Sei sulla pagina 1di 16

ABC

COMPANY NETWORK

PROJECT PROPOSAL
Prepared by: INTIKOM BERLIAN MUSTIKA

21 March 2019

Table of Contents
EXECUTIVE SUMMARY .................................................................................................................. 4
1. COMPANY PROFILE .................................................................................................................... 4
1.1 INTIKOM PROFILE .................................................................................................................................. 4

2. PROJECT OVERVIEW ................................................................................................................. 6


2.1 PROJECT BACKGROUND ............................................................................................................................ 6
2.2 PROJECT OBJECTIVES ................................................................................................................................ 6

3. GUIDELINES AND PRINCIPLES ............................................................................................... 6


3.1 SECURITY ..................................................................................................................................................... 6
3.2 AVAILABILITY ............................................................................................................................................. 7
3.3 RELIABILITY ................................................................................................................................................ 7
3.4 EFFECTIVENESS .......................................................................................................................................... 8
3.5 SCALABILITY ............................................................................................................................................... 8

4. PROJECT REFERENCES .............................................................................................................. 8


5. PROJECT DETAILS ...................................................................................................................... 8
5.1 HARDWARE AND SOFTWARE REQUIREMENTS ...................................................................................... 8
5.2 NETWORK TOPOLOGY ............................................................................................................................... 9
5.3 PROJECT SCOPES ...................................................................................................................................... 10
5.4 ASSESSMENT AREA ................................................................................................................................... 12

6. PROJECT MANAGEMENT ....................................................................................................... 14


6.1 PROJECT TEAM ......................................................................................................................................... 14
6.2 PROJECT TIMELINE .................................................................................................................................. 14
6.3 BUDGET AND COST .................................................................................................................................. 16

Page 2 of 16




PROPERITARY STATEMENT


The nature of the information within this proposal is confidential, which is
intended for ABC Company to evaluate PT.Intikom Berlian Mustika as a potential
vendor of products and services.
Therefore this proposal shall not be duplicated, reproduced and/ or distributed
to other parties for whatever reason.

This Proposal represents the solution to address and define the solution for ABC
and not represents obligation or contractual agreement of both PT.Intikom
Berlian Mustika and ABC company. A fully executed agreement is required to
establish the pricing, scope of work and responsibilities of each party.

























PT Intikom Berlian Mustika

Graha Intikom

Jalan Kuningan Barat II, No.11,
Jakarta 12710

Page 3 of 16

Executive Summary

This project is designed for company ABC to enhanced their business processes
with the integration of IT network technology, and also to keep their business
secured with the implementation of a proper security configuration.

There are two options for the design that can be implemented on this project.
The first one is focused on higher redundancy system with HSRP protocol and
on the other hand the design will be focused on the isolation of the Distribution
Layer Switch (DLS), with “router on stick” configuration while dividing the
network with the subnet on each DLSs.

Intikom, as has been known as trusted professional system Integrator Company,
could help company ABC to achieve their network integration demand by
providing a full depth networking solution from the scratch, while keeping their
networking system secured.

1. Company Profile

1.1 Intikom Profile




About us:
PT. INTIKOM BERLIAN MUSTIKA has been trusted over years because of its
reliability in providing IT solutions and recourses to the clients, as well as
ensuring them to be able to further their business ahead in industry.

Our Journey has begun since 1990, where there were a lot of projects and
solutions that we have provided through solid commitment of our
management in IT industry, and also we have gained our excellent reputation
through long process and faith to be able to become what we are now.
In April 1990, PT. INTIKOM BERLIA MUSTIKA has signed the Enterprise
Standing Order (ESO) with USI-IBM and established business partnership with
IBM in 1993. Since then, we have became a business partner for other world
leading IT companies such as Cisco System Inc., Hewlett-Packard, Wincor
Nixdorf and Microsoft. Therefore, we are able to provide comprehensive range
of IT services and products for broad client bases.

