

4 1.3.6.2 Admin Portal Provides an interface for the business activities

5 1.3.6.2.1 Authentication Provides access control to the admin portal

6 1.3.6.2.1.1 Employee Login Implement the procedure for logging an employee in

6 1.3.6.2.1.2 Employee Logout Implement the procedure for logging an employee out

5 1.3.6.2.2 Employee Management Provides a means of managing employee accounts

6 1.3.6.2.2.1 Add Employee Implement the procedure to add an employee

6 1.3.6.2.2.2 View Employees Implement the procedure to view employees

6 1.3.6.2.2.3 Modify Employee Implement the procedure to modify employees

6 1.3.6.2.2.4 Remove Employee Implement the procedure to remove

44

an employee5 1.3.6.2.3 Material Management Provides a means of managing

materials

6 1.3.6.2.3.1 Add Material Implement the procedure to add a material

6 1.3.6.2.3.2 View Materials Implement the procedure to view materials

6 1.3.6.2.3.3 Modify Material Procedure to modify materials

6 1.3.6.2.3.4 Remove Material Implement the procedure to remove materials

5 1.3.6.2.4 Product Management Provides a means of managing products

6 1.3.6.2.4.1 Add Product Implement the procedure to add a product

6 1.3.6.2.4.2 View Products Implement the procedure to view products

6 1.3.6.2.4.3 Modify Product Implement the procedure to modify products

6 1.3.6.2.4.4 Remove Product Implement the procedure to remove products

5 1.3.5.2.5 Customer Order Management The software will provide a means of managing customer orders

6 1.3.5.2.5.1 Add Order Implement the procedure to add an order

6 1.3.5.2.5.2 View Orders Implement the procedure to view orders

6 1.3.5.2.5.3 Modify Orders Implement the procedure to modify an order

6 1.3.5.2.5.4 Cancel Order Implement the procedure to cancel an order

4 1.3.6.3 Storefront A storefront provides an interface to customers, allowing them to order frames online

5 1.3.6.3.1 Products Customer will have access to products through the storefront.

6 1.3.6.3.1.1 Display Products Implement the procedure for displaying all available products

6 1.3.6.3.1.2 Filter Products Implement the procedure for filtering products by attributes

6 1.3.6.3.1.3 Product Detail Implement the procedure for viewing the details of a specific product

5 1.3.6.3.2 Shopping Cart Customers will have the capability to manage selected items and orders.

45

6 1.3.6.3.2.1 Define Shopping Cart API Definition of a shopping cart API for use in the storefront

6 1.3.6.3.2.2 Add Item Implement the procedure to add a product to the customer’s cart

6 1.3.6.3.2.3 Remove Item Implement the procedure to remove a product from the customer’s cart

6 1.3.6.3.2.4 Modify Item Implement the procedure to modify a product in the cart (such as quantity)

6 1.3.6.3.2.5 Clear Cart Implement the procedure to allow all products to be removed from the cart

5 1.3.6.3.3 Account Creation Customers will be provided a means of creating an account

5 1.3.6.3.4 Checkout Process allowing customers to make purchases

6 1.3.6.3.4.1 Accept Shipping Information Implement the procedure to store shipping information provided by the customer

6 1.3.6.3.4.2 Accept Payment Information Implement the procedure to store payment information provided by the customer

6 1.3.6.3.4.3 Process Order Implement the procedure to “process” the customer’s order

6 1.3.6.3.4.4 Display Receipt Implement the procedure to display a receipt of the customer’s order

5 1.3.6.3.5 Customer Authentication Implement the procedure allowing a customer to maintain a session on the storefront

6 1.3.6.3.5.1 Customer Login Implement the procedure creating a session for a customer

6 1.3.6.3.5.2 Customer Logout Implement the procedure destroying the session for a customer

5 1.3.6.2.6 Customer Account Management Process allowing a customer to view details regarding their account

6 1.3.6.3.6.1 View Orders Implement the procedure allowing customers to view their orders

3 1.3.7 Go Live Systems roll out to live production environment for implementation and stress testing.

2 1.4 Control The work involved for the control process of the project.

3 1.4.1 Project Management Overall project management for the project.

3 1.4.2 Project Status Meetings Weekly team status meetings.

46

3 1.4.3 Risk Management Risk management efforts as defined in the Risk Management Plan.

3 1.4.4 Update Project Management Plan Project Manager updates the Project Management Plan as the project progresses.

2 1.5 Closeout The work to close-out the project.

3 1.5.1 Audit Procurement An audit of all hardware and software procured for the project, ensures that all procured products are accounted for and in the asset management system.

3 1.5.2 Document Lessons Learned Project Manager along with the project team performs a lessons learned meeting and documents the lessons learned for the project.

3 1.5.3 Update Files and Records All files and records are updated to reflect the widget management system.

3 1.5.4 Gain Formal Acceptance The Project Sponsor formally accepts the project by signing the acceptance document included in the project plan.

3 1.5.5 Archive Files and Documents All project related files and documents are formally archived.

47

GLOSSARY OF TERMS

Level of Effort: Level of Effort (LOE) is how much work is required to complete a task.

WBS Code: A unique identifier assigned to each element in a Work Breakdown Structure for the purpose of designating the elements hierarchical location within the WBS.

Work Package: A Work Package is a deliverable or work component at the lowest level of its WBS branch.

WBS Component: A component of a WBS which is located at any level. It can be a Work Package or a WBS Element as there's no restriction on what a WBS Component is.

WBS Element: A WBS Element is a single WBS component and its associated attributes located anywhere within a WBS. A WBS Element can contain work, or it can contain other WBS Elements or Work Packages.

WAN (Wide Area Network): Connections between sites, typically through Internet Service Providers.

EIGRP (Enhanced Interior Gateway Routing Protocol): is a protocol used in the routing process for network traffic.

Wireless AP (Access Point): A device or point in the building where a user with mobile device can connect.

VoIP (Voice over Internet Protocol): Is a technology used to uses phones over the data network at the same time as data traffic.

VPN (Virtual Private Network): Is used as a tunnel through the open internet to securely access company resources.

48

ACLs (Access Control Lists): Are lists used in routing to allow or deny certain traffic into the internal network of the company, or different areas of the company.

MD5( Message Digest 5): Is a type of encryption authentication method for securing traffic over the company network.

Hot/Cold Site: Is the disaster or recovery site in case of a failure.

API: An application programming interface is a set of routines, protocols, and tools for building software applications.

Procedure: A procedure is a series of actions conducted in a certain order, which may or may not have visible results.

Process: A process is a series of collection of procedures to achieve a particular end.

49

Milestone List

50

Milestone List

Project: WeFrameU.Com Date: 04/01/2016

Milestone No.

Milestone Mandatory/Optional Completion Date

Verification

51

001 Project Start Mandatory 5/1/20xx Sponsor Approval

002 Complete Gathering Requirements

Mandatory 6/10/20xx Sponsor Approval

003 Server OS’s Installed and Updated


DNS Functioning

DHCP Functioning

004 Domain Created Mandatory 10/9/20xx Sponsor Approval

Domain Structure Complete with OU’s,

Groups, User, and Computer Accounts

005 Central Domain Policies Established


006 GPO Environment Complete


007 Departmental Shares Created


Share Permissions Established

Radius Server Implemented

Servers Formatted for Development Team

Usage

Exchange System Installed

Exchange System Functioning as per

Specifications

Ticketing System Functioning

Server Infrastructure and Configuration

52

Complete

53

Server Testing Complete

Database Schema/Migrations

Complete

Database Schema/Migrations

Complete

Mandatory 3/7/2016 Feature is complete,

Sponsor Approval

Admin Portal –

Authentication Complete


Sponsor Approval

Admin Portal – Employee

Management Complete


Sponsor Approval

Admin Portal – Materials

Management Complete


Sponsor Approval

Admin Portal – Product

Management Complete


Sponsor Approval

Admin Portal – Customer

Order Management

Complete


Sponsor Approval

Storefront – Products

Complete


Sponsor Approval

Storefront – Shopping Cart


Sponsor Approval

54

Complete

55

Storefront – Account

Creation Complete


Sponsor Approval

Storefront – Checkout

Complete


Sponsor Approval

Storefront – Customer

Authentication Complete


Sponsor Approval

Storefront – Customer

Account Management

Complete

Mandatory 4/21/2016 Feature is complete, Sponsor Approval

Final Testing Complete

Mandatory 4/26/2016 Sponsor Approval

Deployment Complete

Mandatory 4/28/2016 Sponsor Approval

Install Physical Equipment

Mandatory 3/9/2016 Project Manager Approval

Complete Basic Configurations

Mandatory3/12/2016

Project Manager Approval

Complete Routing & Switching Config


Complete wireless implementation

Mandatory3/19/2016

Project Manager Approval

Complete Teleworker solution


Complete IP telephony &


56

telepresence

Complete network security & physical


Setup disaster recovery


Network Testing Mandatory 5/5/2016 Project Manager Approval

57

Budget Breakdown

58

Required Number

Items Individual Cost

Total Cost

11 Physical Server $4500 $49500

11 Windows 2012 R2 Standard Edition License

$750 $8250

0 Volume License for Windows 8.1 $115 $0

6 Cisco Firewall ASA 5505 $675 $4050

2 Cisco Switch 2950 Catalyst 48 Port $1700 $3400

0 Cisco Switch 3500 XL Catalyst 48 Port $2000 $0

1 Cisco Switch 2960 Catalyst 48 Port $1700 $1700

2 Fiber Switches Catalyst $2500 $5000

7 2950 Cisco 24 Port Switch $800 $5600

6 Cisco Router 2800 $2500 $15000

1 Cisco 2901 Router $2500 $2500

3 Wireless Accesws Point $900 $2700

3 VoiP Phone $300 $900

900 Client Grade PC $709 $574290

1 iPad $400 $400

1 Nexus Tablet $199 $199

1 Surface Pro $1500 $1500

609 Network Expert Hours $25 $15225

57 Server Expert Hours $28 $1596

526 Software Developer Hours $28 $14728

943 Project Manager Hours $31 $29233

Total Budget $735771

59

60

Gantt Charts

-Project Start

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

-Project Mid-Life

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

-Project Completion Gantt Chart

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

Change Requests

145

Change Request

Project: We Frame U Administration Portal Date: 3/17/16

Change Requestor: Joey Davis Change No: 001

Change Category (Check all that apply):

□ Schedule □ Cost □ Scope □ Requirements/Deliverables

□ Testing/Quality □ Resources

Does this Change Affect (Check all that apply):

□ Corrective Action □ Preventative Action □ Defect Repair □ Updates

□ Other

Describe the Change Being Requested:

Expunge WBS Items 3.5.1, 3.5.3, 3.5.4 from the software development team’s portion of the WBS.

Describe the Reason for the Change:

The majority of team members lack the expertise to implement these three tasks. The team member capable of implementing them is already required to write other elements due to aforementioned sentence.

Describe all Alternatives Considered:

Training other team members.

Describe any Technical Changes Required to Implement this Change:

n/a

Describe Risks to be Considered for this Change:

n/a

Estimate Resources and Costs Needed to Implement this Change:

n/a

Describe the Implications to Quality:

Quality of remaining elements will not be affected.

Disposition:

□ Approve □ Reject □ Defer

146

Justification of Approval, Rejection, or Deferral:

Lack of team members.

Change Board Approval:

Name Signature Date

Justin Baitz J. Baitz 3/22/16

Alex Korich A. Korich 3/22/16

147

Change Request

Project: Comprehensive IT Solution Date: 3/26/16

Change Requestor: Shane Adams Change No: 002

Change Category (Check all that apply):

□ Schedule □ Cost □ Scope □ Requirements/Deliverables

□ Testing/Quality □ Resources

Does this Change Affect (Check all that apply):

□ Corrective Action □ Preventative Action □ Defect Repair □ Updates

□ Other

Describe the Change Being Requested:

Network team lead responsibilities to be shared with Ryan Taylor. The two will be joint team leaders, as per server team’s structure.

Describe the Reason for the Change:

Reduce stress on Shane and prevent escalation of tensions among network team.

Describe all Alternatives Considered:

Replace network team lead. Reconsider network scope.

Describe any Technical Changes Required to Implement this Change:

None

Describe Risks to be Considered for this Change:

Transition difficulties expected.

Estimate Resources and Costs Needed to Implement this Change:

Using existing resources – No additional costs.

Describe the Implications to Quality:

Should expect improvements to quality with compartmentalized supervision.

Disposition:

□ Approve □ Reject □ Defer

148

Justification of Approval, Rejection, or Deferral:

Change Board Approval:

Name Signature Date

Justin Baitz J. Baitz 3/28/16

Alex Korich A. Korich 3/28/16

149

Technical Documentation of Solution

Network Team

Network Team

Shane Adams – Co-Team Lead

Ryan Taylor – Co-Team Lead

Darin Gravitt

Keith Williams

Mohammad Es-sabri

Scott Busch

Christopher Platt

150

Overview

The WeFrameU project requires a fully functioning network spanning three different sites;

Detroit, Sacramento, and New Orleans. Each site needs to have the stated requirements for the

designated site, according to the business case requirements. There needs to be a WAN connection

between all three sites. The network will need a form of wireless access implemented and security

measures in place (NAT, ACLs, etc and these can be done later).

Internal addressing is independent of each site (meaning each site can be different) because

NAT needs to be in place for translation. Appropriate routing and switching needs to be in place as

needed, and no restrictions which methods to use. After all this is in place VoIP will be deployed.

An internet solution will need to be implemented (since this is a simulation environment) with

appropriate configurations.

The last few things that are needed to integrate into the system are telework solution (such

as a VPN the employees can connect to), and a disaster recovery solution (in this instance a plan is

fine since there is not enough resources to recreate exact backup system). The implementation of

the network will be discussed in detail in other portions of this document. All usable configurations

for all sites can be found in the attached Appendices. Please note that all sections are embedded

within each sites device configurations and are in the Appendices.

Basic Topology & Cabling

This section is going to cover all of the physical things that were required for each site, such

as racking, cabling, ports, etc. For this topology construction, 2811 series Cisco routers and 2950

series Cisco switches, both 24 port and 48 port switches, and a 2960 series Cisco switch, were used.

The cabling was done based on the wiring scheme provided. On the rack provided (Rack 9) rack the

Sacramento site on top. Rack the routers on top, then right below that is both switches. On fig. 1-1 it

151

shows a logical diagram of how this would look. Sacramento has two different buildings, so router

one and router two separate those.

Fig. 1-1

In the figures provided it also shows other components that are added later in the

project. The Detroit site is in the middle of the rack. The layout for this is similar to Sacramento

where the router is on top and the switches below. Since there are three switches in this site, a

stacked implementation starts with switch one down to switch three. Figure 1-2 shows the logical

representation of the layout, in the diagrams it is not stacked but shows that the devices talk to each

other.

