Remote Connectivity

ceaukis28c
NetworkImplamationPlan.docx

Network Implemation Plan

Connie Farris

Colorado Technical University

Network Infrastructure Administration

(IT326-1804B-01)

Thomas McClain

Running head: NETWORK IMPLEMATION PLAN 3

NETWORK IMPLAMATION PLAN 3

Abstract

During the duration of this class my focus will be developing options to provide the company with a new network service. A company called Medical Needs have requested that I create the network implantation for the two locations in Tennessee. They have hopes to expand to other states in the Southeast. Medical Needs provides orthopedic devices and replacement parts for crutches, braces, wheel chairs and any other medical aids that may be needed. The goal will be to develop the appropriate network design layout for this company with the ability to expand and grow in the future and cost effective.

NETWORK IMPLEMATION PLAN 3

Network Implemation Plan

Table of Contents

Abstract 2

Target Organization 4

Description of Company 4

Proposed Network Solution 5

Network Solution 5

Network Design 7

Installation and Configuration 10

Network services 10

Why use DHCP, Certificate services, and Remote Access service 10

DHCP Implementation 11

Certificate Service Implementation 11

Remote Access Implementation 12

Maintenance and Troubleshooting 13

Remote Access TBD 16

Network Pro Prep Toolkit 17

WEEK ONE 17

Using the Simulator 17

Network Overview 18

Network Topology 18

WEEK TWO 19

Ethernet 19

WAN Concepts 19

Internet Connectivity 20

WEEK THREE 21

Network Protocols 21

Network Connections 21

The OSI Model 23

References: 24

Target Organization

Description of Company

Medical Needs is a company providing medical devices to people as prescribed by their doctor, this could be anything from, crutches, braces, cpaps and many other medical needs. The offices are presently located in Nashville and Chattanooga with plans to expand to other areas of Tennessee in the future. The two companies are both rather small currently, with approximately ten employees in each location.

Medical Needs realizes the current network in place is outdated and is not as efficient as it should be if growth and expansion is the intended plan. We will require a functioning and reliable network for this office. This company will use a larger network capacity to handle the volume of data and resource requests. LAN and WAN are going be utilized in this configuration to distribute and collect information outside of the organization. This company's main goal is to have an improved network that lets them provide better customer service and gives them room to expand in the future.

Proposed Network Solution

Network Solution

Using both a web and intranet-based web server will ensure that information is secure on neighborhood servers that will enable access to only people that require and have been approved access. Using a client/server model will enable a few choices to store and recover information through the LAN by utilizing the for the managed network storage for the information (Rouse, 2008). The intranet will comprise of a neighborhood, web server to incorporate equipment and programming, firewall equipment and programming, content, administration programming and application programming.

The company will utilize the Microsoft Azure DNS server while interfacing with the web. This will allow accelerating of DNS objectives similarly as progressive customized updates to DNS records. This will allow expanding pace of DNS objectives similarly as ordinary modified updates to DNS records. The DNS is a tradition inside a great deal of checks that regulates how PCs exchange data on private frameworks and the web. The DHCP server will provide redundancy and high availability. DHCP servers provide logging and management interfaces that aid administrators manage their IP address scopes.

It works inside the TCP/IP suite and is accountable for turning the Internet Protocol Address (IP) from numbers that has been apportioned by the dynamic host setup tradition to a less demanding to comprehend space name (Roos, 2007) and is the tradition that is used to dole out and process web relationship for client PCs that don't have a static IP address, for instance, subnet cover, IP addresses, default switches, and other IP parameters. Other framework traditions that affiliation will utilize are the Microsoft Exchange Server 2016 for email. MS Exchange 2016 will utilize the SMTP/IMAP4 and POP3 capacities with respect to laborers to get the chance to email while on the LAN, remotely related or through an online application.

NetBIOS will be utilized for naming goals for reports and WINS will be utilized to help NetBIOS over TCP/IP which is required for in a condition in which a client gets to assets that have NetBIOS names. WINS name targets decline NetBIOS names question bestowed by direct investigating the server as opposed to broadcasting the demand. WINS and DNS are both name destinations associations for TCP/IP systems. While WINS settle names in the NetBIOS namespace, DNS settle names in the DNS space namespace.

WINS in a general sense reinforces clients that run increasingly settled adjustments of Windows and applications that use NetBIOS. Windows 2000, Windows XP, and Windows Server 2003 use DNS names despite NetBIOS names. Circumstances that fuse a couple of PCs that use NetBIOS names and diverse PCs that use territory names must join the two WINS servers and DNS servers (What is wins? 2003).

