MyCo Network Design ProposalPresented By Group 10

Group Introduction Umer Siddiqui Mbaunguraije Tjikuzu Marcia Baransano Asif Siddiqui

Business Case Current MyCo network architecture poorly design No room for scalability and high availability. Our solution will meet current and future needs. Best possible solution with reasonable cost.

Design Decision We have picked Cisco as the major vendor for our networking gear because of following reasons i) Companys Financial stability ii) Customer base iii) Support Contracts iv) Reliability and support.

Design Key Aspects Scalability High Availability Security Ease to Manage

Scalability Cisco 4506 are modular switches and each can support up to 5 line card slots and each card can have 48 Gbps ports. Cisco 4503 are modular switches and can support 2 line cards. This fits our need for servers. Cisco 2960s are used as layer2 switches for DMZ and Finance users. Cisco ASA 5510 are capable of supporting 250 ipsec/ssl vpn sessions.

High Availability We have tried to designed all the networking gear in HA mode i.e. redundant firewalls, routers, IPSs, switches, circuit. Similar servers are connected to different switches. Half of the users are connected to one switch and half to the other. Internet segment is fully redundant. Internet circuits from two different ISPs terminating into two different routers.

Routing Internally we are using OSPF and Externally we are running BGP. Internal traffic get routed to the active switch based on the OSPF algorithm. End user switches are advertising user subnets and server switches are advertising server Vlan along with the default route pointing to the Active firewall shared IP. Internet traffic get routed based on the decision made by BGP. Internet routers are peered with each other and with the ISP routers importing full Internet Routing tables.

Security Financial systems are separated by firewalls. Firewall rules are setup to allow access based on need to know basis with a deny all rule in the end. DMZ zone is setup for servers accessible from Internet. Remote access is allowed by using IPSEC or SSL client with token based authentication. Intrusion detection devices are deployed covering all the flows (Initially deployed as IDS probes, later on can be changed to IPS)

Cost AnalysisProduct Cisco Catalyst 4506-E Price $11,127 Quantity 2 Total $22,254

Cisco Catalyst 4503-EHP ProLiant DL 165 Cisco Catalyst 2960 Cisco ASA 5510 7204VXR/400 Cisco 7200 Router

$6,357$3,191 $1,450 $3,418 $7,363

28 3 4 2 Total

$12,714$25, 528 $4,350 $13,672 $14,726 $93,244

Cisco price specifications listed above are from router-switch.com, one of the worlds leading cisco suppliers. The price of HP ProLiant DL 165 listed above is from newegg.com, a leading e-retailer.

Active Directory Layout

Conclusion Our Proposal is i) Affordable ii) Scalable iii) Reliable iv) Secure Solution

Questions