152

Fig. 1-2

The next section is in the bottom of the rack. New Orleans is the last to setup and

connect to. For this site it only has one router and three switches. With the three switches, the

stacked approach is used as well, starting with switch one down to switch three. In figure 1-3 it

shows the logical representation of New Orleans and again the diagram does not show this in

stacked form but shows that the devices talk to each other.

153

Fig. 1-3

In the last section of basic topology and cabling is the simulated ISP information.

The last piece to this is the ISP (simulated) section. The equipment used for this was

one router and one switch to help emulate an ISP connection between sites. Within the rack the ISP

switch is just below the Sacramento switch three. As for the ISP router, it was placed below the

New Orleans router. The ISP switch connects to Detroit, Sacramento, and New Orleans, as well as

to the firewall where the external servers are connected. In figure 1-4 it shows the logical

representation of the ISP connections. It does not reflect the actual rack layout of the ISP

equipment.

154

Fig. 1-4

Routing and Switching

After the equipment and cables have been racked, there needs to be established basic

connectivity between all sites and routing and switching configurations. Once there is

communication between all sites, move on to the other sections of the project. This is the part of

implementation where the basic configuration are started. This includes the setup of a hostname,

passwords for the device (such as console and VTY lines, etc), password encryption, and SSH for

155

remote consoling. Refer to Appendices for configuration from the device(s). Figure 2-1 shows an

example of a script used and can be modified for each of the devices.

Fig. 2-1

The next step is the

addressing and getting

some connections up. The

server team needs to have

connections up as soon as

possible, making this the

best place to start. Even though most of the cabling may have already been done you can shrink that

down and focus on the basics by preparing the ports. Each site can either be assigned to a person or

multiple people can work on a single site. Start by referring to the wiring scheme in Appendix *.

Start by setting up the routers or switches, but it would be preferable to setup the switches first. Set

up the VLANs by stating the VLAN and giving it a name. Each VLAN on the internal network will

need this. At this point, put them all in or just put in the VLAN for the servers.

A management VLAN needs to be created in order to remotely access the device.

Assign it an IP address as appropriate and turn it on. Also setup the default gateway on the switch.

After that, set up trunking within each switch. In this case, the interface range of about 4 or 5 ports

are acting as trunks. Make sure to allow all the VLANs as appropriate (in this case all the VLANs

setup or just the server VLAN). One of the last things that needs to be done is setup the interfaces

for access to certain VLANs, because this will allow segregation of the VLANs. Again, in this

example, the servers need to be up as soon as possible. Detroit switch three is used for the Server

156

connections. Assign the VLAN as necessary. Figure 2-2 shows the sample script used to do this.

Reference configurations can be found in Appendix *.

Fig. 2-2

After the switch

configurations are finished, move on to

the routers of each site. These should be

fairly straight forward to configure and

setup. The routers would need to have

the interface to the ISP switch

configured with an IP address and the

interface going to the switches as the

trunk need to be configured. The router

on a stick method is the easiest. With

router on a stick, the sub-interfaces need

to be configured on the outgoing trunk

port to the switch. Each sub-interface

needs to have an IP address as well as

an encapsulation method which is

typically dot1q. This needs to be done

for each of the VLANs from the switches that is being trunked. A sample configuration is shown in

figure 2-3 and is fairly easy to implement.

157

Fig. 2-3

Also there is a complete listing of the

configurations used in the Appendices.

This can be done to each site

accordingly. After the sub-interfaces are

done, move on to setup the routing for

the routers. The routing protocol that

could be used is EIGRP because it’s composite and is a better protocol to use than OSPF.

Go into the router configuration mode and input all the networks that need to be

routed. Usually this is all the internal routers (in this instance all the VLANs that are connected) and

the exit port of the segment or site. Make sure to use a unique router ID and autonomous number.

This number is usually 1, but can be almost anything else. Also make sure to turn off auto-summary

so it doesn’t automatically summarize the networks. Fig 2-4 shows a sample script used and a

complete configuration of this section in Appendix *. This can be done for each site according to

the required configurations.

Fig. 2-4

Entering these configurations into each

router should achieve adjacencies and at

this point, test with pings to see if there is

connectivity. If there is a successful

connection, move on to the next step. If not, troubleshoot until there is a connection. After this is

158

fully converged, do some testing and see if there is connectivity. Plug a test PC into the switch (in

this instance the server VLAN ports) and set a static address to the PC. The PC should “connect”.

Test by pinging the gateway of the VLAN (the sub-interface address that you set on the router this

is the gateway for the VLAN). If it can ping the gateway this is a good sign. Ping the exit port of the

router (this is the connection to the ISP) and see if it can reach this far. At this point, if everything is

done correctly, it should have a connection. Set up PCs for the other sites and do the same tests to

confirm connectivity. If all the sites can talk within itself try pinging the PCs on different sites. All

of the sites should be able to connect to each other. Examples of the configurations can be found in

the Appendices.

VoIP Telephony Solution

After achieving full basic connectivity, implement VoIP telephony. This section is pretty straight

forward and should be easy to implement. At this point all the basics should already be configured.

Check that there is already a voice VLAN on the switch to use for the phone(s). After the VLAN

has been added, designate this as the voice VLAN. Make a sub-interface for the voice VLAN so it

can be routed as well, and also add it to the EIGRP configuration.

The biggest add-ons for VoIP to work is DHCP on the router, so that the phones can

pull an IP address and appropriate information. When setting up the DHCP for VoIP make sure to

include option 150. Figure 3-1 shows an example of a partial script that can be used in this

configuration.

Fig. 3-1

The next major thing that needs to

be implemented for VOIP to work

159

is that telephony-service needs configured. This is what allows the phones to know the maximum

directories, the number of phones allowed, auto-assign and the source IP of where the phones are to

point to. Then, create an ephone-dn for each phone that’s connecting, give it a number or extension,

description, label and other identifiers. Also, an ephone should be made that includes the MAC

address of phone as well as the type and how the buttons will be labeled. Figure 3-2 shows an

example of telephony-service configuration.

Fig. 3-2

With basic VoIP in a network, dial

peers also need to be configured to tell

where to point within a network. This

would allow a phone in New Orleans to

contact outside that segment into Detroit

or elsewhere. It also should include the first digit in the extension of the segment with wildcards and

a session target IP. An example can be found in figure 3-3. This should complete this section of

VoIP but there is one other type of phone that needs to be connected, which are video enabled

phones. This configuration can be used for VoIP at all three sites.

Fig. 3-3

160

These phones are a little different than the previous. The previous phone setup are

SCCP phones. Video phones are SIP phones. These take quite a few different commands, but the

process is similar. The initial start is with voice service, and allowing sip to sip within CLI and a

couple other commands needed. After that, within voice register global as before a source address

needs to be set and the port, the max directories, max pools that can be made, and also which .loads

file the phones should load from. This should be model specific. A few other core commands that

need to be used are things like time-zone, voicemail, tftp-path, which tells the phones where to load

configuration files from, and to create a profile for the phones. Few other commands are needed as

well. A sample configuration is shown in figure 3-4.

Fig. 3-4

The next thing that needs to be

configured is a voice register

directory for each extension (such as

161

1001 and 1002). This is pretty simple and including call-forwarding commands and a name to give

to the phone that uses that directory number. Another piece is a pool. This is used for each phone as

well, that will assign multiple things to the phone. A mac address would be assigned, addressing the

type or model of the phone, some sort of username and password, although this is not necessary,

and a couple of other commands that are smaller, but needed. A sample is shown in figure 3-5.

Fig. 3-5

Do this for any SIP phones that are added

to the router. One of the last things that

should be done is to set tftp-server

commands for the files that the phone will

load. This setup should be done for EVERY file that will be loaded. These are usually model

specific so make sure to have the correct files, and make sure to create a profile under the voice

register global mode. A full usable configuration for VoIP can be found in within the Appendices.

GRE Tunnels

GRE tunnels are another method of creating tunnels between sites. This solution is

what is used in this project. This is usually really simple to setup. To setup a GRE tunnel, a tunnel

needs to be indicated and assigned an IP to the tunnel. Then a source port needs to be configured as

well as the destination address. This should be done at each of the sites and pointed as necessary.

For example Sacramento should point to both Detroit and New Orleans, and Detroit points to

Sacramento and New Orleans, etc. Figure 4-1 shows how this can be done.

Fig. 4-1

162

This should be straight-forward and

shouldn’t take long to complete. A usable

full configuration are with the

Appendices.

Wireless Solution

With the wireless solution, this is typically done by a GUI or CLI. Typically CLI would be better,

but a GUI is used. The snapshot in figure 4-3 shows how the GUI looks with some configurations.

An IP address still needs to be assigned to the AP and a hostname that would become the SSID.

Figure 4-2 shows an example of the basic CLI commands to start configuring the AP.

Fig. 4-2

Fig. 4-3

163

Network Security Solutions

164

Network security solutions goes over some of the security features and configurations

that were to be used within this project. First, ACLs will be discussed, then the firewall solution.

The ACL piece will be talked about a little differently because they are specific to certain parts of

the network created and are important.

Access Control Lists (ACLs)

A big part of implementing WeFrameU’s network infrastructure was to lay out the security

measures that lock down the site and make sure that no one could fraudulently access the site

without permission. One of the ways that the site was locked down was through the use of access

control lists. Access control lists (ACLs) are lists that are made up of permit and deny statements

that, according to the list, permit or deny access to computer networks depending on the statements

in the list. The security measures set in place by the project manager included denial of telnet both

internally and externally, permission for only internal SSH, and the permission of only authorized

web traffic internally.

To satisfy the first security measure of not allowing any telnet both internally and

externally, access-lists were implemented that denied any outside telnet traffic from the internet,

while simultaneously allowing regular external web traffic through the edge router into the internal

network. These access-lists were created as extended access-lists, so as to put them closest to the

source port as possible, which would eliminate some of the routing that would have to be done on

the internal networks. Access-list 100 is the access-list that denies any and all external telnet traffic

from the Internet into the internal network. The deny TCP statement in this access list makes it

impossible for any packet tagged with external telnet traffic to access the internal WeFrameU

network. While it was important to block any telnet traffic from the outside network going in, it was

also just as important to allow regular web traffic to the internal network. For this reason, access-list

165

101 was created. Access-list 101 allows any web traffic that originated from an internal network to

pass throughout the entirety of WeFrameU’s business.

The next security measure that was taken into account was the allowance of internal SSH

connections from the IT VLANs within each network. The idea was that no one aside from the

internal IT VLANs would be allowed to SSH into a device and make configuration changes, aside

from those who resided in the IT VLAN. To satisfy this security measure, ACLs were implemented

that allowed only internal SSH connections from each site. Extended access-lists were made so that

each site could SSH into its own respective devices, as extended ACLs are placed closets to the

source port. Aside from creating extended access-lists, standard access lists were created to control

SSH access to the VTY lines for all three sites. The standard access lists were made to be

implemented furthest from the source so as to stop routing traffic before it hits the router. Theses

access-lists were created with the limiting factor of being able to change configurations through

SSH in mind. Permits exist only for the networks that reside in each network’s respective IT

VLAN, so that no one else either internally or externally would be able to exploit management

protocols or ports.

ACL Implementation

ACLs are some of the most important security measures that a business can take when

implementing security in its networks. Though not always as intended, ACLs always work. If

implemented incorrectly, ACLs can bring down an entire network almost instantaneously. Careful

research and correct implementation were imperative when applying the ACLs to the network. As

stated before, access-list 100 was created to deny internet telnet traffic, while simultaneously

allowing regular Internet traffic through the edge router into the internal network. Access-list 100

was applied to F0/1, inbound, on the ISP router. The next set of access-lists, access list 101 was

166

created to allow web traffic to other networks, so long as it originated from an internal network and

not an external network. Access-list 101 was applied to three different interfaces. For Detroit, it was

applied to F0/0, in an outbound direction, Sacramento’s was applied to F0/1 in an outbound

direction, and New Orleans was also applied to F0/1 in an outbound direction. The next access list

that was implemented was access-list 102. Access-list 102 was created for the purpose of allowing

each respective site to SSH from its own IT VLAN so that it could manage its own network. This

access-list was placed as close to the source port as possible. The final access-list that was created

was the standard access-lists meant for SSH connections between IT VLANs through each site.

These standard access-lists were applied to the VTY lines in an outbound direction. For Detroit

access, these lists were placed at the New Orleans and Sacramento routers at F0/0, all of which face

in an outbound direction. For New Orleans, the access-lists were placed on F0/1 going out for

Detroit’s network and F0/0 on both Sacramento router’s, going out. Finally, for Sacramento the

access-lists were placed on F0/1 for Detroit and F0/0 for New Orleans, both going out. All access-

lists for SSH were applied to the VTY lines via the “access-group SSH ALLOW” command. These

standard access-lists allow only SSH traffic that originates from each respective network’s IT

VLAN. If any other VLAN or outside source attempts to SSH though the VTY lines, they will be

inherently denied by the implicit deny any at the end of the ACL access-control entry list.

Firewalls

In order for each of the sites to communicate to the outside without unauthorized access from the

outside an ASA 5505 firewall is placed between the ISP switch and internet router. Doing this

allows the safety for all sites with not a big hit on the budget. We first were considering to put three

firewalls in our network topology. There would have been a firewall in each of our sites. The

firewalls would go between our router for each site and our ISP switch. We found it to be easier and

more cost affected if we used one firewall then using three. This option is still going to be safe.

167

Nothing from the outside will be able to access our network without having the proper

authorization.

With the ASA 5505 cisco firewall we had several issues implementing this type of

equipment. We tried many ways to configure this cisco device and for the first three weeks working

on this piece of equipment we struggled a lot to get this device to ping the other devices. Finally

week five and final week we made big steps in this process. Our main issue we were having was

what ip address to use. Every IP address we used the firewall would send out an error message

reading this IP address is overlapping. This problem only occurred with the outside address to the

router. We made some headway when we found that we used the last usable address configuring the

internet router. Changing this address on the router made life a lot easier. The overlapping problem

became no problem at all after this was done.

To configure the ASA 5505 cisco firewall we used several commands. The ASA 5505

Firewall has six Ethernet ports and two PoE ports. The two PoE ports are your six and seven ports

on your device. Zero through five are your Ethernet ports. The e0/0 port is already configured as

your outside port with a security level of 0 as a default setting. E0/1 through E0/5 are all by default

your inside ports with a security level of 100. The firewall also has two USB ports and a console

port.

Disaster Recovery Solution

The disaster recovery plan is usually taken up with the server team as well as the network

team on how to come up with a proper solution in case of a failure. On the network side of this plan

many things need to be considered such as determining if the separate site will be a cold site or

168

warm site. In this instance a cold site was chosen because it’s a little more cost effective because a

warm site is up and running and uses more resources.

