Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BA I THU HOACH 2
MN HC: MNG MY TNH 2
51204289
Lai Tro ng ao
51200682
Trn Vn inh
51200785
51201251
Nguyn Manh C ng
51200436
ElectroMyCycle will sell its new motorcycle both online and through a large retail
company. For online sales, ElectroMyCycle plans to have a DMZ that connects a public
web server, a DNS server, and an email server. The web server needs to communicate
with back-end servers in the data center that hold customer billing data. ElectroMyCycle
also plans to open a branch sales office in the city where the retail companys corporate
headquarters reside, about 500 miles from ElectroMyCycles headquarters.
Design and draw a logical topology that will support ElectroMyCycles needs. In
addition to meeting the specified needs, be sure to consider security.
Figure-1: Diagram showing how the LAN, DMZ are connected to the internet.
It can be seen that the DMZ is separated from the LAN which contains the workstations,
Manufacturing facility and the data center. However, a link (shown in brown) has been
provided from the Webserver (DMZ) to the data center (LAN). This is present because
the data backup of webserver is present on the data center servers.
In this figure, it is clear that the LAN of ElectroMyCycle Company has been logically
divided into three layers core distribution and access. Core layer contains the router that
connects the LAN to ISP and DMZ and the switch via which the connection gets
distributed in the LAN. The PCs shown in the figure shows the facility where in 200
employees will be accommodated (including the engineers).
Figure-3: This shows how a connection is made between the Headquarters and the
branch sales office.
3
As shown in the diagram, either a T-1 link can be used or a Metro Ethernet virtual link
can be used to connect both the facilities.
Design and draw a logical topology
1. Explain why you think your design meets the needs of ElectroMyCycle.
The network design as demonstrated by the logical topology of previous section makes
sure that following company needs are satisfied:
The network has a support for the 200 employees of the company (through its
access layer switches and PCs). Also, the data center has been included in the
access layer, to ensure its connectivity to the LAN.
Manufacturing facility and the Data center are connected via a router. Therefore,
manufacturing equipments can be successfully controlled and managed via
communication with data center servers .
As a web server has been setup at the DMZ, online sales have become possible.
Therefore, companys requirement of being able to sell online has been fulfilled.
A DMZ containing web server, mail server and a DNS server has been created. As
it can be seen, the DMZ is separated from the LAN through a router that connects
to the ISP too.
A firewall has been setup to provide a secure network. Also, distribution level
routers make sure that other security features like VLANs; port security etc can be
configured.
4
A metro Ethernet segment can be set-up between the DMZ router and the remote
branch sales office. This provides connectivity to the data center and thus,
employees can have access to companys operational data which will be needed
for the smooth running of the sales office.
manufacturing facility equipments. Apart from the data center access, another major
activity that will happen on the network is the web server access. Also, workstations of
200 employees will run applications that will create some network traffic. Therefore,
listed below are the major network traffic flows:
1)The internet will send in a lot of traffic to the DMZ (webserver). As the company
plans to have an online medium of sale too, a lot of customers are expected to access
the webservers and order their units.
2)The employees and engineers will run applications like the email client, companys
website, and other internal applications with data storage in the data center. Therefore,
another major traffic flow will exist between Workstations (PCs) and DMZ (Email
server, Webserver and even DNS server) and also between Workstations and the data
center
3)Manufacturing facility has networked equipments that communicate with data
servers. Therefore, a lot of traffic flow is expected between data center and the
manufacturing facility.
4)The webserver has its data backup o the servers at the data center, therefore
DMZ(webserver) and the data center will also have a lot of traffic amongst them.
5.
As it can be seen in the network topology, security has been implemented at various
stages. First and foremost, a firewall is present which separates the DMZ and the LAN
from the internet. This helps in filtering malicious and unnecessary network traffic.
Then comes the VLAN support. As it can be seen that distribution layer router is present
that connects all the switches of the workstations (where the PCs are present). This
distribution router ensures that the different PCs can be separated in the form of Virtual
LANs. VLAN is a way to create a logical separation for different departments, user
communities etc. It helps in preventing unauthorized access and helps in departmental
information security.
The switches present at the access layer can help in providing port level security. The
ports can be configured to provide a security circle that protects the network from
unauthorized access cases.
Security breaches are also easier to track and manage. It is because of the layered
topology where in core, distribution and access layers are separated in the network.
Layered network segments help in easy organization and maintenance.
6. What questions will you ask ElectroMyCycle about this project as you do your
work?
Details pertaining to following questions can be asked while working on the project:
1)What are the different VLANs that need to be configured on the network of
ElectroMotorcycle.
2)Are there any particular sites that you would like to block? Or what sort of traffic do
you want to allow from the internet.
3)What are the different accesses that you would like to implement? All users might
not be intended t allow access to all kinds of data. Which data community should be
given access to what data?
Position
Director
Manager
Engineer
Staff
IP Address
172.10.1.0/28
172.10.1.16/27
172.10.1.48/26
172.10.1.112/25
Policy
private
private
private
public
Address type
Static
Static
Static
Dynamic