Upload
jennifer-cordes
View
67
Download
1
Embed Size (px)
Citation preview
CPIN 269 Documentation
Spring 2016
INSTRUCTOR, JUSTIN BAITZAlexander KorichProject Manager
We Frame UComprehensive IT Solution
Project Documentation
Ivy Technical Consulting3101 S CREASY LN
LAFAYETTE, IN 47905
May 5, 2016
1
Contents Executive Summary…..3 Request for Proposal…..5 Project Charter…..17 Ethical Use Policy…..23 Scope Statement…..25 Work Breakdown Structure…..31 Milestone List…..47 Budget Breakdown…..52 Gantt Charts
o Preliminary Gantt Chart…..55o In Progress Gantt Chart…..83o Finalized Gantt Chart…..111
Change Requests…..139 Technical Documentation
o Network Documentation…..144o Server Documentation…..164o Software Documentation…..178
Lessons Learned and Conclusiono Network Lessons Learned…..208o Server Lessons Learned…..210o Software Lessons Learned…..212o Overall Project Lessons Learned and Conclusion…..215
Appendices…..219
2
Executive Summary
3
The Ivy Technical Consulting Group has been contracted to develop, install, test, and configure
and complete IT infrastructure and solution for WeFrameU.com. This solution is to adhere to the
requirements of the project sponsor to the closest degree possible, while leveraging the skills of it’s team
members to their utmost.
Primary objectives for the project are delineated into three major groupings. A network
infrastructure is to be developed, allowing for communication and scalability between three physical
locations, each with their own difficulties and specific requirements. A server infrastructure is to be
implemented, allowing for services to be provided across the network for all representatives of the project
sponsor. Finally, a software solution is to be developed, implemented, and made available publicly,
enabling employees of WeFrameU to manage operations internally, as well as allowing customers to
place orders in an online marketplace, thus reducing the load on telephone operators, and increasing
accuracy and efficiency of orders.
The project team will consist of the following structure. As primary project sponsor and
representative of WeFrameU.com, Justin Baitz. The Ivy Technical team will be broken up into three
organizational groupings. At their head, Alex Korich, project manager. Leading the network team,
Shane Adams and Ryan Taylor. Leading the server team, Haylie Pangle, and Cody Tormoehlen.
Leading the software development team, Joey Davis.
Resources are to be delegated to teams based upon appropriate skillsets. The following resources
have been made available to the Ivy Technical Consulting group for this project: Scott Busch, Keith
Williams, Darin Gravitt, Christopher Platt, Mohammad Es-Sabri, Jennifer Muray, Trent Cohernour,
Hayden Kirchner, Randy Doughty, Sabrina Tarin Chowdhury, and Charles Johnson.
4
Request for Proposal – Business Case ScenarioOriginal Assignment Document
5
IVY TECH COMMUNITY COLLEGE / LAFAYETTECPIN 269 Spring 2016 Project
Overview:From this point forward, the class will be an IT consulting firm. Your team has been contracted
to plan and implement an entire IT infrastructure. You will be given specific requirements in this document, and will then make your own decisions about how these will be met. There will also be opportunities to add functionality, but be sure not to exceed the scope without justification and approval. All project related communication will go through the established chain of command. Remember; use what you have learned, what you are learning and your knowledge of resources to do research when necessary. Most importantly be professional and have a little fun.
Step 1, Read and understand the requirements. Decide who will be responsible for what and develop a plan of attack.
Step 2, Begin work on a Project Charter and a Project Schedule (Timeline).
Documentation Deliverables:This outline is not exhaustive you may find some other pieces to add as you see fit. However it should contain at least these components:
Executive summary
Business case
*Project Charter
*Scope statement
*WBS (Work Breakdown Structure)
*Project Schedule
Disaster Recovery Plan
Ethical Usage Plan
Policy Control Plan
Progress Reports
Conclusion
6
Appendices: all applicable diagrams (AD structure, Topology, Data flows, ERDs, UML, Flow charts, etc…)
* Need to be included in Timeline Presentation
Demonstration Environment:You will create a scaled-down environment to illustrate the functionality you have created. This is your chance to show off the things you have been working so hard on all semester. Think of this as a proof of concept or prototype.
Presentations:There will be 3 presentations during the semester. Everyone is required to be present for EVERY presentation. Again, there will be a 50 point deduction for not being in class on presentation days. The presentations are broken down as follows:
Timeline: Share your plan; discuss your timeline and team and individual assignments. Describe what you are going to do, how you are going to do it, and why you chose to do it that way opposed to other methodologies that could work. Team leaders and the project manager will participate, but everyone must be present.
Progress: Progress report; define where you are compared to where your plan said you would be. Elaborate on any issues you have had or changes that have been made since the timeline presentation. Team leaders and the project manager will participate, but everyone must be present.
Final Presentation: Formal, professional presentation to the customer, EVERYONE must participate equally. You will describe what you have accomplished and how you accomplished it including a live demonstration of your functionality. This is your chance to demonstrate to me and anyone else who attends what you have been working so hard on for all these months.
Description:We recently secured a new client by the name of WeFrameU.com. They manufacture high-end picture frames. They have asked us to design a brand new network and IT infrastructure for their business. You will also plan for a long-term service contract that will include technical support and update management.
7
They would also like you to develop a Disaster Recovery plan that includes a sound back up strategy. They have included requirements and have asked that you plan, design, and develop a prototype within approximately 12 weeks. They wish to keep a reasonable balance between cost and performance, and ask you to justify all technological decisions made. I am confident that the deadline and requirements can be met. Be creative, simply meeting the minimum requirements may not be good enough for this client, Good Luck!!
Requirements:
WeFrameU Industries has 735 employees spread across 3 sites. The company’s headquarters is located in Detroit and new branch offices are opening soon in Sacramento and New Orleans. Although currently smaller than New Orleans, Sacramento has been chosen to be the main Branch office in order to secure contracts with companies in the western portion of the United States. As such, scalability is crucial for the Sacramento location as growth in that branch is inevitable.
Your job is to bring the branch offices online as soon as possible, as well as provide connectivity among all departments in all locations. You will design a new addressing scheme, configure WAN links, configure the LAN and WLAN, set up NAT and implement some standard security measures.
They are expecting the following roles to be fulfilled; again any other functionality may be added with justification and approval. There will be a minimum of 2 domain controllers at each site; the remote site in Sacramento does not have sound physical security so any DCs there will need protected somehow. They will need a web server, file and print services for all sites, media server to house training videos, backup and update (WSUS) servers, Microsoft Exchange email, they also need to serve several applications including a sales app and Quicken for their accounting department and any applications that your team implements.
Scalability at all sites is absolutely necessary because the company has requested that you implement as many “advanced” technologies as possible after installation of the required LAN/WAN infrastructure These advanced technologies include; wireless, IP telephony, Tele-Presence, video surveillance, and security technologies. In other words, no portion of the LAN/WAN infrastructure should be implemented without consideration of how advanced technologies will be integrated into the system in the future.
The customer also specified that each user has their own private folder, departmental shares and a management share. Each of these should only be accessible by those in the given departments. These should be stored and backed up centrally and accessible to users no matter where they log in to the domain.
The web sites and database must be scalable to handle thousands of records, millions of customers, and very high traffic levels. Security and availability must be balanced.
8
They will also need new client stations for all employees; each station will have a desktop system. You should also create a plan for future hardware upgrades on a recurring cycle. It is also imperative to plan for software upgrades; not only for the OS and Office products but for Adobe products (Flash, Reader, etc...), Java, Firefox, and all other software on the PCs.
All managers will require laptops along with their desktops and the expectation is that they will have seamless access to their desktop and document along with other resources from both. The managers in New Orleans will require sturdy models that can withstand some abuse. The security machines need to be high-end with high resolution video and large multiple monitors to view security feeds.
You will establish and enforce through group policies an ethical usage plan for all levels of users that lays out what is acceptable and unacceptable use of company resources. You will also plan and implement a trouble ticket handling system and process.
The headquarters site wishes to enable all employees to have easy and secure network/internet access with mobile devices such as laptops. Requirements also indicate that visitors should have internet access with mobile devices, while being isolated from the corporate network until they can meet security requirements. The Sacramento site also needs secure access to mobile devices. Visitors are not allowed internet access in Sacramento.
You will plan for an enterprise-grade internet solution that will handle the heavy volume of traffic expected including video conferencing between sites. They would also like to utilize the network infrastructure for voice communication. They would like you to explore alternatives and justify your decisions.
The customers are expecting a comprehensive design of the logical infrastructure as well. To this end you will completely design the entire operation from the ground up. This will entail a separate domain for each site that will fall under a single tree housed at the Detroit office. The design should also include an intranet for employee access to applications, email, company policies and such. As well as an internet presence that is interactive, and allows for product sales. These sales should directly deduct inventory and provide notification when an item gets low.
WeFrameU.com sells frames in several sizes, colors and styles. They are priced by size (3*5 = $10, 5*7 = $12, 8*11 = $15, 11*14 = $20, 16*20 = $25). They should be searchable and sort able by all of these factors. They also allow personalization of frames for an initial cost of $2 for the first 5 letters; each additional letter costs a penny. They are expecting you to design a database to house inventory and track gross income. The accounting department will then determine the amount of profit through their application. The system should monitor and maintain inventory in wood, glass and even the amount of
9
paint or varnish being used. For every united inch of framing ¼ pint of paint or 3/8 pint of varnish are used. Wood is measured in board feet, paint and varnish are measured in gallons and glass is measured in united inches.
You will create a functional test environment with the equipment that you are assigned in the lab. This will serve as the prototype and proof of concept for your design. You should virtualize wherever possible to allow the widest available testing. The first presentation will describe your plan to complete the prototype and will be based on the course calendar.
Most importantly you will document the entire process. This includes all planning and implementation guidelines, the usage plan, replacement cycles, network and application diagrams, and any other documents that are needed to complete the project.
Your final document will describe the full-scale implementation. This will include a timeline for deployment at each site. Your prototype plan and documentation (Progress Reports) will appear as Appendix A.
Project Requirements:
Corporate Information:Detroit Site
o National datacenter including corporate services: Email DNS Web/ Database FTP Active Directory
o Should utilize mixed Linux/Windows environment with virtualization (see Microsoft)
o DMZ should be secured with appropriate technologies (ACLs, Firewall, IDS/IPS).
Sacramento (2 buildings)
o 2 LANs
10
o IP Telephony solution for intra LAN and inter LAN (LA to Detroit) using a call-manager implementation at each site. Both hardware and software phones can be used.
o Site-to-Site VPN with Detroit Architecture can use ASA, Router IOS, or any combination.
o Secure autonomous wireless (bridge) connects two buildings. PCs from each LAN are in each building.
New Orleans
o 2 LANs (1 IPv6 wired, 1 IPv4 wireless). 6-to-4 translation method is your choice.o IP Telephony if possible (we may need more IP phones).o At least 1 secure autonomous wireless LAN. Authenticate to Active Directory??
Teleworker
o Remote access VPNSite Breakdown:
Detroit
Department Users Stations Hosts
Staff 300 150 750
Upper Mgmt. 10 10 24
Marketing 25 25 57
Shipping 50 15 120
Accounting 25 25 48
Human Resources 40 30 100
Facilities 25 5 50
Security 5 5 41
IT 5 5 13
Totals: 485 270 1203
WAN Connectivity
The Detroit headquarters needs connectivity to both New Orleans and Sacramento. Choices for WAN connectivity include frame relay and point-to-point “leased lines.” If point-to-point leased lines are used, a robust form of PPP authentication must be used on the links between routers.
11
LAN/VLAN
Connectivity among all departments in the HQ LAN is required through the use of VLANs.
Wireless
Due to space constraints the company recently annexed a nearby building to house 10 of the current 41 security team members. Because this annex does not have a wired infrastructure; a secure, autonomous, wireless LAN solution must be implemented in the annex. Moreover, the annex is across the street from the main Detroit site. Local “right of way” ordinances render wired connectivity to the main Detroit site financially impractical at this time. As a result, a separate, secure, autonomous, wireless solution that connects the annex WLAN to the main Detroit site is also required.
Routing
WAN connectivity among all three sites should be established through the use of a dynamic routing protocol. The choice of routing protocol must be justified by the Cisco team, and IP addressing/network design/routing tables must be efficient as possible inside the network. Consider using summary addresses when/if possible. Appropriate routing must also exist between the ISP router and the company’s edge router.
Global Data Center
The Detroit headquarters houses a corporate data center which includes all servers necessary for day to day HQ operations. This includes Web, email, and FTP services. These servers are located in a Demilitarized Zone (DMZ) and are open to public access.
IP Addressing, NAT and DMZ
Then entire corporate network has been assigned an external NAT pool of 10.200.100/29 by its ISP. This is how the corporation is viewed by the ISP and the rest of the world. This pool of addresses is to be shared between:
Internal hosts needing outside connectivity. Devices within the DMZ
All internal traffic should be translated to an address within this pool for Internet connectivity. Moreover, the Web, email, and FTP servers all need to be reached by hosts on the Internet via domain name (e.g., www.companyx.com, ftp.companyx.com, or mail.companyx.com).
12
As a result, the DMZ server addresses must share a portion of the overall /29 public address pool with internal hosts that need translation. To avoid exhaustion of the pool addresses used for internal connectivity to the outside, Port Address Translation (PAT) should be configured on pool addresses to be used for inside to outside connectivity.
Detroit Access Control
To better secure the corporate network, the following policies are to be implemented:
Internet users should only be able to ping the company’s inside public web server, inside public FTP server, and inside email server. Internet users should not be able to ping hosts on the company’s inside LAN.
Internet users are allowed to send ping replies and unreachable messages into the inside LAN.
Internet packets that are part of an already established TCP session should be allowed into the network.
Allow companyx domain users to have web access and send ICMP messages to the Internet. For example, inside users should be able to ping other web sites.
Users in the Custodial and Shipping/Receiving VLANs should not be allowed to telnet anywhere.
Sacramento
Department Users Stations Hosts
Staff 75 50 217
Management 5 5 12
Human Resources 2 2 8
Facilities 4 2 4
Security 2 1 10
IT 2 2 6
Totals: 90 62 257
Description
The Sacramento site consists of a single building, which houses the main employee population; and a small separate building across the street from the main site.
13
LAN/VLAN
Connectivity among all departments in the Sacramento LAN is required through the use of VLANs.
Wireless
The Human Resources and Security VLANs share a secured, autonomous wireless access point. Each VLAN requires authentication for each department to access their respective wireless WLAN.
IP Addressing
As with all corporate LANs, efficient IP addressing should be used. Scalability should be considered when committing to subnet sizes. Cisco team must justify subnet mask choice.
New Orleans
Department Users Stations Hosts
Staff 125 125 300
Management 8 8 17
Marketing 4 4 15
Human Resources 6 2 18
Facilities 4 2 17
Security 9 9 20
IT 4 4 9
Totals: 160 154 396
Description
The New Orleans site consists of a single building which houses the main employee population.
LAN/VLAN
Connectivity among all departments in the New Orleans LAN is required through the use of VLANs.
14
IP Addressing
As with all LANs, efficient IP addressing should be used. Scalability should be considered when committing to subnet sizes. Cisco team must justify subnet mask choice.
Responsibilities:
This list is not exhaustive or inclusive. These are some guidelines to get you going in the right direction. It is imperative that everyone is very clear about the scope of responsibility of each team. You should expand the project in any ways that are feasible. Explore new technologies, find ways to utilize technologies that you know.
Infrastructure:
Active Directory
DNS
Exchange Email
Outlook Web Access (OWA)
DHCP
Folder shares for users and departments
Use virtualization platform (ESXi, HyperV, ZenServer, etc…)
Media server to house training videos
Backup and update (WSUS) servers
Develop an image deployment system.
Establish and enforce a policies and ethical usage plan for all of users.
Plan and implement a trouble ticket handling system and process.
Remote desktop solution
Disaster recovery document
Developement:
Web Sites (Internal and External)
Ability for new users to “register” and create an account with username and password
Design a database to house inventory and track gross income/expenditures.
15
Online catalog of products with price.
Ordering system with real-time inventory control
Sends each order to warehouse as completed (calculates proper springs and frames to include)
Generate a shipping label for order
Removes sold items from inventory
Receipt generation after payment with fake credit card.
System should be able to generate several reports:
Total number of mattresses box springs and frames on hand
Monthly usage patterns
Network:
All internal and external communications
Addressing
WAN links
VLAN
NAT
Wireless network
Routing
Teleworker Solution
Telephony
Internet solution
Security cameras
Telepresence
Network Security
Disaster Recovery
Additional Comments:o You should not “do the minimum.” Additional technologies should be explored and
implemented when appropriate. o For example, use PPP with authentication, rather than just PPP.
o Don’t be afraid to add additional functionality (IP cameras, telephony, telepresence, etc… if you complete the above Responsibilities.
16
17
Project Charter
18
1. Project DescriptionThis project’s end goal is to fully establish and integrate a comprehensive IT solution for WeFrameU, including their primary facilities and the establishment of two new branch offices. The team will collaborate with project sponsors to develop realistic goals and expectations, striving to fulfill all customer needs to the best of their ability.
2. Project PurposeThe purpose of this project, in addition to the initial goal of rolling out two new offices, is to improve business functionality through the use of integrated IT systems. These systems will push down operational costs by improving employee efficiency, and reducing management overhead. We project an increase of sales on the order of 25% as a result of improved customer interaction, and the development of a web based operations system, allowing for customers to order at their leisure.
3. Business CaseIn addition to the aforementioned reduction in operations costs, and increase in potential sales volume, this project will further prepare the company for future growth. Principle to said growth is the implementation of a properly scalable infrastructure, such as that which this project aims to create.
4. Business RequirementsThe project will introduce methods to facilitate customer interaction and sales, a means to maintain and monitor inventory of product, and systems to manage employees.
5. AssumptionsThis project operates under the assumption that project sponsors will authorize appropriate budget as needed for the project, including, but not limited to labor costs, hardware and software requirements. Further, project stakeholders are assumed to have communicated their requirements to the best of their knowledge, allowing for a consistent direction of effort for members of the project team.
6. ConstraintsThis project is subject to several constraints. Chief among them is a hard deadline. The project must be completed on or before May 5th, 2016. In addition to this time constraint, the project is limited in its resources. Acquisition of hardware and software resources is to be vetted through project sponsors, and additional personnel resources will not be available in any form.
7. RisksCurrently known risks to this project’s completion and successful implementation include loss of team members to attrition, limited access to personnel resources owing to their being otherwise allocated to other projects and tasks. In addition, the deadline previously mentioned looms, failure to anticipate events preceding this timeframe may result in additional risks to the status of the project. Budgetary concerns include additional costs being incurred as a result of increasing scope of project goals. All such
19
budgetary risks will be channeled through project sponsors for approval before any implementation may go forward.
8. Project DeliverablesUpon completion of the project, the team will present the following deliverables: a functional representation of network infrastructure, exhibiting communication and integration of sites in Detroit, Sacramento, and New Orleans. A server infrastructure will be in functional working order, providing domain services, security and accessibility, including remote access, internally hosted Email, local DNS and DHCP, appropriate update functionality, a system to create tickets for IT professional attention in the event of problems, and further infrastructure applications as required in an enterprise environment. Finally, proprietary software solutions will be implemented to address Human Resources needs, inventory management, and customer care, the latter including and online system to place and process orders for products. Documentation of all systems and the development process will be presented upon project completion.
9. Project MilestonesIdentify the project milestones.
Milestone Date Milestone Name Milestone Description[February 20] Project Charter
CompleteReport of project goals and parameters presented to project sponsors for approval.
[February 25] System Requirements Complete
System requirements version 1.0 are approved and baselined so that the project can begin design and development.
[March 1] Implementation Underway
Begin process of project execution.
[April 20] Development Complete Software and hardware development is complete and ready for integration testing.
[May 1] Deployed to Production System passes integration and end-user acceptance testing and is deployed to production.
[May 5] Present Final Product All project goals met, and tested. Present finalized project to project sponsors for approval and review.
10.Project ManagerThe project manager for this project will be one, Alexander Korich. His authority in this project will include preliminary filtering of budget and resource allocation and requisition, subject to approval from project sponsors. All changes and suggestions to the scope of the project must be vetted through project manager before being submitted to the project sponsors. Final responsibility for project completion and phase progression rests with project manager. Personnel allotment following the initial assignment of teams and their leadership may be adjusted as per the needs of the project as identified by the project manager.
20
11.Project Roles and Responsibilities
Name Role ResponsibilitiesAlex Korich Project
Management Lead project team, and develop appropriate
documentation. Interact with project sponsors to identify needs
and requirements.Haylie Pangle Server Team Co-
Lead Plan and document Server related tasks for the
project. Direct implementation of Server Team goals. Assign resources as necessary to tasks for
project completion.Cody Tormoehlen Server Team Co-
Lead Coordinate with Haylie for server team’s
successful deployment and development. Filter requests and suggestions from team for
increase or decrease of scope or resource requisition. Confer with Alex for approval of said requests.
Liaison with Alex for status reports of server team progress.
Report progress of project development and goals periodically to project sponsors.
Shane Adams Network Team Lead Plan and document Network related tasks for the project.
Direct implementation of Network Team goals. Assign resources as necessary to tasks for
project completion. Filter requests and suggestions from team for
increase or decrease of scope or resource requisition. Confer with Alex for approval of said requests.
Liaison with Alex for status reports of network team progress.
Report progress of project development and goals periodically to project sponsors.
Joey Davis Software Plan and document Software related tasks for
21
Development Team Lead
the project. Direct implementation of Software Team goals. Assign resources as necessary to tasks for
project completion. Filter requests and suggestions from team for
increase or decrease of scope or resource requisition. Confer with Alex for approval of said requests.
Liaison with Alex for status reports of network team progress.Report progress of project development and goals periodically to project sponsors.
12.Project Life Cycle Methodology and ToolsThis project will implement a Waterfall Life Cycle methodology. The team will make use of myriad tools to assist in its completion. Among them, document templates obtained from ProjectManagementDocs.com, and tools and programs included in Microsoft Project.