This site also should be equipped similar to the other sites such as equipment, fire

suppressant, etc. Coordination between the network team and the server teams would be on how to

transfer the information between the two sites and making sure the equipment is suited for the

server team needs. On the less technical side an official plan should be in place for management and

policies on what to do in the event something happens.

169


Server Infrastructure Team

Server Team

Haylie Pangle – Co-Team Lead

Cody Tormoehlen – Co-Team Lead

Hayden Kirchner

Jennifer Cordes

Trent Cohernour

170

Executive Summary

The layout of the servers was defined by location, Detroit, Sacramento, and New Orleans.

Each of the three sites consists of two servers, a main server and a backup server. In addition, the

Sacramento site has a database server. Lastly, there are three servers located in the DMZ at Detroit

that are used as the web, mail, and the exchange servers.

Detroit’s Main server was configured with Active Directory, DHCP, DNS, WDS and

WSUS. Sacramento’s Main server was configured with Active Directory, DHCP, DNS, DFS,

Radius Server and Spiceworks. New Orleans’ Main server was configured with Active Directory,

DHCP and DNS. Each location has a Backup server that performs a scheduled backup of the Main

server at that location..

Technical Documentation

The servers were setup with Windows Server 2012 R2 and updated to the latest version

through Windows Update. The Microsoft update server was queried several times to ensure the

servers were fully updated. Each server was assigned an IP address in the correct location and

department as provided by the networking team.

Active directory was installed on the main server at each location. The Sacramento main

server was promoted as the root of the WeFrameU.com domain. The Detroit and New Orleans main

servers were joined to the domain as a tree. In active directory, organizational units were created for

each location, Detroit, Sacramento, and New Orleans. Under each location the departments, and

their respective users, were added.

171

Once the users were initialized, policies were assigned via Group Policy. Several policies

were created that allow the organization more control over how users interact with company

resources. Among these policies was a policy that prevents users from browsing the A, B, C, and D

drives on their computers. This forces users to save personal files to their personal network drive

and gives the organization more control over what is stored, including the ability to scan for or

block restricted files on a central location.

172

The primary group policy object was named WeFrameU Std policy. This object was linked

to all three locations, Detroit, Sacramento and New Orleans. It was placed under all locations, but

outside of any departments. This placement will assign the policy to all the users in the domain

environment.

Domain Name Services was installed automatically with Active Directory. DNS uses

domain names and translates them to IP address. Forward lookup and reverse lookup zones can be

configured and added. There was no additional configurations only the default settings were

required for this project.

173

Dynamic Host Configuration Protocol provides an IP address to each client in the domain.

DHCP is installed on the main server at each location. The scopes are divided up per department as

specified by the network team. In each scope, the first ten IP address are excluded for use by

network devices. The rest of the addresses are placed in a pool and dynamically assigned as devices

connect at.

174

Distributed File Services was installed on the main server at each location. DFS is designed

to allow users to access files easier. Users are able to access the files from any location on the

network, even though the file is physically stored on a centralized server. This eliminates the need

for users to rely on their local drives for storage. Each user was assigned their own personal folder

through DFS that shows up to them as a local drive on their computer. Users are never aware that

their files aren’t stored locally. A separate shared folder was also created to house training videos

for access by all employees.

175

The shared drive assigned to each user is also the subject of file screening. Users are

disallowed from saving and audio or video files. Upon attempting to save anything with an

offending file extension, they are advised that it is restricted and prevented from doing so.

176

Remote Desktop Services was installed on the Sacramento server. This services enables

users to connect to a virtual desktop infrastructure, session-based desktop, and RemoteApp

programs from anywhere and on any device. The connection can be within a corporate network or

over the Internet. The connection that was configured was the session-based desktop. This will

increase the mobility of the work environment.

177

The Windows Deployment Services role was installed on the Detroit main server. This role

allows for the deployment of an operating system to bare metal drives over the company network. It

uses an image of a reference computer that has proper driver packages, activation keys, and

company software already installed. Once setup, this image can be deployed to new computers as is

without requiring additional setup by a member of the IT staff. WDS reduces the time commitment

and cost of initializing new devices within the domain. An image of Windows 7 was configured and

ready to deploy for any clients that need a new computer imaged.

178

Windows Server Update Services was installed on the Sacramento server. WSUS is a

service that allows centralized management of updates and enables the administrator to deploy

newly released updates over the company network as they are pushed from Microsoft. Updates can

be selectively deployed in the case that certain updates conflict with devices or software on the

domain.

179

Exchange was setup on a server located in the DMZ. There were several prerequisites to

Exchange that had to be addressed, including a connection to the domain, installation of filter packs,

and making sure that there were no pending updates or reboots on the server. User were added via

the web-based management console from a list of users located in Active Directory.

Outlook Web Application was installed and deployed on all user computers using the WDS

server. The users will have access to outlook email by using their domain username credentials

followed by @weframeu.com. First time when the user logs in, their own personal outlook profile

will be created and the mailbox is activated. Users will be able to send and receive e-mails.

180

Remote Authentication Dial-In Service was installed and configured on Sacramento server.

The RADIUS Server provides authentication, authorization, and accounting services. This allows

the staff to login to the wireless access points using their domain credentials. Network Policy

Services and Certificate Authority roles both were installed for this feature to function properly. A

certificate was configured as an Active Directory Enrollment Policy that only requests certificates

from a domain controller. This type of policy is used for client and server authentication and uses

digital signatures and key encipherment. A Radius client, Sacramento, was configured with the

Sacramento IP address attached and the shared secret set as cisco. The authentication was set to use

Protected EAP (PEAP), which encapsulates and encrypts passwords over the network. The rest of

the configuration was setup by the Networking Team.

181

Spiceworks HelpDesk application was installed. An offline account called WeFrameU was

created. Users can create help tickets and will be able to track and follow as the tickets progress. As

the admins receive the tickets, the admins will be able to prioritize and assign each ticket to a staff

member.

182

This will allow for the creation of a ticket queue and will also balance the administrative

workload based on the assignment and the urgency of the ticket. SpiceWorks integrates support for

documentation tied to each completed ticket and tracks the time allotted for each completed task.

This information can be used for similar tickets in the future.

183


Software Development Team

Software Team

Joey Davis – Team Lead

Charles Johnson

Randy Doughty

Sabrina Tarin Chowdhury

184

Overview

ContextThe software prepared for WeFrameU is impacted by the project’s purpose and scope in several ways. Important and relevant factors are listed below:

“software solutions to provide for enhanced employee productivity and customer

satisfaction”

“providing fundamental services for its employees, and establishing essential services

for streamlining ordering and support for its customers”

“improve sales through implementation of easy online ordering by 25%”

(Ivy Technical Consulting, 2016)

185

Definitions Objects, Data Objects, Structures, Object Instance – Objects, or data objects,

are structures capable of holding related data. An object typically represents an

entity or idea, much like a noun in English grammar.

Classes, Class Definitions – A programming language mechanism allowing for the

classification of objects. Classes allow for encapsulation.

Class Method – A programming language mechanism allowing for functions to be

accessed from an object instance.

Function – A function is a named—or unnamed, referred to as an anonymous

function or lambda—section of a program that performs a specific task.

186

Customer Storefront

Administration Portal

Database

Inventory Management

Materials ReceivingInventory

Product Management

Shipping Warehouse

Serialization, Marshalling – The process involved with translating an object into a

format providing the capability to be stored or transferred over a network as a series

of bytes.

Deserialization, Un-marshalling – The process involved with reconstructing a

series of bytes into an object or structure.

Encapsulation – A programming language mechanism providing access control to

an object’s properties.

Architecture

IntroductionThe software implementation involves two core components: an administration portal (company facing, accessed by employees) and an online storefront (public facing, accessed by customers). Each of these components adhere to a client/server architecture, thus both contain a client and server subcomponent. In the client/server architecture, the server—a logical software component—is responsible for accepting or rejecting requests made from a client, another software component. To accept or reject a client request, the server must send a response back to the client. The server in the client/server architecture is able to handle the exchange between any number of clients at once.

Diagram illustrating the client/server architecture

On both the administration portal server component and the storefront server component, the software implementation implements the HTTP protocol for reading and writing messages

187

exchanged between the client and the server over the network. See Dependencies for more information.

Administration PortalThe administration portal allows WeFrameU employees to conduct management and control duties for the business. Management and control duties include inventory management, material management, product management, employee management, and order management.

StorefrontThe online storefront allows customers to shop and place orders with WeFrameU. Customers may choose to create an account in order to view their order history at a later date or check out without signing in. Orders placed using the storefront are visible within the administration portal immediately after they are placed.

Server-Side ArchitectureThe server-side architecture is a composition of packages working together to form a maintainable and dependable software solution. The Java codebase is separated into 3 individual projects: Admin, Storefront, and Common. The Admin project has a Java package name of “com.weframeu.admin” and contains source files relevant only to the administration portal. The Storefront project has a Java package name of “com.weframeu.storefront” and contains source files relevant only to the online storefront. The Common project has a Java package name of “com.weframeu.common” and contains source files shared between the administration portal and online storefront – the classes and packages that both have in common with one another.

Dependency DescriptionsDependencies for the software implementation include a number of libraries and tools.

Server-side Dependencies for the server-side software implementation, at runtime or for development, include:

Java

o Programming Language, a compiled computer programming language

used in many enterprise, concurrent applications and servers.

JDK8 (minimum)

o Java Development Kit providing the Java standard runtime and base

development resources.

Gradle (Modern Open-Source Enterprise Build Automation)

188

o Build System providing a declarative project configuration. Gradle easily

handles multi-project builds and supports incremental builds to reduce the

need for re-building and re-execution during development and

maintenance.

Guava (com.google.guava)

o Library providing a number of utilities, including collections, caching,

primitives support, concurrency libraries, common annotations, string

processing, I/O, and so forth.

Gson (com.google.code.gson)

o Library allowing for the serialization and deserialization of Java object to

and from JSON.

JBcrypt (org.mindrot)

o Library providing secure encryption for passwords.

Morphia (org.mongodb.morphia)

o Library allowing Java objects to be stored in, and later retrieved from, a

MongoDB database.

Spark Java (com.sparkjava.spark-core)

o Library providing an embedded web server and routing capabilities to

serve HTTP requests on the server.

MongoDB Java Driver (org.mongodb.mongo-java-driver)

o Library allowing the server side software to interact with the database

server.

Client-side Dependencies for the client-side software implementation, at runtime or for development, include:

189

Node.js

o Runtime Environment allowing for execution of JavaScript code

independent from a browser. The environment is used as part of the

development and packaging of the front-end codebase.

NPM

o Package Manager for Node.js and 3rd-party dependencies for the client-

side codebase.

JavaScript

o Programming Language, a high-level, dynamic language supported by all

modern web browsers and is a technology used extensively in World Wide

Web content production.

React.js

o Library providing the capability to use state, properties, and

views/components to render HTML using JavaScript.

“Common” Package Overview

Package Description

com.weframeu.common Provides common class implementations shared between WeFrameU's administration portal and online storefront.

com.weframeu.common.adapters Adapters necessary for converting Java classes to JSON.

com.weframeu.common.forms Provides a number of utility classes to client form data to their server-side data structures.

com.weframeu.common.models Provides a number of classes representing entities stored in MongoDB.

190

External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Common package.

+--- project :common+--- com.google.guava:guava:19.0+--- com.google.code.gson:gson:2.6.2+--- org.mindrot:jbcrypt:0.3m\--- org.mongodb.morphia:morphia:1.0.1 +--- org.mongodb:mongo-java-driver:3.0.2 +--- com.thoughtworks.proxytoys:proxytoys:1.0 \--- cglib:cglib-nodep:2.2.2(*) - dependencies omitted (listed previously)

191

“Admin” Package Overview

Package Description

com.weframeu.admin Provides the functionality to run WeFrameU's administration portal.

com.weframeu.admin.handlers Provides handlers for HTTP requests received by the administration portal.

External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Admin package. Note that the Common project is considered external to the Admin project.

+--- project :common| +--- com.google.guava:guava:19.0| +--- com.google.code.gson:gson:2.6.2| +--- org.mindrot:jbcrypt:0.3m| \--- org.mongodb.morphia:morphia:1.0.1| +--- org.mongodb:mongo-java-driver:3.0.2 -> 3.2.2| +--- com.thoughtworks.proxytoys:proxytoys:1.0| \--- cglib:cglib-nodep:2.2.2+--- com.sparkjava:spark-core:2.3| +--- org.slf4j:slf4j-api:1.7.12| +--- org.slf4j:slf4j-simple:1.7.12| | \--- org.slf4j:slf4j-api:1.7.12| +--- org.eclipse.jetty:jetty-server:9.3.2.v20150730| | +--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-http:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| +--- org.eclipse.jetty:jetty-webapp:9.3.2.v20150730| | +--- org.eclipse.jetty:jetty-xml:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-security:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-server:9.3.2.v20150730 (*)| +--- org.eclipse.jetty.websocket:websocket-server:9.3.2.v20150730| | +--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-client:9.3.2.v20150730

192

| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | | \--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | \--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730 (*)| | \--- org.eclipse.jetty:jetty-http:9.3.2.v20150730 (*)| \--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730 (*)\--- org.mongodb:mongo-java-driver:3.2.2(*) - dependencies omitted (listed previously)

193

“Storefront” Package Overview

Package Description

com.weframeu.storefront Provides the functionality to run WeFrameU's online storefront.

com.weframeu.storefront.handlers Provides handlers for HTTP requests received by the online storefront.

External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Storefront package. Note that the Common project is considered external to the Storefront project.

+--- project :common| +--- com.google.guava:guava:19.0| +--- com.google.code.gson:gson:2.6.2| +--- org.mindrot:jbcrypt:0.3m| \--- org.mongodb.morphia:morphia:1.0.1| +--- org.mongodb:mongo-java-driver:3.0.2 -> 3.2.2| +--- com.thoughtworks.proxytoys:proxytoys:1.0| \--- cglib:cglib-nodep:2.2.2+--- com.sparkjava:spark-core:2.3| +--- org.slf4j:slf4j-api:1.7.12| +--- org.slf4j:slf4j-simple:1.7.12| | \--- org.slf4j:slf4j-api:1.7.12| +--- org.eclipse.jetty:jetty-server:9.3.2.v20150730| | +--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-http:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| +--- org.eclipse.jetty:jetty-webapp:9.3.2.v20150730| | +--- org.eclipse.jetty:jetty-xml:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-security:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-server:9.3.2.v20150730 (*)| +--- org.eclipse.jetty.websocket:websocket-server:9.3.2.v20150730| | +--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-client:9.3.2.v20150730

194

| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | | \--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | \--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730 (*)| | \--- org.eclipse.jetty:jetty-http:9.3.2.v20150730 (*)| \--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730 (*)\--- org.mongodb:mongo-java-driver:3.2.2(*) - dependencies omitted (listed previously)

195

Data Design and System Model

Classification

Class Description

Address The class Address represents a physical location.

