Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Project Proposal
IIS Dallas Consolidation
Team 3
Andre Young-Sang Jonathan Sullivan Mike Williams
Table of Contents
Executive Summary ................................................................. 3 1. 0 Revision History ................................................................ 5 2.0 Project Overview ................................................................ 6
2.1 Project Overview ....................................................................................6 2.2 Project Description .................................................................................7 2.3 Chosen Solution .....................................................................................7
5.0 FINANCIALS...................................................................... 19
5.1 Customer Budgetary Guidelines ........................................................ 19 5.2 Materials .............................................................................................. 19 5.3 Summary Project Budget.................................................................... 20
6.0 PROJECT CONDITIONS .................................................. 22 7.0 PROJECT CLOSE OUT .................................................... 23 8.0 PROJECT ORGANIZATION............................................. 24 9.0 COMMUNICATION............................................................ 25
PROJECT PROPOSAL IIS DALLAS CONSOLIDATION PAGE
REFERENCES ......................................................................... 38
PAGE
Executive Summary
Intelligent Imaging Solutions is a Dallas, Texas based company that develops consumer and military-oriented navigation systems (GPS). They have a total of 2,334 full time employees working within the organization that consists of two divisions: the Commercial Division and the Defense Division. The Commercial Division is responsible for the designing, building and testing of all prototypes, and is shared between the Dallas and Shanghai locations. The Shanghai location is the primary manufacturing site which houses a staff of manufacturing engineers that are responsible for taking the prototype engineering specifications and creating the engineered products that are efficiently and cost effectively produced. The other international location in London is primarily responsible for sales, customer support and distribution. The Military Division, which is located in Fairfax, VA, is where IIS design engineers collaborate with the MSA (Military Security Agency) to design and produce highly classified algorithms and models. These algorithms and models are often integrated with the works of other contractors, and need to be protected by the highest level of security. As a result, this division is isolated from the Commercial Division for security purposes, which is the cause of the hodgepodge that the organizations network is now experiencing. These factors contributed to the decision that the current network infrastructure of IIS will not be able to keep up with the growth that the company is expecting in the future, and as such, a complete overhaul is necessary. There needs to be an improvement in security among all the branches, especially the Fairfax location, remote access for home-agents, a unified email system, network redundancy, new network management capabilities, and uniform technologies throughout the entire network. The Board has approved a budget of $2 million for a successful and timely completion of the project, but will approve additional funds if the expenses can be justified. Team E was contracted to design the new network infrastructure that would cover all the requirements of the company. New routers and switches will provide Quality of Service (QoS) capabilities for data, voice and video. VoIP will also be the method of technology for communication purposes, and is predicted to deliver a large Return on Investment (ROI) for the organization. The security requirements of the company will be addressed through the installation and configuration of Untangle, which is open source software that will act as a firewall, antivirus, antispyware, adblocker and web filter. Additional features can be added on at reasonable costs. The Fairfax location will have its own network due to the confidential nature of the business it does there. It will be completely independent of all the other locations and will comply with the strict security protocols it requires.
PROJECT PROPOSAL IIS DALLAS CONSOLIDATION PAGE
The new infrastructure will be managed and monitoring will be handled by Nagios, an open source application that will allow administrators to be proactive in their efforts to maintain uptime. Exchange servers will be installed and configure at the Dallas and Fairfax locations to satisfy their emails needs. London and Shanghai will connect to these serves via VPN or Outlook 2010 log in. The entire for the project estimated by Team E will be $1,894,792.00, which is in compliance with the allotted budget established by IIS. The design is robust, secure, and scalable, and satisfies all the requirements that a growing company like IIS would need in a network and communication system.
PAGE
Section
1. 0 Revision History
Revision
1 2 3 4 5 6 7 8
Date
2/12/2012 2/15/2012 2/16/2012 2/17/2012 2/18/2012 2/19/2012 2/19/2012 2/19/2012 All All All All All
Author
Description
Rough draft submitted to Professor Baig for evaluation Updated diagrams IP Addressing Scheme Revised Updated Budget Numbers and Monthly Costs Updated Section 4.1 Solution Details for each location Revised and Edited Revised and Edited Revised and Edited
PAGE
Section
PAGE
PAGE
restart a failed VM on a different host in the event of a hardware failure. All of these capabilities will greatly enhance the uptime seen by the end users on the IIS network. Additionally, all users will be moved to the recent Exchange Server 2010 platform. This move will offer users larger mailbox sizes, while making many of the smaller tasks that admins do every day substantially easier: Calendar sharing is a breeze, archiving is handled natively (no more PST files everywhere), and replication and backups are much simpler. Finally, the new WAN technology that Team E will be implementing is an MPLS inter-company trunk solution. MPLS offers a variety of advantages to IIS, including Quality of Service (QoS) and Class of Service (CoS), which allows the grouping and prioritizing of traffic based on similarity. The switch over to MPLS and an all-digital VOIP system will offer marked improvements in the phone system for all users. Not to mention an incredible cost savings, in comparison to traditional telephony technology.