22
13.AuthorizationApproved by the Project Sponsor:
______________________________________________ Date:______________________[Baitz, Justin]
Director of Ongoing Operations, WeFrameU.com
Accepted by the Project Manager:
______________________________________________ Date:______________________[Korich, Alexander]
Project Manager, Ivy Technical Consulting
Accepted by the Project Team Leaders:
______________________________________________ Date:______________________[Adams, Shane]
Network Team Co-Leader, Ivy Technical Consulting
______________________________________________ Date:______________________[Taylor, Ryan]
Network Team Co-Leader, Ivy Technical Consulting
______________________________________________ Date:______________________[Davis, Joey]
Software Development Team Leader, Ivy Technical Consulting
______________________________________________ Date:______________________[Tormoehlen, Cody]
Server Team Co-Leader, Ivy Technical Consulting
______________________________________________ Date:______________________[Pangle, Haylie]
Server Team Co-Leader, Ivy Technical Consulting
23
24
Ethical Use Policy
25
The resulting product of this project is to be used only under the strict adherence to
WeFrameU.com’s corporate ethics policy. To that end, the technical capabilities aided and enhanced by
this project’s scope should not be pushed beyond the limits of fair and respectable usage. By the very
nature of a business maintaining communication with clients, sensitive information will be passed along
insecure channels. To prevent unnecessary loss of such sensitive information as credit card information,
all WeFrameU.com employees are to follow the guidelines set forth by their company, and the project
sponsor is to take Ivy Technical Consulting’s security and policy suggestions under advisement.
Following project completion, all administrative passwords used in the implementation of the
systems will be changed to accommodate WeFrameU.com’s local IT staff and administration.
Representatives of Ivy Technical Consulting will not retain access to any system created for the project
sponsor. Support will not be ongoing, preventing potential conflicts of interests.
26
Scope Statement
27
INTRODUCTION
This Project Scope Statement serves as a baseline document for defining the scope of the WeFrameU Comprehensive IT Solution Project, project deliverables, work which is needed to accomplish the deliverables, and ensuring a common understanding of the project’s scope among all stakeholders. All project work should occur within the framework of the project scope statement and directly support the project deliverables. Any changes to the scope statement must be vetted through the approved Project Change Management Process prior to implementation. This completion date for this project is May 5, 2016.
PROJECT PURPOSE AND JUSTIFICATION
Ivy Technical Consulting has been approved to design and implement a comprehensive IT solution for WeFrameU, including hardware infrastructure, server implementation, and software solutions to provide for enhanced employee productivity and customer satisfaction. The purpose of this project is to expand WeFrameU’s operations by establishing two new branch offices and integrating them with the main office. WeFrameU’s expansion into these additional branches provides the perfect opportunity to reinforce their operations through this implementation and expansion of technical solutions. By implementing the project, WeFrameU can better leverage its resources by providing fundamental services for its employees, and establishing essential services for streamlining ordering and support for its customers. The successful implementation of this project is expected to reduce WeFrameU’s cost of operations and schedule delays by 30%, and improve sales through implementation of easy online ordering by 25%.
SCOPE DESCRIPTION
The scope of the WeFrameU Comprehensive IT Solution Project is to plan, design, build, and implement a working infrastructure for WeFrameU, including allowances for two new branch offices, the home office, and potential future expansion. Each site will be equipped with a redundant network infrastructure, with systems in place for data communication between all devices as necessary, integrated voice over network, network supported security cameras, and Cisco Telepresence, and wireless access designed to meet appropriate security requirements. Additionally, each site will be equipped for full communication with the other sites, over WAN links. Upon this network infrastructure will be implemented a robust server infrastructure. Each site will be equipped with severs to function as domain controllers and other essential domain services, including file shares, and domain authentication. Server infrastructure will be implemented in a mixture of both physical and virtual systems, allowing for greater flexibility, and scalability. The entire network will be supplied with an exchange system to handle messaging, a web server to host services both internal and external, and remote access solutions. Wireless communication and authentication will be handled by a RADIUS server. A system will be
28
prepared to implement secure updates and image delivery, minimizing unnecessary bandwidth usage. In order to properly monitor the computing environment, an offline trouble ticket system will be implemented. A database will be developed as a backbone for the front end programs to be developed. The software team will provide and administration portal, in which users will be able to manage employees, materials, products, and customer orders. A storefront will be developed, which will be the outside point of contact for customers, allowing for browsing products, implementation of a shopping cart system, checkout, including payment operations. Customers will be able to create accounts for use within the storefront environment, and view orders as necessary.
HIGH LEVEL REQUIREMENTS
IvyTechnical Consulting has been authorized to prepare and produce an IT solution for WeFrameU according to the following requirements:
Three Sites, home site and two branches. Functional network communication between all sites. Network security available to an appropriate business standard. Implementation of VoiP systems. Telephony implementation. Development of network integrated security cameras. Implementation of a server environment, supplying domain services, email exchange,
authentication, and storage solutions, as well as serving as a platform for software integration. Development of database to maintain and monitor inventory, orders, customers and employees. Implement online presence, allowing customer interaction, and product ordering.
BOUNDARIES
The WeFrameU project includes all features included in the above scope. IvyTechnical Consulting will not provide ongoing support and maintenance for the systems and infrastructure produced by the project, nor will the project include the training of end users in the use of these systems.
STRATEGY
The strategy involved in the WeFrameU project will fall under the following structure. The team will consist of primarily entry level employees, serving as a real world test of abilities, and the implementation of realistic, if challenging goals. In order to facilitate results while working withing the constraints of limited scheduling and availability, as much work will be accomplished outside of typical hours. Should
29
outside advice be needed, local experts may be contacted on a pro bono basis. These contributions will be credited and noted inproject documentation..
DELIVERABLES
There are several deliverables which will be produced as a result of the successful completion of the PMD Project. If all of the following deliverables are not met then the project will not be considered successful. The Project Manager is responsible for ensuring the completion of these deliverables.
1. Deliverable 1 – Functional routing configuration and connectivity between sites.2. Deliverable 2 – Peripheral network applications, wireless access, VoiP and Security cameras.3. Deliverable 3 – Satisfactory network security implementation, firewalls, ACL’s.4. Deliverable 4 – Implementation of a domain structure, with servers and clients joined, exhibiting
base connectivity and authentication.5. Deliverable 5 – Delivery of completed network infrastructure, presented for use by rest of project
team.6. Deliverable 6 – Functional and tested file storage and sharing implementation.7. Deliverable 7 – Remote control, access and remote authentication systems tested and
implemented, including Remote Desktop and Radius implementations.8. Deliverable 8 – Functional WDS solution for image deployment and creation.9. Deliverable 9 – Functioning update infrastructure.10. Deliverable 10 – Working Exchange environment.11. Deliverable 11 – Implemented ticketing system.12. Deliverable 12 – Database Schema established.13. Deliverable 13 – Admin Portal Employee/Material Management.14. Deliverable 14 – Admin Portal Product/Order Management.15. Deliverable 15 – Storefront API Established.16. Deliverable 16 – Storefront Account Creation and Authentication17. Deliverable 17 – Closing Documents and Presentation of Final Product.
ACCEPTANCE CRITERIA
Acceptance criteria have been established for the WeFrameU Project to ensure thorough vetting and successful completion of the project. The acceptance criteria are both qualitative and quantitative in nature. All acceptance criteria must be met in order to achieve success for this project:
1. Meet all deliverables within scheduled time and budget tolerances2. Fully functioning branch sites.3. Demonstrable improvements in infrastructure to provide appreciable benefits to both cost of
operation and increased revenue through online sales.
CONSTRAINTS
30
Several constraints have been identified for the PMD Project. It is imperative that considerations be made for these constraints throughout the project lifecycle. All stakeholders must remain mindful of these constraints as they must be carefully planned for to prevent any adverse impacts to the project’s schedule, cost, or scope. The following constraints have been identified for the PMD Project:
1. Human Resources will only be available 25% of their workable hours.2. Project manager will only work 50% of billable hours on this project.3. Project must be completed by close of business on May 5, 2016.4. Project must be completed within budget tolerance.
ASSUMPTIONS
Several assumptions have been identified for the WeFrameU Project. All stakeholders must be mindful of these assumptions as they introduce some level of risk to the project until they’re confirmed to be true. During the project planning cycle every effort must be made to identify and mitigate any risk associated with the following assumptions:
1. IT group is capable of producing quality and professional documentation of their efforts.2. IT experts working only 25% of their billable hours on this project is adequate to complete the
project by May 5, 20163. The Project Manager working only 50% of billable hours on this project is adequate to complete
the project by May 5, 20164. The WeFrameU Project has full support from senior management across all departments within
Ivy Tech Community College.
COST ESTIMATE
The estimated costs for this project are included in the table below. As the project proceeds and any additional costs become known, this cost estimate will be refined and communicated to all project stakeholders.
Expense Estimated Budget
Labor $60782
Software $8250
Hardware $666739
Other --
Total $735771
31
32
SPONSOR ACCEPTANCE
Approved by the Project Sponsor:
______________________________________________ Date:______________________Baitz, Justin
Director of Ongoing Operations, WeFrameU.com
33
Work Breakdown Structure
34
INTRODUCTION
The Work Breakdown Structure presented here represents all the work required to complete this project.
OUTLINE VIEW
1. Comprehensive IT Solution1.1 Initiation
1.1.1Evaluation & Recommendations1.1.2Develop Project Charter1.1.3Deliverable: Submit Project Charter1.1.4Project Sponsor Reviews Project Charter1.1.5Project Charter Signed/Approved
1.2 Planning1.2.1Create Preliminary Scope Statement1.2.2Deliverable: Submit Scope Statement for Review1.2.3Project Team Kickoff Meeting1.2.4Develop WBS1.2.5Deliverable: Submit WBS for Approval1.2.6Network Team Planning
1.2.6.1 Create Topology 1.2.6.2 Physical Connections 1.2.6.3 Routing and Switching solution1.2.6.4 Wireless Solution1.2.6.5 IP Telephone solution1.2.6.6 Develop Teleworker Solution1.2.6.7 Network Security Solution1.2.6.8 Internet and Disaster Recovery Solution
1.2.7Software Development Team Planning1.2.7.1 Determine Objects1.2.7.2 Determine Tools1.2.7.3 Decide on Front-end JavaScript Framework1.2.7.4 Decide on Front-end GUI Framework1.2.7.5 Decide on Java Server Framework1.2.7.6 Configure Development Environments
1.2.8Develop Project Plan1.2.9Submit Project Plan1.2.10 Milestone: Project Plan Approval
1.3 Execution
35
1.3.1Project Kickoff Meeting1.3.2Verify & Validate User Requirements1.3.3Procure Hardware/Software1.3.4Network Team Execution
1.3.4.1 Install Logical Topology1.3.4.2 Implement Basic configurations1.3.4.3 Configure Routing and Switching1.3.4.4 Implement wireless solution1.3.4.5 Deploy IP telephone solution1.3.4.6 Deploy teleworker solution1.3.4.7 Setup network security1.3.4.8 Setup Internet and Disaster Recovery1.3.4.9 Testing Phase1.3.4.10 Install Live System1.3.4.11 Go Live
1.3.5Server Team Execution1.3.5.1 Server Installation
1.3.5.1.1 Install Server OS1.3.5.1.2 Check Server Updates1.3.5.1.3 Assign Static IP to Server
1.3.5.2 Active Directory/ DNS1.3.5.2.1 Install Active Directory Role1.3.5.2.2 Create GPOs for each department1.3.5.2.3 Add users to each department 1.3.5.2.4 Enforce polices1.3.5.2.5 Setup/Verify DNS
1.3.5.3 DHCP1.3.5.3.1 Install DHCP Role1.3.5.3.2 Add the ranges for each location1.3.5.3.3 Add exclusions- static IPs from server
1.3.5.4 DFS/Shared Files1.3.5.4.1 Install DFS1.3.5.4.2 Configure DFS1.3.5.4.3 Create share files for each department
1.3.5.5 Remote Desktop/Virtualization1.3.5.5.1 Install Remote Desktop1.3.5.5.2 Configure RD1.3.5.5.3 Enable on Client1.3.5.5.4 Install Hyper-V
1.3.5.6 WDS1.3.5.6.1 Install WDS role1.3.5.6.2 Create an image
1.3.5.7 WSUS1.3.5.7.1 Install WSUS role
36
1.3.5.7.2 Configure backup/update on WSUS1.3.5.7.3 Add OUs
1.3.5.8 Radius Server1.3.5.8.1 Install Radius Server Role1.3.5.8.2 Configure to use Authentication by using domain
username/password1.3.5.9 Exchange Email/Outlook
1.3.5.9.1 Install Exchange 1.3.5.9.2 Add the Role1.3.5.9.3 Configure Exchange email
1.3.5.10 SpiceWorks1.3.5.10.1 Download application to server1.3.5.10.2 Create an offline account for ticketing system
1.3.5.11 Disaster Recovery Plan1.3.5.11.1 Collaborate with teams on disaster
1.3.6Software Development Execution1.3.6.1 Database
1.3.6.1.1 Define Attributes1.3.6.1.2 Define Relationships1.3.6.1.3 Define Schema1.3.6.1.4 Create Database Migrations
1.3.6.2 Admin Portal1.3.6.2.1 Authentication
1.3.6.2.1.1 Employee Login1.3.6.2.1.2 Employee Logout
1.3.6.2.2 Employee Management1.3.6.2.2.1 Add Employee1.3.6.2.2.2 View Employees1.3.6.2.2.3 Modify Employee1.3.6.2.2.4 Remove Employee
1.3.6.2.3 Material Management1.3.6.2.3.1 Add Material1.3.6.2.3.2 View Materials1.3.6.2.3.3 Modify Material1.3.6.2.3.4 Remove Material
1.3.6.2.4 Product Management1.3.6.2.4.1 Add Product1.3.6.2.4.2 View Products1.3.6.2.4.3 Modify Product1.3.6.2.4.4 Remove Product
1.3.6.2.5 Customer Order Management1.3.6.2.5.1 Add Order1.3.6.2.5.2 View Orders1.3.6.2.5.3 Modify Order
37
1.3.6.2.5.4 Cancel Order1.3.6.3 Storefront
1.3.6.3.1 Products1.3.6.3.1.1 Display Products1.3.6.3.1.2 Filter Products1.3.6.3.1.3 Product Detail
1.3.6.3.2 Shopping Cart1.3.6.3.2.1 Define Shopping Cart API1.3.6.3.2.2 Add Item1.3.6.3.2.3 Remove Item1.3.6.3.2.4 Modify Item1.3.6.3.2.5 Clear Cart
1.3.6.3.3 Account Creation1.3.6.3.4 Checkout
1.3.6.3.4.1 Accept Shipping Information1.3.6.3.4.2 Accept Payment Information1.3.6.3.4.3 Process Order1.3.6.3.4.4 Display Receipt
1.3.6.3.5 Customer Authentication1.3.6.3.5.1 Customer Login1.3.6.3.5.2 Customer Logout
1.3.6.3.6 Customer Account Management1.3.6.3.6.1 View Orders
1.3.7Go Live1.4 Control
1.4.1Project Management1.4.2Project Status Meetings1.4.3Risk Management1.4.4Update Project Management Plan
1.5 Closeout1.5.1Audit Procurement1.5.2Document Lessons Learned1.5.3Update Files/Records1.5.4Gain Formal Acceptance1.5.5Archive Files/Documents
38
WBS DICTIONARY
Level WBS Code
Element Name Definition
1 1 Comprehensive IT Solution All work to implement a new IT environment for WeFrameU, including the setup of their new branches.
2 1.1 Initiation The work to initiate the project.
3 1.1.1 Evaluation & Recommendations Working group to evaluate solution sets and make recommendations.
3 1.1.2 Develop Project Charter Project Manager to develop the Project Charter.
3 1.1.3 Submit Project Charter Project Charter is delivered to the Project Sponsor.
3 1.1.4 Project Sponsor Reviews Charter Project sponsor reviews the Project Charter.
3 1.1.5 Project Charter Signed/Approved The Project Sponsor signs the Project Charter which authorizes the Project Manager to move to the Planning Process.
2 1.2 Planning The work for the planning process for the project.
3 1.2.1 Create Preliminary Scope Statement Project Manager creates a Preliminary Scope Statement.
3 1.2.2 Submit Scope Statement for Review Submit Scope Statement to Project Sponsor for Review.
3 1.2.3 Project Team Kickoff Meeting The planning process is officially started with a project kickoff meeting which includes the Project Manager, Project Team and Project Sponsor (optional).
3 1.2.4 Develop WBS Work with Team Leads to create WBS for project.
3 1.2.5 Submit WBS For Approval Project Manager submits the WBS
39
for approval.
3 1.2.6 Network Team Planning Deciding on how the network will look and function.
4 1.2.6.1 Create Topology Creating a logical topology of how physical network will look like.
4 1.2.6.2 Physical Connections Design wiring scheme for datacenter layout and WAN links for sites.
4 1.2.6.3 Routing and Switching Solution EIGRP protocol, and switching configurations.
4 1.2.6.4 Wireless Solution Wireless AP for guests and employees.
4 1.2.6.5 IP Telephone Solution VoIP phone systems and telepresence conferencing.
4 1.2.6.6 Develop Teleworker Solution VPN and remote connectivity for teleworkers.
4 1.2.6.7 Network Security Solution Security ideas consisting of MD5, ACLs, firewalls, etc.
4 1.2.6.8 Internet and Disaster Recovery Solution
Provide connection to internet from within network and plan hot/cold site for backup.
3 1.2.7 Software Development Team Planning
Design and development is planned
4 1.2.7.1 Determine Objects Identification of objects within the system
4 1.2.7.2 Determine Tools Determine what development tools will be necessary to complete the project.
4 1.2.7.3 Decide on Front-end Javascript Framework
Determine which framework will assist in front-end processing.
4 1.2.7.4 Decide on Front-end GUI Framework
Determine a framework for the user interface
4 1.2.7.5 Decide on Java Server Framework Determination of a server-side framework to handle HTTP requests
4 1.2.7.6 Configure Development Development stations are configured
40
Environments
3 1.2.8 Develop Project Plan Under the direction of the Project Manager the team develops the project plan.
3 1.2.9 Submit Project Plan Project Manager submits the project plan for approval.
3 1.2.10 Project Plan Approval The project plan is approved and the Project Manager has permission to proceed to execute the project according to the project plan.
2 1.3 Execution Work involved to execute the project.
3 1.3.1 Project Kickoff Meeting Project Manager conducts a formal kick off meeting with the project team, project stakeholders and project sponsor.
3 1.3.2 Verify and Validate User Requirements
The original user requirements is reviewed by the project manager and team, then validated with the users/stakeholders. This is where additional clarification may be needed.
3 1.3.3 Procure Hardware and Software The procurement of all hardware, software and facility needs for the project.
3 1.3.4 Network Team Execution Work involved to execute the project.
4 1.3.4.1 Install Logical Topology Translate logical topology into physical topology.
4 1.3.4.2 Implement Basic Configurations Configure basic router and switch configurations (hostname, console security, etc).
4 1.3.4.3 Configure Routing and Switching Implement EIGRP, and advanced switching configurations.
4 1.3.4.4 Implement Wireless Solution Deploy APs for guest and employee access.
41
4 1.3.4.5 Deploy IP Telephone Solution Apply VoIP technology for phone system and telepresence for conferencing.
4 1.3.4.6 Deploy Teleworker Solution Apply VPN technology and remote connectivity for employees.
4 1.3.4.7 Setup Network Security Implement ACLs, firewalls, and authentication for network traffic.
4 1.3.4.8 Setup Internet and Disaster Recovery
Setup pathway to internet and backup hot/cold site for recovery.
4 1.3.4.9 Testing Phase The system is tested with a select set of users.
4 1.3.4.10 Install Live System The actual system is installed and configured.
4 1.3.4.11 Go Live System goes live with all users.
3 1.3.5 Server Team Execution All work to implement a new Server Infrastructure
4 1.3.5.1 Server Installation Install OS
5 1.3.5.1.1 Install Server OS Install Windows Server 2012 R2
5 1.3.5.1.2 Check Server Updates Make sure all servers are up-to-date
5 1.3.5.1.3 Assign Static IP to Server Assign static IP address to servers
4 1.3.5.2 Active Directory and DNS Install AD & DNS
5 1.3.5.2.1 Install Active Directory Role Setup & Verify
5 1.3.5.2.2 Create GPOs for Each Department GPOs for each deparment
5 1.3.5.2.3 Add Users to Each Department Add users to each department
5 1.3.5.2.4 Enforce Policies Assign policies to departments
5 1.3.5.2.5 Setup and Verify DNS Setup & verify
4 1.3.5.3 DHCP Install DHCP
5 1.3.5.3.1 Install DHCP Role Setup & verify
5 1.3.5.3.2 Add Ranges for Each Location Ranges will be assign to each location
5 1.3.5.3.3 Add Exclusions – Static IP’s from Static IPs from server
42
Server
4 1.3.5.4 DFS and Shared Files Setup & Verify
5 1.3.5.4.1 Install DFS Install DFS role
5 1.3.5.4.2 Configure DFS Setup DFS at each location
5 1.3.5.4.3 Create Share Files for Each Department
Shared files for each department
4 1.3.5.5 Remote Desktop and Virtualization Install & Verify RD
5 1.3.5.5.1 Install Remote Desktop Setup & verify
5 1.3.5.5.2 Configure RD Configure at each location
5 1.3.5.5.3 Enable on Client Needs enable for function use
5 1.3.5.5.4 Install Hyper-V Install & setup Hyper-V
4 1.3.5.6 WDS Setup & Verify
5 1.3.5.6.1 Install WDS Role Install role at each location
5 1.3.5.6.2 Create an Image Base image for all clients
4 1.3.5.7 WSUS Setup & Verify
5 1.3.5.7.1 Install WSUS Role Install WSUS role
5 1.3.5.7.2 Configure Backup and Update on WSUS
Configure backup/update
5 1.3.5.7.3 Add OU’s Add OUs that need to be backed up
4 1.3.5.8 Radius Server Setup & Verify
5 1.3.5.8.1 Install Radius Server Role Install Radius Server Role
5 1.3.5.8.2 Configure to use Authentication with Domain Credentials
Configure to use Authentication by using domain username/password
4 1.3.5.9 Exchange Email/Outlook Functioning Mail Server
5 1.3.5.9.1 Install Exchange Install Exchange Role
5 1.3.5.9.2 Add the Role Install Exchange Server Role
5 1.3.5.9.3 Configure Exchange Email Configure on mail server
4 1.3.5.10 SpiceWorks Application used for ticketing
43
system
5 1.3.5.10.1 Download Application to Server Download application server
5 1.3.5.10.2 Create an Offline Account for Ticketing System
Create offline account for ticketing system
4 1.3.5.11 Disaster Recovery Plan Plan for Disaster
5 1.3.5.11.1 Collaborate with Teams on Disaster Plan
Collaborate with other teams to create a plan for a disaster
3 1.3.6 Software Development Execution
4 1.3.6.1 Database The database is defined and populated
5 1.3.6.1.1 Define Attributes The definition of database table attributes
5 1.3.6.1.2 Define Relationships The definition of database table relationships
5 1.3.6.1.3 Define Schema Database queries will be written
5 1.3.6.1.4 Create Database Migrations Creation and population of database(s)
4 1.3.6.2 Admin Portal Provides an interface for the business activities
5 1.3.6.2.1 Authentication Provides access control to the admin portal
6 1.3.6.2.1.1 Employee Login Implement the procedure for logging an employee in
6 1.3.6.2.1.2 Employee Logout Implement the procedure for logging an employee out
5 1.3.6.2.2 Employee Management Provides a means of managing employee accounts
6 1.3.6.2.2.1 Add Employee Implement the procedure to add an employee
6 1.3.6.2.2.2 View Employees Implement the procedure to view employees
6 1.3.6.2.2.3 Modify Employee Implement the procedure to modify employees
6 1.3.6.2.2.4 Remove Employee Implement the procedure to remove
44
an employee5 1.3.6.2.3 Material Management Provides a means of managing
materials
6 1.3.6.2.3.1 Add Material Implement the procedure to add a material
6 1.3.6.2.3.2 View Materials Implement the procedure to view materials
6 1.3.6.2.3.3 Modify Material Procedure to modify materials
6 1.3.6.2.3.4 Remove Material Implement the procedure to remove materials
5 1.3.6.2.4 Product Management Provides a means of managing products
6 1.3.6.2.4.1 Add Product Implement the procedure to add a product
6 1.3.6.2.4.2 View Products Implement the procedure to view products
6 1.3.6.2.4.3 Modify Product Implement the procedure to modify products
6 1.3.6.2.4.4 Remove Product Implement the procedure to remove products
5 1.3.5.2.5 Customer Order Management The software will provide a means of managing customer orders
6 1.3.5.2.5.1 Add Order Implement the procedure to add an order
6 1.3.5.2.5.2 View Orders Implement the procedure to view orders
6 1.3.5.2.5.3 Modify Orders Implement the procedure to modify an order
6 1.3.5.2.5.4 Cancel Order Implement the procedure to cancel an order
4 1.3.6.3 Storefront A storefront provides an interface to customers, allowing them to order frames online
5 1.3.6.3.1 Products Customer will have access to products through the storefront.