Customer The class Customer represents a WeFrameU customer that has chosen to sign up as a customer with the company.

CustomerSession The class CustomerSession represents a session used for providing authentication capabilities to customers.

Employee The class Employee represents one of WeFrameU's employees.

EmployeeSession The class EmployeeSession provides the capability for Employee authentication within the administration portal.

Inventory The class Inventory represents the quantity and upper/lower bounds for a given entity's inventory.

Material The class Material represents a material used in the manufacturing of a product.

Order The class Order represents an order placed by a customer that must be fulfilled by WeFrameU.

OrderItem The class OrderItem represents a single order item within an order. Each OrderItem instance maintains a quantity and price of the product purchased at the time of sale.

PaymentInformation The class PaymentInformation represents the payment information used to process an order.

Product The class Product describes a product offered by WeFrameU for sale.

ResourceModel The class ResourceModel provides a contract for how ResourceModels should be structured.

Transaction The class Transaction represents the financial transaction associated with an order being placed.

196

Entity Relationship Diagram

197

Activity Diagram

198

Site Maps


199

200

Product Management

Administration Portal Server

(Software/Logical)

Order Management

Material Management

Employee Management

View All

Single Order

View All

Edit

Create

View All

Edit

Create

View All

Edit

Create

Storefront

201

About

Shop

Cart

Login

Products

Account

Login

Account Creation

Storefront Server (Software/Logical)

Address

Payment Method

User Interfaces


Employee AuthenticationAllows WeFrameU employees to login to the administration portal. By default, this is the only page an unauthenticated user may access.

202

Dashboard OverviewThe dashboard overview provides a source of business intelligence for WeFrameU. Business intelligence includes providing information regarding where orders are currently coming in from, how long average order fulfillment time currently is, and identification of whether or not the volume of orders are trending up or down. Additionally, the dashboard provides a quantified snapshot of products, materials, and employees.

203

Employee ManagementThe employee management interface provides the capabilities viewing, editing, deleting, and creating employees.

204

Material ManagementThe material management interface provides the capabilities of viewing, editing, deleting, and creating materials. Inventories for each material are immediately visible and a capacity indicator is displayed in the top right corner of the material, allowing employees to quickly identify when a material’s inventory has become low.

205

Product ManagementThe product management interface provides the capabilities of viewing, editing, deleting, and creating products. Like the material management interface, a capacity indicator exists in the top right corner of each product to allow employees to easily recognize when products become low in inventory.

206

Order ManagementThe order management interface provides an overview of orders placed through WeFrameU’s storefront and the status of each order. Orders that are placed and awaiting fulfillment appear as red and contain a clock icon to indicate the order is waiting to be fulfilled. Orders that are currently being fulfilled appear as yellow and contain a clock icon to indicate the order is awaiting fulfillment completion. Fulfilled and shipped orders appear as green and contain a checkmark icon to indicate the order is complete.

207

Order Fulfillment ProcessThe order fulfillment process interface is accessed by selecting an order in the order management interface. The order fulfillment interface contains information about the order and allows an employee to change the status of the order, shown below.

208

209

Storefront

HomepageThe homepage for WeFrameU’s storefront serves as a landing page for customers. As such, its core purpose is to fulfill marketing requirements.

210

ShopThe shop interface allows customers to browse products available for purchase through the storefront. Products are displayed in a grid and may be filtered by materials or sizes. If a customer wishes to see more detail about a particular product, they may click the “Details” button available on the relevant product. Likewise, if a customer wishes to add a particular product to their shopping cart, they may click the “Add to Cart” button available on the relevant product.

211

Shopping CartFrom the shopping cart interface, customers may review the items currently in their cart or proceed with the checkout process. Before checking out, a customer may select to sign in or create an account in order to view their order status at a later point in time. On the left, a listing of items currently in the cart is provided, as well as a subtotal for each product. From the shopping cart, a customer may change item quantity or remove an item from the shopping cart by reducing its quantity to 0. On the right side of the shopping cart, an estimated total is calculated and updated in real time. Below these elements, a customer may fill out the “Shipping Address” and “Payment Information” forms to place their order.

212

Order ConfirmationOnce an order has been placed successfully, the customer will be presented with an informational interface displaying the order number associated with their order alongside a thank you message.

213

Login and Account CreationA customer may login or create an account using the login and account creation interface.

214

Customer AccountA customer may view the status of their orders by clicking the “Account” link in main navigation header. The account interface indicates if a customer does not have any existing orders. If the customer does have orders associated with their account, the orders are displayed in reverse chronological order, displaying the latest placed orders first. Orders from the account view display the items purchased as well as the date they were placed and shipped. If the order has yet to be shipped, the “Date Shipped” attribute displays “Not yet shipped” to indicate to the customer their order is awaiting shipment.

215

Lessons Learned and Conclusion

-Network Team

216

From each task, each job, each project; we gain a little insight. A new perspective that leads

to better decisions in the future. This project wasn’t any different. The first lesson learned in this

instance would be quality control. The team was too eager to jump right into configurations and so

we stumbled over and over again because of bugs and glitches. Not enough time was allowed for

testing devices. Proper testing of all physical devices should be the first step toward starting any

project. The second lesson to be learned was that of standardization. When teams were decided for

site based orientation, a standard set of or basic routing configurations were not. A password,

timeouts, usernames; these things were all haphazardly thrown in by each team. A lot of issues with

connectivity could have been avoided if a single set of configurations would have been set from the

beginning and rolled out across all devices. Even though each site was different a base set of code

would have standardized our network making mistakes a bit more obvious and thus easier or faster

to fix.

217

-Server Team

218

There were objectives that could have been changed or done differently to enhance the

server team's performance. Even though only a few will be listed, there are many traits and learning

techniques that were learned along the way that will be beneficial for future tasks.

First, figure out what the other teams need from us, if any. Also, what we need for our own

operations. This can help with the layout and the number of servers needed. As the team found

along the way, we needed more servers than expected at the start. To implement Exchange Mail, the

program needed a separate Mail server. At the beginning, we figured that the Exchange Mail and

Mail server could be running on the same server.

Next, be prepared for setbacks. At the first few weeks of production,, the server team fell

behind with not having connection between sites. The team was able to configure the basic setup

such as Active Directory, Domain Name Services, and Dynamic Host Configuration Protocol on the

root domain server while the connection was down. The other servers could not join to the domain

allowing the team to not be able to do much on the other sites accordingly.

Lastly, having more time to test the implemented features. The team waited until all roles

and features were installed and configured to do most of the in depth testing. If there were any

issues, there was almost not enough time to resolve the issue and to retest it. Testing after each role

and feature that was configured will allow the team to focus on that role until it is ready for the real-

world production. This will relieve some of the stress at the final stage of the testing knowing that it

worked during the initial testing phase.

219

-Software Team

220

Team Composition Invites Risk, OpportunityAnyone who has taken business or entrepreneurship courses is no stranger to the idea of a "dream

team," it tends to be a goal, but can be difficult to form. In general, a dream team is often

considered to be a group of people specifically chosen to work on some joint action or project and

are considered to be the best at what they do. The idea, I believe, is to allow for the greatest

opportunity of success—but my own view of opportunity is framed differently from that of the

dream team construct.

The dream-team mentality has the possibility of encouraging exclusion rather than inclusion.

Everyone has the capability to do outstanding things, provided they are given the opportunity to do

so. In the leadership of the software development team, special care was taken to provide team

members with a number of opportunities for success. Training videos, peer programming sessions,

and lists of library/language documentation were utilized to provide educational and growth

opportunities. Sadly, whether it be the opportunity to contribute or simply to show up for a

scheduled meeting, many of the afforded opportunities were missed. The lesson learned is that an

opportunity that is missed, or even be rejected by the individual it is afforded to, can mutate into a

risk of equal magnitude.

Dishonesty Obscures Resource Estimations

Upon the initial formation of the software development team, team members were given the

opportunity to anonymously provide information regarding their knowledge and to express any

concerns they had through a survey completed independently in their free time. Team members

were asked to identify their strengths, weaknesses, and points of comfort/discomfort for specific

knowledge domains within software development. The purpose of the survey was to ensure team

221

members were assigned work that fell well within their comfort zones and were not given any

undue stress.

While most survey responses were honest, the survey proved to not be beneficial due to a dishonest

minority. An example is an individual who made indications of a particular skill and comfort level

with certain software development knowledge domains, but later contradicted these indications with

actions. Consequently, surveys may not be a viable option for assessing the skill level of

individuals, especially in small groups where dishonesty on a single survey has an impact on the

entire team’s task assignments.

Succumbing to Risk Incites Failure

Whether it be a lack of applied knowledge or consistent truancy, resources allocated to the software

development were not fully usable. By any sane assessment of the workload, resources, and risks

associated with the software team, the project should have failed. Some risks seem unavoidable.

These risks are impending, yet unstoppable, and make failure seem imminent. For the software

team, these risks amounted to 151.5 additional expected effort hours by the time the progress report

rolled around, halfway through the project. The second half of the project showed similar risk

consequences. Nonetheless, risk materializations, seemingly insurmountable, did not incite failure

—but why?

The software team’s contribution was not a failure because of the final lesson learned: failure is

incited only by succumbing to risk. We must be unyielding in the pursuit of our goals, accepting

accountability when we are unable to. Determination and commitment may just be the antidote for

the obstacles obstructing the path to positive outcomes. The time, effort, and alternative activities

sacrificed allowed the software deliverables to meet requirements and ultimately succeed.

222

-Project Wide Lessons Learned

-Alexander Korich

223

This project has been a trial. That cannot be overstated. I feel as if the project team as a

whole was relatively unprepared for the volume of work that was to be required of us as a group in

order to meet our objectives. This can be seen throughout the project’s progression. In hindsight

there are certainly many things that could have been done to address our shortcomings and lack of

experience, we can only look back now, and reflect on these trials and take their lessons to heart, in

hopes of a more productive and fruitful future.

The team leaders have all presented their thoughts on the lessons learned from this project,

from their own unique perspectives of leading their peers from the front lines. They stood at the

most beneficial position to really understand and reflect on these experiences. My own reflections

will err more toward the group as a whole. The dynamic. The processes which went into

developing the project, both in the early and execution stages. The joys and sorrows that went into

developing interpersonal relationship and attempting to maintain both a sense of equality among

peers, whilst demanding respect when required.

To begin with, I feel as if I took too long in developing the scope of the project. While the

rest of the team was developing their own solutions to the problems presented by the project, work

could not officially begin until the proper paperwork had been filed. While the deadline for said

filings was met, even now I can feel the effects of the unrest among the team, as they waiting to

begin. Going back even further, I wish I had had a more active role in developing team

compositions. At the project’s beginning, there was opportunity to gauge sentiment and confidence

among the team members in their leadership. Instead I trusted the initial sentiments wherever

possible, instead of more firmly directing the teams.

Further in reflection toward the planning phases of the project, I would rather have spent

more time interacting and directing the team. This is where my personal background as a server

224

specialist became a bit of a hindrance. I did not focus in on the server team, nor did I neglect other

teams, however I took my lack of experience in the two more foreign fields as a cue to let the team

leaders have free reign. As was likely mentioned earlier, I would have liked to have a firmer hand,

particularly on the network team. Consolidating efforts into a single direction would have been

more efficient.

As a key element of execution and progress, in the future I would intend to implement a

more granular WBS, breaking tasks down as small as required to meet the skillsets of the team. As

basics are the foundation of the project, getting them right is tantamount to a successful project

launch. A more granular scheme, focusing on proper implementation of the basics would have

served us well, in my opinion.

When problems arose, I feel now that I hesitated too long in attempting to correct them.

Particularly in the case of group dynamic and interaction issues. Communication was often a

problem among our teams, and often times I would sit back and see how things would play out,

rather than actively problem solving.

I would have liked to have seen more outside efforts among the teams, and in the case of

several team members, more focused, productive use of their extra time. Much of our progress was

made in class time. While several key members of the network team put in extended hours,

particularly in the spring break week, I saw very little of the server team outside of class. That said,

much of the time a server team member would not be able to work without functioning

infrastructure, but once that point had passed, it would have been beneficial to have a representative

of the server team available to assist the other team’s effort by maintaining and setting up servers in

the lab environment.

225

The software team . . . was a very unique situation. As I am sure Joey has gone into

extensive detail, I will not further any arguments. I will only say, clearly, here and now for the

record, that we would have been lost without Joey’s extensive efforts outside of established work

periods. If anyone put more of themselves into this project than I, it would have been Joey. If I

could have even one team member with similar levels of both skill and dedication in all of my

projects going forward, I would count myself as blessed.

Altogether these lessons make up for a rather substantial reflection, with many ideals to be

taken to heart for future endeavors, both in and out of the purview of a project environment. I am

sure that all of our team members took away quite a bit.