The company will use certificate services to improve security by using the precaution to affirm the character of a device, individual, or organization to a private key. This will be developed by technique for utilizing a server that is planned as an affirmation master. The server handles the association and substance of the announcements and after that issues them to customers, PCs, and organizations similarly as setting up and checking the identity of the validation holder. This proposed network solution will meet all the requirements of the company

Network Design

After serious consideration, we have chosen a similar setup as described above in Proposed Network Solution. This will still use a client/server with both web and intranet-based web server. The company data center will be located at Nashville that will act as the brain of the company as it dictates data and information flow. The main data center will also include a WAN connection to be used to collect information outside of the organization. This means that the company needs to use a line of top high-end servers. The proposed physical design has four major features. First, the cabling is done using CAT 6. Second, manageable switches have been used to connect to various offices. The manageable switches help in managing and controlling LAN which offers a better control of information and data transfer. Also, the manageable switches use the SNMP protocol for the monitoring of devices on the organization network. Lastly, a firewall, which is utilized to deny access to unauthorized users (Lammle & Swartz, 2013).

The DHCP will automatically configure the TCP/IP and IP addresses by assigning an address to each workstation connecting to the LAN automatically. This is important because each computer must have its’ own unique address whenever it is online in order to retrieve information that is asked for. The unique address allows the information to be sent directly to the requesting computer. The DHCP is responsible for leasing IP addresses from an available “pool” of addresses that is assigned to the network and is responsible for either maintaining the lease or reassigning a new IP address when the lease has expired (What is DHCP?, 2017)

To meet the company requirements, the relevant logical design is Cisco SAFE architecture. This is because the main objective of this design is to provide the very best practice for implementing a secure network. In addition, this design implements a modular approach which allows flexibility in troubleshooting. A Cisco SAFE architecture takes what one would refer to as a defense-in-depth approach where various or multiple layers are strategically located throughout the organization network (Kurose & Ross, 2009). Ensuring that the appropriate connections and security are in place are crucial to the success of the organization. Each of the locations should be able to share information that is stored centrally. The network configuration will be one that consist of a central location where the primary file servers will reside. In addition, the remote locations will be connected via the Internet and a VPN to ensure that the communication between them is secure as it travels over the Internet.

DNS will provide the primary components for the organization to access internal servers as well as external routing to servers on the Internet. DHCP is a preferred protocol since it is highly flexible in assigning IP addresses based on the available ranges in the routers to which devices are connected.: (Hughes, 2016) Network protocols will be the typical used in many organizations focused around TCP/IP.

Addressing will involve subnetting the IP addresses for the different connected facilities, super netting and private IP addressing. IP routing will involve the use of class inter-domain routing where facilities connected to Medical Needs would be assigned a range of IP addresses, use of routing policies and various routing protocols such as BGP or RIP. The Server will offer certificate services and will receive digital certificates over transport protocols such as HTTP and HTTPS. Certificate services will enable administrators in the remote locations to add components to a certificate revocation list (CRL) and publish CRLs on a constant basis. Within the network there will be multiple router access points to allow for proper routing of data across the remote offices. Each location will have a patch panel and multiple switches if necessary dependent on the number of users within the location. Each location will have an Intrusion Detection System (IDS) and will use a firewall to prevent unauthorized access.

Remote and mobile data terminal users will be connected by using Wi-Fi or through the use of an issued Broadband Hotspot Device, provided by the organization's ISP.

Once connected the user will access through a VPN to authenticate and safeguard the data sent to and from the main servers. VPN routers will be used for setting up VPN connections and the users will utilize a two-step authentication process that will assign a token or code upon each sign on. The VPN will also include an IPsec tunneling protocol and a generic routing encapsulation as well as other technologies. Other than VPNs, use of firewalls, encryption, routing filters and definition of security zones will be employed to help protect the Office’s data and system resources from damage or theft. Here is an example of the Network Design.

Installation and Configuration

Network services

This section will concentrate on the network services which are required for system administration for Medical needs Company. Some of the services which will be highlighted are remote access, certificate services, DHCP, and DNS services. Proper implementation of these services provides manageability, reliability, and security.