6 1.3.6.3.1.1 Display Products Implement the procedure for displaying all available products
6 1.3.6.3.1.2 Filter Products Implement the procedure for filtering products by attributes
6 1.3.6.3.1.3 Product Detail Implement the procedure for viewing the details of a specific product
5 1.3.6.3.2 Shopping Cart Customers will have the capability to manage selected items and orders.
45
6 1.3.6.3.2.1 Define Shopping Cart API Definition of a shopping cart API for use in the storefront
6 1.3.6.3.2.2 Add Item Implement the procedure to add a product to the customer’s cart
6 1.3.6.3.2.3 Remove Item Implement the procedure to remove a product from the customer’s cart
6 1.3.6.3.2.4 Modify Item Implement the procedure to modify a product in the cart (such as quantity)
6 1.3.6.3.2.5 Clear Cart Implement the procedure to allow all products to be removed from the cart
5 1.3.6.3.3 Account Creation Customers will be provided a means of creating an account
5 1.3.6.3.4 Checkout Process allowing customers to make purchases
6 1.3.6.3.4.1 Accept Shipping Information Implement the procedure to store shipping information provided by the customer
6 1.3.6.3.4.2 Accept Payment Information Implement the procedure to store payment information provided by the customer
6 1.3.6.3.4.3 Process Order Implement the procedure to “process” the customer’s order
6 1.3.6.3.4.4 Display Receipt Implement the procedure to display a receipt of the customer’s order
5 1.3.6.3.5 Customer Authentication Implement the procedure allowing a customer to maintain a session on the storefront
6 1.3.6.3.5.1 Customer Login Implement the procedure creating a session for a customer
6 1.3.6.3.5.2 Customer Logout Implement the procedure destroying the session for a customer
5 1.3.6.2.6 Customer Account Management Process allowing a customer to view details regarding their account
6 1.3.6.3.6.1 View Orders Implement the procedure allowing customers to view their orders
3 1.3.7 Go Live Systems roll out to live production environment for implementation and stress testing.
2 1.4 Control The work involved for the control process of the project.
3 1.4.1 Project Management Overall project management for the project.
3 1.4.2 Project Status Meetings Weekly team status meetings.
46
3 1.4.3 Risk Management Risk management efforts as defined in the Risk Management Plan.
3 1.4.4 Update Project Management Plan Project Manager updates the Project Management Plan as the project progresses.
2 1.5 Closeout The work to close-out the project.
3 1.5.1 Audit Procurement An audit of all hardware and software procured for the project, ensures that all procured products are accounted for and in the asset management system.
3 1.5.2 Document Lessons Learned Project Manager along with the project team performs a lessons learned meeting and documents the lessons learned for the project.
3 1.5.3 Update Files and Records All files and records are updated to reflect the widget management system.
3 1.5.4 Gain Formal Acceptance The Project Sponsor formally accepts the project by signing the acceptance document included in the project plan.
3 1.5.5 Archive Files and Documents All project related files and documents are formally archived.
47
GLOSSARY OF TERMS
Level of Effort: Level of Effort (LOE) is how much work is required to complete a task.
WBS Code: A unique identifier assigned to each element in a Work Breakdown Structure for the purpose of designating the elements hierarchical location within the WBS.
Work Package: A Work Package is a deliverable or work component at the lowest level of its WBS branch.
WBS Component: A component of a WBS which is located at any level. It can be a Work Package or a WBS Element as there's no restriction on what a WBS Component is.
WBS Element: A WBS Element is a single WBS component and its associated attributes located anywhere within a WBS. A WBS Element can contain work, or it can contain other WBS Elements or Work Packages.
WAN (Wide Area Network): Connections between sites, typically through Internet Service Providers.
EIGRP (Enhanced Interior Gateway Routing Protocol): is a protocol used in the routing process for network traffic.
Wireless AP (Access Point): A device or point in the building where a user with mobile device can connect.
VoIP (Voice over Internet Protocol): Is a technology used to uses phones over the data network at the same time as data traffic.
VPN (Virtual Private Network): Is used as a tunnel through the open internet to securely access company resources.
48
ACLs (Access Control Lists): Are lists used in routing to allow or deny certain traffic into the internal network of the company, or different areas of the company.
MD5( Message Digest 5): Is a type of encryption authentication method for securing traffic over the company network.
Hot/Cold Site: Is the disaster or recovery site in case of a failure.
API: An application programming interface is a set of routines, protocols, and tools for building software applications.
Procedure: A procedure is a series of actions conducted in a certain order, which may or may not have visible results.
Process: A process is a series of collection of procedures to achieve a particular end.
49
Milestone List
50
Milestone List
Project: WeFrameU.Com Date: 04/01/2016
Milestone No.
Milestone Mandatory/Optional Completion Date
Verification
51
001 Project Start Mandatory 5/1/20xx Sponsor Approval
002 Complete Gathering Requirements
Mandatory 6/10/20xx Sponsor Approval
003 Server OS’s Installed and Updated
Mandatory 8/14/20xx Sponsor Approval
DNS Functioning
DHCP Functioning
004 Domain Created Mandatory 10/9/20xx Sponsor Approval
Domain Structure Complete with OU’s,
Groups, User, and Computer Accounts
005 Central Domain Policies Established
Mandatory 11/10/20xx Sponsor Approval
006 GPO Environment Complete
Mandatory 12/1/20xx Sponsor Approval
007 Departmental Shares Created
Mandatory 12/31/20xx Sponsor Approval
Share Permissions Established
Radius Server Implemented
Servers Formatted for Development Team
Usage
Exchange System Installed
Exchange System Functioning as per
Specifications
Ticketing System Functioning
Server Infrastructure and Configuration
52
Complete
53
Server Testing Complete
Database Schema/Migrations
Complete
Database Schema/Migrations
Complete
Mandatory 3/7/2016 Feature is complete,
Sponsor Approval
Admin Portal –
Authentication Complete
Mandatory 3/10/2016 Feature is complete,
Sponsor Approval
Admin Portal – Employee
Management Complete
Mandatory 3/17/2016 Feature is complete,
Sponsor Approval
Admin Portal – Materials
Management Complete
Mandatory 3/22/2016 Feature is complete,
Sponsor Approval
Admin Portal – Product
Management Complete
Mandatory 3/24/2016 Feature is complete,
Sponsor Approval
Admin Portal – Customer
Order Management
Complete
Mandatory 3/29/2016 Feature is complete,
Sponsor Approval
Storefront – Products
Complete
Mandatory 3/31/2016 Feature is complete,
Sponsor Approval
Storefront – Shopping Cart
Mandatory 4/12/2016 Feature is complete,
Sponsor Approval
54
Complete
55
Storefront – Account
Creation Complete
Mandatory 4/12/2016 Feature is complete,
Sponsor Approval
Storefront – Checkout
Complete
Mandatory 4/14/2016 Feature is complete,
Sponsor Approval
Storefront – Customer
Authentication Complete
Mandatory 4/19/2016 Feature is complete,
Sponsor Approval
Storefront – Customer
Account Management
Complete
Mandatory 4/21/2016 Feature is complete, Sponsor Approval
Final Testing Complete
Mandatory 4/26/2016 Sponsor Approval
Deployment Complete
Mandatory 4/28/2016 Sponsor Approval
Install Physical Equipment
Mandatory 3/9/2016 Project Manager Approval
Complete Basic Configurations
Mandatory3/12/2016
Project Manager Approval
Complete Routing & Switching Config
Mandatory 3/16/2016 Project Manager Approval
Complete wireless implementation
Mandatory3/19/2016
Project Manager Approval
Complete Teleworker solution
Mandatory 3/21/2016 Project Manager Approval
Complete IP telephony &
Mandatory 3/29/2016 Project Manager Approval
56
telepresence
Complete network security & physical
Mandatory 4/6/2016 Project Manager Approval
Setup disaster recovery
Mandatory 4/23/2016 Project Manager Approval
Network Testing Mandatory 5/5/2016 Project Manager Approval
57
Budget Breakdown
58
Required Number
Items Individual Cost
Total Cost
11 Physical Server $4500 $49500
11 Windows 2012 R2 Standard Edition License
$750 $8250
0 Volume License for Windows 8.1 $115 $0
6 Cisco Firewall ASA 5505 $675 $4050
2 Cisco Switch 2950 Catalyst 48 Port $1700 $3400
0 Cisco Switch 3500 XL Catalyst 48 Port $2000 $0
1 Cisco Switch 2960 Catalyst 48 Port $1700 $1700
2 Fiber Switches Catalyst $2500 $5000
7 2950 Cisco 24 Port Switch $800 $5600
6 Cisco Router 2800 $2500 $15000
1 Cisco 2901 Router $2500 $2500
3 Wireless Accesws Point $900 $2700
3 VoiP Phone $300 $900
900 Client Grade PC $709 $574290
1 iPad $400 $400
1 Nexus Tablet $199 $199
1 Surface Pro $1500 $1500
609 Network Expert Hours $25 $15225
57 Server Expert Hours $28 $1596
526 Software Developer Hours $28 $14728
943 Project Manager Hours $31 $29233
Total Budget $735771
59
60
Gantt Charts
-Project Start
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
-Project Mid-Life
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
-Project Completion Gantt Chart
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Change Requests
145
Change Request
Project: We Frame U Administration Portal Date: 3/17/16
Change Requestor: Joey Davis Change No: 001
Change Category (Check all that apply):
□ Schedule □ Cost □ Scope □ Requirements/Deliverables
□ Testing/Quality □ Resources
Does this Change Affect (Check all that apply):
□ Corrective Action □ Preventative Action □ Defect Repair □ Updates
□ Other
Describe the Change Being Requested:
Expunge WBS Items 3.5.1, 3.5.3, 3.5.4 from the software development team’s portion of the WBS.
Describe the Reason for the Change:
The majority of team members lack the expertise to implement these three tasks. The team member capable of implementing them is already required to write other elements due to aforementioned sentence.
Describe all Alternatives Considered:
Training other team members.
Describe any Technical Changes Required to Implement this Change:
n/a
Describe Risks to be Considered for this Change:
n/a
Estimate Resources and Costs Needed to Implement this Change:
n/a
Describe the Implications to Quality:
Quality of remaining elements will not be affected.
Disposition:
□ Approve □ Reject □ Defer
146
Justification of Approval, Rejection, or Deferral:
Lack of team members.
Change Board Approval:
Name Signature Date
Justin Baitz J. Baitz 3/22/16
Alex Korich A. Korich 3/22/16
147
Change Request
Project: Comprehensive IT Solution Date: 3/26/16
Change Requestor: Shane Adams Change No: 002
Change Category (Check all that apply):
□ Schedule □ Cost □ Scope □ Requirements/Deliverables
□ Testing/Quality □ Resources
Does this Change Affect (Check all that apply):
□ Corrective Action □ Preventative Action □ Defect Repair □ Updates
□ Other
Describe the Change Being Requested:
Network team lead responsibilities to be shared with Ryan Taylor. The two will be joint team leaders, as per server team’s structure.
Describe the Reason for the Change:
Reduce stress on Shane and prevent escalation of tensions among network team.
Describe all Alternatives Considered:
Replace network team lead. Reconsider network scope.
Describe any Technical Changes Required to Implement this Change:
None
Describe Risks to be Considered for this Change:
Transition difficulties expected.
Estimate Resources and Costs Needed to Implement this Change:
Using existing resources – No additional costs.
Describe the Implications to Quality:
Should expect improvements to quality with compartmentalized supervision.
Disposition:
□ Approve □ Reject □ Defer
148
Justification of Approval, Rejection, or Deferral:
Change Board Approval:
Name Signature Date
Justin Baitz J. Baitz 3/28/16
Alex Korich A. Korich 3/28/16
149
Technical Documentation of Solution
Network Team
Network Team
Shane Adams – Co-Team Lead
Ryan Taylor – Co-Team Lead
Darin Gravitt
Keith Williams
Mohammad Es-sabri
Scott Busch
Christopher Platt
150
Overview
The WeFrameU project requires a fully functioning network spanning three different sites;
Detroit, Sacramento, and New Orleans. Each site needs to have the stated requirements for the
designated site, according to the business case requirements. There needs to be a WAN connection
between all three sites. The network will need a form of wireless access implemented and security
measures in place (NAT, ACLs, etc and these can be done later).
Internal addressing is independent of each site (meaning each site can be different) because
NAT needs to be in place for translation. Appropriate routing and switching needs to be in place as
needed, and no restrictions which methods to use. After all this is in place VoIP will be deployed.
An internet solution will need to be implemented (since this is a simulation environment) with
appropriate configurations.
The last few things that are needed to integrate into the system are telework solution (such
as a VPN the employees can connect to), and a disaster recovery solution (in this instance a plan is
fine since there is not enough resources to recreate exact backup system). The implementation of
the network will be discussed in detail in other portions of this document. All usable configurations
for all sites can be found in the attached Appendices. Please note that all sections are embedded
within each sites device configurations and are in the Appendices.
Basic Topology & Cabling
This section is going to cover all of the physical things that were required for each site, such
as racking, cabling, ports, etc. For this topology construction, 2811 series Cisco routers and 2950
series Cisco switches, both 24 port and 48 port switches, and a 2960 series Cisco switch, were used.
The cabling was done based on the wiring scheme provided. On the rack provided (Rack 9) rack the
Sacramento site on top. Rack the routers on top, then right below that is both switches. On fig. 1-1 it
151
shows a logical diagram of how this would look. Sacramento has two different buildings, so router
one and router two separate those.
Fig. 1-1
In the figures provided it also shows other components that are added later in the
project. The Detroit site is in the middle of the rack. The layout for this is similar to Sacramento
where the router is on top and the switches below. Since there are three switches in this site, a
stacked implementation starts with switch one down to switch three. Figure 1-2 shows the logical
representation of the layout, in the diagrams it is not stacked but shows that the devices talk to each
other.
152
Fig. 1-2
The next section is in the bottom of the rack. New Orleans is the last to setup and
connect to. For this site it only has one router and three switches. With the three switches, the
stacked approach is used as well, starting with switch one down to switch three. In figure 1-3 it
shows the logical representation of New Orleans and again the diagram does not show this in
stacked form but shows that the devices talk to each other.
153
Fig. 1-3
In the last section of basic topology and cabling is the simulated ISP information.
The last piece to this is the ISP (simulated) section. The equipment used for this was
one router and one switch to help emulate an ISP connection between sites. Within the rack the ISP
switch is just below the Sacramento switch three. As for the ISP router, it was placed below the
New Orleans router. The ISP switch connects to Detroit, Sacramento, and New Orleans, as well as
to the firewall where the external servers are connected. In figure 1-4 it shows the logical
representation of the ISP connections. It does not reflect the actual rack layout of the ISP
equipment.
154
Fig. 1-4
Routing and Switching
After the equipment and cables have been racked, there needs to be established basic
connectivity between all sites and routing and switching configurations. Once there is
communication between all sites, move on to the other sections of the project. This is the part of
implementation where the basic configuration are started. This includes the setup of a hostname,
passwords for the device (such as console and VTY lines, etc), password encryption, and SSH for
155
remote consoling. Refer to Appendices for configuration from the device(s). Figure 2-1 shows an
example of a script used and can be modified for each of the devices.
Fig. 2-1
The next step is the
addressing and getting
some connections up. The
server team needs to have
connections up as soon as
possible, making this the
best place to start. Even though most of the cabling may have already been done you can shrink that
down and focus on the basics by preparing the ports. Each site can either be assigned to a person or
multiple people can work on a single site. Start by referring to the wiring scheme in Appendix *.
Start by setting up the routers or switches, but it would be preferable to setup the switches first. Set
up the VLANs by stating the VLAN and giving it a name. Each VLAN on the internal network will
need this. At this point, put them all in or just put in the VLAN for the servers.
A management VLAN needs to be created in order to remotely access the device.
Assign it an IP address as appropriate and turn it on. Also setup the default gateway on the switch.
After that, set up trunking within each switch. In this case, the interface range of about 4 or 5 ports
are acting as trunks. Make sure to allow all the VLANs as appropriate (in this case all the VLANs
setup or just the server VLAN). One of the last things that needs to be done is setup the interfaces
for access to certain VLANs, because this will allow segregation of the VLANs. Again, in this
example, the servers need to be up as soon as possible. Detroit switch three is used for the Server
156
connections. Assign the VLAN as necessary. Figure 2-2 shows the sample script used to do this.
Reference configurations can be found in Appendix *.
Fig. 2-2
After the switch
configurations are finished, move on to
the routers of each site. These should be
fairly straight forward to configure and
setup. The routers would need to have
the interface to the ISP switch
configured with an IP address and the
interface going to the switches as the
trunk need to be configured. The router
on a stick method is the easiest. With
router on a stick, the sub-interfaces need
to be configured on the outgoing trunk
port to the switch. Each sub-interface
needs to have an IP address as well as
an encapsulation method which is
typically dot1q. This needs to be done
for each of the VLANs from the switches that is being trunked. A sample configuration is shown in
figure 2-3 and is fairly easy to implement.
157
Fig. 2-3
Also there is a complete listing of the
configurations used in the Appendices.
This can be done to each site
accordingly. After the sub-interfaces are
done, move on to setup the routing for
the routers. The routing protocol that
could be used is EIGRP because it’s composite and is a better protocol to use than OSPF.
Go into the router configuration mode and input all the networks that need to be
routed. Usually this is all the internal routers (in this instance all the VLANs that are connected) and
the exit port of the segment or site. Make sure to use a unique router ID and autonomous number.
This number is usually 1, but can be almost anything else. Also make sure to turn off auto-summary
so it doesn’t automatically summarize the networks. Fig 2-4 shows a sample script used and a
complete configuration of this section in Appendix *. This can be done for each site according to
the required configurations.
Fig. 2-4
Entering these configurations into each
router should achieve adjacencies and at
this point, test with pings to see if there is
connectivity. If there is a successful
connection, move on to the next step. If not, troubleshoot until there is a connection. After this is
158
fully converged, do some testing and see if there is connectivity. Plug a test PC into the switch (in
this instance the server VLAN ports) and set a static address to the PC. The PC should “connect”.
Test by pinging the gateway of the VLAN (the sub-interface address that you set on the router this
is the gateway for the VLAN). If it can ping the gateway this is a good sign. Ping the exit port of the
router (this is the connection to the ISP) and see if it can reach this far. At this point, if everything is
done correctly, it should have a connection. Set up PCs for the other sites and do the same tests to
confirm connectivity. If all the sites can talk within itself try pinging the PCs on different sites. All
of the sites should be able to connect to each other. Examples of the configurations can be found in
the Appendices.
VoIP Telephony Solution
After achieving full basic connectivity, implement VoIP telephony. This section is pretty straight
forward and should be easy to implement. At this point all the basics should already be configured.
Check that there is already a voice VLAN on the switch to use for the phone(s). After the VLAN
has been added, designate this as the voice VLAN. Make a sub-interface for the voice VLAN so it
can be routed as well, and also add it to the EIGRP configuration.
The biggest add-ons for VoIP to work is DHCP on the router, so that the phones can
pull an IP address and appropriate information. When setting up the DHCP for VoIP make sure to
include option 150. Figure 3-1 shows an example of a partial script that can be used in this
configuration.
Fig. 3-1
The next major thing that needs to
be implemented for VOIP to work
159
is that telephony-service needs configured. This is what allows the phones to know the maximum
directories, the number of phones allowed, auto-assign and the source IP of where the phones are to
point to. Then, create an ephone-dn for each phone that’s connecting, give it a number or extension,
description, label and other identifiers. Also, an ephone should be made that includes the MAC
address of phone as well as the type and how the buttons will be labeled. Figure 3-2 shows an
example of telephony-service configuration.
Fig. 3-2
With basic VoIP in a network, dial
peers also need to be configured to tell
where to point within a network. This
would allow a phone in New Orleans to
contact outside that segment into Detroit
or elsewhere. It also should include the first digit in the extension of the segment with wildcards and
a session target IP. An example can be found in figure 3-3. This should complete this section of
VoIP but there is one other type of phone that needs to be connected, which are video enabled
phones. This configuration can be used for VoIP at all three sites.
Fig. 3-3
160
These phones are a little different than the previous. The previous phone setup are
SCCP phones. Video phones are SIP phones. These take quite a few different commands, but the
process is similar. The initial start is with voice service, and allowing sip to sip within CLI and a
couple other commands needed. After that, within voice register global as before a source address
needs to be set and the port, the max directories, max pools that can be made, and also which .loads
file the phones should load from. This should be model specific. A few other core commands that
need to be used are things like time-zone, voicemail, tftp-path, which tells the phones where to load
configuration files from, and to create a profile for the phones. Few other commands are needed as
well. A sample configuration is shown in figure 3-4.