--Korich, Alexander

226

Appendices

Network Appendices

o Network Addressing and Wiring Scheme

o Detroit Configurations

o New Orleans Configurations

o Sacramento Configurations

o Internet Configurations

o Firewall Configurations

o ACL Configurations

o Voice and Video Configurations

Software Appendices

o See Additional Files for Source**

Project Status Reports

227

Network Appendices

-Network Addressing and Wiring Scheme

228

Detroit

Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 300 150 750 10 10.27.8.0 255.255.252.0 10.27.8.1 10.27.8.11 - 10.27.11.254Upper Management 10 10 24 20 10.27.20.0 255.255.255.0 10.27.20.1 10.27.20.11 10.27.20.254Marketing 25 25 57 30 10.27.30.0 255.255.255.0 10.27.30.1 10.27.30.11 10.27.30.254Shipping 50 15 120 35 10.27.35.0 255.255.255.0 10.27.35.1 10.27.35.11 10.27.35.254Accounting 25 25 48 40 10.27.40.0 255.255.255.0 10.27.40.1 10.27.40.11 10.27.40.254Human Resources 40 30 100 50 10.27.50.0 255.255.255.0 10.27.50.1 10.27.50.11 10.27.50.254Facilities 25 5 50 60 10.27.60.0 255.255.255.0 10.27.60.1 10.27.60.11 10.27.60.254Security 5 5 41 70 10.27.70.0 255.255.255.0 10.27.70.1 10.27.70.11 10.27.70.254IT 5 5 13 80 10.27.80.0 255.255.255.0 10.27.80.1 10.27.80.11 10.27.80.254

95 10.27.95.0 255.255.255.0 10.27.95.1115 10.27.115.0 255.255.255.0 10.27.115.1 10.27.115.10 - 10.27.115.254

Addressing

Voice

Detroit

Management

Network ID Subnet mask Source IP Destination IP

192.168.0.0 255.255.255.252 192.168.0.1 192.168.0.2192.168.0.4 255.255.255.252 192.168.0.5 192.168.0.6

GRE Tunnels

New Orleans

ToSacramento

Tunneltunnel0tunnel1

Vlan Network ID Subnet Mask Gateway Internal Address90 10.27.90.0 255.255.255.0 10.27.90.1

10.27.90.410.27.90.210.27.90.3

100 10.27.100.0 255.255.255.0 10.27.100.254 ~~~10.27.100.110.27.100.210.27.100.3

~~~~~~~~~

~~~~~~~~~

~~~~~~~~~

~~~~~~~~~

~~~

Backup

WebEmail

Internal Servers~~~~~~~~~

Servers

CALL ManaDHCP

~~~ VPN

External Servers~~~~~~

Address Subnet Site10.200.100.1 255.255.255.240 Detroit Server10.200.100.2 255.255.255.240 Detroit Server10.200.100.3 255.255.255.240 Detroit Server10.200.100.4 255.255.255.240 Detroit10.200.100.5 255.255.255.240 Sacramento10.200.100.6 255.255.255.240 New Orleans

Public IP Block

Phone Phone2001 10012002 1002200320042005

Public IP Add Public Subnet10.200.100.1 255.255.255.24010.200.100.2 255.255.255.24010.200.100.3 255.255.255.240

External Servers

229

Sacramento

Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 75 50 217 10 10.15.10.0 255.255.255.0 10.15.10.1 10.15.10.11 - 10.15.10.254Upper Management 5 5 12 20 10.15.20.0 255.255.255.0 10.15.20.1 10.15.20.11 - 10.15.20.254Human Resources 4 2 8 30 10.15.30.0 255.255.255.0 10.15.30.1 10.15.30.11 - 10.15.30.254Facilities 4 2 4 40 10.10.40.0 255.255.255.0 10.10.40.1 10.10.40.11 - 10.10.40.254Security 2 1 10 50 10.10.50.0 255.255.255.0 10.10.50.1 10.10.50.11 - 10.10.50.254IT 2 2 6 60 10.10.60.0 255.255.255.0 10.10.60.1 10.10.60.11 - 10.10.60.254

99 10.15.99.0 255.255.255.0 10.15.99.199 10.10.99.0 255.255.255.0 10.10.99.180 10.15.80.0 255.255.255.0 10.15.80.190 10.10.90.0 255.255.255.0 10.10.90.1

Sacramento

Management SAC1Management SAC2

Voice SAC2Voice SAC1

Addressing

Interface IP Address Subnet MaskS0/0/0 10.10.1.2 255.255.255.252S0/0/0 10.10.1.1 255.255.255.252

Site-to-SiteSAC1 PtPSAC2 PtP

Network ID Subnet Mask Source IP Destination IP Phone SAC14001

192.168.0.0 255.255.255.252 192.168.0.2 192.168.0.1 4002192.168.0.8 255.255.255.252 192.168.0.9 192.168.0.10 4003

40044005

DetroitNew Orleans

GRE TunnelsTunneltunnel0tunnel2

To

Vlan Network ID Subnet Mask Gateway Internal Address Phone SAC270 10.10.70.0 255.255.255.0 10.10.70.1 5001

~~~ ~~~ ~~~ ~~~ 10.10.70.20 5002~~~ ~~~ ~~~ ~~~ 10.10.70.19 5003~~~ ~~~ ~~~ ~~~ 10.10.70.17 5004~~~ ~~~ ~~~ ~~~ 10.10.70.18 5005

Server~~~ ClientInternal Servers