PAGE
Section
Implement Firewall to improve security capabilities across all branches, especially Fairfax Configure secure VPN access for all home agents
Intangible Benefits: Improved communications on all fronts Staff becomes more technologically inclined due to training and exposure to new technology Customer satisfaction increases due to an increase accessibility More efficient use of network resources Overhauling the network will ensure compliance with the latest technology standards Improved network management capabilities allow accurate identification of branch down time and peak hours
PAGE
10
Section
11
Dallas, TX Headquarters
Blocks/ Section Infrastructure Sales/Marketing Engineering Management Finance Call Center/Other Human Resources Teleworkers Other Phone System
Figure 1 The next item to be installed within the Dallas server room will be the Cisco WS-3750X switches required to handle the connections to all first floor locations. We will be installing 12 of these 48 port switches to handle the approximately 500 workstation to be wired on the ground floor. A patch panel will be mounted on the wall adjacent to the racks to handle all cross connects. Proceeding up from the ground floor server room, Team E will require a network closet on the second and third floors to house additional patch panels and switches. On each floor we will install an additional 11 Cisco WS-3750X switches to handle all switching needs on the floor in question, as well as a patch panel setup identical to the first floor. All of the Cisco WS-3750X switches are PoE, allowing the Aastra IP phones that will be installed at each desk to be powered from these switches. Due to these power concerns, Team E will install sufficient uninterruptible power supplies within the second and third floor network closets to mitigate any concerns of brown outs or spikes affecting the desk phones. All of the network cabling installation will be handled by a licensed and bonded subcontractor. All wiring installed throughout the new building will be Cat6 and will meet all required code. Multiple UPS systems will also be in place within the server room on the ground floor to ensure power protection for all devices and servers within. Each UPS system within the building will have a network address to allow for easy monitoring and management of all units. Furthermore, Team E will also install an Asterisk FreePBX phone system that will work in conjunction with the new Aastra IP phones. All Cisco networking equipment that is being purchased is capable of handling the Quality of Service (QoS) requirements that are needed to get the most of this VOIP system. IIS will buy the external trunks necessary for the phone systems, and the FreePBX system will be used to setup internal company SIP trunks linking the PBX at each branch
Network 10.0.0.0/21 10.0.8.0/22 10.0.12.0/23 10.0.14.0/23 10.0.16.0/23 10.0.18.0/23 10.0.20.0/24 10.0.21.0/24 10.0.24.0/21 10.0.32.0/21
Range of IP Address From To 10.0.0.1 10.0.7.254 10.0.8.1 10.0.11.254 10.0.12.1 10.0.13.254 10.0.14.1 10.0.15.254 10.0.16.1 10.0.17.254 10.0.18.1 10.0.19.254 10.0.20.1 10.0.20.254 10.0.21.1 10.0.21.254 10.0.24.1 10.0.31.254 10.0.32.1 10.0.39.254
Gateway Subnet Mask 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 10.0.0.1 255.255.248.0 255.255.252.0 255.255.254.0 255.255.254.0 255.255.254.0 255.255.254.0 255.255.255.0 255.255.255.0 255.255.248.0 255.255.248.0
DNS Servers 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51 10.0.0.50, 10.0.0.51
VLAN 1 2 3 4 5 6 7 8 9 10
Usable Hosts 2046 1022 510 510 510 510 254 254 2046 2046
PAGE
12
office location. Thus, allowing for inter-company calls to take place without being billed by the outside SIP trunk provider which is nexVortex. IIS currently has a domain controller and an Exchange Server that will remain within the new setup. The Exchange box will be reconfigured as a front-end to the incoming Exchange 2010 system. All other servers that are currently running will either be converted to a virtual machine or phased out. Other than the two servers just mentioned, and a new Asterisk server that will be purchased, all other servers in the IIS domain will be virtual on the new infrastructure. The existing domain controller, the new virtual domain controller, and the Exchange boxes will all handle DNS and DHCP respectively. In addition, three new physical servers will be purchased and installed in the Dallas server room, along with two Dell Storage Area Network units. The two SAN devices will be configured as shared storage for the two powerful redundant servers, which will all run VMWares vSphere 4.1 software. The virtual environment will host the following: A second domain controller A second Microsoft Exchange 2010 front-end server Dual Microsoft Exchange back-end servers Nagios network management server Database servers (as necessary; existing units will be P2Vd for inclusion) Application servers (as necessary; existing units will be P2Vd for inclusion) File servers (as necessary; existing units will be P2Vd for inclusion)