Fig. 3-4
The next thing that needs to be
configured is a voice register
directory for each extension (such as
161
1001 and 1002). This is pretty simple and including call-forwarding commands and a name to give
to the phone that uses that directory number. Another piece is a pool. This is used for each phone as
well, that will assign multiple things to the phone. A mac address would be assigned, addressing the
type or model of the phone, some sort of username and password, although this is not necessary,
and a couple of other commands that are smaller, but needed. A sample is shown in figure 3-5.
Fig. 3-5
Do this for any SIP phones that are added
to the router. One of the last things that
should be done is to set tftp-server
commands for the files that the phone will
load. This setup should be done for EVERY file that will be loaded. These are usually model
specific so make sure to have the correct files, and make sure to create a profile under the voice
register global mode. A full usable configuration for VoIP can be found in within the Appendices.
GRE Tunnels
GRE tunnels are another method of creating tunnels between sites. This solution is
what is used in this project. This is usually really simple to setup. To setup a GRE tunnel, a tunnel
needs to be indicated and assigned an IP to the tunnel. Then a source port needs to be configured as
well as the destination address. This should be done at each of the sites and pointed as necessary.
For example Sacramento should point to both Detroit and New Orleans, and Detroit points to
Sacramento and New Orleans, etc. Figure 4-1 shows how this can be done.
Fig. 4-1
162
This should be straight-forward and
shouldn’t take long to complete. A usable
full configuration are with the
Appendices.
Wireless Solution
With the wireless solution, this is typically done by a GUI or CLI. Typically CLI would be better,
but a GUI is used. The snapshot in figure 4-3 shows how the GUI looks with some configurations.
An IP address still needs to be assigned to the AP and a hostname that would become the SSID.
Figure 4-2 shows an example of the basic CLI commands to start configuring the AP.
Fig. 4-2
Fig. 4-3
163
Network Security Solutions
164
Network security solutions goes over some of the security features and configurations
that were to be used within this project. First, ACLs will be discussed, then the firewall solution.
The ACL piece will be talked about a little differently because they are specific to certain parts of
the network created and are important.
Access Control Lists (ACLs)
A big part of implementing WeFrameU’s network infrastructure was to lay out the security
measures that lock down the site and make sure that no one could fraudulently access the site
without permission. One of the ways that the site was locked down was through the use of access
control lists. Access control lists (ACLs) are lists that are made up of permit and deny statements
that, according to the list, permit or deny access to computer networks depending on the statements
in the list. The security measures set in place by the project manager included denial of telnet both
internally and externally, permission for only internal SSH, and the permission of only authorized
web traffic internally.
To satisfy the first security measure of not allowing any telnet both internally and
externally, access-lists were implemented that denied any outside telnet traffic from the internet,
while simultaneously allowing regular external web traffic through the edge router into the internal
network. These access-lists were created as extended access-lists, so as to put them closest to the
source port as possible, which would eliminate some of the routing that would have to be done on
the internal networks. Access-list 100 is the access-list that denies any and all external telnet traffic
from the Internet into the internal network. The deny TCP statement in this access list makes it
impossible for any packet tagged with external telnet traffic to access the internal WeFrameU
network. While it was important to block any telnet traffic from the outside network going in, it was
also just as important to allow regular web traffic to the internal network. For this reason, access-list
165
101 was created. Access-list 101 allows any web traffic that originated from an internal network to
pass throughout the entirety of WeFrameU’s business.
The next security measure that was taken into account was the allowance of internal SSH
connections from the IT VLANs within each network. The idea was that no one aside from the
internal IT VLANs would be allowed to SSH into a device and make configuration changes, aside
from those who resided in the IT VLAN. To satisfy this security measure, ACLs were implemented
that allowed only internal SSH connections from each site. Extended access-lists were made so that
each site could SSH into its own respective devices, as extended ACLs are placed closets to the
source port. Aside from creating extended access-lists, standard access lists were created to control
SSH access to the VTY lines for all three sites. The standard access lists were made to be
implemented furthest from the source so as to stop routing traffic before it hits the router. Theses
access-lists were created with the limiting factor of being able to change configurations through
SSH in mind. Permits exist only for the networks that reside in each network’s respective IT
VLAN, so that no one else either internally or externally would be able to exploit management
protocols or ports.
ACL Implementation
ACLs are some of the most important security measures that a business can take when
implementing security in its networks. Though not always as intended, ACLs always work. If
implemented incorrectly, ACLs can bring down an entire network almost instantaneously. Careful
research and correct implementation were imperative when applying the ACLs to the network. As
stated before, access-list 100 was created to deny internet telnet traffic, while simultaneously
allowing regular Internet traffic through the edge router into the internal network. Access-list 100
was applied to F0/1, inbound, on the ISP router. The next set of access-lists, access list 101 was
166
created to allow web traffic to other networks, so long as it originated from an internal network and
not an external network. Access-list 101 was applied to three different interfaces. For Detroit, it was
applied to F0/0, in an outbound direction, Sacramento’s was applied to F0/1 in an outbound
direction, and New Orleans was also applied to F0/1 in an outbound direction. The next access list
that was implemented was access-list 102. Access-list 102 was created for the purpose of allowing
each respective site to SSH from its own IT VLAN so that it could manage its own network. This
access-list was placed as close to the source port as possible. The final access-list that was created
was the standard access-lists meant for SSH connections between IT VLANs through each site.
These standard access-lists were applied to the VTY lines in an outbound direction. For Detroit
access, these lists were placed at the New Orleans and Sacramento routers at F0/0, all of which face
in an outbound direction. For New Orleans, the access-lists were placed on F0/1 going out for
Detroit’s network and F0/0 on both Sacramento router’s, going out. Finally, for Sacramento the
access-lists were placed on F0/1 for Detroit and F0/0 for New Orleans, both going out. All access-
lists for SSH were applied to the VTY lines via the “access-group SSH ALLOW” command. These
standard access-lists allow only SSH traffic that originates from each respective network’s IT
VLAN. If any other VLAN or outside source attempts to SSH though the VTY lines, they will be
inherently denied by the implicit deny any at the end of the ACL access-control entry list.
Firewalls
In order for each of the sites to communicate to the outside without unauthorized access from the
outside an ASA 5505 firewall is placed between the ISP switch and internet router. Doing this
allows the safety for all sites with not a big hit on the budget. We first were considering to put three
firewalls in our network topology. There would have been a firewall in each of our sites. The
firewalls would go between our router for each site and our ISP switch. We found it to be easier and
more cost affected if we used one firewall then using three. This option is still going to be safe.
167
Nothing from the outside will be able to access our network without having the proper
authorization.
With the ASA 5505 cisco firewall we had several issues implementing this type of
equipment. We tried many ways to configure this cisco device and for the first three weeks working
on this piece of equipment we struggled a lot to get this device to ping the other devices. Finally
week five and final week we made big steps in this process. Our main issue we were having was
what ip address to use. Every IP address we used the firewall would send out an error message
reading this IP address is overlapping. This problem only occurred with the outside address to the
router. We made some headway when we found that we used the last usable address configuring the
internet router. Changing this address on the router made life a lot easier. The overlapping problem
became no problem at all after this was done.
To configure the ASA 5505 cisco firewall we used several commands. The ASA 5505
Firewall has six Ethernet ports and two PoE ports. The two PoE ports are your six and seven ports
on your device. Zero through five are your Ethernet ports. The e0/0 port is already configured as
your outside port with a security level of 0 as a default setting. E0/1 through E0/5 are all by default
your inside ports with a security level of 100. The firewall also has two USB ports and a console
port.
Disaster Recovery Solution
The disaster recovery plan is usually taken up with the server team as well as the network
team on how to come up with a proper solution in case of a failure. On the network side of this plan
many things need to be considered such as determining if the separate site will be a cold site or
168
warm site. In this instance a cold site was chosen because it’s a little more cost effective because a
warm site is up and running and uses more resources.
This site also should be equipped similar to the other sites such as equipment, fire
suppressant, etc. Coordination between the network team and the server teams would be on how to
transfer the information between the two sites and making sure the equipment is suited for the
server team needs. On the less technical side an official plan should be in place for management and
policies on what to do in the event something happens.
169
Technical Documentation of Solution
Server Infrastructure Team
Server Team
Haylie Pangle – Co-Team Lead
Cody Tormoehlen – Co-Team Lead
Hayden Kirchner
Jennifer Cordes
Trent Cohernour
170
Executive Summary
The layout of the servers was defined by location, Detroit, Sacramento, and New Orleans.
Each of the three sites consists of two servers, a main server and a backup server. In addition, the
Sacramento site has a database server. Lastly, there are three servers located in the DMZ at Detroit
that are used as the web, mail, and the exchange servers.
Detroit’s Main server was configured with Active Directory, DHCP, DNS, WDS and
WSUS. Sacramento’s Main server was configured with Active Directory, DHCP, DNS, DFS,
Radius Server and Spiceworks. New Orleans’ Main server was configured with Active Directory,
DHCP and DNS. Each location has a Backup server that performs a scheduled backup of the Main
server at that location..
Technical Documentation
The servers were setup with Windows Server 2012 R2 and updated to the latest version
through Windows Update. The Microsoft update server was queried several times to ensure the
servers were fully updated. Each server was assigned an IP address in the correct location and
department as provided by the networking team.
Active directory was installed on the main server at each location. The Sacramento main
server was promoted as the root of the WeFrameU.com domain. The Detroit and New Orleans main
servers were joined to the domain as a tree. In active directory, organizational units were created for
each location, Detroit, Sacramento, and New Orleans. Under each location the departments, and
their respective users, were added.
171
Once the users were initialized, policies were assigned via Group Policy. Several policies
were created that allow the organization more control over how users interact with company
resources. Among these policies was a policy that prevents users from browsing the A, B, C, and D
drives on their computers. This forces users to save personal files to their personal network drive
and gives the organization more control over what is stored, including the ability to scan for or
block restricted files on a central location.
172
The primary group policy object was named WeFrameU Std policy. This object was linked
to all three locations, Detroit, Sacramento and New Orleans. It was placed under all locations, but
outside of any departments. This placement will assign the policy to all the users in the domain
environment.
Domain Name Services was installed automatically with Active Directory. DNS uses
domain names and translates them to IP address. Forward lookup and reverse lookup zones can be
configured and added. There was no additional configurations only the default settings were
required for this project.
173
Dynamic Host Configuration Protocol provides an IP address to each client in the domain.
DHCP is installed on the main server at each location. The scopes are divided up per department as
specified by the network team. In each scope, the first ten IP address are excluded for use by
network devices. The rest of the addresses are placed in a pool and dynamically assigned as devices
connect at.
174
Distributed File Services was installed on the main server at each location. DFS is designed
to allow users to access files easier. Users are able to access the files from any location on the
network, even though the file is physically stored on a centralized server. This eliminates the need
for users to rely on their local drives for storage. Each user was assigned their own personal folder
through DFS that shows up to them as a local drive on their computer. Users are never aware that
their files aren’t stored locally. A separate shared folder was also created to house training videos
for access by all employees.
175
The shared drive assigned to each user is also the subject of file screening. Users are
disallowed from saving and audio or video files. Upon attempting to save anything with an
offending file extension, they are advised that it is restricted and prevented from doing so.
176
Remote Desktop Services was installed on the Sacramento server. This services enables
users to connect to a virtual desktop infrastructure, session-based desktop, and RemoteApp
programs from anywhere and on any device. The connection can be within a corporate network or
over the Internet. The connection that was configured was the session-based desktop. This will
increase the mobility of the work environment.
177
The Windows Deployment Services role was installed on the Detroit main server. This role
allows for the deployment of an operating system to bare metal drives over the company network. It
uses an image of a reference computer that has proper driver packages, activation keys, and
company software already installed. Once setup, this image can be deployed to new computers as is
without requiring additional setup by a member of the IT staff. WDS reduces the time commitment
and cost of initializing new devices within the domain. An image of Windows 7 was configured and
ready to deploy for any clients that need a new computer imaged.
178
Windows Server Update Services was installed on the Sacramento server. WSUS is a
service that allows centralized management of updates and enables the administrator to deploy
newly released updates over the company network as they are pushed from Microsoft. Updates can
be selectively deployed in the case that certain updates conflict with devices or software on the
domain.
179
Exchange was setup on a server located in the DMZ. There were several prerequisites to
Exchange that had to be addressed, including a connection to the domain, installation of filter packs,
and making sure that there were no pending updates or reboots on the server. User were added via
the web-based management console from a list of users located in Active Directory.
Outlook Web Application was installed and deployed on all user computers using the WDS
server. The users will have access to outlook email by using their domain username credentials
followed by @weframeu.com. First time when the user logs in, their own personal outlook profile
will be created and the mailbox is activated. Users will be able to send and receive e-mails.
180
Remote Authentication Dial-In Service was installed and configured on Sacramento server.
The RADIUS Server provides authentication, authorization, and accounting services. This allows
the staff to login to the wireless access points using their domain credentials. Network Policy
Services and Certificate Authority roles both were installed for this feature to function properly. A
certificate was configured as an Active Directory Enrollment Policy that only requests certificates
from a domain controller. This type of policy is used for client and server authentication and uses
digital signatures and key encipherment. A Radius client, Sacramento, was configured with the
Sacramento IP address attached and the shared secret set as cisco. The authentication was set to use
Protected EAP (PEAP), which encapsulates and encrypts passwords over the network. The rest of
the configuration was setup by the Networking Team.
181
Spiceworks HelpDesk application was installed. An offline account called WeFrameU was
created. Users can create help tickets and will be able to track and follow as the tickets progress. As
the admins receive the tickets, the admins will be able to prioritize and assign each ticket to a staff
member.
182
This will allow for the creation of a ticket queue and will also balance the administrative
workload based on the assignment and the urgency of the ticket. SpiceWorks integrates support for
documentation tied to each completed ticket and tracks the time allotted for each completed task.
This information can be used for similar tickets in the future.
183
Technical Documentation of Solution
Software Development Team
Software Team
Joey Davis – Team Lead
Charles Johnson
Randy Doughty
Sabrina Tarin Chowdhury
184
Overview
ContextThe software prepared for WeFrameU is impacted by the project’s purpose and scope in several ways. Important and relevant factors are listed below:
“software solutions to provide for enhanced employee productivity and customer
satisfaction”
“providing fundamental services for its employees, and establishing essential services
for streamlining ordering and support for its customers”
“improve sales through implementation of easy online ordering by 25%”
(Ivy Technical Consulting, 2016)
185
Definitions Objects, Data Objects, Structures, Object Instance – Objects, or data objects,
are structures capable of holding related data. An object typically represents an
entity or idea, much like a noun in English grammar.
Classes, Class Definitions – A programming language mechanism allowing for the
classification of objects. Classes allow for encapsulation.
Class Method – A programming language mechanism allowing for functions to be
accessed from an object instance.
Function – A function is a named—or unnamed, referred to as an anonymous
function or lambda—section of a program that performs a specific task.
186
Customer Storefront
Administration Portal
Database
Inventory Management
Materials ReceivingInventory
Product Management
Shipping Warehouse
Serialization, Marshalling – The process involved with translating an object into a
format providing the capability to be stored or transferred over a network as a series
of bytes.
Deserialization, Un-marshalling – The process involved with reconstructing a
series of bytes into an object or structure.
Encapsulation – A programming language mechanism providing access control to
an object’s properties.
Architecture
IntroductionThe software implementation involves two core components: an administration portal (company facing, accessed by employees) and an online storefront (public facing, accessed by customers). Each of these components adhere to a client/server architecture, thus both contain a client and server subcomponent. In the client/server architecture, the server—a logical software component—is responsible for accepting or rejecting requests made from a client, another software component. To accept or reject a client request, the server must send a response back to the client. The server in the client/server architecture is able to handle the exchange between any number of clients at once.
Diagram illustrating the client/server architecture
On both the administration portal server component and the storefront server component, the software implementation implements the HTTP protocol for reading and writing messages
187
exchanged between the client and the server over the network. See Dependencies for more information.
Administration PortalThe administration portal allows WeFrameU employees to conduct management and control duties for the business. Management and control duties include inventory management, material management, product management, employee management, and order management.
StorefrontThe online storefront allows customers to shop and place orders with WeFrameU. Customers may choose to create an account in order to view their order history at a later date or check out without signing in. Orders placed using the storefront are visible within the administration portal immediately after they are placed.
Server-Side ArchitectureThe server-side architecture is a composition of packages working together to form a maintainable and dependable software solution. The Java codebase is separated into 3 individual projects: Admin, Storefront, and Common. The Admin project has a Java package name of “com.weframeu.admin” and contains source files relevant only to the administration portal. The Storefront project has a Java package name of “com.weframeu.storefront” and contains source files relevant only to the online storefront. The Common project has a Java package name of “com.weframeu.common” and contains source files shared between the administration portal and online storefront – the classes and packages that both have in common with one another.
Dependency DescriptionsDependencies for the software implementation include a number of libraries and tools.
Server-side Dependencies for the server-side software implementation, at runtime or for development, include:
Java
o Programming Language, a compiled computer programming language
used in many enterprise, concurrent applications and servers.
JDK8 (minimum)
o Java Development Kit providing the Java standard runtime and base
development resources.
Gradle (Modern Open-Source Enterprise Build Automation)
188
o Build System providing a declarative project configuration. Gradle easily
handles multi-project builds and supports incremental builds to reduce the
need for re-building and re-execution during development and
maintenance.
Guava (com.google.guava)
o Library providing a number of utilities, including collections, caching,
primitives support, concurrency libraries, common annotations, string
processing, I/O, and so forth.
Gson (com.google.code.gson)
o Library allowing for the serialization and deserialization of Java object to
and from JSON.
JBcrypt (org.mindrot)
o Library providing secure encryption for passwords.
Morphia (org.mongodb.morphia)
o Library allowing Java objects to be stored in, and later retrieved from, a
MongoDB database.
Spark Java (com.sparkjava.spark-core)
o Library providing an embedded web server and routing capabilities to
serve HTTP requests on the server.
MongoDB Java Driver (org.mongodb.mongo-java-driver)
o Library allowing the server side software to interact with the database
server.
Client-side Dependencies for the client-side software implementation, at runtime or for development, include:
189
Node.js
o Runtime Environment allowing for execution of JavaScript code
independent from a browser. The environment is used as part of the
development and packaging of the front-end codebase.
NPM
o Package Manager for Node.js and 3rd-party dependencies for the client-
side codebase.
JavaScript
o Programming Language, a high-level, dynamic language supported by all
modern web browsers and is a technology used extensively in World Wide
Web content production.
React.js
o Library providing the capability to use state, properties, and
views/components to render HTML using JavaScript.
“Common” Package Overview
Package Description
com.weframeu.common Provides common class implementations shared between WeFrameU's administration portal and online storefront.
com.weframeu.common.adapters Adapters necessary for converting Java classes to JSON.
com.weframeu.common.forms Provides a number of utility classes to client form data to their server-side data structures.
com.weframeu.common.models Provides a number of classes representing entities stored in MongoDB.
190
External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Common package.
+--- project :common+--- com.google.guava:guava:19.0+--- com.google.code.gson:gson:2.6.2+--- org.mindrot:jbcrypt:0.3m\--- org.mongodb.morphia:morphia:1.0.1 +--- org.mongodb:mongo-java-driver:3.0.2 +--- com.thoughtworks.proxytoys:proxytoys:1.0 \--- cglib:cglib-nodep:2.2.2(*) - dependencies omitted (listed previously)
191
“Admin” Package Overview
Package Description
com.weframeu.admin Provides the functionality to run WeFrameU's administration portal.
com.weframeu.admin.handlers Provides handlers for HTTP requests received by the administration portal.
External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Admin package. Note that the Common project is considered external to the Admin project.
+--- project :common| +--- com.google.guava:guava:19.0| +--- com.google.code.gson:gson:2.6.2| +--- org.mindrot:jbcrypt:0.3m| \--- org.mongodb.morphia:morphia:1.0.1| +--- org.mongodb:mongo-java-driver:3.0.2 -> 3.2.2| +--- com.thoughtworks.proxytoys:proxytoys:1.0| \--- cglib:cglib-nodep:2.2.2+--- com.sparkjava:spark-core:2.3| +--- org.slf4j:slf4j-api:1.7.12| +--- org.slf4j:slf4j-simple:1.7.12| | \--- org.slf4j:slf4j-api:1.7.12| +--- org.eclipse.jetty:jetty-server:9.3.2.v20150730| | +--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-http:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| +--- org.eclipse.jetty:jetty-webapp:9.3.2.v20150730| | +--- org.eclipse.jetty:jetty-xml:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-security:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-server:9.3.2.v20150730 (*)| +--- org.eclipse.jetty.websocket:websocket-server:9.3.2.v20150730| | +--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-client:9.3.2.v20150730
192
| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | | \--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | \--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730 (*)| | \--- org.eclipse.jetty:jetty-http:9.3.2.v20150730 (*)| \--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730 (*)\--- org.mongodb:mongo-java-driver:3.2.2(*) - dependencies omitted (listed previously)
193
“Storefront” Package Overview
Package Description
com.weframeu.storefront Provides the functionality to run WeFrameU's online storefront.
com.weframeu.storefront.handlers Provides handlers for HTTP requests received by the online storefront.
External Dependency GraphThe dependency graph is provided by Gradle and only includes those dependencies that are considered external to the Storefront package. Note that the Common project is considered external to the Storefront project.
+--- project :common| +--- com.google.guava:guava:19.0| +--- com.google.code.gson:gson:2.6.2| +--- org.mindrot:jbcrypt:0.3m| \--- org.mongodb.morphia:morphia:1.0.1| +--- org.mongodb:mongo-java-driver:3.0.2 -> 3.2.2| +--- com.thoughtworks.proxytoys:proxytoys:1.0| \--- cglib:cglib-nodep:2.2.2+--- com.sparkjava:spark-core:2.3| +--- org.slf4j:slf4j-api:1.7.12| +--- org.slf4j:slf4j-simple:1.7.12| | \--- org.slf4j:slf4j-api:1.7.12| +--- org.eclipse.jetty:jetty-server:9.3.2.v20150730| | +--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-http:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| +--- org.eclipse.jetty:jetty-webapp:9.3.2.v20150730| | +--- org.eclipse.jetty:jetty-xml:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-security:9.3.2.v20150730| | \--- org.eclipse.jetty:jetty-server:9.3.2.v20150730 (*)| +--- org.eclipse.jetty.websocket:websocket-server:9.3.2.v20150730| | +--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | \--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-client:9.3.2.v20150730
194
| | | +--- org.eclipse.jetty:jetty-util:9.3.2.v20150730| | | +--- org.eclipse.jetty:jetty-io:9.3.2.v20150730 (*)| | | \--- org.eclipse.jetty.websocket:websocket-common:9.3.2.v20150730 (*)| | +--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730| | | +--- org.eclipse.jetty.websocket:websocket-api:9.3.2.v20150730| | | \--- javax.servlet:javax.servlet-api:3.1.0| | +--- org.eclipse.jetty:jetty-servlet:9.3.2.v20150730 (*)| | \--- org.eclipse.jetty:jetty-http:9.3.2.v20150730 (*)| \--- org.eclipse.jetty.websocket:websocket-servlet:9.3.2.v20150730 (*)\--- org.mongodb:mongo-java-driver:3.2.2(*) - dependencies omitted (listed previously)
195
Data Design and System Model
Classification
Class Description
Address The class Address represents a physical location.