~~~ Database

~~~ Backup~~~ DHCP

Servers

230

New Orleans

Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 125 125 300 10 10.3.4.0 255.255.252.0 10.3.4.1 10.3.4.11 - 10.3.7.254Upper Management 8 8 17 20 10.3.1.32 255.255.255.224 10.3.1.33 10.3.1.43 - 10.3.1.62Marketing 4 4 15 30 10.3.2.128 255.255.255.128 10.3.2.129 10.3.2.139 - 10.3.2.254Human Resources 6 2 18 40 10.3.1.128 255.255.255.128 10.3.1.129 10.3.1.139 - 10.3.1.254Facilities 4 2 17 50 10.3.2.0 255.255.255.128 10.3.2.1Security 9 9 20 60 10.3.1.64 255.255.255.192 10.3.1.65IT 4 4 9 70 10.3.1.0 255.255.255.224 10.3.1.1

1 10.3.99.0 255.255.255.128 10.3.99.1100 10.3.100.0 255.255.255.0 10.3.100.1 10.3.100.10 - 10.3.100.254

Addressing

ManagementVoice

New Orleans

GRE TunnelsTunnel Totunnel1 Detroittunnel2 Sacramento Network ID Subnet Mask Source IP Destination IP Phone

3001192.168.0.4 255.255.255.252 192.168.0.6 192.168.0.5 3002192.168.0.8 255.255.255.252 192.168.0.10 192.168.0.9 3003

30043005

Vlan Network ID Subnet Mask Gateway Internal Address98 10.3.99.128 255.255.255.128 10.3.99.129

10.3.99.25310.3.99.254

DHCPBackup

Internal ServersServers

231

Wiring Scheme

Source to Destination Source to Destination FE 0/1 to NSWITCH 1 FE 0/1 FE 0/1 to NSWITCH 1 FE 0/3FE 0/2 to NSWITCH 1 FE 0/2 FE 0/2 to NSWITCH 3 FE 0/4FE 0/3 to NSWITCH 2 FE 0/1 FE 0/3 to NSWITCH 1 FE 0/3FE 0/4 to NSWITCH 2 FE 0/2 FE 0/4 to NSWITCH 1 FE 0/4

FE 0/19 to CROSS CONNECT RACK 1 #21FE 0/20 to CROSS CONNECT RACK 1 #22FE 0/21 to CROSS CONNECT RACK 1 #23 Source to Destination FE 0/22 to CROSS CONNECT RACK 1 #24 FE 0/1 to NSWITCH 3 FE 0/1

FE 0/2 to NSWITCH 3 FE 0/2FE 0/3 to NSWITCH 2 FE 0/3

Source to Destination FE 0/4 to NSWITCH 2 FE 0/4FE 0/1 to ISPSWITCH FE 0/10 FE 0/24 to NEWROUTER FE 0/0FE 0/0 to NSWITCH 1 FE 0/24

NSWITCH 2 - Catalyst 2950 24 port

NSWITCH 1 - Catalyst 2950 48 port

NEWROUTER 1 - 2811 Series

WeFrameU Wiring Scheme

** New Orleans **NSWITCH 3 - Catalyst 2950 48 port

Source to Destination Source to Destination FE 0/1 to DSWITCH 3 FE 0/1 FE 0/1 to DSWITCH 3 FE 0/3FE 0/2 to DSWITCH 3 FE 0/2 FE 0/2 to DSWITCH 3 FE 0/4FE 0/3 to DSWITCH 2 FE 0/3 FE 0/3 to DSWITCH 2 FE 0/3FE 0/4 to DSWITCH 2 FE 0/4 FE 0/4 to DSWITCH 1 FE 0/4FE 0/5 to DROUTER 1 FE 0/1

Source to Destination Source to Destination FE 0/1 to DSWITCH 1 FE 0/1 FE 0/0 to ISPSWITCH FE 0/1FE 0/2 to DSWITCH 1 FE 0/2 FE 0/1 to DSWITCH 1 FE 0/5FE 0/3 to DSWITCH 2 FE 0/1FE 0/4 to DSWITCH 2 FE 0/2

FE 0/21 to CROSS CONNECT RACK 1 #13FE 0/22 to CROSS CONNECT RACK 1 #14FE 0/23 to CROSS CONNECT RACK 1 #15FE 0/24 to CROSS CONNECT RACK 1 #16

** Detroit **DSWITCH 1 - Catalyst 2950 24 port DSWITCH 2 - Catalyst 2950 24 port

DSWITCH 3 - Catalyst 2950 24 port DROUTER 1 - 2811 Series

232

Source to Destination Source to Destination FE 0/1 to SACROUTER 2 FE 0/0 FE 0/1 to SACROUTER 2 FE 0/0FE 0/4 to CROSS CONNECT RACK 1 #9 FE 0/2 to DSWITCH 1 FE 0/2

FE 0/3 to DSWITCH 2 FE 0/1FE 0/4 to DSWITCH 2 FE 0/2

FE 0/21 to CROSS CONNECT RACK 1 #13FE 0/22 to CROSS CONNECT RACK 1 #14

** Sacramento **SACSWITCH 1 - Catalyst 2950 24 port SACSWITCH 2 - Catalyst 2950 24 port

233

-Detroit Configurations

234

Detroit Configuration – R1Current configuration : 6311 bytes

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname DR1

boot-start-marker

boot-end-marker

logging message-counter syslog

enable secret 5 $1$Cy1.$gZ2619GQoRVdHY78nb5JV.

no aaa new-model

memory-size iomem 15

dot11 syslog

ip source-route

ip cef

ip dhcp excluded-address 10.27.115.1 10.27.115.10

ip dhcp pool VOICE

network 10.27.115.0 255.255.255.0

default-router 10.27.115.1

option 150 ip 10.27.115.1

no ip domain lookup

no ipv6 cef

multilink bundle-name authenticated

voice-card 0

no dspfarm

username netadmin privilege 15 secret 5 $1$X4ZP$IJUAE5IR6DXxg2zdtxi37.

archive

235

log config

hidekeys

interface Tunnel0

description VPN to Sacramento

ip address 192.168.0.1 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 10.200.100.5

interface Tunnel1

description VPN to New Orleans

ip address 192.168.0.5 255.255.255.252



interface FastEthernet0/0

description Connection to the Internet

ip address 10.200.100.4 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto


no ip address

duplex auto

speed auto

interface FastEthernet0/1.10

description Connection to Vlan 10 Staff

encapsulation dot1Q 10

ip address 10.27.8.1 255.255.252.0

ip helper-address 10.27.90.2

236

ip nat inside



description Connection to Vlan 20 Upper Mngmt


ip address 10.27.20.1 255.255.255.0


ip nat inside



description Connection to Vlan 30 Marketing


ip address 10.27.30.1 255.255.255.0


ip nat inside



description Connection to Vlan 35 Shipping


ip address 10.27.35.1 255.255.255.0


ip nat inside



description Connection to Vlan 40 Accouting


ip address 10.27.40.1 255.255.255.0


237

ip nat inside



description Connection to Vlan 50 Human Resources


ip address 10.27.50.1 255.255.255.0


ip nat inside



description Connection to Vlan 60 Facilities


ip address 10.27.60.1 255.255.255.0


ip nat inside



description Connection to Vlan 70 Security


ip address 10.27.70.1 255.255.255.0


ip nat inside



description Connection to Vlan 80 IT


ip address 10.27.80.1 255.255.255.0


238

ip nat inside



description Connection to Vlan 90 Internal Server


ip address 10.27.90.1 255.255.255.0

ip nat inside



description Vlan 95 Management


ip address 10.27.95.1 255.255.255.0

ip nat inside



description Connection to Vlan 100 External Server


ip address 10.27.100.254 255.255.255.0

ip nat inside



description Connection to Voice Vlan 115


ip address 10.27.115.1 255.255.255.0

ip nat inside


interface Serial0/0/0

no ip address

239

shutdown

no fair-queue

clock rate 125000


no ip address

shutdown

clock rate 125000

interface BRI0/2/0

no ip address

encapsulation hdlc

shutdown

router eigrp 1

network 10.27.8.0 0.0.3.255

network 10.27.20.0 0.0.0.255

network 10.27.30.0 0.0.0.255

network 10.27.35.0 0.0.0.255

network 10.27.40.0 0.0.0.255

network 10.27.50.0 0.0.0.255

network 10.27.60.0 0.0.0.255

network 10.27.70.0 0.0.0.255

network 10.27.80.0 0.0.0.255

network 10.27.90.0 0.0.0.255

network 10.27.95.0 0.0.0.255

network 10.27.100.0 0.0.0.255

network 10.27.115.0 0.0.0.255

network 192.168.0.0 0.0.0.3

network 192.168.0.4 0.0.0.3

network 192.168.0.8 0.0.0.3

240

no auto-summary

eigrp router-id 6.6.6.6

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 10.3.0.0 255.255.0.0 192.168.0.6

ip route 10.10.0.0 255.255.0.0 192.168.0.2

ip route 10.15.0.0 255.255.0.0 192.168.0.2

ip http server

ip http secure-server

ip nat pool INTERNET 10.200.100.4 10.200.100.4 netmask 255.255.255.240

ip nat inside source list 1 pool INTERNET overload

access-list 1 permit 10.27.0.0 0.0.255.255

control-plane

dial-peer voice 1 voip

destination-pattern 5...

session target ipv4:10.10.1.2







telephony-service

no auto-reg-ephone

max-ephones 5

max-dn 10

ip source-address 10.27.115.1 port 2000

auto assign 1 to 10

241

max-conferences 8 gain -6

transfer-system full-consult

create cnf-files version-stamp Jan 01 2002 00:00:00

ephone-dn 1

number 2001

label Shane Adams (2001)

description Network Admin

name Shane Adams

ephone-dn 2

number 2002

label Darin Gravitt (2002)


name Darin Gravitt

ephone-dn 3

number 2003

label Chris Platt


name Chris Platt

ephone-dn 4

number 2005

ephone-dn 5

number 2005

ephone 1

device-security-mode none

mac-address 000B.46D9.C386

type 7960

button 1:1 2:2 3:3

banner motd ^C

242

Unauthorized Access is Strictly Prohibited!! ^C

line con 0

exec-timeout 5 0

password 7 13061E010803

logging synchronous

login

line aux 0

line vty 0 4

exec-timeout 5 0

password 7 00071A150754

login

line vty 5 15

exec-timeout 5 0

login

scheduler allocate 20000 1000

end

Detroit Configuration – SW1en

conf t

host DSW1

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

243

pass cisco

login

login local

logging synchronous

exec-timeout 0 0

transport input none

transport input Telnet

exit

banner motd $ Unauthorized access Prohibited! $


ip default-gateway 10.27.95.1

int vlan 95

desc Mangement address Vlan 95

ip add 10.27.95.10 255.255.255.0

no shut

exit

VLAN 10

name STAFF

VLAN 20

name UPPERMGMT

VLAN 30

name Marketing

VLAN 35

name HR

VLAN 40

name FACILITIES

VLAN 50

name SECURITY

244

VLAN 60

name Shipping

VLAN 70

name IT

VLAN 80

name Acccounting

VLAN 90

name servers

exit

int range f0/1 - 5

switchport mode trunk

switchport trunk native vlan 1

switchport trunk allowed vlan 1,10,20,30,35,40,50,60,70,80

no shut

int f0/6

switchport mode access

switchport access vlan 10

no shut

int f0/7



no shut

int f0/8



no shut

int range f0/09 - 10


245


no shut




no shut




no shut




no shut




no shut




no shut




no shut

exit

-------------------------------------------------------------

246

spanning-tree vlan 1 root primary

spanning-tree mode pvst

--------------------------------------------

VOIP

-------------------------------------------------

vlan 100

name Voice

int range f0/5 - 18

switchport voice vlan 100

int range f0/5 - 24



shut


conf t

host DSW2

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

pass cisco

login

login local

247

logging synchronous

exec-timeout 0 0



exit




int vlan 95


ip add 10.27.95.20 255.255.255.0

no shut

exit

VLAN 10

name STAFF

VLAN 20

name UPPERMGMT

VLAN 30

name Marketing

VLAN 35

name HR

VLAN 40

name FACILITIES

VLAN 50

name SECURITY

VLAN 60

name Shipping

VLAN 70

name IT

248

VLAN 80

name Acccounting

VLAN 90

name servers

vlan 95

name MGMTVLAN

exit

int range f0/1 - 4



switchport trunk allowed vlan 1,10,20,30,35,40,50,60,70,80,95

no shut

int f0/6



no shut

int f0/7



no shut

int f0/8



no shut




no shut


249



no shut




no shut




no shut




no shut




no shut




no shut

exit

-------------------------------------------------------------



-------------------------------------------------

VOIP

250

-------------------------------------------------

vlan 100

name Voice

int range f0/5 - 18


int range f0/5 - 24



shut


conf t

host DSW3

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

pass cisco

login

login local

logging synchronous

exec-timeout 0 0



exit

251




int vlan 95


ip add 10.27.95.30 255.255.255.0

no shut

exit

VLAN 10

name STAFF

VLAN 20

name UPPERMGMT

VLAN 30

name Marketing

VLAN 35

name HR

VLAN 40

name FACILITIES

VLAN 50

name SECURITY

VLAN 60

name Shipping

VLAN 70

name IT

VLAN 80

name Acccounting

VLAN 90

name servers

exit

252

int range f0/1 - 4




no shut

int f0/6



no shut

int f0/7



no shut

int f0/8



no shut




no shut




no shut




no shut

253




no shut




no shut




no shut




no shut

exit

-------------------------------------------------------------



-------------------------------------------------

VOIP

-------------------------------------------------

vlan 100

name Voice

int range f0/5 - 18


int range f0/5 - 24


254


shut

255

-New Orleans Configuration

256

New Orleans Configuration – R1en

conf t

hostname NOR1

no ip domain-lookup

enable secret cisco

line con 0

secret cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 4

secret cisco

login

login local

logging synchronous

exec-timeout 0 0


transport input SSH

crypto-key generate rsa

2048

exit



ip http server


ip http authentication local

username netadmin privilege 15 secret cisco12345

int f0/1

257

desc Connection to the Internet

ip add 10.200.100.6 255.255.255.240

no shut

int f0/0

no ip add

shut

int f0/0.10

desc connection to Vlan 10

encap dot1q 10

ip add 10.3.4.1 255.255.252.0

int f0/0.20


encap dot1q 20

ip add 10.3.1.33 255.255.255.224

int f0/0.30


encap dot1q 30

ip add 10.3.2.129 255.255.255.128

int f0/0.40


encap dot1q 40

ip add 10.3.1.129 255.255.255.128

int f0/0.50


encap dot1q 50

ip add 10.3.2.1 255.255.255.128

int f0/0.60


encap dot1q 60

258

ip add 10.3.1.65 255.255.255.192

int f0/0.70


encap dot1q 70

ip add 10.3.1.1 255.255.255.224

int f0/0.98


encap dot1q 98

ip add 10.3.99.129 255.255.255.128

int f0/0.99


encap dot1q 99

ip add 10.3.99.1 255.255.255.128

int f0/0.100

desc connection to Vlan 100 (Voice)

encap dot1q 100

ip add 10.3.100.1 255.255.255.0

int f0/0

no shut

exit

router eigrp 1


network 10.3.4.0 0.0.3.255

network 10.3.1.32 0.0.0.31

network 10.3.2.128 0.0.0.127

network 10.3.1.128 0.0.0.127

network 10.3.2.0 0.0.0.127

network 10.3.1.64 0.0.0.63

network 10.3.1.0 0.0.0.31

259

network 10.3.99.0 0.0.0.127

network 10.3.99.128 0.0.0.127

network 10.3.100.0 0.0.0.255

no auto-summary

passive-interface f0/0

exit

ip route 0.0.0.0 0.0.0.0 f0/1

-------------------------------------------------

DHCP

-------------------------------------------------

int f0/0.10


int f0/0.20


int f0/0.30


int f0/0.40


exit

-------------------------------------------------

NAT/PAT

-------------------------------------------------

ip route 10.200.100.0 255.255.255.240 f0/1


access-list 1 deny 10.3.99.128 0.0.0.127



int f0/1

ip nat outside

260

int f0/0.1

ip nat inside

int f0/0.10

ip nat inside

int f0/0.20

ip nat inside

int f0/0.30

ip nat inside

int f0/0.40

ip nat inside

int f0/0.50

ip nat inside

int f0/0.60

ip nat inside

int f0/0.70

ip nat inside

int f0/0.98

ip nat inside

int f0/0.100

ip nat inside

exit

-------------------------------------------------

VOIP

-------------------------------------------------

int f0/0

shut

int f0/0.100

desc Voice Vlan 100

encap dot1q 100

261

ip add 10.3.100.1 255.255.255.0

no shut


ip dhcp pool VOICE

network 10.3.100.0 255.255.255.0


option 150 ip 10.3.100.1

exit

telephony-service

max-ephones 5

max-dn 5

no auto-reg-ephone

auto assign 1 to 10


exit

ephone-dn 1 dual-line

number 3001

name Ryan Taylor

desc Network Admin

label Ryan Taylor (3001)


number 3002

name Scott Busch

desc Network Admin

label Scott Busch (3002)


number 3003

name Thrall

desc War Cheif

262

label Thrall (3003)


number 3005

name Adam West

desc Batman

label Adam West (3004)


number 3005

name Burt Reynolds

desc The Bandit

label Burt Reynolds (3005)

ephone 1

button 1:1 2:2

mac-address

type 7940

exit










New Orleans Configuration – SW1en

conf t

host NOS1

263

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

pass cisco

login

login local

logging synchronous

exec-timeout 0 0



exit




int vlan 99

desc Mangement Address

ip add 10.3.99.10 255.255.255.128

no shut

exit

vlan 10

name Staff

vlan 20

name Upper Mngmt

vlan 30

264

name Marketing

vlan 40

name HumanResources

vlan 50

name Facilities

vlan 60

name Security

vlan 66

Black Hole (Native)

vlan 70

name IT

vlan 98

name Server

vlan 99

name Management

vlan 100

name Voice

exit

int range f0/1 - 4




no shut

int range f0/5 - 6




no shut

int range f0/7 - 8

265




no shut

int range f0/9 - 10




no shut





no shut





no shut





no shut





no shut

266





no shut

int f0/24




no shut

exit

-------------------------------------------------

Etherchannel

-------------------------------------------------

int range f0/1 - 2

channel-group 1 mode active

exit

New Orleans Configuration – SW2host NOS2

no ip domain-lookup

enable secret cisco

line con 0

secret cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

secret cisco

267

login

login local

logging synchronous

exec-timeout 0 0



exit




int vlan 99

desc Mangement Vlan

ip add 10.3.99.20 255.255.255.128

no shut

exit

vlan 10

name Staff

vlan 20

name Upper Mngmt

vlan 30

name Marketing

vlan 40

name HumanResources

vlan 50

name Facilities

vlan 60

name Security

vlan 66

name Black Hole

268

vlan 70

name IT

vlan 98

name Server

vlan 99

name Mangement

vlan 100

name Voice

exit

int range f0/1 - 4




no shut

int range f0/5 - 6




no shut

int range f0/7 - 8




no shut

int range f0/9 - 10




no shut

269





no shut





no shut





no shut





no shut





no shut

exit

New Orleans Configuration – SW3host NOS3

no ip domain-lookup

270

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

pass cisco

login

login local

logging synchronous

exec-timeout 0 0



exit




int vlan 99

desc Mangement Address

ip add 10.3.99.30 255.255.255.128

no shut

exit

vlan 10

name Staff

vlan 20

name Upper Mngmt

vlan 30

name Marketing

271

vlan 40

name HumanResources

vlan 50

name Facilities

vlan 60

name Security

vlan 66

Black Hole

vlan 70

name IT

vlan 98

name Server

vlan 99

name Management

vlan 100

name Voice

exit

int range f0/1 - 4




no shut

int range f0/5 - 6




no shut

int range f0/7 - 8


272



no shut

int range f0/9 - 10




no shut





no shut





no shut





no shut





no shut


273




no shut

exit

-------------------------------------------------

Etherchannel

-------------------------------------------------


int range f0/1 - 2

channel-group 1 mode active

no shut

274

-Sacramento Configurations

275

Sacramento Configuration – R1+++ UNAUTHORIZED ACCESS PROHIBITED +++

User Access Verification

Password:

SAC-R1>en

Password:

SAC-R1#

SAC-R1#show run

Building configuration...

Current configuration : 3272 bytes!

version 12.4



service password-encryption!

hostname SAC-R1!

boot-start-marker

boot-end-marker!


