Introduction
ICT Resources Malaysia Public Limited Company is the supplier of business equipment and office supplies of its kind in South East. The company owns a 3storey building and currently has already grown to a level where they now have resources of 40 staff and this figure is still growing. They have developed and spread their business to 3 strategic locations throughout South East Asia with more upcoming offices in other locations planned for 2011. These new offices will incorporate the retail concept coupled with local sales offices.
As a consultant, this report is introducing the new network infrastructure for ICT Company to reduce the cost and increase the efficiency, based that to increase competitiveness.
Assumption
LCT Company is consisting of 6 departments which are
Human Resource Department,
Accounting Department,
Marketing Department,
Customer Support Department,
Sales Department
IT Department.
Totally there are about 40 persons within the managers, secretaries, and receptionists.
Before the owner investments into the business, the current network used a bus topology within the office and poor equipment for the employees.
Problem Identification
At present, ICT Company is going to build the network infrastructure and the current equipments are in a terrible situation that cannot private a good working environment for employees although the number of employees is expecting to grow.
There are 4 main problems should be expected with the network:
Insecurity Network
Ineffective network control
Inefficient file sharing and collaboration
Low productivity
Weak Network Security
Computer virus
Computer viruses are very common on computers; Viruses chances computer configuration and spread to other computers by infecting files on a file system or a network file system that is accessed by other computers. Virus becomes very performance and security prone.
Network Security
If there is no firewall installed, it will be allow any computers to be able to connect to the network, a number of hubs are connect between computers, it is not easy to detect if anything anomalous.
Ineffective network control
Computer and network control
The employees will get so much freedom if there is no restriction; control the computers and network to prevent employees spend their time on personal use or searching Internet instead of working by company's computers.
Inefficient file sharing and collaboration
Inefficient file sharing and remote access
File sharing usage is low, and employees can only use pen drives and emails to share; It must has a file sharing between different sites within the company.
Low productivity
Limited equipments cannot satisfy the job requirement
It has not enough equipment to private help, such printers, faxes, projectors and multi-function devices
Internal mail service
The employees need to have more customizable controls on the email service.
Wireless connection
It should be has a support for wireless connection at the moment, If there is anything needs, it is necessary to have a wireless connection for employees and clients.
Proposed Solutions
The proposed solution consists of advantages and disadvantages of having a network, transmission media selection, peer-to-peer network or a client/server network, and type of network topology, etc. It also includes some important parts to make a better network.
Advantages of having a network
In an organization, each employee uses a computer in the office, if a company has more than twenty employees in each department, it will also have more than twenty computers, you can do a number of things that cannot be done without a network connection, someone can connect to host computers for things like email, news, library searches, it also can access other Internet service connecting to computers at other institutions if authorized. Image one employee uses his computer A to make a document file, he cannot without using a pen drive to get his work if he changes his computer A to computer B. It wasn't long ago that each machine required its own additional peripherals such as printers. With a network environment it can be afford to purchase a higher quality single unit and share it among the other computers in the network.
Hence having a network is not only important to share internet connection, share files, and also important to manage user accounts, implement security policy, and improve the efficiency of the employees and better utilize IT resources.
Disadvantages of having a network
Firstly, it needs more invest in the equipment, services and software, and it need to hire the professional to setup, maintain, fix, and manage the network.
Secondly the employees need more skills to use the network; sometime it may run the risk of affecting the efficiency of the existing business operation.
Meanwhile having a network means that it is more subjected to attack and run the risk of confidential files being stolen, such as network faults could lead to loss of resources and cause loss of data.
VPN
VPN is a network technology uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.VPN provides the organization with the same capabilities, but at a much lower cost. It uses some form of encryption and have strong user authentication. Essentially a VPN is a form of WAN.
VLAN
Virtual LAN (VLAN) is used in ICTR. VLAN can regardless of their physical location; segregate a network into smaller individual networks with individual broadcast domains. A VLAN allows for hosts to be grouped together even if they are not located on the same network switch. By utilizing VLAN, ICTR can be able to have more control for the network; for example, the administrator can set VLAN 1 for the marketing department, VLAN 3 for HR department, and VLAN 3 for accounting department and so on.
Client/server network
Peer-to-peer network
Peer-to-peer network is appropriate for very small businesses use. It can support about ten clients before it is subjected to some serious performance and management problems.
Client/server network
Different with Peer-to-peer, client/server can control what a user can do on the computer, what files the users can accessed in the network, once it has been accessed, users may access only those resources that the network administrator allows them to access.
This is the reason why client/server is more suitable than peer-to-peer for the network. Client/server privates more security network, easy to managed network and improve the efficiency of the network.