Why use DHCP, Certificate services, and Remote Access service

To start with Dynamic Host Configuration Protocol (DHCP) is a client-server protocol which automatically provides IP addresses and other related information like default gateway. Without a DHCP server for Medical needs company, one has to assign IP addresses manually to new computers or those computers which have moved from one subnet to another. Meaning that with a DHCP server, the system administrator is able to manage the entire process of IP addresses as it maintains a pool of IP address. Certificate service on the other hand issues digital certificates. The service helps to authenticate content which is sent from web servers. System administrators use certificates for authenticating services and for establishing secure sessions with the end clients. Certificate services are also used to authenticate grid hosts and what system administrators refer to as services. Also, certificates are used by administrators to authenticate software which is distributed over the internet (Kurose & Ross, 2009).

Remote access services are used by system administrators to connect one over a certain network to troubleshoot the network. It also assists the network administrator in connecting to organization systems as well. One of the advantages of having remote access service to the user is that it ensures security to the user by enabling the system administrator in accessing network services and devices remotely to counter check their security level and any form of attack to the devices.

DHCP Implementation

Before implementing the use of DHCP server service, Medical Needs should have Windows Server 2003 editions and above installed. It is also important to note that the DHCP server cannot be used as a DHCP client. To start using DHCP server one ought to configure the server with what network engineers refer to as static IP address. When the system administrator configures it with static IP address, they can then go ahead to install DHCP as a service. There are only a few steps required to install DHCP service which is selecting start and then control panel, network adapters, and then networking services, one then clicks details buttons to open networking services and selects DHCP service and clicks OK then next until DHCP service is set. After installing the DHCP server one must select only one scope on the server which is defining the range of IP addresses. For Medical Needs Company, another scope is setting configuration parameters which are to be assigned to the client computers. The privilege of this service is left to the system administrator, the network admin, and the IT manager (Droms & Lemon, 2003)

Certificate Service Implementation

As indicated earlier certificate service allows system administrators to build PKI. To implement this service, the system administrator needs to open the server manager and then click manage then add roles and features. One then continues to select the installation type which can be either role-based or remote desktop service installation. Then one continues to select server destination and specify the set-up type. The scope required is specifying the type of CA which is either root CA or subordinate CA. The privilege of this service is left only to the system administrator.

Remote Access Implementation

Remote Access Service and Routing will enable Medical Needs Company to establish a secure remote connection to some of the organization services. To implement remote access connections, a system administrator needs to install the RRAS program on the organization service. Remote access service has four major steps which are;

 Clicking on start then programs, then administrative tools and then routing.

 The system administrator then clicks next on the Remote Access wizard.

 In the remote access wizard, one then selects the type of remote access that one wants to install.

 The last step is verifying the required internet protocols which are on the list

In terms of scope, the system administrator is required to enable RADIUS. The privilege for this service is left only to the system administrator and the IT manager (Dennis & Quinn, 2007).

Maintenance and Troubleshooting

This section will highlight how to go about network troubleshooting. First, I will describe the maintenance procedures of DHCP, remote access, and DNS services; this will include all the maintenance activities and all the steps which are required in every activity. The paper will also identify all the network operations which will be performed and monitored. Lastly, this section will highlight three network problems and the corresponding troubleshooting procedures.

Maintenance procedures for the proposed network

Common maintenance procedures for the server hosting DNS, DHCP, and Remote Access server include the following:

 Updating the server Operating System

 Updating the server control panel

 Checking all the services updates

 Checking hardware errors

 Checking server utilization

 Checking system security (Shinder, Diogenes, & Shinder, 2018)

DHCP Services Maintenance

To start with, DHCP error can lead to the disruption of services in an organization; this is because all the organization departments will not be able to acquire IP address automatically. There are two maintenance procedures when dealing with a DHCP server; first, a system administrator needs to install the network monitoring tool or an event viewer tool. This tool is used to monitor the DHCP activity; all the events logged into the systems, security log, application log, and conflicting IP address. Second, the administrator needs to always check the network interface card of the users’ computers as they might be having incorrect drivers which could result to conflicting IP addresses.

DNS Services Maintenance

First, the DNSSEC validators need to be updated to the current version which is the October 10th, 2018 version. Second, the authoritative servers ought to be updated to the current version which is by January 12th, 2019. Then the system administrator ought to ensure that the DNSSEC operators contain the DNSSEC root keys and the authoritative server corresponds to the name server implementation.