enable secret 5 $1$x0Dw$nU/gshrN93ce8kE0tRCog/!

no aaa new-model


no network-clock-participate wic 1!

dot11 syslog

ip source-route!

ip cef

ip dhcp pool VOICEA

network 10.15.80.0 255.255.255.0


option 150 ip 10.15.80.1

276

no ip domain lookup

no ipv6 cef


voice-card 0

no dspfarm

archive

log config

hidekeys

controller T1 0/1/0

framing esf

linecode b8zs!

controller T1 0/1/1

framing esf

linecode b8zs!


no ip address

duplex auto

speed auto



ip address 10.15.10.1 255.255.255.0

ip helper-address 10.10.70.17!



ip address 10.15.20.1 255.255.255.0

ip helper-address 10.10.70.17!



ip address 10.15.30.1 255.255.255.0

277




ip address 10.15.80.1 255.255.255.0!



ip address 10.15.99.1 255.255.255.0


no ip address

duplex auto

speed auto!


description connection SAC-R2

ip address 10.10.1.1 255.255.255.252!


no ip address

shutdown

clock rate 125000

interface BRI0/2/0

no ip address

encapsulation hdlc

shutdown!

router eigrp 1

passive-interface FastEthernet0/0

network 10.10.1.0 0.0.0.3

network 10.15.10.0 0.0.0.255

network 10.15.20.0 0.0.0.255

network 10.15.30.0 0.0.0.255

network 10.15.99.0 0.0.0.255

278

no auto-summary



ip route 10.3.0.0 255.255.0.0 Serial0/0/0

ip route 10.10.0.0 255.255.0.0 Serial0/0/0

ip route 10.27.90.0 255.255.255.0 Serial0/0/0

no ip http server

no ip http secure-server

control-plane










telephony-service

no auto-reg-ephone

max-ephones 6

max-dn 6


auto assign 1 to 6

system message Sacramento-LAN 1




ephone-dn 1

279

number 4001

label Mohammed Es-sabri (4001)

description HR

name Mohammed Es-sabri

ephone-dn 2

number 4002

label Keith Williams (4002)

description HR

name Keith Williams

ephone-dn 3

number 4003

ephone 1


mac-address 0015.C6FA.4947

type 7940

button 1:2 2:1

banner motd ^C +++ UNAUTHORIZED ACCESS PROHIBITED +++ ^C

line con 0

exec-timeout 0 0

password 7 02150D5604

logging synchronous

login

line aux 0

line vty 0 4

password 7 060506324F41

login


end

Sacramento Configuration – R2

280

Current configuration : 5192 bytes!

version 12.4




hostname SAC-R2!

boot-start-marker

boot-end-marker!


enable secret 5 $1$Hg45$Fmvfre1/AsNCtzmnQmFJn/!

no aaa new-model

no network-clock-participate wic 1

no network-clock-participate aim 0!

dot11 syslog

ip source-route!

ip cef!

ip dhcp pool VOICE_SAC-R2

network 10.10.90.0 255.255.255.0


option 150 ip 10.10.90.1!

ip dhcp pool SECURITY

network 10.10.50.0 255.255.255.0


option 150 ip 10.10.90.1

ip dhcp pool FACILITIES

network 10.10.40.0 255.255.255.0


option 150 ip 10.10.90.1

ip dhcp pool IT

281

network 10.10.60.0 255.255.255.0


option 150 ip 10.10.90.1!

no ip domain lookup!

no ipv6 cef


voice-card 0

no dspfarm

username webuser privilege 15 secret 5 $1$.4vQ$tbq2mgWBUzsYzxibvxk870

archive

log config

hidekeys

controller T1 0/1/0

framing esf

linecode b8zs

controller T1 0/1/1

framing esf

linecode b8zs

interface Tunnel0

description VPN to Detroit

ip address 192.168.0.2 255.255.255.252



interface Tunnel2

description VPN to New Orleans

ip address 192.168.0.9 255.255.255.252




282

no ip address

ip nat inside


duplex auto

speed auto


description FACILITIES LAN


ip address 10.10.40.1 255.255.255.0

ip nat inside



description SECURITY LAN


ip address 10.10.50.1 255.255.255.0

ip nat inside



description IT LAN


ip address 10.10.60.1 255.255.255.0

ip nat inside



description SERVER LAN


ip address 10.10.70.1 255.255.255.0

ip nat inside


283


description VOICE SAC-R2


ip address 10.10.90.1 255.255.255.0


description VOICE SAC-R2


ip address 10.10.99.2 255.255.255.0

ip nat inside



description Connection to the Internet

ip address 10.200.100.5 255.255.255.240

ip nat outside


duplex auto

speed auto

interface FastEthernet0/2/0





description connection SAC-R1

ip address 10.10.1.2 255.255.255.252

ip nat inside


clock rate 128000


no ip address

284

shutdown

clock rate 128000

interface Vlan1

no ip address

router eigrp 1

redistribute static

passive-interface FastEthernet0/0

network 10.10.1.0 0.0.0.3

network 10.10.3.0 0.0.0.3

network 10.10.40.0 0.0.0.255

network 10.10.50.0 0.0.0.255

network 10.10.60.0 0.0.0.255

network 10.10.70.0 0.0.0.255

network 10.10.99.0 0.0.0.255

network 10.200.100.0 0.0.0.15

network 192.168.0.0 0.0.0.3

network 192.168.0.8 0.0.0.3

no auto-summary




ip route 10.15.0.0 255.255.0.0 Serial0/0/0



ip http server

ip http authentication local




285


access-list 1 permit 10.15.0.0 0.0.255.255!

control-plane










telephony-service

max-ephones 6

max-dn 6


auto assign 1 to 6

system message Sacramento - LAN 2




ephone-dn 1

number 5001

label Mohammed Es-sabri (5001)

description IT Dept

name Mohammed Es-sabri

ephone-dn 2

number 5002

label Keith Williams (5002)

286

description IT Dept

name Keith Williams

ephone-dn 3

number 5003

ephone 1


mac-address 0013.C39B.285B

type 7940

button 1:1 2:2

ephone 2


mac-address 0015.C6FA.4947

type 7940

button 1:2


line con 0

exec-timeout 0 0

password 7 105D00140A

logging synchronous

login

line aux 0

line vty 0 4

password 7 121A0C041104

login


end

Sacramento Configuration – SW1Current configuration : 2436 bytes!

version 12.1

287

no service pad

service timestamps debug uptime

service timestamps log uptime


hostname SAC-SW1!

enable secret 5 $1$ADgI$wzU4VuFEDWc1b8sV7i9mi/!

ip subnet-zero!

no ip domain-lookup!


no spanning-tree optimize bpdu transmission

spanning-tree extend system-id





spanning-tree portfast!





spanning-tree portfast!





spanning-tree portfast




288




switchport mode access!













shutdown













289















interface GigabitEthernet0/1


interface Vlan1

no ip address

no ip route-cache

shutdown

interface Vlan99

ip address 10.15.99.10 255.255.255.0

no ip route-cache


ip http server


line con 0

exec-timeout 0 0

password 7 0448020B00

290

logging synchronous

login

line vty 0 4

password 7 060506324F41

login

line vty 5 15

password 7 060506324F41

login

end

Sacramento Configuration – SW2Current configuration : 2467 bytes!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime


hostname SAC-SW2

enable secret 5 $1$lh.Q$rL61vpQT7lR.UW6Aw3PtB/

ip subnet-zero!

no ip domain-lookup


no spanning-tree optimize bpdu transmission

spanning-tree extend system-id







291






























292



















shutdown











293

interface Vlan1

no ip address

no ip route-cache

shutdown

interface Vlan99

ip address 10.10.99.20 255.255.255.0

no ip route-cache


ip http server


line con 0

exec-timeout 0 0

password 7 0317520609

logging synchronous

login

line vty 0 4

password 7 060506324F41

login

line vty 5 15

password 7 060506324F41

login

end

294

-Internet Configuration

295

Internet Router Configurationen

conf t

hostname INET-R

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 4

pass cisco

login

login local

logging synchronous

exec-timeout 0 0


transport input telnet

exit



ip http server


username webuser privilege 15 secret cisco

int f0/0

desc Internet

ip add 10.200.100.14 255.255.255.240

296

no shut

Internet Switch Configurationen

conf t

hostname INET-S

no ip domain-lookup

enable secret cisco

line con 0

pass cisco

login

logging synchronous

exec-timeout 0 0

line vty 0 15

pass cisco

login

login local

logging synchronous

exec-timeout 0 0

exit



username netadmin privilege 15 secret cisco12345


vlan 200

name Internet

297

int vlan 200

desc Internet

ip add 10.200.100.13 255.255.255.240

no shut

int f0/1



switchport trunk allowed vlan 200

int range f0/2 - 24


switchport access native vlan 200

298

-Firewall Configuration

299

Cisco ASA 5505 Out of the box

config factory-default

show int ip b = show interface ip brief

password configs

Define inside/outside interfaces

0/0 outside (vlan2 default) 0/1 inside

int vlan 1

nameif inside

security-level 100

ip address 000.000.000.000 255.255.255.0

CHECK DHCP (sh run | inc dhcpd)

no dhcpd address ... ... ... ... ... ... ... ... ...

NOTE: default 0/0 is in switchport access vlan 2

NOTE: outside security level is 0

int vlan 2

nameif outside

security-level 0

(put in public IP address) for this vs dhcp

object network ?

300

object network INSIDE_SUBNET

(config-network-object)?

(config-network-object)#subnet ... ... ... ... ?

(config-network-object)#subnet ... ... ... ... 000.000.000.000

(config-network-object)# nat ?

(config-network-object)#nat (inside/outside) ?

(config-network-object)#nat (inside/outside) dynamic ?

(config-network-object)#nat (inside/outside) dynamic interface

EXTRA

config t

object-group icmp-type ?

object-group icmp-type ALLOW_ICMP

(config-icmp-object-group)#icmp-object ?

(config-icmp-object-group)#icmp-object echo-reply

(config-icmp-object-group)#icmp-object time-exceeded

(config-icmp-object-group)#icmp-object unreachable

(config-icmp-object-group)#icmp-object traceroute

CREATE ACL AND BIND TO INTERFACE

confit t

access-list INBOUND ?

access-list INBOUND permit icmp ?

access-list INBOUND permit icmp any ?

access-list INBOUND permit icmp any any ?

access-list INBOUND permit icmp any any object-group ALLOW_ICMP

301

config t

access-group INBOUND in interface outside

#show ip

show run

no oject network obj_any

DEFINE HTTP/SSH/Telnet

config t

ssh ?

ssh (put in ip range of expected host)

TEMP EXAMPLE FOR CONFIG PURPOSES

ssh 0.0.0.0 0.0.0.0 inside

ssh 0.0.0.0 0.0.0.0 outside

show ip

telnet 0.0.0.0 0.0.0.0 inside

telnet 0.0.0.0 0.0.0.0 outside

http ?

http 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 outside

http ?

http server ?

http server enable

302

DEFINE DHCPD (optional)

config t

show run | inc dhcpd

dhcpd address 100.100.100.1-100.100.100.10 inside

dhcpd ?

dhcpd dns 4.2.2.2 interface inside

dhcpd enable inside

show run

NOTE PORT 0/1,3-7 VLAN 1 DEFAULT PORT 0/2 VLAN 2 DEFAULT

config t

wr (write to save)

DEFINE ASDM FOR THE GUI

config t

sh run | inc asdm

asdm image ?

asdm image flash:/asdm-???.bin

config t

wr (write)

sh ip

reload

303

-ACL Configuration

304

No telnet across any sites

only allow internal ssh for 3 routers.

only allow traffic to DMZ

web traffic/ICMP

During setup, have one IT VLAN host from each site set up.

TCP includes Telnet.

IP includes TCP, UDP, and ICMP.

access-list 100 remark Deny Telnet Traffic & Allow Regular Net Traffic

access-list 100 deny tcp any any eq telnet

access-list 100 permit ip any any

ISP - F0/1, going in.

access-group 100 in

access-list 101 remark Allow Web Traffic Through Networks

access-list 101 permit tcp any any eq 80

New Orleans - F0/1, going out.

Detroit - F0/0, going out.

Sacramento - F0/1, going out.

access-group 101 out

access-list 102 remark Allow SSH

access-list 102 permit tcp 10.27.80.0 0.0.0.255 eq 22 (Detroit)

apply on interface that will be SSH'ed into, going in.

Detroit - F0/1, going in.

305

access-group 102 in


access-list 102 permit tcp 10.3.1.0 0.0.0.31 eq 22 (New Orleans)


New Orleans - F0/0, going in.

access-group 102 in


access-list 102 permit tcp 10.10.60.0 0.0.0.255 eq 22 (Sacramento)


Sacramento R1 - F0/0, going in.

Sacramento R2 - F0/0, going in.

Sacramento has two sites, therefore since each router counts as a seperate site, each router must have access-list.

access-group 102 in

ip access-list standard SSH ALLOW (Detroit)

permit 10.3.1.0 0.0.0.31 - New Oreans f0/0, going out.

permit 10.10.60.0 0.0.0.255 - Sacramento R1 F0/0, going out.

Sacramento R2 F0/0, going out.

ip access-list standard SSH ALLOW (New Orleans)

permit 10.27.80.0 0.0.0.255 - Detroit F0/1, going out.

permit 10.10.60.0 0.0.0.255 Sacramento R1 F0/0, going out.

Sacramento R2 F0/0, going out.

ip access-list standard SSH ALLOW (Sacramento)

306

permit 10.27.80.0 0.0.0.255 - Detroit F0/1, going out.

permit 10.3.1.0 0.0.0.31 - New Orleans F0/0, going out.

Apply to VTY 0 4, VTY 0 15

access-class SSH ALLOW out

307

-Video VoIP Configuration

308

Detroit Configuration – R2no service password-encryption

hostname videoVOICE

boot-start-marker

boot-end-marker

enable secret 5 $1$o.tU$ey/Gue2C8u8Bpg/CjIvEO1

no aaa new-model


dot11 syslog

ip source-route

ip cef


ip dhcp pool VOICE

network 10.27.115.0 255.255.255.0


option 150 ip 10.27.115.1

no ipv6 cef


voice service voip

allow-connections sip to sip

sip

registrar server expires max 3600 min 1800

voice register global

mode cme

source-address 10.27.115.1 port 5060

max-dn 10

max-pool 2

load 9971 sip9971.9-1-1SR1.loads

authenticate register

309

authenticate realm all

timezone 13

voicemail 4009

tftp-path flash:

file text

create profile sync 0944316430570103

camera

video

voice register dn 1

number 4001

call-forward b2bua busy 4009

call-forward b2bua noan 4009 timeout 10

name John Doe

mwi

voice register dn 2

number 4002

call-forward b2bua busy 4009

call-forward b2bua noan 4009 timeout 10

name Jane Doe

mwi

voice register pool 1

id mac 5CA4.8A64.603C

type 9971

number 1 dn 1

username 4001 password 554001

description NetAdmin

codec g711ulaw

no vad

camera

310

video

voice register pool 2

id mac 5CA4.8A64.5F94

type 9971

number 1 dn 2

username 4002 password 554002

description Jane Doe

codec g711ulaw

no vad

camera

video

voice-card 0

crypto pki token default removal timeout 0

license udi pid CISCO2811 sn FTX0944A3FW

license accept end user agreement

redundancy


ip address 192.168.2.1 255.255.255.0

duplex auto

speed auto




no ip address

duplex auto

speed auto



ip address 10.27.115.1 255.255.255.0

311


no ip address

clock rate 128000


no ip address

shutdown

clock rate 125000


no ip address


no ip address


no ip address


no ip address

interface Vlan1

no ip address


no ip http server



tftp-server dkern9971.100609R2-9-1-1SR1.sebn

312

tftp-server kern9971.9-1-1SR1.sebn

tftp-server rootfs9971.9-1-1SR1.sebn

tftp-server sboot9971.031610R1-9-1-1SR1.sebn

tftp-server skern9971.022809R2-9-1-1SR1.sebn

tftp-server sip9971.9-1-1SR1.loads

control-plane

voice-port 0/1/0

voice-port 0/1/1

voice-port 0/3/0

voice-port 0/3/1

mgcp profile default

line con 0

line aux 0

line 1/0 1/15

line vty 0 4

login

transport input all


end

313

Software Development Team Appendices

**Please See Supplementary Documentation for Source Annotation**

314

Project Status Reports

315

PROJECT STATUS REPORT

CPIN 269 CLASS PROJECT

FEBRUARY 5, 2016

PROJECT STATUS SUMMARY Percent Complete: 05%

Scope Schedule Cost Risks Quality

The Planning phase of the project is well underway. Currently objectives have been identified, and team leaders are communicating with their teams establish a breakdown of the required work elements, and their relative priorities, dependencies, and weights.

Currently all phases of the project are green, save schedule. No unexpected events have arisen to complicate the planning as of yet, and until final decisions on project scope are approved is at a standstill. Planning is taking an appropriate amount of time, however communication between team members, team leads, and the project manager is for the moment sluggish, leading to a sense of disconnect and hesitation as to the pace of the finalized details.

WORK PLANED FOR LAST MONTH

Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.

WORK COMPLETED LAST WEEK

316


WORK PLANNED FOR NEXT WEEK

Plan to finalize scope and begin establishment of a work breakdown and critical path to lead to project’s completion. Expecting Work Breakdowns from team leaders, as well as a preliminary project charter, to be developed by the project manager in cooperation with the team.

OPEN ISSUES

Concern on communication structure between team leads and manager, level of direct involvement to be determined. Will address with team leads in the coming week.

OPEN RISKS

With first presentation approaching, real risk of false start. Must take care to meet deliverable timetable.

DELIVERABLES AND MILESTONES

Milestone WBS Planned Forecasted Actual Status

Planning Completion TBA Incomplete

317

Deliverable WBS Planned Forecasted Actual Status

WBS 2/15 -- -- Incomplete

Scope Statement 2/15 -- -- Incomplete

Project Schedule 2/22 -- -- Incomplete

OPEN CHANGE REQUESTS

Scope not yet Established, changes inapplicable prior to scope acceptance.

Change Request Name

Change Request Number

Request Date Current Status

N/A

KEY PERFORMANCE INDICATORS (KPI'S)

Schedule - Project is On Schedule

Schedule Variance (SV): $xxxx

Schedule Performance Index (SPI): x.xx

Cost - Project is On Budget

Cost Variance (CV): $xxx

Cost Performance Index (CPI): x.xx

318

319



FEBRUARY 15, 2016








320

WBS developed for individual teams, while overall project WBS is in development. Scope statement and project charter in development.


Finalized WBS, project charter and scope statement expected in the coming week. All documents to be submitted for approval of project sponsors by 2/21.

OPEN ISSUES

Team is beginning to show restlessness at current project pace. The sooner we can begin execution phase, the better.

OPEN RISKS

With first presentation approaching, real risk of false start. Must take care to meet deliverable timetable.



Planning Completion TBA 2/21 Incomplete


321

WBS 2/15 2/21 -- LATE

Scope Statement 2/15 2/21 -- LATE

Project Schedule 2/22 -- -- Incomplete



Change Request Name



N/A