PT.INTIKOM BERLIAN MUSTIKA is integrating people, process and technology
to deliver innovative and reliable IT solutions to both private and government

Page 4 of 16

sectors, while we also focused on financial institution, manufacturing and
distribution, telecommunication, mining, healthcare, education as well as
public sectors. Our main services and products are IT solution consultancy,
software customization and implementation assistance, education and training,
software and hardware, system integration, e-commerce and networking and
its maintenance.

Vision:
“Partner to Lead.”

Mission:
“Moving towards excellence as an admired ICT solution provider. Preferred place
to build career and contributor of good values to stake holders.”


Organization Structure

BOARD OF THE COMMISIONERS

BOARD OF DIRECTORS

System & Audit:


Sugijati Winata

Vice President Business


Director: Director:
DIrector: Development:
Erwin Elias Robert Laij
Agus Susanto BoD

Enterprise of Enterprise of Finance


Infrastructure & Application & Accounting &
Services: Software: Logistic:
Basuki Oentoro Erwin Elias Robert Laij

Hardware Professional Enterprise of


Maintenance & Services: Infrastructure &
Services: Paulus Budianto Services:
Rudwiseno Basuki Oentoro
Saptonugroho
Branch Offices:
Dian Novianti
Infrastructure &
Security: Mobility:
Ade Cahyono Tedi Wibowo

Marketing
Communication:
Januaristi Harati
Page 5 of 16
Figure 1: Company Organization Structure



Support Team
As for now, we currently have two certified presales and team to ensure the
project implementation for the project is working as it is intended to.

Service Level
As for the service level, our utmost priority is going to be performed by
support with the SLA of 8X5 to ensure the ABC Company’s business continuity,
including multi-tiered supports level to monitor, mitigate and troubleshoot any
Networking and security issues.

2. Project Overview
2.1 Project Background
This project has been designed for company ABC to be able to integrate their
business with the current technology that utilize fast and reliable site to site
LAN connection, so then they could enhance their production performance
with the power of network technology.

2.2 Project Objectives


In order to be able to design and implement the network topology, a proper
assessment is needed to identify the most fitted solution for company ABC as it
surely will keep their business process and services to be able to run
seamlessly.

3. Guidelines and Principles



There are five points that are required as guidelines and principles in this
project, these points are going to be used as a measurement to keep the
assessment to identify the whole essentials elements that are needed for
company ABC to be able run their business smoothly.
(The points are ranked from the most to the least priority)

3.1 Security
Security is the most important thing for today’s IT solution technology, as there
are a lot of threats that could harm the confidentiality and integrity of the data
within the whole network.

Below are the key points for the security assessment:
• What kind of data is being accessed? And/or what kind traffic or service
that is running in the network system?
• What kind of policies or security standards that will be used?
• Where the data or network is going to be accessed? And/or the where
the data or traffic is being originated from?
• When the security will be weakened mostly? And/or when we need to
tighten up the security?

Page 6 of 16

• Who is going to accessing the network and keeping the data secured?
And/or who is going to be responsible if a threat occurred?
• Why the data information must be classified first, in order to achieve the
level of security that needed?
• How the security can be configured while not reducing the quality of the
network bandwidth and the performance of the business processes?

3.2 Availability
Availability is also important to ensure the required resources and data are
available as they intended to with the business needs.

Below are the key points for the availability assessment:
• What kind of data or service that is most critical for the business
operation?
• Where the data is most likely being used and where it is going to be
stored?
• When we need the highest availability for the business process or when
the traffic flow at its peak?
• Who is responsible to manage and monitor the resources?
• Why the availability of some certain or whole resources and data are
important?
• How the network design is developed according to its availability such
as preserving network address with sub-network? And/or how many
users or division are accessing the network (Including the mobility of
the users such as using wired connection or wireless)?
• How we mitigate the disruption? Such as what kind of disaster recovery
strategy for Business Continuing Plan (BCP) that we have? Or any
redundancy method/design?