Customer The class Customer represents a WeFrameU customer that has chosen to sign up as a customer with the company.
CustomerSession The class CustomerSession represents a session used for providing authentication capabilities to customers.
Employee The class Employee represents one of WeFrameU's employees.
EmployeeSession The class EmployeeSession provides the capability for Employee authentication within the administration portal.
Inventory The class Inventory represents the quantity and upper/lower bounds for a given entity's inventory.
Material The class Material represents a material used in the manufacturing of a product.
Order The class Order represents an order placed by a customer that must be fulfilled by WeFrameU.
OrderItem The class OrderItem represents a single order item within an order. Each OrderItem instance maintains a quantity and price of the product purchased at the time of sale.
PaymentInformation The class PaymentInformation represents the payment information used to process an order.
Product The class Product describes a product offered by WeFrameU for sale.
ResourceModel The class ResourceModel provides a contract for how ResourceModels should be structured.
Transaction The class Transaction represents the financial transaction associated with an order being placed.
196
Entity Relationship Diagram
197
Activity Diagram
198
Site Maps
Administration Portal
199
200
Product Management
Administration Portal Server
(Software/Logical)
Order Management
Material Management
Employee Management
View All
Single Order
View All
Edit
Create
View All
Edit
Create
View All
Edit
Create
Storefront
201
About
Shop
Cart
Login
Products
Account
Login
Account Creation
Storefront Server (Software/Logical)
Address
Payment Method
User Interfaces
Administration Portal
Employee AuthenticationAllows WeFrameU employees to login to the administration portal. By default, this is the only page an unauthenticated user may access.
202
Dashboard OverviewThe dashboard overview provides a source of business intelligence for WeFrameU. Business intelligence includes providing information regarding where orders are currently coming in from, how long average order fulfillment time currently is, and identification of whether or not the volume of orders are trending up or down. Additionally, the dashboard provides a quantified snapshot of products, materials, and employees.
203
Employee ManagementThe employee management interface provides the capabilities viewing, editing, deleting, and creating employees.
204
Material ManagementThe material management interface provides the capabilities of viewing, editing, deleting, and creating materials. Inventories for each material are immediately visible and a capacity indicator is displayed in the top right corner of the material, allowing employees to quickly identify when a material’s inventory has become low.
205
Product ManagementThe product management interface provides the capabilities of viewing, editing, deleting, and creating products. Like the material management interface, a capacity indicator exists in the top right corner of each product to allow employees to easily recognize when products become low in inventory.
206
Order ManagementThe order management interface provides an overview of orders placed through WeFrameU’s storefront and the status of each order. Orders that are placed and awaiting fulfillment appear as red and contain a clock icon to indicate the order is waiting to be fulfilled. Orders that are currently being fulfilled appear as yellow and contain a clock icon to indicate the order is awaiting fulfillment completion. Fulfilled and shipped orders appear as green and contain a checkmark icon to indicate the order is complete.
207
Order Fulfillment ProcessThe order fulfillment process interface is accessed by selecting an order in the order management interface. The order fulfillment interface contains information about the order and allows an employee to change the status of the order, shown below.
208
209
Storefront
HomepageThe homepage for WeFrameU’s storefront serves as a landing page for customers. As such, its core purpose is to fulfill marketing requirements.
210
ShopThe shop interface allows customers to browse products available for purchase through the storefront. Products are displayed in a grid and may be filtered by materials or sizes. If a customer wishes to see more detail about a particular product, they may click the “Details” button available on the relevant product. Likewise, if a customer wishes to add a particular product to their shopping cart, they may click the “Add to Cart” button available on the relevant product.
211
Shopping CartFrom the shopping cart interface, customers may review the items currently in their cart or proceed with the checkout process. Before checking out, a customer may select to sign in or create an account in order to view their order status at a later point in time. On the left, a listing of items currently in the cart is provided, as well as a subtotal for each product. From the shopping cart, a customer may change item quantity or remove an item from the shopping cart by reducing its quantity to 0. On the right side of the shopping cart, an estimated total is calculated and updated in real time. Below these elements, a customer may fill out the “Shipping Address” and “Payment Information” forms to place their order.
212
Order ConfirmationOnce an order has been placed successfully, the customer will be presented with an informational interface displaying the order number associated with their order alongside a thank you message.
213
Login and Account CreationA customer may login or create an account using the login and account creation interface.
214
Customer AccountA customer may view the status of their orders by clicking the “Account” link in main navigation header. The account interface indicates if a customer does not have any existing orders. If the customer does have orders associated with their account, the orders are displayed in reverse chronological order, displaying the latest placed orders first. Orders from the account view display the items purchased as well as the date they were placed and shipped. If the order has yet to be shipped, the “Date Shipped” attribute displays “Not yet shipped” to indicate to the customer their order is awaiting shipment.
215
Lessons Learned and Conclusion
-Network Team
216
From each task, each job, each project; we gain a little insight. A new perspective that leads
to better decisions in the future. This project wasn’t any different. The first lesson learned in this
instance would be quality control. The team was too eager to jump right into configurations and so
we stumbled over and over again because of bugs and glitches. Not enough time was allowed for
testing devices. Proper testing of all physical devices should be the first step toward starting any
project. The second lesson to be learned was that of standardization. When teams were decided for
site based orientation, a standard set of or basic routing configurations were not. A password,
timeouts, usernames; these things were all haphazardly thrown in by each team. A lot of issues with
connectivity could have been avoided if a single set of configurations would have been set from the
beginning and rolled out across all devices. Even though each site was different a base set of code
would have standardized our network making mistakes a bit more obvious and thus easier or faster
to fix.
217
-Server Team
218
There were objectives that could have been changed or done differently to enhance the
server team's performance. Even though only a few will be listed, there are many traits and learning
techniques that were learned along the way that will be beneficial for future tasks.
First, figure out what the other teams need from us, if any. Also, what we need for our own
operations. This can help with the layout and the number of servers needed. As the team found
along the way, we needed more servers than expected at the start. To implement Exchange Mail, the
program needed a separate Mail server. At the beginning, we figured that the Exchange Mail and
Mail server could be running on the same server.
Next, be prepared for setbacks. At the first few weeks of production,, the server team fell
behind with not having connection between sites. The team was able to configure the basic setup
such as Active Directory, Domain Name Services, and Dynamic Host Configuration Protocol on the
root domain server while the connection was down. The other servers could not join to the domain
allowing the team to not be able to do much on the other sites accordingly.
Lastly, having more time to test the implemented features. The team waited until all roles
and features were installed and configured to do most of the in depth testing. If there were any
issues, there was almost not enough time to resolve the issue and to retest it. Testing after each role
and feature that was configured will allow the team to focus on that role until it is ready for the real-
world production. This will relieve some of the stress at the final stage of the testing knowing that it
worked during the initial testing phase.
219
-Software Team
220
Team Composition Invites Risk, OpportunityAnyone who has taken business or entrepreneurship courses is no stranger to the idea of a "dream
team," it tends to be a goal, but can be difficult to form. In general, a dream team is often
considered to be a group of people specifically chosen to work on some joint action or project and
are considered to be the best at what they do. The idea, I believe, is to allow for the greatest
opportunity of success—but my own view of opportunity is framed differently from that of the
dream team construct.
The dream-team mentality has the possibility of encouraging exclusion rather than inclusion.
Everyone has the capability to do outstanding things, provided they are given the opportunity to do
so. In the leadership of the software development team, special care was taken to provide team
members with a number of opportunities for success. Training videos, peer programming sessions,
and lists of library/language documentation were utilized to provide educational and growth
opportunities. Sadly, whether it be the opportunity to contribute or simply to show up for a
scheduled meeting, many of the afforded opportunities were missed. The lesson learned is that an
opportunity that is missed, or even be rejected by the individual it is afforded to, can mutate into a
risk of equal magnitude.
Dishonesty Obscures Resource Estimations
Upon the initial formation of the software development team, team members were given the
opportunity to anonymously provide information regarding their knowledge and to express any
concerns they had through a survey completed independently in their free time. Team members
were asked to identify their strengths, weaknesses, and points of comfort/discomfort for specific
knowledge domains within software development. The purpose of the survey was to ensure team
221
members were assigned work that fell well within their comfort zones and were not given any
undue stress.
While most survey responses were honest, the survey proved to not be beneficial due to a dishonest
minority. An example is an individual who made indications of a particular skill and comfort level
with certain software development knowledge domains, but later contradicted these indications with
actions. Consequently, surveys may not be a viable option for assessing the skill level of
individuals, especially in small groups where dishonesty on a single survey has an impact on the
entire team’s task assignments.
Succumbing to Risk Incites Failure
Whether it be a lack of applied knowledge or consistent truancy, resources allocated to the software
development were not fully usable. By any sane assessment of the workload, resources, and risks
associated with the software team, the project should have failed. Some risks seem unavoidable.
These risks are impending, yet unstoppable, and make failure seem imminent. For the software
team, these risks amounted to 151.5 additional expected effort hours by the time the progress report
rolled around, halfway through the project. The second half of the project showed similar risk
consequences. Nonetheless, risk materializations, seemingly insurmountable, did not incite failure
—but why?
The software team’s contribution was not a failure because of the final lesson learned: failure is
incited only by succumbing to risk. We must be unyielding in the pursuit of our goals, accepting
accountability when we are unable to. Determination and commitment may just be the antidote for
the obstacles obstructing the path to positive outcomes. The time, effort, and alternative activities
sacrificed allowed the software deliverables to meet requirements and ultimately succeed.
222
-Project Wide Lessons Learned
-Alexander Korich
223
This project has been a trial. That cannot be overstated. I feel as if the project team as a
whole was relatively unprepared for the volume of work that was to be required of us as a group in
order to meet our objectives. This can be seen throughout the project’s progression. In hindsight
there are certainly many things that could have been done to address our shortcomings and lack of
experience, we can only look back now, and reflect on these trials and take their lessons to heart, in
hopes of a more productive and fruitful future.
The team leaders have all presented their thoughts on the lessons learned from this project,
from their own unique perspectives of leading their peers from the front lines. They stood at the
most beneficial position to really understand and reflect on these experiences. My own reflections
will err more toward the group as a whole. The dynamic. The processes which went into
developing the project, both in the early and execution stages. The joys and sorrows that went into
developing interpersonal relationship and attempting to maintain both a sense of equality among
peers, whilst demanding respect when required.
To begin with, I feel as if I took too long in developing the scope of the project. While the
rest of the team was developing their own solutions to the problems presented by the project, work
could not officially begin until the proper paperwork had been filed. While the deadline for said
filings was met, even now I can feel the effects of the unrest among the team, as they waiting to
begin. Going back even further, I wish I had had a more active role in developing team
compositions. At the project’s beginning, there was opportunity to gauge sentiment and confidence
among the team members in their leadership. Instead I trusted the initial sentiments wherever
possible, instead of more firmly directing the teams.
Further in reflection toward the planning phases of the project, I would rather have spent
more time interacting and directing the team. This is where my personal background as a server
224
specialist became a bit of a hindrance. I did not focus in on the server team, nor did I neglect other
teams, however I took my lack of experience in the two more foreign fields as a cue to let the team
leaders have free reign. As was likely mentioned earlier, I would have liked to have a firmer hand,
particularly on the network team. Consolidating efforts into a single direction would have been
more efficient.
As a key element of execution and progress, in the future I would intend to implement a
more granular WBS, breaking tasks down as small as required to meet the skillsets of the team. As
basics are the foundation of the project, getting them right is tantamount to a successful project
launch. A more granular scheme, focusing on proper implementation of the basics would have
served us well, in my opinion.
When problems arose, I feel now that I hesitated too long in attempting to correct them.
Particularly in the case of group dynamic and interaction issues. Communication was often a
problem among our teams, and often times I would sit back and see how things would play out,
rather than actively problem solving.
I would have liked to have seen more outside efforts among the teams, and in the case of
several team members, more focused, productive use of their extra time. Much of our progress was
made in class time. While several key members of the network team put in extended hours,
particularly in the spring break week, I saw very little of the server team outside of class. That said,
much of the time a server team member would not be able to work without functioning
infrastructure, but once that point had passed, it would have been beneficial to have a representative
of the server team available to assist the other team’s effort by maintaining and setting up servers in
the lab environment.
225
The software team . . . was a very unique situation. As I am sure Joey has gone into
extensive detail, I will not further any arguments. I will only say, clearly, here and now for the
record, that we would have been lost without Joey’s extensive efforts outside of established work
periods. If anyone put more of themselves into this project than I, it would have been Joey. If I
could have even one team member with similar levels of both skill and dedication in all of my
projects going forward, I would count myself as blessed.
Altogether these lessons make up for a rather substantial reflection, with many ideals to be
taken to heart for future endeavors, both in and out of the purview of a project environment. I am
sure that all of our team members took away quite a bit.
--Korich, Alexander
226
Appendices
Network Appendices
o Network Addressing and Wiring Scheme
o Detroit Configurations
o New Orleans Configurations
o Sacramento Configurations
o Internet Configurations
o Firewall Configurations
o ACL Configurations
o Voice and Video Configurations
Software Appendices
o See Additional Files for Source**
Project Status Reports
227
Network Appendices
-Network Addressing and Wiring Scheme
228
Detroit
Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 300 150 750 10 10.27.8.0 255.255.252.0 10.27.8.1 10.27.8.11 - 10.27.11.254Upper Management 10 10 24 20 10.27.20.0 255.255.255.0 10.27.20.1 10.27.20.11 10.27.20.254Marketing 25 25 57 30 10.27.30.0 255.255.255.0 10.27.30.1 10.27.30.11 10.27.30.254Shipping 50 15 120 35 10.27.35.0 255.255.255.0 10.27.35.1 10.27.35.11 10.27.35.254Accounting 25 25 48 40 10.27.40.0 255.255.255.0 10.27.40.1 10.27.40.11 10.27.40.254Human Resources 40 30 100 50 10.27.50.0 255.255.255.0 10.27.50.1 10.27.50.11 10.27.50.254Facilities 25 5 50 60 10.27.60.0 255.255.255.0 10.27.60.1 10.27.60.11 10.27.60.254Security 5 5 41 70 10.27.70.0 255.255.255.0 10.27.70.1 10.27.70.11 10.27.70.254IT 5 5 13 80 10.27.80.0 255.255.255.0 10.27.80.1 10.27.80.11 10.27.80.254
95 10.27.95.0 255.255.255.0 10.27.95.1115 10.27.115.0 255.255.255.0 10.27.115.1 10.27.115.10 - 10.27.115.254
Addressing
Voice
Detroit
Management
Network ID Subnet mask Source IP Destination IP
192.168.0.0 255.255.255.252 192.168.0.1 192.168.0.2192.168.0.4 255.255.255.252 192.168.0.5 192.168.0.6
GRE Tunnels
New Orleans
ToSacramento
Tunneltunnel0tunnel1
Vlan Network ID Subnet Mask Gateway Internal Address90 10.27.90.0 255.255.255.0 10.27.90.1
10.27.90.410.27.90.210.27.90.3
100 10.27.100.0 255.255.255.0 10.27.100.254 ~~~10.27.100.110.27.100.210.27.100.3
~~~~~~~~~
~~~~~~~~~
~~~~~~~~~
~~~~~~~~~
~~~
Backup
WebEmail
Internal Servers~~~~~~~~~
Servers
CALL ManaDHCP
~~~ VPN
External Servers~~~~~~
Address Subnet Site10.200.100.1 255.255.255.240 Detroit Server10.200.100.2 255.255.255.240 Detroit Server10.200.100.3 255.255.255.240 Detroit Server10.200.100.4 255.255.255.240 Detroit10.200.100.5 255.255.255.240 Sacramento10.200.100.6 255.255.255.240 New Orleans
Public IP Block
Phone Phone2001 10012002 1002200320042005
Public IP Add Public Subnet10.200.100.1 255.255.255.24010.200.100.2 255.255.255.24010.200.100.3 255.255.255.240
External Servers
229
Sacramento
Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 75 50 217 10 10.15.10.0 255.255.255.0 10.15.10.1 10.15.10.11 - 10.15.10.254Upper Management 5 5 12 20 10.15.20.0 255.255.255.0 10.15.20.1 10.15.20.11 - 10.15.20.254Human Resources 4 2 8 30 10.15.30.0 255.255.255.0 10.15.30.1 10.15.30.11 - 10.15.30.254Facilities 4 2 4 40 10.10.40.0 255.255.255.0 10.10.40.1 10.10.40.11 - 10.10.40.254Security 2 1 10 50 10.10.50.0 255.255.255.0 10.10.50.1 10.10.50.11 - 10.10.50.254IT 2 2 6 60 10.10.60.0 255.255.255.0 10.10.60.1 10.10.60.11 - 10.10.60.254
99 10.15.99.0 255.255.255.0 10.15.99.199 10.10.99.0 255.255.255.0 10.10.99.180 10.15.80.0 255.255.255.0 10.15.80.190 10.10.90.0 255.255.255.0 10.10.90.1
Sacramento
Management SAC1Management SAC2
Voice SAC2Voice SAC1
Addressing
Interface IP Address Subnet MaskS0/0/0 10.10.1.2 255.255.255.252S0/0/0 10.10.1.1 255.255.255.252
Site-to-SiteSAC1 PtPSAC2 PtP
Network ID Subnet Mask Source IP Destination IP Phone SAC14001
192.168.0.0 255.255.255.252 192.168.0.2 192.168.0.1 4002192.168.0.8 255.255.255.252 192.168.0.9 192.168.0.10 4003
40044005
DetroitNew Orleans
GRE TunnelsTunneltunnel0tunnel2
To
Vlan Network ID Subnet Mask Gateway Internal Address Phone SAC270 10.10.70.0 255.255.255.0 10.10.70.1 5001
~~~ ~~~ ~~~ ~~~ 10.10.70.20 5002~~~ ~~~ ~~~ ~~~ 10.10.70.19 5003~~~ ~~~ ~~~ ~~~ 10.10.70.17 5004~~~ ~~~ ~~~ ~~~ 10.10.70.18 5005
Server~~~ ClientInternal Servers
~~~ Database
~~~ Backup~~~ DHCP
Servers
230
New Orleans
Department Users Stations Hosts Vlan Network ID Subnet Mask Gateway DHCP PoolsStaff 125 125 300 10 10.3.4.0 255.255.252.0 10.3.4.1 10.3.4.11 - 10.3.7.254Upper Management 8 8 17 20 10.3.1.32 255.255.255.224 10.3.1.33 10.3.1.43 - 10.3.1.62Marketing 4 4 15 30 10.3.2.128 255.255.255.128 10.3.2.129 10.3.2.139 - 10.3.2.254Human Resources 6 2 18 40 10.3.1.128 255.255.255.128 10.3.1.129 10.3.1.139 - 10.3.1.254Facilities 4 2 17 50 10.3.2.0 255.255.255.128 10.3.2.1Security 9 9 20 60 10.3.1.64 255.255.255.192 10.3.1.65IT 4 4 9 70 10.3.1.0 255.255.255.224 10.3.1.1
1 10.3.99.0 255.255.255.128 10.3.99.1100 10.3.100.0 255.255.255.0 10.3.100.1 10.3.100.10 - 10.3.100.254
Addressing
ManagementVoice
New Orleans
GRE TunnelsTunnel Totunnel1 Detroittunnel2 Sacramento Network ID Subnet Mask Source IP Destination IP Phone
3001192.168.0.4 255.255.255.252 192.168.0.6 192.168.0.5 3002192.168.0.8 255.255.255.252 192.168.0.10 192.168.0.9 3003
30043005
Vlan Network ID Subnet Mask Gateway Internal Address98 10.3.99.128 255.255.255.128 10.3.99.129
10.3.99.25310.3.99.254
DHCPBackup
Internal ServersServers
231
Wiring Scheme
Source to Destination Source to Destination FE 0/1 to NSWITCH 1 FE 0/1 FE 0/1 to NSWITCH 1 FE 0/3FE 0/2 to NSWITCH 1 FE 0/2 FE 0/2 to NSWITCH 3 FE 0/4FE 0/3 to NSWITCH 2 FE 0/1 FE 0/3 to NSWITCH 1 FE 0/3FE 0/4 to NSWITCH 2 FE 0/2 FE 0/4 to NSWITCH 1 FE 0/4
FE 0/19 to CROSS CONNECT RACK 1 #21FE 0/20 to CROSS CONNECT RACK 1 #22FE 0/21 to CROSS CONNECT RACK 1 #23 Source to Destination FE 0/22 to CROSS CONNECT RACK 1 #24 FE 0/1 to NSWITCH 3 FE 0/1
FE 0/2 to NSWITCH 3 FE 0/2FE 0/3 to NSWITCH 2 FE 0/3
Source to Destination FE 0/4 to NSWITCH 2 FE 0/4FE 0/1 to ISPSWITCH FE 0/10 FE 0/24 to NEWROUTER FE 0/0FE 0/0 to NSWITCH 1 FE 0/24
NSWITCH 2 - Catalyst 2950 24 port
NSWITCH 1 - Catalyst 2950 48 port
NEWROUTER 1 - 2811 Series
WeFrameU Wiring Scheme
** New Orleans **NSWITCH 3 - Catalyst 2950 48 port
Source to Destination Source to Destination FE 0/1 to DSWITCH 3 FE 0/1 FE 0/1 to DSWITCH 3 FE 0/3FE 0/2 to DSWITCH 3 FE 0/2 FE 0/2 to DSWITCH 3 FE 0/4FE 0/3 to DSWITCH 2 FE 0/3 FE 0/3 to DSWITCH 2 FE 0/3FE 0/4 to DSWITCH 2 FE 0/4 FE 0/4 to DSWITCH 1 FE 0/4FE 0/5 to DROUTER 1 FE 0/1
Source to Destination Source to Destination FE 0/1 to DSWITCH 1 FE 0/1 FE 0/0 to ISPSWITCH FE 0/1FE 0/2 to DSWITCH 1 FE 0/2 FE 0/1 to DSWITCH 1 FE 0/5FE 0/3 to DSWITCH 2 FE 0/1FE 0/4 to DSWITCH 2 FE 0/2
FE 0/21 to CROSS CONNECT RACK 1 #13FE 0/22 to CROSS CONNECT RACK 1 #14FE 0/23 to CROSS CONNECT RACK 1 #15FE 0/24 to CROSS CONNECT RACK 1 #16
** Detroit **DSWITCH 1 - Catalyst 2950 24 port DSWITCH 2 - Catalyst 2950 24 port
DSWITCH 3 - Catalyst 2950 24 port DROUTER 1 - 2811 Series
232
Source to Destination Source to Destination FE 0/1 to SACROUTER 2 FE 0/0 FE 0/1 to SACROUTER 2 FE 0/0FE 0/4 to CROSS CONNECT RACK 1 #9 FE 0/2 to DSWITCH 1 FE 0/2
FE 0/3 to DSWITCH 2 FE 0/1FE 0/4 to DSWITCH 2 FE 0/2
FE 0/21 to CROSS CONNECT RACK 1 #13FE 0/22 to CROSS CONNECT RACK 1 #14
** Sacramento **SACSWITCH 1 - Catalyst 2950 24 port SACSWITCH 2 - Catalyst 2950 24 port
233
-Detroit Configurations
234
Detroit Configuration – R1Current configuration : 6311 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname DR1
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$Cy1.$gZ2619GQoRVdHY78nb5JV.