322



FEBRUARY 22, 2016







323


Project charter and project WBS completed. Project Charter accepted with provision to amend signature page.


Finalize requirements for hardware and software, finalize scope statement, develop project schedule. Will present project timeline 2/25.

OPEN ISSUES

Network team is dragging feet delivering hardware requirement invoice, delaying scope statement. Will confer with network team lead to amend situation.

OPEN RISKS

Presentation set for less than a week out, difficulty scheduling with team leads remains.



Planning Completion TBA 2/21 2/24 LATE

324

Project Schedule Presentation

2/25


WBS 2/15 2/21 2/21 Complete

Scope Statement 2/15 2/24 -- LATE

Project Schedule 2/22 2/24 -- LATE



Change Request Name



N/A





325




326



FEBRUARY 28, 2016



Planning phase of the project is rapidly coming to a close. WBS has been completed, allowing for accurate projections of work to be done, and the labor costs to each task. The project charter has been submitted for approval, the scope has been established, with the scope statement pending only on a budgetary quote for cost of implementation.

With the timeline presentation looming, the project looks to be ready to advance to the next stages. The team is anxious to begin execution.




Project Scope Statement completed, pending quote of costs for requisitioned hardware and licenses. Presentation prepared for project sponsor.

327


Timeline presentation 3/1. Presentation to CPIN Advisory Board 3/2. Project to shift into execution phase following presentation on 3/1.

OPEN ISSUES

Wrestling with Microsoft Project to create initial Gant Chart. One of the team leads has relatively major presentation anxiety. Will consult as necessary to ease nerves.

OPEN RISKS

Presentation, both to project sponsor and advisory board are imminent. Must make a good showing to propel project forward with strong momentum.



Planning Completion TBA 2/21 2/24 2/28 LATE

Project Schedule Presentation 2/25



328

Scope Statement 2/15 2/24 2/28 Complete

Project Schedule 2/22 2/24 2/28 Complete

Timeline Presentation 3/1 3/1 -- Pending



Change Request Name



N/A








329



MARCH 8, 2016



The project has shifted into the Execution phase, with implementation and quality control becoming the primary focuses.




Project timeline presentation, and presentation of project synopsis to Advisory Board. Finalization of planning procedures.

330


Physical implementation of network base infrastructure, and initialization of server builds.

OPEN ISSUES

Early concerns regarding balance of workload between team members. Preliminary consult given to software team lead, and oversight given to network team’s situation.

OPEN RISKS

Successful implementation of network infrastructure is one of the first work activities to fall on the critical path. This must be completed on schedule, lest the entire project risk a slide.



Planning Completion 2/21 2/24 3/1 Complete

Project Schedule Presentation 2/25 3/1 Complete



Scope Statement 2/15 2/24 2/28 Complete

Project Schedule 2/22 2/24 2/28 Complete

Timeline Presentation 3/1 3/1 3/1 Complete

331


Change Request Name



N/A








332



MARCH 14, 2016



Execution is underway. Network team has begun to fall behind schedule at an alarming rate. Work in progress to identify snags and address issues. Pushing network team lead to crash early stages of execution in order to make up as much time as possible. Additional labor hours will be appended to project plan as necessary.




Execution begun. Software development team began drafting initial framework for admin portal. Server team successfully installed OS’s on all servers. Network team began installation of physical topology, but has yet to decide on a final framework.

333


Completion of network infrastructure, completion of server role installations, and completion of Employee management section of Admin Portal.

OPEN ISSUES

Network and server teams falling behind schedule early. Must address issues of resource management and utilization. Critical path currently sliding.

OPEN RISKS

Risk of a slide is advancing apace. Budgeting and schedule have been adjusted as per requirements.



Physical Equipment Installed 3/10 3/17 -- LATE

Basic Configurations Complete

3/12 3/20 LATE

Routing and Switching Functional

3/16 3/20 Pushed Back

Wireless Implementation Complete


Server OS’s Installed 3/9 -- -- Complete

334

Domain Created 3/3 3/15 LATE

Central Domain Policies Established

3/7 3/17 LATE

Domain Structure Complete 3/15 3/19 Pushed Back

GPO Environment Complete 3/17 3/21 Pushed Back

DNS Functioning 3/7 3/20 Pushed Back

DHCP Functioning 3/9 3/21 Pushed Back

Departmental Shares Created 3/9 3/20 Pushed Back



Exchange System Installed 3/5 3/16 LATE

Exchange System Functioning



3/7 3/25 LATE

Database Scheme/Migrations Complete

3/7 -- -- Complete

Admin Portal Authentication Complete

3/10 -- -- Complete

Admin Portal Employee Management Complete

3/17 On Schedule


335


Change Request Name



N/A


Schedule - Project is BEHIND Schedule






336



MARCH 21, 2016



Progress continues in the execution phase. Network infrastructure and connectivity is lagging behind, forcing a slide along the critical path. Slack was planned into the project, and deadlines are being reevaluated.




Network infrastructure installed. Progress on network configuration stalled out as difficulties with hardware, materials, and functional versions clashed with resources’ skill sets. Topology and implementation have undergone several revisions. Servers have all been initialized, with OS’s installed, and roles implemented. Configuration of the domain awaits a functional network. The software team’s progress on the Admin Portal continues on schedule.

337


Completion of basic network connectivity, and creation of domain. Integration of server infrastructure within network. Begin closeout processes for the Admin Portal.

OPEN ISSUES

Network continues to delay progress of the project. Deadlines are under revision as the work continues at its pace.

OPEN RISKS

Budget and timeline both are expecting overages from initial forecasts. Additional resources are being allocated more time toward crashing key work activities.



Physical Equipment Installed 3/10 3/17 -- LATE


3/12 3/22 LATE



338




Domain Created 3/3 3/22 LATE


3/7 3/24 LATE

Domain Structure Complete 3/15 3/24 Pushed Back







Exchange System Installed 3/5 3/27 LATE




3/7 3/27 LATE


3/7 -- -- Complete


3/10 -- -- Complete


3/17 On Schedule


339


Change Request Name




001 3/14/2016 Pending





Cost - Project is OVER Budget



340



MARCH 28, 2016



Relatively major breakthroughs came this past week, with network connectivity going live, and server assignment to network spaces and joining to our domain coming together. Software continues apace.


Early execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.


Network connectivity achieved. Servers integrated into network. Admin portal nearing completion.

341


Network team breakout into various sub-tasks, including wireless, VoIP, and security, while maintaining network structure for team’s use. Server team move into more specific configurations and establishing infrastructure sustainability with connectivity for testing.

OPEN ISSUES

Must reconsider milestone dates to correspond to current status of project. Slide over the previous weeks have altered my timetable significantly.

OPEN RISKS

Progress report to project stakeholders upcoming. Must communicate with team leads to design presentation and define realistic expectations for project prognosis.



Physical Equipment Installed 3/10 3/17 3/17 Complete


3/12 3/22 3/26 Complete

342


3/16 3/24 3/26 Complete




Domain Created 3/3 3/22 3/22 Complete


3/7 3/24 3/24 Complete

Domain Structure Complete 3/15 3/24 3/24 Complete






3/9 4/2 Pushed Back

Exchange System Installed 3/5 3/31 Pushed Back






3/7 -- -- Complete


3/10 -- -- Complete


3/17 On Schedule


343


Change Request Name




001 3/14/2016 Accepted

Network Team Restructure

002 3/25/2016 Accepted








344



APRIL 5, 2016



Network team progress continues, VoiP initial functionality demonstrated today. Difficulties and disparity between team member participation begins to show, with several members spending significant amounts of time outside of class. The Detroit site continues to lack complete implementation, currently using workarounds. With availability of network, server team progresses quickly along their tasks, catching up to original projections against previous delays. Software team continues to work shorthanded and with limited productivity out of team. Team leader carries the workload and has yet to fall behind schedule, but I have concerns as to his capability to continue this pace.



345


Server team completed domain implementation, created GPO environment, established DNS and DHCP functionality, and finalized ticketing system. Software team completed administration portal, including the last of its sub tasks. Storefront Products completed. Network team achieved functional communication between sites, with limited topology available for Detroit. VoiP implementation made major steps toward completion.


Network team finish VoiP and Detroit implementation. Work to begin on security and wireless implementations. Server team to finalize DFS, Radius, and permissions. Software team to complete storefront cart, account creation, and checkout.

OPEN ISSUES

Have begun to crash delayed tasks, reallocating resources and significantly over-allocate resources wherever available. Available lab times are being gradually optimized and abused.

OPEN RISKS

General dissent among Network team as to progress and questions regarding leadership. Have been addressed via promotion of Ryan to Co-team leader, in an effort to relieve stress on Shane. Full functionality still elusive in Detroit, crashing task to allow for swift correction.

346



Wireless Implementation Complee

4/7 4/14 -- Delayed

VoiP Complete 4/7 4/9 -- Delayed

Teleworker Solution Complete

4/26 4/26 Upcoming

Network Based Security Complete

4/26 4/26 Upcoming

Disaster Recovery Plan Established

4/26 4/26 Upcoming

Server Infrastructure Complete

4/24 4/24 Upcoming

Server Testing Complete 4/28 4/28 Upcoming

Departmental Shares Created 4/2 4/7 Delayed


4/2 4/9 Delayed

Exchange System Installed 4/2 4/7 Delayed

Radius Server Implemented 4/8 4/8 Upcoming


4/5 4/9 Delayed

Storefront Cart Complete 4/7 4/7 Upcoming

Storefront Account Creation Complete

4/7 4/7 Upcoming

Storefront Checkout Complete

4/12 4/12 Upcoming

Storefront Authentication Complete

4/14 4/14 Upcoming

347

Storefront Account Management Complete

4/21 4/21 Upcoming

Software Testing Complete 4/26 4/26 Upcoming

Servers Formatted For Development Team Use

4/26 4/26 Upcoming



Change Request Name




001 3/14/2016 Accepted


002 3/25/2016 Accepted


Schedule - Project is ON Schedule



348




349



APRIL 12, 2016



In the past week we prepared and presented a progress report to key stakeholders, reporting the current health of the project. Additionally work has begun accelerating, as key aspects of the project are reaching completion.




Full implementation of network infrastructure completed. All three sites maintain full functionality and features for basic connectivity and routing. VoiP implementation complete across all three sites, with functioning extension dialing across the sites. Server

350

implementation nearing completion, DFS, AD, DNS, DHCP all complete or nearly so. Work begun toward implementation of exchange infrastructure. Developing team nearing completion. Admin portal finished, account creation complete, and shopping cart API defined.


Network team prioritizing wireless functionality, and security solutions. Firewalls and ACLs to be installed and configured. Server team to finish satellite tasks regarding DFS, Remote Desktop, begin formalizing RADIUS implementation, and turn focus toward Exchange system. Server team to begin allocating resources toward integration, adding client test systems to domain environment, installing software deliverables into server infrastructure. Development team to begin Customer Account Management and Order Management, leading toward finalization and wrap up of software implementation. Ahead of schedule, as such, additional time to be allocated toward testing and integration, raising quality as capable.

OPEN ISSUES

Crash of tasks continues. Assessment of remaining tasks taken under consideration. Potential for scope adjustments as final weeks approach. Friction arisen as a result of progress report presentation among network team. Darrin expressed displeasure toward representation of progress. Issue addressed, however management maintains the intention to oversee issue to prevent further aggravation.

OPEN RISKS

General dissent among Network team as to progress and questions regarding leadership. Have been addressed via promotion of Ryan to Co-team leader, in an effort to relieve stress

351

on Shane. Full functionality still elusive in Detroit, crashing task to allow for swift correction.




4/7 4/21 -- Delayed

VoiP Complete 4/7 4/9 -- Complete


4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/24 4/24 Upcoming




4/2 4/14 Delayed

Exchange System Installed 4/2 4/7 4/8 Complete

Radius Server Implemented 4/8 4/14 Delayed


4/5 4/21 LATE

Storefront Cart Complete 4/7 4/7 4/7 Complete


4/7 4/7 4/7 Complete


4/12 4/12 Upcoming

352


4/14 4/14 Upcoming


4/21 4/21 Upcoming



4/26 4/26 Upcoming



Change Request Name




001 3/14/2016 Accepted


002 3/25/2016 Accepted





353




354



APRIL 19, 2016



We had a significant turnaround in group environment this past week. Attitudes improved toward progress and team members. Integration efforts have begun, with DHCP functioning across the network, and client test environments being developed.




Troubleshooting continued for the Detroit site. Final issues smoothed out. WDS images and PXE Boot successfully implemented on test machines. Software team quickly approaching completion ahead of schedule.

355


Implementation of firewall and ACLs for network security. Wireless access point integration and configuration. Integration of software team solutions into server infrastructure. Complete implementation of Exchange environment, and hammer down remaining server tasks. Documentation of project work to begin in earnest.

OPEN ISSUES

We are quickly approaching deadline. Remaining tasks to be assessed for likelihood of completion, as well as potential additional work periods to crash tasks for rushed completion.

OPEN RISKS

Risks remain concerning applicability of remaining tasks, as well as group dynamic. While team atmosphere has improved, I have lingering concerns toward overall health of team make-up.




4/7 4/21 -- Delayed

356



4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/24 4/24 Upcoming




4/2 4/14 Delayed


Radius Server Implemented 4/8 4/14 Delayed


4/5 4/21 LATE





4/12 4/12 Upcoming


4/14 4/14 Upcoming


4/21 4/21 Upcoming



4/26 4/26 Upcoming


357


Change Request Name




001 3/14/2016 Accepted


002 3/25/2016 Accepted








358



APRIL 26, 2016



The project is swiftly approaching completion. All primary Software Development, and Server tasks have been completed, allowing this last week for integration, testing, and minor adjustments to configurations. The network team is currently concerting their efforts to finish on schedule.


Execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.


359

Software and Server full implementation complete. Network completed full implementation of VoiP across three sites, wireless implemented at Sacramento, to be rolled out to other sites this week.


Network team to implement wireless at remaining two sites, as well as attempt integration of wireless into RADIUS, to permit domain credentials to be used as authentication method. Implementation of ASLs and firewall to be primary concern, however I have my doubts as to their feasibility. Server and Software teams to devote their time to integration and testing, preparing for a smooth presentation of the products produced by our team.

OPEN ISSUES

Network team having difficulty configuring CUCM server for their use with VoiP and Telepresence. VoiP can function without it, however more advanced features are reliant on the server backbone. May need to scrap telepresence. Firewall implementation is slow, as the team is unfamiliar with ASA commands. May need to evaluate circumstances.

OPEN RISKS

The eleventh hour is always a stressful time. I expect to see team members butting heads as they scramble to finish their allotted tasks in time. Documentation is proving to be a point of contention, with several parties having different ideas of what the end product should be.


360



4/7 4/21 -- Delayed



4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/26 4/26 Upcoming


4/24 4/24 Complete


Departmental Shares Created 4/2 4/14 Complete


4/2 4/14 Complete


Radius Server Implemented 4/8 4/14 Complete


4/5 4/21 Complete





4/12 4/12 Complete


4/14 4/14 Complete


4/21 4/21 Complete


361


4/26 4/26 Upcoming



Change Request Name




001 3/14/2016 Accepted


002 3/25/2016 Accepted








362

363