3.3 Reliability
Reliability is important to manage the performance of the system that is going
to be created.

Below are the guidelines that will be used to achieve desired reliability:
• Local High availability zone:
o Network Based:
Load Balancer, QoS, and MLAG such as ether-channel utilization
within bundled switch-ports for a better bandwidth and also
HSRP configuration for fail-over scenario on distribution layer
switches;
o System Based:
Load balancing/ Fail-over configuration, utilization of VMs or OS
within the server and Monitoring tools such as SNMP trap.
• Remote Connectivity over ISP zone:
o Network Based:
VPN IP sec (site to site) tunnel between two LAN.

Page 7 of 16

3.4 Effectiveness
Effectiveness of the network is important to maximize the utilization of the
tools and resources, while reducing unnecessary unused space or
configuration that needed.
Below are the guidelines that will be used to achieve desired effectiveness:
• Adding the required resources with the company business’s needs;
• Utilization of subnet within the network;
• Utilization of VLAN;
• Initial and improvement costs to build the networks;
• The value of the spending;
• Investment protection.

3.5 Scalability
Scalability of the network is important to design the network expansion and
improvement strategy.
Below are the guidelines that will be used to achieve desired scalability:
• How the network will be expanded in the next 5 years time;
• How complex and reliable the network can be;
• Efficiency of the initial implementation;
• Initial Design of the network topology;
• Contingency plan.

4. Project References

Project Name Customer name Year
Assessment for Fast Food Fast Food Indonesia 2018
Indonesia Network

5. Project Details
5.1 Hardware and Software requirements
There are necessary equipment that are needed in order to execute the project,
and they have been divided into High and lite options for this project. The
details are going to be explained as below:

• Hardware:
o Cisco Router 2811 (Quantity:2 pcs) with following modules:
§ HWIC-4ESW 4 Fast-Ethernet ports (Quantity: 4 pcs);
§ WIC-2T serial port (Quantity: 2 pcs);
§ WIC-1AM Analog phone port (Quantity: 2 pcs).
o Cisco Multi-Layer Switches 3560-24 PS (Quantity: 4 pcs) (These
multi-layer switches will not be added in lesser redundant
topology, instead of they will be replaced with Cisco Catalyst 2950
24 PoE );
o Cisco Catalyst 2960 48 PoE ports Switches (Quantity: 4 pcs);
o Cisco Catalyst 2960 24 PoE ports Switches (Quantity: 2 pcs);
o Open Indo Rack 32U OR32 (Quantity:2 pcs);
o Server HP-E ProLiant DL20 Gen9 (Quantity: 8 pcs);
Page 8 of 16

o Cisco SIP phone 7960 (Quantity 200 pcs);
o Cisco Aironet 3602I Access point 5Ghz 450 Mpbs (Quantity: 2
pcs)
o HD PoE Outdoor infrared Cloud IP Camera (Quantity: 4 pcs);
o HP Slimline Desktop 290-p0032d (Quantity:200 pcs);
o HP V194 18.5-inch Monitor (Quantity: 200 pcs).

• Software:
o Ubuntu Server 18.04.2 LTS until April 2023;
o Owncloud 15.0.5 NAS Server tools;
o Asterisk 16.2.1 IPPBX Server OS;
o Eset NOD32 Antivirus;
o ZoneMinder CCTV software;
o Apache2 Web server;
o Samba active directory;
o Norton Security Deluxe or premium.

5.2 Network Topology


Figure 2 High Redundant Topology Design

Page 9 of 16


Figure 3 Lesser Redundant Topology Design


Site Location Address Connection Type
Jakarta Jl.Jakarta PPP/VPN over ISP
Surabaya Jl.Surabaya PPP/VPN over ISP

5.3 Project Scopes



Responsibilities
Ite Detail Expected
No Location Activities 3rd
m s ABC Intikom Deliveries
Party

Checking the Server and


current Physical
Site physical Network
Jakarta Site Asses
1 locatio space Design
and Surabaya smen X X
n (physical size Topology &
Site t
survey of the office) Devices
and physical placement
environment