no aaa new-model
memory-size iomem 15
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 10.27.115.1 10.27.115.10
ip dhcp pool VOICE
network 10.27.115.0 255.255.255.0
default-router 10.27.115.1
option 150 ip 10.27.115.1
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
username netadmin privilege 15 secret 5 $1$X4ZP$IJUAE5IR6DXxg2zdtxi37.
archive
235
log config
hidekeys
interface Tunnel0
description VPN to Sacramento
ip address 192.168.0.1 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 10.200.100.5
interface Tunnel1
description VPN to New Orleans
ip address 192.168.0.5 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 10.200.100.6
interface FastEthernet0/0
description Connection to the Internet
ip address 10.200.100.4 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.10
description Connection to Vlan 10 Staff
encapsulation dot1Q 10
ip address 10.27.8.1 255.255.252.0
ip helper-address 10.27.90.2
236
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.20
description Connection to Vlan 20 Upper Mngmt
encapsulation dot1Q 20
ip address 10.27.20.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.30
description Connection to Vlan 30 Marketing
encapsulation dot1Q 30
ip address 10.27.30.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.35
description Connection to Vlan 35 Shipping
encapsulation dot1Q 35
ip address 10.27.35.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.40
description Connection to Vlan 40 Accouting
encapsulation dot1Q 40
ip address 10.27.40.1 255.255.255.0
ip helper-address 10.27.90.2
237
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.50
description Connection to Vlan 50 Human Resources
encapsulation dot1Q 50
ip address 10.27.50.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.60
description Connection to Vlan 60 Facilities
encapsulation dot1Q 60
ip address 10.27.60.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.70
description Connection to Vlan 70 Security
encapsulation dot1Q 70
ip address 10.27.70.1 255.255.255.0
ip helper-address 10.27.90.2
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.80
description Connection to Vlan 80 IT
encapsulation dot1Q 80
ip address 10.27.80.1 255.255.255.0
ip helper-address 10.27.90.2
238
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.90
description Connection to Vlan 90 Internal Server
encapsulation dot1Q 90
ip address 10.27.90.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.95
description Vlan 95 Management
encapsulation dot1Q 99
ip address 10.27.95.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.100
description Connection to Vlan 100 External Server
encapsulation dot1Q 100
ip address 10.27.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1.115
description Connection to Voice Vlan 115
encapsulation dot1Q 115
ip address 10.27.115.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Serial0/0/0
no ip address
239
shutdown
no fair-queue
clock rate 125000
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
interface BRI0/2/0
no ip address
encapsulation hdlc
shutdown
router eigrp 1
network 10.27.8.0 0.0.3.255
network 10.27.20.0 0.0.0.255
network 10.27.30.0 0.0.0.255
network 10.27.35.0 0.0.0.255
network 10.27.40.0 0.0.0.255
network 10.27.50.0 0.0.0.255
network 10.27.60.0 0.0.0.255
network 10.27.70.0 0.0.0.255
network 10.27.80.0 0.0.0.255
network 10.27.90.0 0.0.0.255
network 10.27.95.0 0.0.0.255
network 10.27.100.0 0.0.0.255
network 10.27.115.0 0.0.0.255
network 192.168.0.0 0.0.0.3
network 192.168.0.4 0.0.0.3
network 192.168.0.8 0.0.0.3
240
no auto-summary
eigrp router-id 6.6.6.6
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 10.3.0.0 255.255.0.0 192.168.0.6
ip route 10.10.0.0 255.255.0.0 192.168.0.2
ip route 10.15.0.0 255.255.0.0 192.168.0.2
ip http server
ip http secure-server
ip nat pool INTERNET 10.200.100.4 10.200.100.4 netmask 255.255.255.240
ip nat inside source list 1 pool INTERNET overload
access-list 1 permit 10.27.0.0 0.0.255.255
control-plane
dial-peer voice 1 voip
destination-pattern 5...
session target ipv4:10.10.1.2
dial-peer voice 2 voip
destination-pattern 4...
session target ipv4:10.10.1.1
dial-peer voice 3 voip
destination-pattern 3...
session target ipv4:10.3.100.1
telephony-service
no auto-reg-ephone
max-ephones 5
max-dn 10
ip source-address 10.27.115.1 port 2000
auto assign 1 to 10
241
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-dn 1
number 2001
label Shane Adams (2001)
description Network Admin
name Shane Adams
ephone-dn 2
number 2002
label Darin Gravitt (2002)
description Network Admin
name Darin Gravitt
ephone-dn 3
number 2003
label Chris Platt
description Network Admin
name Chris Platt
ephone-dn 4
number 2005
ephone-dn 5
number 2005
ephone 1
device-security-mode none
mac-address 000B.46D9.C386
type 7960
button 1:1 2:2 3:3
banner motd ^C
242
Unauthorized Access is Strictly Prohibited!! ^C
line con 0
exec-timeout 5 0
password 7 13061E010803
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 5 0
password 7 00071A150754
login
line vty 5 15
exec-timeout 5 0
login
scheduler allocate 20000 1000
end
Detroit Configuration – SW1en
conf t
host DSW1
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
243
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.27.95.1
int vlan 95
desc Mangement address Vlan 95
ip add 10.27.95.10 255.255.255.0
no shut
exit
VLAN 10
name STAFF
VLAN 20
name UPPERMGMT
VLAN 30
name Marketing
VLAN 35
name HR
VLAN 40
name FACILITIES
VLAN 50
name SECURITY
244
VLAN 60
name Shipping
VLAN 70
name IT
VLAN 80
name Acccounting
VLAN 90
name servers
exit
int range f0/1 - 5
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30,35,40,50,60,70,80
no shut
int f0/6
switchport mode access
switchport access vlan 10
no shut
int f0/7
switchport mode access
switchport access vlan 20
no shut
int f0/8
switchport mode access
switchport access vlan 30
no shut
int range f0/09 - 10
switchport mode access
245
switchport access vlan 35
no shut
int range f0/11 - 12
switchport mode access
switchport access vlan 40
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
no shut
int range f0/15 - 16
switchport mode access
switchport access vlan 60
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
no shut
int range f0/19 - 20
switchport mode access
switchport access vlan 80
no shut
int range f0/21 - 24
switchport mode access
switchport access vlan 90
no shut
exit
-------------------------------------------------------------
246
spanning-tree vlan 1 root primary
spanning-tree mode pvst
--------------------------------------------
VOIP
-------------------------------------------------
vlan 100
name Voice
int range f0/5 - 18
switchport voice vlan 100
int range f0/5 - 24
switchport mode access
switchport access vlan 66
shut
Detroit Configuration – SW2en
conf t
host DSW2
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
pass cisco
login
login local
247
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.27.95.1
int vlan 95
desc Mangement address Vlan 1
ip add 10.27.95.20 255.255.255.0
no shut
exit
VLAN 10
name STAFF
VLAN 20
name UPPERMGMT
VLAN 30
name Marketing
VLAN 35
name HR
VLAN 40
name FACILITIES
VLAN 50
name SECURITY
VLAN 60
name Shipping
VLAN 70
name IT
248
VLAN 80
name Acccounting
VLAN 90
name servers
vlan 95
name MGMTVLAN
exit
int range f0/1 - 4
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30,35,40,50,60,70,80,95
no shut
int f0/6
switchport mode access
switchport access vlan 10
no shut
int f0/7
switchport mode access
switchport access vlan 20
no shut
int f0/8
switchport mode access
switchport access vlan 30
no shut
int range f0/09 - 10
switchport mode access
switchport access vlan 35
no shut
int range f0/11 - 12
249
switchport mode access
switchport access vlan 40
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
no shut
int range f0/15 - 16
switchport mode access
switchport access vlan 60
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
no shut
int range f0/19 - 20
switchport mode access
switchport access vlan 80
no shut
int range f0/21 - 24
switchport mode access
switchport access vlan 90
no shut
exit
-------------------------------------------------------------
spanning-tree vlan 1 root primary
spanning-tree mode pvst
-------------------------------------------------
VOIP
250
-------------------------------------------------
vlan 100
name Voice
int range f0/5 - 18
switchport voice vlan 100
int range f0/5 - 24
switchport mode access
switchport access vlan 66
shut
Detroit Configuration – SW3en
conf t
host DSW3
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
251
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.27.95.1
int vlan 95
desc Mangement address Vlan 1
ip add 10.27.95.30 255.255.255.0
no shut
exit
VLAN 10
name STAFF
VLAN 20
name UPPERMGMT
VLAN 30
name Marketing
VLAN 35
name HR
VLAN 40
name FACILITIES
VLAN 50
name SECURITY
VLAN 60
name Shipping
VLAN 70
name IT
VLAN 80
name Acccounting
VLAN 90
name servers
exit
252
int range f0/1 - 4
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30,35,40,50,60,70,80
no shut
int f0/6
switchport mode access
switchport access vlan 10
no shut
int f0/7
switchport mode access
switchport access vlan 20
no shut
int f0/8
switchport mode access
switchport access vlan 30
no shut
int range f0/09 - 10
switchport mode access
switchport access vlan 35
no shut
int range f0/11 - 12
switchport mode access
switchport access vlan 40
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
no shut
253
int range f0/15 - 16
switchport mode access
switchport access vlan 60
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
no shut
int range f0/19 - 20
switchport mode access
switchport access vlan 80
no shut
int range f0/21 - 24
switchport mode access
switchport access vlan 90
no shut
exit
-------------------------------------------------------------
spanning-tree vlan 1 root primary
spanning-tree mode pvst
-------------------------------------------------
VOIP
-------------------------------------------------
vlan 100
name Voice
int range f0/5 - 18
switchport voice vlan 100
int range f0/5 - 24
switchport mode access
254
switchport access vlan 66
shut
255
-New Orleans Configuration
256
New Orleans Configuration – R1en
conf t
hostname NOR1
no ip domain-lookup
enable secret cisco
line con 0
secret cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 4
secret cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input SSH
crypto-key generate rsa
2048
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip http server
ip http secure-server
ip http authentication local
username netadmin privilege 15 secret cisco12345
int f0/1
257
desc Connection to the Internet
ip add 10.200.100.6 255.255.255.240
no shut
int f0/0
no ip add
shut
int f0/0.10
desc connection to Vlan 10
encap dot1q 10
ip add 10.3.4.1 255.255.252.0
int f0/0.20
desc connection to Vlan 20
encap dot1q 20
ip add 10.3.1.33 255.255.255.224
int f0/0.30
desc connection to Vlan 30
encap dot1q 30
ip add 10.3.2.129 255.255.255.128
int f0/0.40
desc connection to Vlan 40
encap dot1q 40
ip add 10.3.1.129 255.255.255.128
int f0/0.50
desc connection to Vlan 50
encap dot1q 50
ip add 10.3.2.1 255.255.255.128
int f0/0.60
desc connection to Vlan 60
encap dot1q 60
258
ip add 10.3.1.65 255.255.255.192
int f0/0.70
desc connection to Vlan 70
encap dot1q 70
ip add 10.3.1.1 255.255.255.224
int f0/0.98
desc connection to Vlan 98
encap dot1q 98
ip add 10.3.99.129 255.255.255.128
int f0/0.99
desc connection to Vlan 99
encap dot1q 99
ip add 10.3.99.1 255.255.255.128
int f0/0.100
desc connection to Vlan 100 (Voice)
encap dot1q 100
ip add 10.3.100.1 255.255.255.0
int f0/0
no shut
exit
router eigrp 1
eigrp router-id 6.6.6.6
network 10.3.4.0 0.0.3.255
network 10.3.1.32 0.0.0.31
network 10.3.2.128 0.0.0.127
network 10.3.1.128 0.0.0.127
network 10.3.2.0 0.0.0.127
network 10.3.1.64 0.0.0.63
network 10.3.1.0 0.0.0.31
259
network 10.3.99.0 0.0.0.127
network 10.3.99.128 0.0.0.127
network 10.3.100.0 0.0.0.255
no auto-summary
passive-interface f0/0
exit
ip route 0.0.0.0 0.0.0.0 f0/1
-------------------------------------------------
DHCP
-------------------------------------------------
int f0/0.10
ip helper-address 10.3.99.253
int f0/0.20
ip helper-address 10.3.99.253
int f0/0.30
ip helper-address 10.3.99.253
int f0/0.40
ip helper-address 10.3.99.253
exit
-------------------------------------------------
NAT/PAT
-------------------------------------------------
ip route 10.200.100.0 255.255.255.240 f0/1
ip nat pool INTERNET 10.200.100.6 10.200.100.6 netmask 255.255.255.240
access-list 1 deny 10.3.99.128 0.0.0.127
access-list 1 permit 10.3.0.0 0.0.255.255
ip nat inside source list 1 pool INTERNET overload
int f0/1
ip nat outside
260
int f0/0.1
ip nat inside
int f0/0.10
ip nat inside
int f0/0.20
ip nat inside
int f0/0.30
ip nat inside
int f0/0.40
ip nat inside
int f0/0.50
ip nat inside
int f0/0.60
ip nat inside
int f0/0.70
ip nat inside
int f0/0.98
ip nat inside
int f0/0.100
ip nat inside
exit
-------------------------------------------------
VOIP
-------------------------------------------------
int f0/0
shut
int f0/0.100
desc Voice Vlan 100
encap dot1q 100
261
ip add 10.3.100.1 255.255.255.0
no shut
ip dhcp excluded-address 10.3.100.1 10.3.100.9
ip dhcp pool VOICE
network 10.3.100.0 255.255.255.0
default-router 10.3.100.1
option 150 ip 10.3.100.1
exit
telephony-service
max-ephones 5
max-dn 5
no auto-reg-ephone
auto assign 1 to 10
ip source-address 10.3.100.1 port 2000
exit
ephone-dn 1 dual-line
number 3001
name Ryan Taylor
desc Network Admin
label Ryan Taylor (3001)
ephone-dn 2 dual-line
number 3002
name Scott Busch
desc Network Admin
label Scott Busch (3002)
ephone-dn 3 dual-line
number 3003
name Thrall
desc War Cheif
262
label Thrall (3003)
ephone-dn 4 dual-line
number 3005
name Adam West
desc Batman
label Adam West (3004)
ephone-dn 5 dual-line
number 3005
name Burt Reynolds
desc The Bandit
label Burt Reynolds (3005)
ephone 1
button 1:1 2:2
mac-address
type 7940
exit
dial-peer voice 3 voip
destination-pattern 2...
session target ipv4:10.27.115.1
dial-peer voice 2 voip
destination-pattern 4...
session target ipv4:10.10.1.1
dial-peer voice 1 voip
destination-pattern 5...
session target ipv4:10.10.1.2
New Orleans Configuration – SW1en
conf t
host NOS1
263
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.3.99.1
int vlan 99
desc Mangement Address
ip add 10.3.99.10 255.255.255.128
no shut
exit
vlan 10
name Staff
vlan 20
name Upper Mngmt
vlan 30
264
name Marketing
vlan 40
name HumanResources
vlan 50
name Facilities
vlan 60
name Security
vlan 66
Black Hole (Native)
vlan 70
name IT
vlan 98
name Server
vlan 99
name Management
vlan 100
name Voice
exit
int range f0/1 - 4
switchport mode trunk
switchport trunk native vlan 66
switchport trunk allowed vlan 10,20,30,40,50,60,70,98,99,100
no shut
int range f0/5 - 6
switchport mode access
switchport access vlan 10
switchport voice vlan 100
no shut
int range f0/7 - 8
265
switchport mode access
switchport access vlan 20
switchport voice vlan 100
no shut
int range f0/9 - 10
switchport mode access
switchport access vlan 30
switchport voice vlan 100
no shut
int range f0/11 - 12
switchport mode access
switchport access vlan 40
switchport voice vlan 100
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
switchport voice vlan 100
no shut
int range f0/15 - 16
switchport mode access
switchport access vlan 60
switchport voice vlan 100
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
switchport voice vlan 100
no shut
266
int range f0/19 - 23
switchport mode access
switchport access vlan 98
switchport voice vlan 100
no shut
int f0/24
switchport mode trunk
switchport trunk native vlan 66
switchport trunk allowed vlan 10,20,30,40,50,60,70,98,99,100
no shut
exit
-------------------------------------------------
Etherchannel
-------------------------------------------------
int range f0/1 - 2
channel-group 1 mode active
exit
New Orleans Configuration – SW2host NOS2
no ip domain-lookup
enable secret cisco
line con 0
secret cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
secret cisco
267
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.3.99.1
int vlan 99
desc Mangement Vlan
ip add 10.3.99.20 255.255.255.128
no shut
exit
vlan 10
name Staff
vlan 20
name Upper Mngmt
vlan 30
name Marketing
vlan 40
name HumanResources
vlan 50
name Facilities
vlan 60
name Security
vlan 66
name Black Hole
268
vlan 70
name IT
vlan 98
name Server
vlan 99
name Mangement
vlan 100
name Voice
exit
int range f0/1 - 4
switchport mode trunk
switchport trunk native vlan 66
switchport trunk allowed vlan 10,20,30,40,50,60,70,98,99,100
no shut
int range f0/5 - 6
switchport mode access
switchport access vlan 10
switchport voice vlan 100
no shut
int range f0/7 - 8
switchport mode access
switchport access vlan 20
switchport voice vlan 100
no shut
int range f0/9 - 10
switchport mode access
switchport access vlan 30
switchport voice vlan 100
no shut
269
int range f0/11 - 12
switchport mode access
switchport access vlan 40
switchport voice vlan 100
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
switchport voice vlan 100
no shut
int range f0/15 - 16
switchport mode access
switchport access vlan 60
switchport voice vlan 100
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
switchport voice vlan 100
no shut
int range f0/19 - 24
switchport mode access
switchport access vlan 98
switchport voice vlan 100
no shut
exit
New Orleans Configuration – SW3host NOS3
no ip domain-lookup
270
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input Telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip default-gateway 10.3.99.1
int vlan 99
desc Mangement Address
ip add 10.3.99.30 255.255.255.128
no shut
exit
vlan 10
name Staff
vlan 20
name Upper Mngmt
vlan 30
name Marketing
271
vlan 40
name HumanResources
vlan 50
name Facilities
vlan 60
name Security
vlan 66
Black Hole
vlan 70
name IT
vlan 98
name Server
vlan 99
name Management
vlan 100
name Voice
exit
int range f0/1 - 4
switchport mode trunk
switchport trunk native vlan 66
switchport trunk allowed vlan 10,20,30,40,50,60,70,98,99,100
no shut
int range f0/5 - 6
switchport mode access
switchport access vlan 10
switchport voice vlan 100
no shut
int range f0/7 - 8
switchport mode access
272
switchport access vlan 20
switchport voice vlan 100
no shut
int range f0/9 - 10
switchport mode access
switchport access vlan 30
switchport voice vlan 100
no shut
int range f0/11 - 12
switchport mode access
switchport access vlan 40
switchport voice vlan 100
no shut
int range f0/13 - 14
switchport mode access
switchport access vlan 50
switchport voice vlan 100
no shut
int range f0/15 - 16
switchport mode access
switchport access vlan 60
switchport voice vlan 100
no shut
int range f0/17 - 18
switchport mode access
switchport access vlan 70
switchport voice vlan 100
no shut
int range f0/19 - 24
273
switchport mode access
switchport access vlan 98
switchport voice vlan 100
no shut
exit
-------------------------------------------------
Etherchannel
-------------------------------------------------
spanning-tree vlan 66 root primary
int range f0/1 - 2
channel-group 1 mode active
no shut
274
-Sacramento Configurations
275
Sacramento Configuration – R1+++ UNAUTHORIZED ACCESS PROHIBITED +++
User Access Verification
Password:
SAC-R1>en
Password:
SAC-R1#
SAC-R1#show run
Building configuration...