Each physical server within the Dallas server room will have a minimum of two network interface cards. These connections will be teamed within the operating system, but the cable from each card will go to separate Catalyst switches, ensuring that although each server only has one network address, there will be redundant connections to ensure uptime in the case of any hardware issues within the core network. One component that was requested that we install was a company wide web filter. The Untangle applications that will be installed at each site will all have their web filter components configured with identical settings, supplying all users with the same set of restrictions, and allowing for easy rebuilding of an Untangle server should there be any hardware issues. Untangle will provide administrators with an easy to interface for monitoring employees and controlling access. Team E will work with the Dallas technical team to upgrade the existing workstations to Microsoft Windows 7 Professional with Office 2010 professional. A coordinated effort will be required with the assistance of the entire Dallas support team in order to get this many computers upgraded in the time allotted. All efforts will be made to maintain PC
13
PAGE
naming conventions that were in place previous to this project. All usernames will remain the same as well. Team E will coordinate with the Dallas IT staff to implement the backups of all pertinent servers to alternate locations across the WAN connections. These will be done during off hours due to bandwidth concerns.
FAIRFAX The Fairfax branch office, which is home to all military defense contractor work, is the most secure facility that Team E will manage. The facility is completely independent of all other offices as it has to adhere to strict security protocols (*With the exception of the HR subnet and the Phone System). Aside from that, Fairfax is very similar to the headquarters office in that they both utilize a vSphere virtual environment to host many of their servers. This helps to cut costs, increase efficiency and upgradeability. Starting out with the ISPs, Fairfax uses a 1Gbps line from Time Warner in conjunction with another 1Gpbs line from Level3 Communications. The Level3 line is dark fiber and is only used in the event of a failure from Time Warner. This redundancy ensures little to no downtime. Both ISPs have outstanding service level agreements which allows great uptime guarantees. Both ISPs are fed into a Cisco ASR 1002 WAN Router which will perform the failover to the dark fiber automatically and re-establish itself to the company wide MPLS network through agreements made with the ISP. Next, all traffic is passed through the Untangle Unified Threat Management Server via 10G Ethernet, which will act as a firewall, web filter, and cached web proxy all in one. The Untangle UTM will also provide outside VPN connectivity to remote teleworkers utilizing OpenVPN technologies. Untangle will control and secure all inbound connections and ensure the proper conformance to all security protocols put in place by the Department of Defense. We then enter the backbone switch which is a Cisco WS-C3750x-24T-L gigabit switch that is connected via a 10G Ethernet cable. Attached to the backbone switch is the main domain controller. Aside from the domain controllers regular duties they will also serve as the DHCP servers and the main DNS servers for the entire Fairfax facility. Isolation and security of the Fairfax facility is handled at the layer 2 level in the form of VLANs which will isolate all devices at the Fairfax facility from talking to any other facility. The two exceptions are the phone system VLAN and the HR department VLAN, as companywide connectivity is a requirement for devices within those individual VLANs. The rest of the Fairfax network infrastructure is identical to that of the headquarters office. IP addressing will be handled in accordance with Figure 2 below.