Page 10 of 16

Estimating
the energy
Overall
supply costs
estimated
and any X X
expenses run-
other
down
expenses for
the network
Topology
design X X
mapping
Topology
Decision of Design
which
X
topology that
will be used
Server and
user PCs Technical
configuration X Report
(including Documentation
the security)
Defining
which ISP
will be used
and ensuring Data flow
the X X X diagram and
connection log output
between
sites are
Impl connected
Jakarta Site Configuring
emen Configu
2 and Surabaya the
tatio ration
Site connection Log output
n
between report and
user, server X Technical
and any Report
other Documentation
network
devices
Policies
Security documentation
Policy and X X X such as ISO
standard 27001 Annex
and Clauses
Configuring IP address
firewall and X Access-list
DMZ zone table
Configuring
Technical
Layer 3 and
X Report
Layer 2
Documentation
security
Monitoring Technical
and updating X Report
the network Documentation

Page 11 of 16

Inventory
Inventory
checking
Asset
such as,
documentation
Serial X X
and Network
number,
inventory
model
Report
version, MAC

Mapping the
utilization of Technical
VLANs and IP X Report
addresses or Documentation
Sub-network

Troubleshoot Technical
and X Report
remediation Documentation

Security
Analysi Availability
Jakarta
Secur s and Analysis and
Site and
3 ity Recom Reliability X Recommendati
Surabaya
Audit mendat on Reports
Site Effectiveness
ion
Scalability


5.4 Assessment area
Below are the key points of which area that will be assessed and implemented in
the project:

• There are two topology designs that can be choose for the project, they
are:
o High Redundant Design
Utilization of Layer 3 switches for HSRP/Virtual IP gateway for the
VLANs., as this is an excellent configuration for fail-over between
DSLs.
o Lesser Redundant Design
Utilization of subnet on each separated node to preserve the
network address for the VLANs, such as one network address is
divided into 2 subnets, so then each Distribution layer switch
could use router on stick configuration with dot1q encapsulation
without being overlapped.


• Layer 2 Security such as ;
o Switchport port security sticky;

Page 12 of 16

o VTP client and server;
o Spanning tree portfast RSTP;
o Switchport trunking with dot1q encapsulation,;
o Enabling console and SSH remote access password,;
o Exec timeout and login failure rate;
o DHCP Snooping;
o Dynamic ARP inspection;
o IP source guard.

• Layer 3 Security such as:
o Secure administrative access with console and SSH remote access
password;
o Secure administrative access with exec timeout and login failure
rate;
o Secure administrative access privilege level;
o Utilization of local AAA authentication protocol;
o Utilization of IP ACLs to filter the traffics (Reflexive ACL);
o Zone based Firewall and DMZ zone/Promiscuous area;
o Intrusion Prevention System (IPS);
o Utilization of Syslog and SNMP server;
o VPN IPsec site to site configuration
o Utilization of Local 802.1X (LEAP) wireless user-based
authentication security.

• Cross-Hot sites back up server between the sites, such as back up server
for Jakarta server is mirrored to Surabaya site and vice versa.

• Basic Server hardening such as:
o Using SSL with signed certificate for the Web server connection
(HTTPS)
o Secure administrative access with session timeout;
o Secure administrative access with fail2ban security tools;
o SSH configuration;
o Secure administrative privilege level;
o Secure syslog reporting tools;
o Configuring monitoring tools such as Webmin;
o Configuring firewall policy in the server.

• End user security such as:
o Information security policies (ISO 27001:Information Security);
o Antivirus installation into user PC;
o Activating firewall in user PC;
o User account management with Samba active directory;

Regardless of the project scope and assessment area that have been defined,
there are elements that not included into the project scope, such as;
• The utilization and installation of any application or VMs that is running
in the server;
• Any self-modification of the server configurations that have been
configured by intikom;

Page 13 of 16

• Intikom will not be covering the ISP network area. Therefore we are not
responsible for any issue related to ISP connectivity (except VPN
configuration) from site to site;
• Intikom will be not responsible for the physical cable management such
as cable labeling or cable management. Therefore, Intikom only will be
assessing the cable connection;
• Intikom will be not responsible for the physical access security for the
server and any other network devices.