Current configuration : 3272 bytes!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption!
hostname SAC-R1!
boot-start-marker
boot-end-marker!
logging message-counter syslog
enable secret 5 $1$x0Dw$nU/gshrN93ce8kE0tRCog/!
no aaa new-model
memory-size iomem 15
no network-clock-participate wic 1!
dot11 syslog
ip source-route!
ip cef
ip dhcp pool VOICEA
network 10.15.80.0 255.255.255.0
default-router 10.15.80.1
option 150 ip 10.15.80.1
276
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
archive
log config
hidekeys
controller T1 0/1/0
framing esf
linecode b8zs!
controller T1 0/1/1
framing esf
linecode b8zs!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.15.10.1 255.255.255.0
ip helper-address 10.10.70.17!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.15.20.1 255.255.255.0
ip helper-address 10.10.70.17!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.15.30.1 255.255.255.0
277
ip helper-address 10.10.70.17
interface FastEthernet0/0.80
encapsulation dot1Q 80
ip address 10.15.80.1 255.255.255.0!
interface FastEthernet0/0.99
encapsulation dot1Q 99
ip address 10.15.99.1 255.255.255.0
interface FastEthernet0/1
no ip address
duplex auto
speed auto!
interface Serial0/0/0
description connection SAC-R2
ip address 10.10.1.1 255.255.255.252!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
interface BRI0/2/0
no ip address
encapsulation hdlc
shutdown!
router eigrp 1
passive-interface FastEthernet0/0
network 10.10.1.0 0.0.0.3
network 10.15.10.0 0.0.0.255
network 10.15.20.0 0.0.0.255
network 10.15.30.0 0.0.0.255
network 10.15.99.0 0.0.0.255
278
no auto-summary
eigrp router-id 1.1.1.1
ip forward-protocol nd
ip route 10.3.0.0 255.255.0.0 Serial0/0/0
ip route 10.10.0.0 255.255.0.0 Serial0/0/0
ip route 10.27.90.0 255.255.255.0 Serial0/0/0
no ip http server
no ip http secure-server
control-plane
dial-peer voice 1 voip
destination-pattern 5...
session target ipv4:10.10.1.2
dial-peer voice 2 voip
destination-pattern 3...
session target ipv4:10.3.100.1
dial-peer voice 3 voip
destination-pattern 2...
session target ipv4:10.27.115.1
telephony-service
no auto-reg-ephone
max-ephones 6
max-dn 6
ip source-address 10.15.80.1 port 2000
auto assign 1 to 6
system message Sacramento-LAN 1
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-dn 1
279
number 4001
label Mohammed Es-sabri (4001)
description HR
name Mohammed Es-sabri
ephone-dn 2
number 4002
label Keith Williams (4002)
description HR
name Keith Williams
ephone-dn 3
number 4003
ephone 1
device-security-mode none
mac-address 0015.C6FA.4947
type 7940
button 1:2 2:1
banner motd ^C +++ UNAUTHORIZED ACCESS PROHIBITED +++ ^C
line con 0
exec-timeout 0 0
password 7 02150D5604
logging synchronous
login
line aux 0
line vty 0 4
password 7 060506324F41
login
scheduler allocate 20000 1000
end
Sacramento Configuration – R2
280
Current configuration : 5192 bytes!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption!
hostname SAC-R2!
boot-start-marker
boot-end-marker!
logging message-counter syslog
enable secret 5 $1$Hg45$Fmvfre1/AsNCtzmnQmFJn/!
no aaa new-model
no network-clock-participate wic 1
no network-clock-participate aim 0!
dot11 syslog
ip source-route!
ip cef!
ip dhcp pool VOICE_SAC-R2
network 10.10.90.0 255.255.255.0
default-router 10.10.90.1
option 150 ip 10.10.90.1!
ip dhcp pool SECURITY
network 10.10.50.0 255.255.255.0
default-router 10.10.50.1
option 150 ip 10.10.90.1
ip dhcp pool FACILITIES
network 10.10.40.0 255.255.255.0
default-router 10.10.40.1
option 150 ip 10.10.90.1
ip dhcp pool IT
281
network 10.10.60.0 255.255.255.0
default-router 10.10.60.1
option 150 ip 10.10.90.1!
no ip domain lookup!
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
username webuser privilege 15 secret 5 $1$.4vQ$tbq2mgWBUzsYzxibvxk870
archive
log config
hidekeys
controller T1 0/1/0
framing esf
linecode b8zs
controller T1 0/1/1
framing esf
linecode b8zs
interface Tunnel0
description VPN to Detroit
ip address 192.168.0.2 255.255.255.252
tunnel source FastEthernet0/1
tunnel destination 10.200.100.4
interface Tunnel2
description VPN to New Orleans
ip address 192.168.0.9 255.255.255.252
tunnel source FastEthernet0/1
tunnel destination 10.200.100.6
interface FastEthernet0/0
282
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0.40
description FACILITIES LAN
encapsulation dot1Q 40
ip address 10.10.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0.50
description SECURITY LAN
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0.60
description IT LAN
encapsulation dot1Q 60
ip address 10.10.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0.70
description SERVER LAN
encapsulation dot1Q 70
ip address 10.10.70.1 255.255.255.0
ip nat inside
ip virtual-reassembly
283
interface FastEthernet0/0.90
description VOICE SAC-R2
encapsulation dot1Q 90
ip address 10.10.90.1 255.255.255.0
interface FastEthernet0/0.99
description VOICE SAC-R2
encapsulation dot1Q 99
ip address 10.10.99.2 255.255.255.0
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description Connection to the Internet
ip address 10.200.100.5 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/2/0
interface FastEthernet0/2/1
interface FastEthernet0/2/2
interface FastEthernet0/2/3
interface Serial0/0/0
description connection SAC-R1
ip address 10.10.1.2 255.255.255.252
ip nat inside
ip virtual-reassembly
clock rate 128000
interface Serial0/0/1
no ip address
284
shutdown
clock rate 128000
interface Vlan1
no ip address
router eigrp 1
redistribute static
passive-interface FastEthernet0/0
network 10.10.1.0 0.0.0.3
network 10.10.3.0 0.0.0.3
network 10.10.40.0 0.0.0.255
network 10.10.50.0 0.0.0.255
network 10.10.60.0 0.0.0.255
network 10.10.70.0 0.0.0.255
network 10.10.99.0 0.0.0.255
network 10.200.100.0 0.0.0.15
network 192.168.0.0 0.0.0.3
network 192.168.0.8 0.0.0.3
no auto-summary
eigrp router-id 2.2.2.2
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.15.0.0 255.255.0.0 Serial0/0/0
ip route 10.15.0.0 255.255.0.0 FastEthernet0/1
ip route 10.200.100.0 255.255.255.240 FastEthernet0/1
ip http server
ip http authentication local
no ip http secure-server
ip nat pool INTERNET 10.200.100.5 10.200.100.5 netmask 255.255.255.240
ip nat inside source list 1 pool INTERNET overload
285
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 1 permit 10.15.0.0 0.0.255.255!
control-plane
dial-peer voice 1 voip
destination-pattern 4...
session target ipv4:10.10.1.1
dial-peer voice 2 voip
destination-pattern 3...
session target ipv4:10.3.100.1
dial-peer voice 3 voip
destination-pattern 2...
session target ipv4:10.27.115.1
telephony-service
max-ephones 6
max-dn 6
ip source-address 10.10.90.1 port 2000
auto assign 1 to 6
system message Sacramento - LAN 2
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-dn 1
number 5001
label Mohammed Es-sabri (5001)
description IT Dept
name Mohammed Es-sabri
ephone-dn 2
number 5002
label Keith Williams (5002)
286
description IT Dept
name Keith Williams
ephone-dn 3
number 5003
ephone 1
device-security-mode none
mac-address 0013.C39B.285B
type 7940
button 1:1 2:2
ephone 2
device-security-mode none
mac-address 0015.C6FA.4947
type 7940
button 1:2
banner motd ^C +++ UNAUTHORIZED ACCESS PROHIBITED +++ ^C
line con 0
exec-timeout 0 0
password 7 105D00140A
logging synchronous
login
line aux 0
line vty 0 4
password 7 121A0C041104
login
scheduler allocate 20000 1000
end
Sacramento Configuration – SW1Current configuration : 2436 bytes!
version 12.1
287
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption!
hostname SAC-SW1!
enable secret 5 $1$ADgI$wzU4VuFEDWc1b8sV7i9mi/!
ip subnet-zero!
no ip domain-lookup!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
interface FastEthernet0/1
switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,99
switchport mode trunk
switchport voice vlan 80
spanning-tree portfast!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 80
spanning-tree portfast!
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
switchport voice vlan 80
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
288
switchport voice vlan 80
spanning-tree portfast
interface FastEthernet0/5
switchport mode access!
interface FastEthernet0/6
switchport mode access
interface FastEthernet0/7
switchport mode access
interface FastEthernet0/8
switchport mode access
interface FastEthernet0/9
switchport mode access
interface FastEthernet0/10
switchport mode access
interface FastEthernet0/11
switchport mode access
shutdown
interface FastEthernet0/12
switchport mode access
interface FastEthernet0/13
switchport mode access
interface FastEthernet0/14
switchport mode access
interface FastEthernet0/15
switchport mode access
interface FastEthernet0/16
switchport mode access
interface FastEthernet0/17
switchport mode access
289
interface FastEthernet0/18
switchport mode access
interface FastEthernet0/19
switchport mode access
interface FastEthernet0/20
switchport mode access
interface FastEthernet0/21
switchport mode access
interface FastEthernet0/22
switchport mode access
interface FastEthernet0/23
switchport mode access
interface FastEthernet0/24
switchport mode access
interface GigabitEthernet0/1
interface GigabitEthernet0/2
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan99
ip address 10.15.99.10 255.255.255.0
no ip route-cache
ip default-gateway 10.15.99.1
ip http server
banner motd ^C +++ UNAUTHORIZED ACCESS PROHIBITED +++ ^C
line con 0
exec-timeout 0 0
password 7 0448020B00
290
logging synchronous
login
line vty 0 4
password 7 060506324F41
login
line vty 5 15
password 7 060506324F41
login
end
Sacramento Configuration – SW2Current configuration : 2467 bytes!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption!
hostname SAC-SW2
enable secret 5 $1$lh.Q$rL61vpQT7lR.UW6Aw3PtB/
ip subnet-zero!
no ip domain-lookup
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
interface FastEthernet0/1
switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,99
switchport mode trunk
interface FastEthernet0/2
switchport access vlan 40
switchport mode access
291
switchport voice vlan 90
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 50
switchport mode access
switchport voice vlan 90
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 60
switchport mode access
switchport voice vlan 90
spanning-tree portfast
interface FastEthernet0/5
switchport mode access
interface FastEthernet0/6
switchport mode access
interface FastEthernet0/7
switchport mode access
interface FastEthernet0/8
switchport mode access
interface FastEthernet0/9
switchport mode access
interface FastEthernet0/10
switchport mode access
interface FastEthernet0/11
switchport mode access
interface FastEthernet0/12
switchport mode access
interface FastEthernet0/13
292
switchport mode access
interface FastEthernet0/14
switchport mode access
interface FastEthernet0/15
switchport mode access
interface FastEthernet0/16
switchport mode access
interface FastEthernet0/17
switchport access vlan 70
switchport mode access
interface FastEthernet0/18
switchport access vlan 70
switchport mode access
interface FastEthernet0/19
switchport access vlan 70
switchport mode access
interface FastEthernet0/20
switchport mode access
shutdown
interface FastEthernet0/21
switchport mode access
interface FastEthernet0/22
switchport mode access
interface FastEthernet0/23
switchport mode access
interface FastEthernet0/24
switchport mode access
interface GigabitEthernet0/1
interface GigabitEthernet0/2
293
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan99
ip address 10.10.99.20 255.255.255.0
no ip route-cache
ip default-gateway 10.10.99.2
ip http server
banner motd ^C +++ UNAUTHORIZED ACCESS PROHIBITED +++ ^C
line con 0
exec-timeout 0 0
password 7 0317520609
logging synchronous
login
line vty 0 4
password 7 060506324F41
login
line vty 5 15
password 7 060506324F41
login
end
294
-Internet Configuration
295
Internet Router Configurationen
conf t
hostname INET-R
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 4
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
transport input none
transport input telnet
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
ip http server
ip http secure-server
username webuser privilege 15 secret cisco
int f0/0
desc Internet
ip add 10.200.100.14 255.255.255.240
296
no shut
Internet Switch Configurationen
conf t
hostname INET-S
no ip domain-lookup
enable secret cisco
line con 0
pass cisco
login
logging synchronous
exec-timeout 0 0
line vty 0 15
pass cisco
login
login local
logging synchronous
exec-timeout 0 0
exit
banner motd $ Unauthorized access Prohibited! $
service password-encryption
username netadmin privilege 15 secret cisco12345
ip default-gateway 10.200.100.14
vlan 200
name Internet
297
int vlan 200
desc Internet
ip add 10.200.100.13 255.255.255.240
no shut
int f0/1
switchport mode trunk
switchport trunk native vlan 200
switchport trunk allowed vlan 200
int range f0/2 - 24
switchport mode access
switchport access native vlan 200
298
-Firewall Configuration
299
Cisco ASA 5505 Out of the box
config factory-default
show int ip b = show interface ip brief
password configs
Define inside/outside interfaces
0/0 outside (vlan2 default) 0/1 inside
int vlan 1
nameif inside
security-level 100
ip address 000.000.000.000 255.255.255.0
CHECK DHCP (sh run | inc dhcpd)
no dhcpd address ... ... ... ... ... ... ... ... ...
NOTE: default 0/0 is in switchport access vlan 2
NOTE: outside security level is 0
int vlan 2
nameif outside
security-level 0
(put in public IP address) for this vs dhcp
object network ?
300
object network INSIDE_SUBNET
(config-network-object)?
(config-network-object)#subnet ... ... ... ... ?
(config-network-object)#subnet ... ... ... ... 000.000.000.000
(config-network-object)# nat ?
(config-network-object)#nat (inside/outside) ?
(config-network-object)#nat (inside/outside) dynamic ?
(config-network-object)#nat (inside/outside) dynamic interface
EXTRA
config t
object-group icmp-type ?
object-group icmp-type ALLOW_ICMP
(config-icmp-object-group)#icmp-object ?
(config-icmp-object-group)#icmp-object echo-reply
(config-icmp-object-group)#icmp-object time-exceeded
(config-icmp-object-group)#icmp-object unreachable
(config-icmp-object-group)#icmp-object traceroute
CREATE ACL AND BIND TO INTERFACE
confit t
access-list INBOUND ?
access-list INBOUND permit icmp ?
access-list INBOUND permit icmp any ?
access-list INBOUND permit icmp any any ?
access-list INBOUND permit icmp any any object-group ALLOW_ICMP
301
config t
access-group INBOUND in interface outside
#show ip
show run
no oject network obj_any
DEFINE HTTP/SSH/Telnet
config t
ssh ?
ssh (put in ip range of expected host)
TEMP EXAMPLE FOR CONFIG PURPOSES
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
show ip
telnet 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 outside
http ?
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
http ?
http server ?
http server enable
302
DEFINE DHCPD (optional)
config t
show run | inc dhcpd
dhcpd address 100.100.100.1-100.100.100.10 inside
dhcpd ?
dhcpd dns 4.2.2.2 interface inside
dhcpd enable inside
show run
NOTE PORT 0/1,3-7 VLAN 1 DEFAULT PORT 0/2 VLAN 2 DEFAULT
config t
wr (write to save)
DEFINE ASDM FOR THE GUI
config t
sh run | inc asdm
asdm image ?
asdm image flash:/asdm-???.bin
config t
wr (write)
sh ip
reload
303
-ACL Configuration
304
No telnet across any sites
only allow internal ssh for 3 routers.
only allow traffic to DMZ
web traffic/ICMP
During setup, have one IT VLAN host from each site set up.
TCP includes Telnet.
IP includes TCP, UDP, and ICMP.
access-list 100 remark Deny Telnet Traffic & Allow Regular Net Traffic
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
ISP - F0/1, going in.
access-group 100 in
access-list 101 remark Allow Web Traffic Through Networks
access-list 101 permit tcp any any eq 80
New Orleans - F0/1, going out.
Detroit - F0/0, going out.
Sacramento - F0/1, going out.
access-group 101 out
access-list 102 remark Allow SSH
access-list 102 permit tcp 10.27.80.0 0.0.0.255 eq 22 (Detroit)
apply on interface that will be SSH'ed into, going in.
Detroit - F0/1, going in.
305
access-group 102 in
access-list 102 remark Allow SSH
access-list 102 permit tcp 10.3.1.0 0.0.0.31 eq 22 (New Orleans)
apply on interface that will be SSH'ed into, going in.
New Orleans - F0/0, going in.
access-group 102 in
access-list 102 remark Allow SSH
access-list 102 permit tcp 10.10.60.0 0.0.0.255 eq 22 (Sacramento)
apply on interface that will be SSH'ed into, going in.
Sacramento R1 - F0/0, going in.
Sacramento R2 - F0/0, going in.
Sacramento has two sites, therefore since each router counts as a seperate site, each router must have access-list.
access-group 102 in
ip access-list standard SSH ALLOW (Detroit)
permit 10.3.1.0 0.0.0.31 - New Oreans f0/0, going out.
permit 10.10.60.0 0.0.0.255 - Sacramento R1 F0/0, going out.
Sacramento R2 F0/0, going out.
ip access-list standard SSH ALLOW (New Orleans)
permit 10.27.80.0 0.0.0.255 - Detroit F0/1, going out.
permit 10.10.60.0 0.0.0.255 Sacramento R1 F0/0, going out.
Sacramento R2 F0/0, going out.
ip access-list standard SSH ALLOW (Sacramento)
306
permit 10.27.80.0 0.0.0.255 - Detroit F0/1, going out.
permit 10.3.1.0 0.0.0.31 - New Orleans F0/0, going out.
Apply to VTY 0 4, VTY 0 15
access-class SSH ALLOW out
307
-Video VoIP Configuration
308
Detroit Configuration – R2no service password-encryption
hostname videoVOICE
boot-start-marker
boot-end-marker
enable secret 5 $1$o.tU$ey/Gue2C8u8Bpg/CjIvEO1
no aaa new-model
memory-size iomem 15
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 10.27.115.1 10.27.115.5
ip dhcp pool VOICE
network 10.27.115.0 255.255.255.0
default-router 10.27.115.1
option 150 ip 10.27.115.1
no ipv6 cef
multilink bundle-name authenticated
voice service voip
allow-connections sip to sip
sip
registrar server expires max 3600 min 1800
voice register global
mode cme
source-address 10.27.115.1 port 5060
max-dn 10
max-pool 2
load 9971 sip9971.9-1-1SR1.loads
authenticate register
309
authenticate realm all
timezone 13
voicemail 4009
tftp-path flash:
file text
create profile sync 0944316430570103
camera
video
voice register dn 1
number 4001
call-forward b2bua busy 4009
call-forward b2bua noan 4009 timeout 10
name John Doe
mwi
voice register dn 2
number 4002
call-forward b2bua busy 4009
call-forward b2bua noan 4009 timeout 10
name Jane Doe
mwi
voice register pool 1
id mac 5CA4.8A64.603C
type 9971
number 1 dn 1
username 4001 password 554001
description NetAdmin
codec g711ulaw
no vad
camera
310
video
voice register pool 2
id mac 5CA4.8A64.5F94
type 9971
number 1 dn 2
username 4002 password 554002
description Jane Doe
codec g711ulaw
no vad
camera
video
voice-card 0
crypto pki token default removal timeout 0
license udi pid CISCO2811 sn FTX0944A3FW
license accept end user agreement
redundancy
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/0.115
encapsulation dot1Q 115
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.115
encapsulation dot1Q 115
ip address 10.27.115.1 255.255.255.0
311
interface Serial0/0/0
no ip address
clock rate 128000
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
interface FastEthernet0/2/0
no ip address
interface FastEthernet0/2/1
no ip address
interface FastEthernet0/2/2
no ip address
interface FastEthernet0/2/3
no ip address
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
tftp-server dkern9971.100609R2-9-1-1SR1.sebn
312
tftp-server kern9971.9-1-1SR1.sebn
tftp-server rootfs9971.9-1-1SR1.sebn
tftp-server sboot9971.031610R1-9-1-1SR1.sebn
tftp-server skern9971.022809R2-9-1-1SR1.sebn
tftp-server sip9971.9-1-1SR1.loads
control-plane
voice-port 0/1/0
voice-port 0/1/1
voice-port 0/3/0
voice-port 0/3/1
mgcp profile default
line con 0
line aux 0
line 1/0 1/15
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
313
Software Development Team Appendices
**Please See Supplementary Documentation for Source Annotation**
314
Project Status Reports
315
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
FEBRUARY 5, 2016
PROJECT STATUS SUMMARY Percent Complete: 05%
Scope Schedule Cost Risks Quality
The Planning phase of the project is well underway. Currently objectives have been identified, and team leaders are communicating with their teams establish a breakdown of the required work elements, and their relative priorities, dependencies, and weights.
Currently all phases of the project are green, save schedule. No unexpected events have arisen to complicate the planning as of yet, and until final decisions on project scope are approved is at a standstill. Planning is taking an appropriate amount of time, however communication between team members, team leads, and the project manager is for the moment sluggish, leading to a sense of disconnect and hesitation as to the pace of the finalized details.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
316
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK PLANNED FOR NEXT WEEK
Plan to finalize scope and begin establishment of a work breakdown and critical path to lead to project’s completion. Expecting Work Breakdowns from team leaders, as well as a preliminary project charter, to be developed by the project manager in cooperation with the team.
OPEN ISSUES
Concern on communication structure between team leads and manager, level of direct involvement to be determined. Will address with team leads in the coming week.
OPEN RISKS
With first presentation approaching, real risk of false start. Must take care to meet deliverable timetable.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Planning Completion TBA Incomplete
317
Deliverable WBS Planned Forecasted Actual Status
WBS 2/15 -- -- Incomplete
Scope Statement 2/15 -- -- Incomplete
Project Schedule 2/22 -- -- Incomplete
OPEN CHANGE REQUESTS
Scope not yet Established, changes inapplicable prior to scope acceptance.
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is On Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
318
319
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
FEBRUARY 15, 2016
PROJECT STATUS SUMMARY Percent Complete: 08%
Scope Schedule Cost Risks Quality
The Planning phase of the project is well underway. Currently objectives have been identified, and team leaders are communicating with their teams establish a breakdown of the required work elements, and their relative priorities, dependencies, and weights.
Currently all phases of the project are green, save schedule. No unexpected events have arisen to complicate the planning as of yet, and until final decisions on project scope are approved is at a standstill. Planning is taking an appropriate amount of time, however communication between team members, team leads, and the project manager is for the moment sluggish, leading to a sense of disconnect and hesitation as to the pace of the finalized details.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
320
WBS developed for individual teams, while overall project WBS is in development. Scope statement and project charter in development.
WORK PLANNED FOR NEXT WEEK
Finalized WBS, project charter and scope statement expected in the coming week. All documents to be submitted for approval of project sponsors by 2/21.
OPEN ISSUES
Team is beginning to show restlessness at current project pace. The sooner we can begin execution phase, the better.
OPEN RISKS
With first presentation approaching, real risk of false start. Must take care to meet deliverable timetable.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Planning Completion TBA 2/21 Incomplete
Deliverable WBS Planned Forecasted Actual Status
321
WBS 2/15 2/21 -- LATE
Scope Statement 2/15 2/21 -- LATE
Project Schedule 2/22 -- -- Incomplete
OPEN CHANGE REQUESTS
Scope not yet Established, changes inapplicable prior to scope acceptance.
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is On Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
322
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
FEBRUARY 22, 2016
PROJECT STATUS SUMMARY Percent Complete: 08%
Scope Schedule Cost Risks Quality
The Planning phase of the project is well underway. Currently objectives have been identified, and team leaders are communicating with their teams establish a breakdown of the required work elements, and their relative priorities, dependencies, and weights.
Currently all phases of the project are green, save schedule. No unexpected events have arisen to complicate the planning as of yet, and until final decisions on project scope are approved is at a standstill. Planning is taking an appropriate amount of time, however communication between team members, team leads, and the project manager is for the moment sluggish, leading to a sense of disconnect and hesitation as to the pace of the finalized details.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
323
WORK COMPLETED LAST WEEK
Project charter and project WBS completed. Project Charter accepted with provision to amend signature page.