PAGE
14
Range of IP Address From To 10.1.0.1 10.1.1.254 10.1.2.1 10.1.3.254 10.1.4.1 10.1.5.254 10.1.6.1 10.1.7.254 10.1.8.1 10.1.9.254 10.1.10.1 10.1.11.254 10.1.12.1 10.1.13.254
Gateway Subnet Mask 10.1.0.1 10.1.0.1 10.1.0.1 10.1.0.1 10.1.0.1 10.1.0.1 10.1.0.1 255.255.254.0 255.255.254.0 255.255.254.0 255.255.254.0 255.255.254.0 255.255.254.0 255.255.254.0
DNS Servers 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51 10.1.0.50, 10.1.0.51
VLAN 11 12 13 14 7 15 10
Hosts Usable Hosts 45 56 102 22 10 235 510 510 510 510 510 510 510
PAGE
Each location is equipped with FreePBX servers working in conjunction with AASTRA phones that will be installed for each user. Each AATSRA phone is integrated with a gigabit Ethernet switch that will connect each workstation to the network. Also connected to the Cisco WS-C3750X-24T-L switch 4 Cisco WS-C3750X-48P-S switches to handle the 132 employees that the London location will have on site, and 18 WS-C3750X-48P-S to handle 838 on site employees in Shanghai; this not only satisfies the number of employees, but also provides extra stations in case of growth. These devices will be secured in the server room at the Shanghai facility, which will have the same level of security as the corporate headquarters. Emails will be remotely handled by the exchange server located in Dallas via the web login over the VPN, or through Outlook 2010. VLANs: VLANs will be handled by the WS-C3750X-24T-L at each location which will give each department their own subnet to manage traffic more efficiently. Both locations will have separate VLANs for Human Resources, Management, Finance, Engineering, sales/marketing, teleworkers, phone system and miscellaneous uses. A breakdown of the addressing scheme is represented below in figure 3:
Figure 3
Figure 4
16
PAGE
Test Detail: Establish Isolated Environment Test Physical to Virtual Migration ISP Connectivity Bandwidth and Load Testing
Installation Detail: Run Cables Install Virtual Environment Hardware Load Configuration Files to Devices Ship Devices to Branch Offices Install Preconfigured Devices Install Datacenter Servers Physical to Virtual Migration
Test Detail: Monitor and test network infrastructure for stability Test management and content filtering Network ISP and MPLS Failover Testing
PAGE
17
The proposed training plan is: Topic Exchange 2010 Management Passcard System Use and User Management Phone System User and System Management VPN User Rights Management Dallas IT Dept 02/27/2012 2:00 PM Dallas Dallas IT Dept 02/27/2012 1:00 PM Dallas Customer Dallas IT Dept Dallas IT Dept Date 02/27/2012 02/27/2012 Time 9:00 AM 11:00 AM Location Dallas Dallas
PAGE
18
Section
5.0 FINANCIALS
5.2 Materials
Item Manufacturer, Model, and Specs. Quantity Required Cisco ASR 1002 WAN Router Cisco WS-C3750X-24T-L Switch Cisco Catalyst 4503-E Switch Cisco WS-C3750X-48P-S Switch FreePBX Asterisk Phone Server Aastra 6735i Voip Phones Dallas Server Room Passcard System Dell PowerEdge R410 Server Dell PowerEdge R710 Server Dell PowerVault MD3600i APC Smart-UPS 1500v VSphere Essentials Plus Bundle Microsoft Windows Server 2008 R2 License Microsoft Exchange Server 2010 Enterprise Microsoft Exchange Server 2010 Ent. CAL Cisco Aironet 1200 Wireless Access Point Microsoft Office Professional 2010 Upgrade 5 3 2 52 4 2500 1 5 3 2 20 1 9 4 2400 6 2334 $10,000 $2,000 $3,500 $4,000 $4,000 $110 $5,000 $2,000 $6,000 $16,500 $400 $8,000 $1,200 $4,000 $35 $300 $100 Purchase Price Value / Expected Cost $50,000 $6,000 $7,000 $208,000 $16,000 $275,000 $5,000 $10,000 $18,000 $33,000 $8,000 $8,000 $10,800 $16,000 $84,000 $1,800 $233,400
PAGE
19
Microsoft Windows 7 Professional Upgrade Location Wiring (per drop) Misc. Onsite wiring upgrades
Total Cost Hardware .............................................................................................. $ 636,000.00 Software ................................................................................................ $ 540,720.00 Installation (Wiring) labor and materials .............................................. $ 164,000.00 Configuration labor ............................................................................... $ 300,000.00 Training labor ....................................................................................... $ 75,000.00 Estimated travel expense ................................................................... $ 45,000.00
$1,894,792.00
The following lists a breakdown of the monthly costs incurred by Intelligent Imaging Solutions for their regional Internet Service Providers. Monthly Cost To Client London Linx ISP .................................................................................................................... $ 1020.00 Shanghai ISP ........................................................................................................... $ 760.00 Fairfax Time Warner ISP ...................................................................................................... $ 1100.00 Fairfax Level3 ISP ................................................................................................................. $ 1240.00 Dallas Time Warner ISP ......................................................................................................... $ 960.00 Dallas Level3 ISP ................................................................................................................... $1150.00 Dallas Comcast ISP ................................................................................................................ $ 700.00
PAGE
20
$ 6,930.00
PAGE
21
Section
PAGE
22
Section
An internal post project review will be held to determine what areas of improvement have been identified during the project and make sure that positives will be repeated in future projects.
