TRNG I HC BCH KHOA

KHOA KHOA HC & K THUT MY TNH

BA I THU HOACH 2
MN HC: MNG MY TNH 2

GVGD: Ths.Nguyn Cao at

Nhm:
Nguyn Ngo c c Tun

51204289

Lai Tro ng ao

51200682

Trn Vn inh

51200785

Trng Nguyn Nht Hoa ng

51201251

Nguyn Manh C ng

51200436

TP. H CH MINH, THNG 11 NM 2015

0

Design Scenario Chapter 5

In Chapter 1, Analyzing Business Goals and Constraints, you learned about
ElectroMyCycle, a manufacturer of new electric motorcycles. ElectroMyCycle has
chosen you to design a new network that will let the company scale to a larger size. The
campus network will support about 200 employees and a new data center. Another
feature of the campus network will be a state-of-the-art manufacturing facility with
networked equipment that communicates with servers in the data center that support realtime control and management. Engineers will access the servers from their PCs in the
access layer of the campus network.

ElectroMyCycle will sell its new motorcycle both online and through a large retail
company. For online sales, ElectroMyCycle plans to have a DMZ that connects a public
web server, a DNS server, and an email server. The web server needs to communicate
with back-end servers in the data center that hold customer billing data. ElectroMyCycle
also plans to open a branch sales office in the city where the retail companys corporate
headquarters reside, about 500 miles from ElectroMyCycles headquarters.
Design and draw a logical topology that will support ElectroMyCycles needs. In
addition to meeting the specified needs, be sure to consider security.

Logical Network topology:

The logical topology of the network is shown in the form of three diagrams. First figure
shows how the LAN and DMZ are connected to the internet. The second figure shows the
three layers (core, distribution and access) of ElectroMyCycle Companys LAN. The
third figure throws light on the T-1 link present between ElectroMyCycle Companys
headquarters and their branch sales office (500 miles away from the HQ).

Figure-1: Diagram showing how the LAN, DMZ are connected to the internet.

It can be seen that the DMZ is separated from the LAN which contains the workstations,
Manufacturing facility and the data center. However, a link (shown in brown) has been
provided from the Webserver (DMZ) to the data center (LAN). This is present because
the data backup of webserver is present on the data center servers.

Figure-2: Diagram showing the three layers of ElectroMyCycle Companys LAN

In this figure, it is clear that the LAN of ElectroMyCycle Company has been logically
divided into three layers core distribution and access. Core layer contains the router that
connects the LAN to ISP and DMZ and the switch via which the connection gets
distributed in the LAN. The PCs shown in the figure shows the facility where in 200
employees will be accommodated (including the engineers).

Figure-3: This shows how a connection is made between the Headquarters and the
branch sales office.
3

As shown in the diagram, either a T-1 link can be used or a Metro Ethernet virtual link
can be used to connect both the facilities.
Design and draw a logical topology

1. Explain why you think your design meets the needs of ElectroMyCycle.
The network design as demonstrated by the logical topology of previous section makes
sure that following company needs are satisfied:
The network has a support for the 200 employees of the company (through its
access layer switches and PCs). Also, the data center has been included in the
access layer, to ensure its connectivity to the LAN.
Manufacturing facility and the Data center are connected via a router. Therefore,
manufacturing equipments can be successfully controlled and managed via
communication with data center servers .
As a web server has been setup at the DMZ, online sales have become possible.
Therefore, companys requirement of being able to sell online has been fulfilled.
A DMZ containing web server, mail server and a DNS server has been created. As
it can be seen, the DMZ is separated from the LAN through a router that connects
to the ISP too.
A firewall has been setup to provide a secure network. Also, distribution level
routers make sure that other security features like VLANs; port security etc can be
configured.
4

 A metro Ethernet segment can be set-up between the DMZ router and the remote
branch sales office. This provides connectivity to the data center and thus,
employees can have access to companys operational data which will be needed
for the smooth running of the sales office.

2. List the major user communities for your design

Major user communities:
1)Engineers
2)Network Administrators
3)Other employees
4)Online customers
5)Internal email users
6)Data center admins
NOTE: It is not compulsory that a single user cannot fall in more than one user
community.
3. List the major data stores and the user communities for each data store
Following are the major data stores with its users description:
1)Data center servers: The data here will be used by customers (via web
application),network admins, data center admins, engineers, etc.
2)Email server: This will contain a database that will support the internal email
system of the company. All the employees will be its users
3)DNS server: it will have a mapping of the domain names and the network
addresses. It will again be used by the employees of the company.
4)Routers: The routers will contain the routing table and thus a picture of the entire
network topology will be present on them. This data will be used by all the
stakeholders involuntarily.

4. Identify major network traffic flows in your network topology drawing

The network Topology of ElectroMycycle has been drawn above. It is pretty evident that
the datacenter is the major storage of all kinds of data, be it for the web server, or for the
5

manufacturing facility equipments. Apart from the data center access, another major
activity that will happen on the network is the web server access. Also, workstations of
200 employees will run applications that will create some network traffic. Therefore,
listed below are the major network traffic flows:
1)The internet will send in a lot of traffic to the DMZ (webserver). As the company
plans to have an online medium of sale too, a lot of customers are expected to access
the webservers and order their units.
2)The employees and engineers will run applications like the email client, companys
website, and other internal applications with data storage in the data center. Therefore,
another major traffic flow will exist between Workstations (PCs) and DMZ (Email
server, Webserver and even DNS server) and also between Workstations and the data
center
3)Manufacturing facility has networked equipments that communicate with data
servers. Therefore, a lot of traffic flow is expected between data center and the
manufacturing facility.
4)The webserver has its data backup o the servers at the data center, therefore
DMZ(webserver) and the data center will also have a lot of traffic amongst them.
5.

How does your design provide security for ElectroMyCycle's network?

As it can be seen in the network topology, security has been implemented at various
stages. First and foremost, a firewall is present which separates the DMZ and the LAN
from the internet. This helps in filtering malicious and unnecessary network traffic.
Then comes the VLAN support. As it can be seen that distribution layer router is present
that connects all the switches of the workstations (where the PCs are present). This
distribution router ensures that the different PCs can be separated in the form of Virtual
LANs. VLAN is a way to create a logical separation for different departments, user
communities etc. It helps in preventing unauthorized access and helps in departmental
information security.
The switches present at the access layer can help in providing port level security. The
ports can be configured to provide a security circle that protects the network from
unauthorized access cases.
Security breaches are also easier to track and manage. It is because of the layered
topology where in core, distribution and access layers are separated in the network.
Layered network segments help in easy organization and maintenance.

6. What questions will you ask ElectroMyCycle about this project as you do your
work?
Details pertaining to following questions can be asked while working on the project:
1)What are the different VLANs that need to be configured on the network of
ElectroMotorcycle.
2)Are there any particular sites that you would like to block? Or what sort of traffic do
you want to allow from the internet.
3)What are the different accesses that you would like to implement? All users might
not be intended t allow access to all kinds of data. Which data community should be
given access to what data?

Design Scenario Chapter 6

Use network address 172.10.1.0:
Number
10
25
45
120

Position
Director
Manager
Engineer
Staff

IP Address
172.10.1.0/28
172.10.1.16/27
172.10.1.48/26
172.10.1.112/25

Policy
private
private
private
public

Address type
Static
Static
Static
Dynamic

Design Scenario Chapter 8

1. Most important assets must be protected are customers database and the
transactions database.
2. Biggest security risk is companys competitors can access the database.