Network topology
ICT Company utilizes star topology. Each device has a dedicated point-to-point link only to a central controller by switches, star is easy to install and reconfigure, less cabling needs to be addition, moves, and deletion involve only one connection between the devices and switch, and it has no disruptions to the network when connecting or removing devices. Star is more robustness, if one link fails, only that link is affected.
Transmission media
For transmission media, the coaxial cable is recommended. Coaxial cable is an electrical cable with an inner conductor surrounded by a flexible, tubular insulating layer, surrounded by a tubular conducting shield. It is recommended because coaxial cable can be run with fewer boosts from repeaters for longer distances between network nodes than either STP or UTP cable. Repeaters regenerate the signals in a network so that they can cover longer distances than twisted-pair cable, it is also less expensive than fiber-optic cable, it has been used for many years for all types of data communication, and this technology is well known.
Hubs and Switches
Uses hubs to connect computers increases the security risks of network spoofing, it also immensely compromise the performance of the network by having too many half duplex and grouping too many hosts into the same collision domains.
The solution is to replace the hubs by switches, by using switches, it separates the collision domains, let the network run on full duplex instead of half duplex, so that improves the performance of the network, and at the same time improve the security of the network.
VLAN Tagging (IEEE 802.1Q)
IEEE 802.1Q defines the meaning of a virtual LAN (VLAN) with respect to the specific conceptual model underpinning bridging at the Media Access Control layer and to the IEEE 802.1D spanning tree protocol. This protocol allows nodes on different VLANs to communicate with one another through a network switch with Network Layer capabilities, or a router.
DHCP service
The reason to use Dynamic Host Configuration Protocol (DHCP) server is it is easy to manage. DHCP is a computer networking protocol used by hosts to retrieve IP address assignments and other configuration information such as DNS IP address. A device can have a different IP address every time it connects to the network.
DHCP can be manual and dynamic. IP is assigned by the system administrator DHCP delivers the assigned IP address to the client when it is manually. Automatic is DHCP assigns permanent IP address to a client.
Mail Server
The ICT Company will install a mail server; the mail server can be handle all incoming and outgoing emails pass through the network. As from the security point of view, setting up an internal mail service will help to keep company's emails inside the company, reduce the risk of information leaks.
Firewall server
The introduction of a firewall server is crucial for improving the company's network security to provide better network filtering and control.
A Firewall can be used in both software and hardware. The firewall will examine the secure when each message enters or leaves the intranet.
Some of the firewall techniques are recommended to be used are:
Packet filter: Packet filtering examines each packet pass through the network and accepts or blocks it based on user-defined rules.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established.
Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers.
Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
With proper configuration, the firewall server is expected to help to reduce the chance of computer viruses, filter unwanted websites, and control what kind of internet services can be used in the company.
FTP server
In order to improve the efficiency of file sharing across the company, FTP server is recommended.
File Transfer Protocol (FTP) is a standard networking protocol for copying files from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on client-server architecture. FTP allows anonymous user access, but it also can be used in conjunction with the Active Directory authentication to increase security for uploading and download files.
With the FTP server, ICTR will be able to create central repositories for file sharing across the company regardless the location; it provides good security and more options for file sharing.
Summary
To tackle the existing problems, the according solutions are:
Weak Network Security
VPN, VLAN, Firewall.
Ineffective network control
VLAN, DHCP, VLAN Tagging
Inefficient file sharing and collaboration
FTP; VLAN Tagging
Technology stagnant slows down productivity
Wireless Access Point, Mail server,
Implementation Plan
In this section, more detailed implementation of the solution will be explained.
Network topology
In the network topology Server room, Managers and secretaries, Receptionists, and Each of the 6 departments have its own VLAN:
Name:
VLAN
IP
Server Room
100
192.168.1.1
Managers and secretaries
200
192.168.2.1/24
HR Department
300
192.168.3.1/24
Accounting Department
400
192.168.4.1/24
Marketing Department
500
192.168.5.1/24
Support Department
600
192.168.6.1/24
Sales Department
700
192.168.7.1/24
IT Department.
800
192.168.8.1/24
Receptionists
1000
192.168.10.1/24
Equipment
Name
Quantity
Office computer
40
Audio device
40
Microphones
40
LCD projectors
4
Printer
10
Multi-function device
6
Floor plan
1st floor
2nd floor
3rd floor
Limitation
One of the things will not change over this network overhaul is the Internet speed, as it mainly depends on the connection with the ISP.
As the complexity of the system increases, it requires more skilful administrator to maintain the system, such as the Active Directory. Also in order to maintain competitive advantages, organization is suggested to periodic review on their system on regular basis.
For more granule control over network security hardware firewall should be considered, for example, the new hardware firewall from Cisco can provide packet filter at a very low level, so that it can block bit torrent and other specific network data.