A customer post project review will be held on June 18th, 2012 via conference call to discuss aspects of our performance and provide Team E an opportunity to get customer feedback for areas of improvement.
PAGE
23
Section
Client:
Direct Phone:
(610) 6629037
Team:
PAGE
24
Section
9.0 COMMUNICATION
Weekly Status Reports will be issued to cover outstanding issues and the status of the project.
Professor Baig will serve as Intelligent Imaging Solutions point of contact for the project.
Team E suggests all communication relating to this project be conveyed via email and, if possible, any additional team members be copied to ensure that everyone involved is working with the most current information.
PAGE
25
10
Client:
Section
10.0 SIGNATURES
Team: E
Andre Young-sang Team Member 1s Printed Name Here
Members of Team E
PAGE
26
11
Section
11.0 APPENDIX
PAGE
27
PAGE
28
PAGE
29
PAGE
30
PAGE
31
PAGE
32
PAGE
33
PAGE
34
PAGE
35
PAGE
36
Device Name IP Address Device Name WAN Router 1 172.16.0.1/31 WAN Router WAN Router 2 172.16.0.2/31 Untangle UTM Untangle UTM 1 10.0.0.1/21 Backbone Switch Untangle UTM 2 10.0.0.2/21 Core Switch 1 Backbone Switch 1 10.0.0.5/21 Core Switch 2 Backbone Switch 2 10.0.0.6/21 Core Switch 3 Core Switch 1 10.0.0.10/21 Core Switch 4 Core Switch 2 10.0.0.11/21 Core Switch 5 Core Switch 3 10.0.0.12/21 Core Switch 6 Core Switch 4 10.0.0.13/21 Core Switch 7 Core Switch 5 10.0.0.14/21 Core Switch 8 Core Switch 6 10.0.0.15/21 Core Switch 9 Core Switch 7 10.0.0.16/21 Core Switch 10 Core Switch 8 10.0.0.17/21 Core Switch 11 Core Switch 9 10.0.0.18/21 Core Switch 12 Core Switch 10 10.0.0.19/21 Core Switch 13 Core Switch 11 10.0.0.20/21 Core Switch 14 Core Switch 12 10.0.0.21/21 Core Switch 15 Core Switch 13 10.0.0.22/21 Core Switch 16 Core Switch 14 10.0.0.23/21 Core Switch 17 Core Switch 15 10.0.0.24/21 Core Switch 18 Core Switch 16 10.0.0.25/21 Domian Controller Core Switch 17 10.0.0.26/21 Secondary Domain Controller Core Switch 18 10.0.0.27/21 File Server Core Switch 19 10.0.0.28/21 FreePBX Server Core Switch 20 10.0.0.29/21 Core Switch 21 10.0.0.30/21 Core Switch 22 10.0.0.31/21 Core Switch 23 10.0.0.32/21 Core Switch 24 10.0.0.33/21 Core Switch 25 10.0.0.34/21 Domain Controller 10.0.0.50/21 Exchange Front End 10.0.0.70/21 FreePBX Server 10.0.0.71/21 vSphere SAN 10.0.0.72/21 VM - Web Server 10.0.0.73/21 VM - Network Mgmt. Server 10.0.0.74/21 VM- Domain Controller 2 10.0.0.51/21 VM- Backup Domain Controller 10.0.0.52/21 VM- Exchange Front End 10.0.0.75/21 VM- Exchange Back End 10.0.0.76/21 VM- Exchange Back End 10.0.0.77/21 VM- Application Server 10.0.0.78/21 VM- File Server 1 10.0.0.79/21 VM- File Server 2 10.0.0.80/21 VM- Database Server 10.0.0.81/21
PAGE
37
REFERENCES
http://library.mobrien.com/net.shtml http://www.subnet-calculator.com/subnet.php?net_class=A http://unixwiz.net/techtips/netmask-ref.html http://www.omnisecu.com/tcpip/internet-layer-ip-subnetting-part6.htm https://www.gliffy.com
PAGE
38