6. Project Management
6.1 Project Team
The details of the team for this project are listed as below:

Person in Contact
No Posistion Skills Email
charge Number
Valdimo Project
1 valdimo.hutahean@intikom.co.id 082120502360
Hutahean Manager
Product CCNA,
Joshua A H
2 Consultant CCNP alexander_josh2@hotmail.com 081317321871
Panggabean
& Designer
CCNP,
Reinard Network
3 CCNA, Reinhard.silalahi@intikom.co.id 0818991755
Silalahi Engineer
NSE4
Rizky Network
4 CCNA Risky.adyatma@intikom.co.id 081260135871
Adyatma Engineer
IBM-CA
Wahyu System
5 STORAG Wahyu.anga@intikom.co.id 081296960799
Angga Engineer
E,VS

6.2 Project Timeline

No Work Item Duration (In Days)


1 Jakarta Site Assessment and Implementation
A Physical Site Survey 5 Days
B Preparation and Assessment 3 Days
C Design and Implementation 5 Days

2 Surabaya Site Assessment and Implementation
A Physical site survey 5 Days
B Preparation and assessment 3 Days
C Design and Implementation 5 Days

3 Security Audit and Development
A Analysis Report 2 Days
B Recommendation Report 2 Days

Page 14 of 16

The details of the project timeline will be explained as below:


Page 15 of 16


6.3 Budget and Cost

High Redundant Topology Design:

Item Qty Price/Cost
Cisco Router 2811 2 Rp 71,000,000
HWIC-4ESW 4 Fast-Ethernet ports 4 Rp 24,000,000
WIC-2T serial port 2 Rp 9,000,000
Cisco Multi-Layer Switches 3560-24 PS 4 Rp 216,000,000
Cisco Catalyst 2960 48 PoE ports Switches 4 Rp 274,000,000
Cisco Catalyst 2960 24 PoE ports Switches 2 Rp 90,000,000
Open Indo Rack 32U OR32 2 Rp 3,300,000
Server HP-E ProLiant DL20 Gen9 8 Rp 124,400,000
Cisco SIP phone 7960 200 Rp 540,000,000
Cisco Aironet 3602I Access point 5Ghz 450 Mpbs 2 Rp 24,000,000
HD PoE Outdoor infrared Cloud IP Camera 4 Rp 16,000,000
WIC-1AM Analog phone port 2 Rp 6,000,000
Eset NOD32 Antivirus (4 years) 4 Rp 12,000,000
HP Slimline Desktop - 290-p0032d 200 Rp 1,460,000,000
HP V194 18.5-inch Monitor 200 Rp 260,000,000
Norton Security Deluxe (3 Years) 200 Rp 89,000,000
Total Rp 3,212,700,000


Lesser Redundant Topology Design:

Item Qty Price/Cost
Cisco Router 2811 2 Rp 71,000,000
HWIC-4ESW 4 Fast-Ethernet ports 4 Rp 24,000,000
WIC-2T serial port 2 Rp 9,000,000
Cisco Catalyst 2960 48 PoE ports Switches 4 Rp 274,000,000
Cisco Catalyst 2960 24 PoE ports Switches 6 Rp 270,000,000
Open Indo Rack 32U OR32 2 Rp 3,300,000
Server HP-E ProLiant DL20 Gen9 8 Rp 124,400,000
Cisco SIP phone 7960 200 Rp 540,000,000
Cisco Aironet 3602I Access point 5Ghz 450 Mpbs 2 Rp 24,000,000
HD PoE Outdoor infrared Cloud IP Camera 4 Rp 16,000,000
WIC-1AM Analog phone port 2 Rp 6,000,000
Eset NOD32 Antivirus (4 years) 4 Rp 12,000,000
HP Slimline Desktop - 290-p0032d 200 Rp 1,460,000,000
HP V194 18.5-inch Monitor 200 Rp 260,000,000
Norton Security Deluxe (3 Years) 200 Rp 89,000,000
Total Rp 3,176,700,000

Page 16 of 16