Remote Access Services Maintenance

One of the remote access tools which ought to be utilized by the system administrator is GoToMyPC tool. This tool enables secure browser-based access to all the PC connected to the organization network. Second, a system administrator needs to constantly monitor the remote access services by constantly logging to all the manageable switches to check their configurations. Lastly is checking remote management tools if they are working properly. In here the system administrator checks the remote console, the rescue mode, and remote reboot and what computer scientists call the three essential tools for remote server management.

Network Problems

DHCP Services Problems and Solutions

Some of the problems related to DHCP services are problems with leasing an IP address. IP address conflicts, and inappropriate address assignment. These problems can be only be sorted by using the Automatic Private IP Addressing feature. Also, the system administrator solves IP address conflict by creating DHCP scope and solving the communication problems between the workstations and the DHCP server.

DNS Service Problems and Solutions

One of the problems related with DNS server is improper DNS Suffix handling. In here users treat additional keystrokes as if they are penalties. Another problem is improperly configured forwarding. In here a client requests for a resource record which is an outside domain where the DNS server searches for the name to the target domain and then submit a query to that server. This can result in the DNS services being preoccupied with chasing down recursive queries. Lastly is improper zone transfer configuration. Some of these problems can be solved by allowing unrestricted zone transfers. In here, the system administrator needs to configure zones to allow requests which appear on the Name server list.

Remote Access Problems and Solutions

Some of the remote services problems are vulnerability assessment and patching problems, remote management manager issues, and network outages and inaccessible devices. This issue can be sorted out by keeping the server Operating System up to date (Ben-Ari & Natarajan, 2013).

Remote Access TBD

Network Pro Prep Toolkit

WEEK ONE

Using the Simulator

Network Overview

Network Topology

WEEK TWO

Ethernet

WAN Concepts

Labsim 11.2.4 Configure a PPN WAN Link

Internet Connectivity

Labsim 11.3.4 Connect to a DSL Network

Labsim 11.3.5

Practice Questions

WEEK THREE

Network Protocols

Network Connections

Labsim 4.3.3 Connect Network Devices

Practice Questions

The OSI Model

References:

Ben-Ari, E., & Natarajan, B. (2013). Windows Server 2012 unified remote access planning... by Erez Ben-Ari. Birmingham: Packt Pub.

CiscoNetworkingAcademy. (2014, March 24th). Cisco Networking Academy's Introduction to Routing Dynamically. (Cisco Networking Academy) Retrieved August 31st, 2018, from http://www.ciscopress.com/articles/article.asp?p=2180210&seqNum=5

Dennis, C., & Quinn, E. (2007). Remote access by Craig Dennis. New York: Scottsdale Publishers.

Droms, R., & Lemon, T. (2003). DHCP. Indianapolis: Macmillan Technical

Hughes, A. (2016). Six Basic Computer Network Components. Retrieved from https://www.techwalla.com/articles/six-basic-computer-network-components

Kurose, J. F., & Ross, K. W. (2009). Computer networking: a top-down approach (1st ed.). Chicago: Boston Pearson.

Lammle, T., & Swartz, J. (2013). CCNA data center: introducing cisco data center networking study guide : exam 640-911. Sybex.

Roos, D. (2007, December 1). How intranets work. Retrieved from howstuffworks: https://computer.howstuffworks.com/how-intranets-work3.htm

Rouse, M. (2008, October). client/server (client/server model, client/server architecture). Retrieved from Searchnetworking: http://searchnetworking.techtarget.com/definition/client-server

.

Shinder, T. W., Diogenes, Y., & Shinder, D. L. (2018). Windows server 2012 security from end to the edge... by Thomas W Shinder. New York: John & Wiley Press.

TestOut Corp. (2019 January 3). LabSim IT326-1901A-01(section 1.2.4.10.11.13). Retrieved from http://www.testout.com

What is DHCP? (2017). Retrieved from http://whatismyipaddress.com: http://whatismyipaddress.com/dhcp

What is wins? (2003, March 28). Retrieved from Microsoft technet: https://technet.microsoft.com/en-us/library/cc784180(v=ws.10).aspx

Isolated VLANConsultation roomMangers officeBilling officeCustomer care deskManageable switchISPInternetChattanooga officeE-mail serverDatabase serverApp serverVm serverData centerMain frame

Isolated VLAN Consultation room Mangers office Billing office Customer care desk Manageable switch ISP Internet Chattanooga office Remote connection E-mail server Database server App server Vm server Data center Main frame