WORK PLANNED FOR NEXT WEEK
Finalize requirements for hardware and software, finalize scope statement, develop project schedule. Will present project timeline 2/25.
OPEN ISSUES
Network team is dragging feet delivering hardware requirement invoice, delaying scope statement. Will confer with network team lead to amend situation.
OPEN RISKS
Presentation set for less than a week out, difficulty scheduling with team leads remains.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Planning Completion TBA 2/21 2/24 LATE
324
Project Schedule Presentation
2/25
Deliverable WBS Planned Forecasted Actual Status
WBS 2/15 2/21 2/21 Complete
Scope Statement 2/15 2/24 -- LATE
Project Schedule 2/22 2/24 -- LATE
OPEN CHANGE REQUESTS
Scope not yet Established, changes inapplicable prior to scope acceptance.
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is On Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
325
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
326
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
FEBRUARY 28, 2016
PROJECT STATUS SUMMARY Percent Complete: 10%
Scope Schedule Cost Risks Quality
Planning phase of the project is rapidly coming to a close. WBS has been completed, allowing for accurate projections of work to be done, and the labor costs to each task. The project charter has been submitted for approval, the scope has been established, with the scope statement pending only on a budgetary quote for cost of implementation.
With the timeline presentation looming, the project looks to be ready to advance to the next stages. The team is anxious to begin execution.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
Project Scope Statement completed, pending quote of costs for requisitioned hardware and licenses. Presentation prepared for project sponsor.
327
WORK PLANNED FOR NEXT WEEK
Timeline presentation 3/1. Presentation to CPIN Advisory Board 3/2. Project to shift into execution phase following presentation on 3/1.
OPEN ISSUES
Wrestling with Microsoft Project to create initial Gant Chart. One of the team leads has relatively major presentation anxiety. Will consult as necessary to ease nerves.
OPEN RISKS
Presentation, both to project sponsor and advisory board are imminent. Must make a good showing to propel project forward with strong momentum.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Planning Completion TBA 2/21 2/24 2/28 LATE
Project Schedule Presentation 2/25
Deliverable WBS Planned Forecasted Actual Status
WBS 2/15 2/21 2/21 Complete
328
Scope Statement 2/15 2/24 2/28 Complete
Project Schedule 2/22 2/24 2/28 Complete
Timeline Presentation 3/1 3/1 -- Pending
OPEN CHANGE REQUESTS
Scope not yet Established, changes inapplicable prior to scope acceptance.
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is On Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
329
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
MARCH 8, 2016
PROJECT STATUS SUMMARY Percent Complete: 12%
Scope Schedule Cost Risks Quality
The project has shifted into the Execution phase, with implementation and quality control becoming the primary focuses.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
Project timeline presentation, and presentation of project synopsis to Advisory Board. Finalization of planning procedures.
330
WORK PLANNED FOR NEXT WEEK
Physical implementation of network base infrastructure, and initialization of server builds.
OPEN ISSUES
Early concerns regarding balance of workload between team members. Preliminary consult given to software team lead, and oversight given to network team’s situation.
OPEN RISKS
Successful implementation of network infrastructure is one of the first work activities to fall on the critical path. This must be completed on schedule, lest the entire project risk a slide.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Planning Completion 2/21 2/24 3/1 Complete
Project Schedule Presentation 2/25 3/1 Complete
Deliverable WBS Planned Forecasted Actual Status
WBS 2/15 2/21 2/21 Complete
Scope Statement 2/15 2/24 2/28 Complete
Project Schedule 2/22 2/24 2/28 Complete
Timeline Presentation 3/1 3/1 3/1 Complete
331
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is On Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
332
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
MARCH 14, 2016
PROJECT STATUS SUMMARY Percent Complete: 15%
Scope Schedule Cost Risks Quality
Execution is underway. Network team has begun to fall behind schedule at an alarming rate. Work in progress to identify snags and address issues. Pushing network team lead to crash early stages of execution in order to make up as much time as possible. Additional labor hours will be appended to project plan as necessary.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
Execution begun. Software development team began drafting initial framework for admin portal. Server team successfully installed OS’s on all servers. Network team began installation of physical topology, but has yet to decide on a final framework.
333
WORK PLANNED FOR NEXT WEEK
Completion of network infrastructure, completion of server role installations, and completion of Employee management section of Admin Portal.
OPEN ISSUES
Network and server teams falling behind schedule early. Must address issues of resource management and utilization. Critical path currently sliding.
OPEN RISKS
Risk of a slide is advancing apace. Budgeting and schedule have been adjusted as per requirements.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Physical Equipment Installed 3/10 3/17 -- LATE
Basic Configurations Complete
3/12 3/20 LATE
Routing and Switching Functional
3/16 3/20 Pushed Back
Wireless Implementation Complete
3/19 3/23 Pushed Back
Server OS’s Installed 3/9 -- -- Complete
334
Domain Created 3/3 3/15 LATE
Central Domain Policies Established
3/7 3/17 LATE
Domain Structure Complete 3/15 3/19 Pushed Back
GPO Environment Complete 3/17 3/21 Pushed Back
DNS Functioning 3/7 3/20 Pushed Back
DHCP Functioning 3/9 3/21 Pushed Back
Departmental Shares Created 3/9 3/20 Pushed Back
Share Permissions Established
3/9 3/21 Pushed Back
Exchange System Installed 3/5 3/16 LATE
Exchange System Functioning
3/15 3/21 Pushed Back
Ticketing System Functioning
3/7 3/25 LATE
Database Scheme/Migrations Complete
3/7 -- -- Complete
Admin Portal Authentication Complete
3/10 -- -- Complete
Admin Portal Employee Management Complete
3/17 On Schedule
Deliverable WBS Planned Forecasted Actual Status
335
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
N/A
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is BEHIND Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is On Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
336
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
MARCH 21, 2016
PROJECT STATUS SUMMARY Percent Complete: 15%
Scope Schedule Cost Risks Quality
Progress continues in the execution phase. Network infrastructure and connectivity is lagging behind, forcing a slide along the critical path. Slack was planned into the project, and deadlines are being reevaluated.
WORK PLANED FOR LAST MONTH
Initial planning commenced, exploration of scope, and the skills and capabilities of team members underway.
WORK COMPLETED LAST WEEK
Network infrastructure installed. Progress on network configuration stalled out as difficulties with hardware, materials, and functional versions clashed with resources’ skill sets. Topology and implementation have undergone several revisions. Servers have all been initialized, with OS’s installed, and roles implemented. Configuration of the domain awaits a functional network. The software team’s progress on the Admin Portal continues on schedule.
337
WORK PLANNED FOR NEXT WEEK
Completion of basic network connectivity, and creation of domain. Integration of server infrastructure within network. Begin closeout processes for the Admin Portal.
OPEN ISSUES
Network continues to delay progress of the project. Deadlines are under revision as the work continues at its pace.
OPEN RISKS
Budget and timeline both are expecting overages from initial forecasts. Additional resources are being allocated more time toward crashing key work activities.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Physical Equipment Installed 3/10 3/17 -- LATE
Basic Configurations Complete
3/12 3/22 LATE
Routing and Switching Functional
3/16 3/24 Pushed Back
338
Wireless Implementation Complete
3/19 3/29 Pushed Back
Server OS’s Installed 3/9 -- -- Complete
Domain Created 3/3 3/22 LATE
Central Domain Policies Established
3/7 3/24 LATE
Domain Structure Complete 3/15 3/24 Pushed Back
GPO Environment Complete 3/17 3/22 Pushed Back
DNS Functioning 3/7 3/22 Pushed Back
DHCP Functioning 3/9 3/22 Pushed Back
Departmental Shares Created 3/9 3/24 Pushed Back
Share Permissions Established
3/9 3/24 Pushed Back
Exchange System Installed 3/5 3/27 LATE
Exchange System Functioning
3/15 4/1 Pushed Back
Ticketing System Functioning
3/7 3/27 LATE
Database Scheme/Migrations Complete
3/7 -- -- Complete
Admin Portal Authentication Complete
3/10 -- -- Complete
Admin Portal Employee Management Complete
3/17 On Schedule
Deliverable WBS Planned Forecasted Actual Status
339
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Pending
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is BEHIND Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
340
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
MARCH 28, 2016
PROJECT STATUS SUMMARY Percent Complete: 30%
Scope Schedule Cost Risks Quality
Relatively major breakthroughs came this past week, with network connectivity going live, and server assignment to network spaces and joining to our domain coming together. Software continues apace.
WORK PLANED FOR LAST MONTH
Early execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.
WORK COMPLETED LAST WEEK
Network connectivity achieved. Servers integrated into network. Admin portal nearing completion.
341
WORK PLANNED FOR NEXT WEEK
Network team breakout into various sub-tasks, including wireless, VoIP, and security, while maintaining network structure for team’s use. Server team move into more specific configurations and establishing infrastructure sustainability with connectivity for testing.
OPEN ISSUES
Must reconsider milestone dates to correspond to current status of project. Slide over the previous weeks have altered my timetable significantly.
OPEN RISKS
Progress report to project stakeholders upcoming. Must communicate with team leads to design presentation and define realistic expectations for project prognosis.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Physical Equipment Installed 3/10 3/17 3/17 Complete
Basic Configurations Complete
3/12 3/22 3/26 Complete
342
Routing and Switching Functional
3/16 3/24 3/26 Complete
Wireless Implementation Complete
3/19 4/9 Pushed Back
Server OS’s Installed 3/9 -- -- Complete
Domain Created 3/3 3/22 3/22 Complete
Central Domain Policies Established
3/7 3/24 3/24 Complete
Domain Structure Complete 3/15 3/24 3/24 Complete
GPO Environment Complete 3/17 3/31 Pushed Back
DNS Functioning 3/7 3/31 Pushed Back
DHCP Functioning 3/9 3/31 Pushed Back
Departmental Shares Created 3/9 3/31 Pushed Back
Share Permissions Established
3/9 4/2 Pushed Back
Exchange System Installed 3/5 3/31 Pushed Back
Exchange System Functioning
3/15 4/5 Pushed Back
Ticketing System Functioning
3/7 3/27 Pushed Back
Database Scheme/Migrations Complete
3/7 -- -- Complete
Admin Portal Authentication Complete
3/10 -- -- Complete
Admin Portal Employee Management Complete
3/17 On Schedule
Deliverable WBS Planned Forecasted Actual Status
343
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Accepted
Network Team Restructure
002 3/25/2016 Accepted
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is BEHIND Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
344
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
APRIL 5, 2016
PROJECT STATUS SUMMARY Percent Complete: 54%
Scope Schedule Cost Risks Quality
Network team progress continues, VoiP initial functionality demonstrated today. Difficulties and disparity between team member participation begins to show, with several members spending significant amounts of time outside of class. The Detroit site continues to lack complete implementation, currently using workarounds. With availability of network, server team progresses quickly along their tasks, catching up to original projections against previous delays. Software team continues to work shorthanded and with limited productivity out of team. Team leader carries the workload and has yet to fall behind schedule, but I have concerns as to his capability to continue this pace.
WORK PLANED FOR LAST MONTH
Early execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.
345
WORK COMPLETED LAST WEEK
Server team completed domain implementation, created GPO environment, established DNS and DHCP functionality, and finalized ticketing system. Software team completed administration portal, including the last of its sub tasks. Storefront Products completed. Network team achieved functional communication between sites, with limited topology available for Detroit. VoiP implementation made major steps toward completion.
WORK PLANNED FOR NEXT WEEK
Network team finish VoiP and Detroit implementation. Work to begin on security and wireless implementations. Server team to finalize DFS, Radius, and permissions. Software team to complete storefront cart, account creation, and checkout.
OPEN ISSUES
Have begun to crash delayed tasks, reallocating resources and significantly over-allocate resources wherever available. Available lab times are being gradually optimized and abused.
OPEN RISKS
General dissent among Network team as to progress and questions regarding leadership. Have been addressed via promotion of Ryan to Co-team leader, in an effort to relieve stress on Shane. Full functionality still elusive in Detroit, crashing task to allow for swift correction.
346
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Wireless Implementation Complee
4/7 4/14 -- Delayed
VoiP Complete 4/7 4/9 -- Delayed
Teleworker Solution Complete
4/26 4/26 Upcoming
Network Based Security Complete
4/26 4/26 Upcoming
Disaster Recovery Plan Established
4/26 4/26 Upcoming
Server Infrastructure Complete
4/24 4/24 Upcoming
Server Testing Complete 4/28 4/28 Upcoming
Departmental Shares Created 4/2 4/7 Delayed
Share Permissions Established
4/2 4/9 Delayed
Exchange System Installed 4/2 4/7 Delayed
Radius Server Implemented 4/8 4/8 Upcoming
Exchange System Functioning
4/5 4/9 Delayed
Storefront Cart Complete 4/7 4/7 Upcoming
Storefront Account Creation Complete
4/7 4/7 Upcoming
Storefront Checkout Complete
4/12 4/12 Upcoming
Storefront Authentication Complete
4/14 4/14 Upcoming
347
Storefront Account Management Complete
4/21 4/21 Upcoming
Software Testing Complete 4/26 4/26 Upcoming
Servers Formatted For Development Team Use
4/26 4/26 Upcoming
Deliverable WBS Planned Forecasted Actual Status
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Accepted
Network Team Restructure
002 3/25/2016 Accepted
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is ON Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
348
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
349
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
APRIL 12, 2016
PROJECT STATUS SUMMARY Percent Complete: 77%
Scope Schedule Cost Risks Quality
In the past week we prepared and presented a progress report to key stakeholders, reporting the current health of the project. Additionally work has begun accelerating, as key aspects of the project are reaching completion.
WORK PLANED FOR LAST MONTH
Early execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.
WORK COMPLETED LAST WEEK
Full implementation of network infrastructure completed. All three sites maintain full functionality and features for basic connectivity and routing. VoiP implementation complete across all three sites, with functioning extension dialing across the sites. Server
350
implementation nearing completion, DFS, AD, DNS, DHCP all complete or nearly so. Work begun toward implementation of exchange infrastructure. Developing team nearing completion. Admin portal finished, account creation complete, and shopping cart API defined.
WORK PLANNED FOR NEXT WEEK
Network team prioritizing wireless functionality, and security solutions. Firewalls and ACLs to be installed and configured. Server team to finish satellite tasks regarding DFS, Remote Desktop, begin formalizing RADIUS implementation, and turn focus toward Exchange system. Server team to begin allocating resources toward integration, adding client test systems to domain environment, installing software deliverables into server infrastructure. Development team to begin Customer Account Management and Order Management, leading toward finalization and wrap up of software implementation. Ahead of schedule, as such, additional time to be allocated toward testing and integration, raising quality as capable.
OPEN ISSUES
Crash of tasks continues. Assessment of remaining tasks taken under consideration. Potential for scope adjustments as final weeks approach. Friction arisen as a result of progress report presentation among network team. Darrin expressed displeasure toward representation of progress. Issue addressed, however management maintains the intention to oversee issue to prevent further aggravation.
OPEN RISKS
General dissent among Network team as to progress and questions regarding leadership. Have been addressed via promotion of Ryan to Co-team leader, in an effort to relieve stress
351
on Shane. Full functionality still elusive in Detroit, crashing task to allow for swift correction.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Wireless Implementation Complee
4/7 4/21 -- Delayed
VoiP Complete 4/7 4/9 -- Complete
Teleworker Solution Complete
4/26 4/26 Upcoming
Network Based Security Complete
4/26 4/26 Upcoming
Disaster Recovery Plan Established
4/26 4/26 Upcoming
Server Infrastructure Complete
4/24 4/24 Upcoming
Server Testing Complete 4/28 4/28 Upcoming
Departmental Shares Created 4/2 4/14 Delayed
Share Permissions Established
4/2 4/14 Delayed
Exchange System Installed 4/2 4/7 4/8 Complete
Radius Server Implemented 4/8 4/14 Delayed
Exchange System Functioning
4/5 4/21 LATE
Storefront Cart Complete 4/7 4/7 4/7 Complete
Storefront Account Creation Complete
4/7 4/7 4/7 Complete
Storefront Checkout Complete
4/12 4/12 Upcoming
352
Storefront Authentication Complete
4/14 4/14 Upcoming
Storefront Account Management Complete
4/21 4/21 Upcoming
Software Testing Complete 4/26 4/26 Upcoming
Servers Formatted For Development Team Use
4/26 4/26 Upcoming
Deliverable WBS Planned Forecasted Actual Status
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Accepted
Network Team Restructure
002 3/25/2016 Accepted
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is ON Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
353
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
354
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
APRIL 19, 2016
PROJECT STATUS SUMMARY Percent Complete: 77%
Scope Schedule Cost Risks Quality
We had a significant turnaround in group environment this past week. Attitudes improved toward progress and team members. Integration efforts have begun, with DHCP functioning across the network, and client test environments being developed.
WORK PLANED FOR LAST MONTH
Early execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.
WORK COMPLETED LAST WEEK
Troubleshooting continued for the Detroit site. Final issues smoothed out. WDS images and PXE Boot successfully implemented on test machines. Software team quickly approaching completion ahead of schedule.
355
WORK PLANNED FOR NEXT WEEK
Implementation of firewall and ACLs for network security. Wireless access point integration and configuration. Integration of software team solutions into server infrastructure. Complete implementation of Exchange environment, and hammer down remaining server tasks. Documentation of project work to begin in earnest.
OPEN ISSUES
We are quickly approaching deadline. Remaining tasks to be assessed for likelihood of completion, as well as potential additional work periods to crash tasks for rushed completion.
OPEN RISKS
Risks remain concerning applicability of remaining tasks, as well as group dynamic. While team atmosphere has improved, I have lingering concerns toward overall health of team make-up.
DELIVERABLES AND MILESTONES
Milestone WBS Planned Forecasted Actual Status
Wireless Implementation Complee
4/7 4/21 -- Delayed
356
VoiP Complete 4/7 4/9 -- Complete
Teleworker Solution Complete
4/26 4/26 Upcoming
Network Based Security Complete
4/26 4/26 Upcoming
Disaster Recovery Plan Established
4/26 4/26 Upcoming
Server Infrastructure Complete
4/24 4/24 Upcoming
Server Testing Complete 4/28 4/28 Upcoming
Departmental Shares Created 4/2 4/14 Delayed
Share Permissions Established
4/2 4/14 Delayed
Exchange System Installed 4/2 4/7 4/8 Complete
Radius Server Implemented 4/8 4/14 Delayed
Exchange System Functioning
4/5 4/21 LATE
Storefront Cart Complete 4/7 4/7 4/7 Complete
Storefront Account Creation Complete
4/7 4/7 4/7 Complete
Storefront Checkout Complete
4/12 4/12 Upcoming
Storefront Authentication Complete
4/14 4/14 Upcoming
Storefront Account Management Complete
4/21 4/21 Upcoming
Software Testing Complete 4/26 4/26 Upcoming
Servers Formatted For Development Team Use
4/26 4/26 Upcoming
Deliverable WBS Planned Forecasted Actual Status
357
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Accepted
Network Team Restructure
002 3/25/2016 Accepted
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is ON Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
358
PROJECT STATUS REPORT
CPIN 269 CLASS PROJECT
APRIL 26, 2016
PROJECT STATUS SUMMARY Percent Complete: 94%
Scope Schedule Cost Risks Quality
The project is swiftly approaching completion. All primary Software Development, and Server tasks have been completed, allowing this last week for integration, testing, and minor adjustments to configurations. The network team is currently concerting their efforts to finish on schedule.
WORK PLANED FOR LAST MONTH
Execution for all teams. Server team’s work including server setup, domain creation, role installation, and basic configuration of core server environment features. Network team planned work included installation of topology, basic configuration of all components, and beginning work toward wireless communication and VoIP. Development team planned to have begun work on admin portal.
WORK COMPLETED LAST WEEK
359
Software and Server full implementation complete. Network completed full implementation of VoiP across three sites, wireless implemented at Sacramento, to be rolled out to other sites this week.
WORK PLANNED FOR NEXT WEEK
Network team to implement wireless at remaining two sites, as well as attempt integration of wireless into RADIUS, to permit domain credentials to be used as authentication method. Implementation of ASLs and firewall to be primary concern, however I have my doubts as to their feasibility. Server and Software teams to devote their time to integration and testing, preparing for a smooth presentation of the products produced by our team.
OPEN ISSUES
Network team having difficulty configuring CUCM server for their use with VoiP and Telepresence. VoiP can function without it, however more advanced features are reliant on the server backbone. May need to scrap telepresence. Firewall implementation is slow, as the team is unfamiliar with ASA commands. May need to evaluate circumstances.
OPEN RISKS
The eleventh hour is always a stressful time. I expect to see team members butting heads as they scramble to finish their allotted tasks in time. Documentation is proving to be a point of contention, with several parties having different ideas of what the end product should be.
DELIVERABLES AND MILESTONES
360
Milestone WBS Planned Forecasted Actual Status
Wireless Implementation Complee
4/7 4/21 -- Delayed
VoiP Complete 4/7 4/9 -- Complete
Teleworker Solution Complete
4/26 4/26 Upcoming
Network Based Security Complete
4/26 4/26 Upcoming
Disaster Recovery Plan Established
4/26 4/26 Upcoming
Server Infrastructure Complete
4/24 4/24 Complete
Server Testing Complete 4/28 4/28 Upcoming
Departmental Shares Created 4/2 4/14 Complete
Share Permissions Established
4/2 4/14 Complete
Exchange System Installed 4/2 4/7 4/8 Complete
Radius Server Implemented 4/8 4/14 Complete
Exchange System Functioning
4/5 4/21 Complete
Storefront Cart Complete 4/7 4/7 4/7 Complete
Storefront Account Creation Complete
4/7 4/7 4/7 Complete
Storefront Checkout Complete
4/12 4/12 Complete
Storefront Authentication Complete
4/14 4/14 Complete
Storefront Account Management Complete
4/21 4/21 Complete
Software Testing Complete 4/26 4/26 Upcoming
361
Servers Formatted For Development Team Use
4/26 4/26 Upcoming
Deliverable WBS Planned Forecasted Actual Status
OPEN CHANGE REQUESTS
Change Request Name
Change Request Number
Request Date Current Status
Administration Portal
001 3/14/2016 Accepted
Network Team Restructure
002 3/25/2016 Accepted
KEY PERFORMANCE INDICATORS (KPI'S)
Schedule - Project is ON Schedule
Schedule Variance (SV): $xxxx
Schedule Performance Index (SPI): x.xx
Cost - Project is OVER Budget
Cost Variance (CV): $xxx
Cost Performance Index (CPI): x.xx
362
363