network infrastructure proposal

Vincent Music Outlets Network Infrastructure Proposal

NetEngine Consulting LLC 5/30/18 VMO Proposal

NetEngine Consulting LLC VMO Proposal

1


2

TABLE OF CONTENTS

1 Executive Summary ..................................................................................................................................................................7

1.1 Chicago HQ: Building A ................................................................................................................................................7

1.1.1 Current Operation ....................................................................................................................................................7

1.1.2 Requirements ..............................................................................................................................................................7

2 Current Operations & Requirements .................................................................................................................................7

2.1 Chicago HQ: Building B .................................................................................................................................................7


2.2 Chicago HQ: Building C ................................................................................................................................................7

2.2.1 Current Operations...................................................................................................................................................7

2.2.2 Requirements ..............................................................................................................................................................7

2.3 Chicago HQ: building D ................................................................................................................................................8


2.4 Chicago HQ: Building N ................................................................................................................................................8


2.4.2 Requirements ..............................................................................................................................................................8

2.5 Lincoln, Nebraska ...........................................................................................................................................................8


2.5.2 Requirements ..............................................................................................................................................................8

3 Naming Scheme for all equipments .....................................................................................................................................9

3.1 Headquarter .....................................................................................................................................................................9

3.2 Lincoln, Nebraska and retail stores ......................................................................................................................... 10

4 Wide Area Network ............................................................................................................................................................ 10

4.1 WAN Summary ............................................................................................................................................................ 10

4.2 Topology ........................................................................................................................................................................ 11

4.2.1 HQ to Lincoln, Nebraska (Site to site connections).................................................................................. 11

4.2.2 HQ to Retail Store ............................................................................................................................................. 12

4.2.3 HQ to Internet .................................................................................................................................................... 12

4.2.4 Lincoln, Nebraska to Internet.......................................................................................................................... 13

4.2.5 Retail Stores to Internet ................................................................................................................................... 13

4.3 IP Addressing Scheme ................................................................................................................................................. 14

4.4 IP Routing Protocols & Methods .............................................................................................................................. 14

4.5 WAN Pricing ................................................................................................................................................................. 15

4.5.1 Pricing & Info ............................................................................................................................................................ 15


3

5 Chicago HQ Location: Building A Datacenter ............................................................................................................... 17

5.1 Campus Layout ............................................................................................................................................................. 17

5.2 LAN Design of Headquarter ..................................................................................................................................... 19

5.3 Building A: Proposed Datacenter ............................................................................................................................. 20

5.3.1 Building Layout ......................................................................................................................................................... 20

5.3.2 LAN Topology ......................................................................................................................................................... 21

5.3.3 Rack Equipment ................................................................................................................................................... 22

5.3.4 Network Services .................................................................................................................................................... 24

5.3.5 Network Protocols and Strategies...................................................................................................................... 25

5.3.6 Redundancy ............................................................................................................................................................... 26

5.3.7 Chicago HeadQuarters IP Address Scheme ................................................................................................ 26

5.3.8 Equipment Information & Pricing......................................................................................................................... 28

5.4 Building N: Administration Offices .......................................................................................................................... 30

5.4.1 Building Layout ......................................................................................................................................................... 30

5.4.2 LAN Topology ......................................................................................................................................................... 32

5.4.3 Network Protocols & Strategies ......................................................................................................................... 32

5.4.4 Virtual Local Area Networks(VLANS) ............................................................................................................... 33

5.4.5 Redundancy ............................................................................................................................................................... 33

5.4.6 Rack Equipment ................................................................................................................................................... 34


5.5 Building C: Warehouse ............................................................................................................................................... 36

5.5.1 Building Layout ......................................................................................................................................................... 36

5.5.2 LAN Topology ......................................................................................................................................................... 37

5.5.3 Network Protocols & Strategies ......................................................................................................................... 37

5.5.4 Redundancy ............................................................................................................................................................... 38

5.5.5 Rack Equipment ................................................................................................................................................... 39


6 Lincoln, Nebraska Call Center .......................................................................................................................................... 41

6.1 Building Layout ............................................................................................................................................................. 41

6.2 Lan Topology ................................................................................................................................................................ 42

6.2.1 Wireless Network .................................................................................................................................................. 42

6.3 Network Protocols & Strategies .............................................................................................................................. 43

6.4 Redundancy ................................................................................................................................................................... 43

6.5 Rack Equipment ............................................................................................................................................................ 44


4

6.6 Lincoln, Nebraska IP Scheme .................................................................................................................................... 45

6.7 Equipment Information & Pricing ............................................................................................................................. 46

7 Retail Store Locations .......................................................................................................................................................... 47

7.1 Building Layout ............................................................................................................................................................. 47

7.2 Lan Topology ................................................................................................................................................................ 48

7.3 Network Protocols & Strategies .............................................................................................................................. 48

7.4 Redundancy ................................................................................................................................................................... 49

7.5 Rack Equipment ............................................................................................................................................................ 50

7.6 Local Retail Stores IP Scheme ................................................................................................................................... 51

7.7 Equipment Information & Pricing ............................................................................................................................. 62

8 Implementation Plan ............................................................................................................................................................. 63

8.1 Objectives ...................................................................................................................................................................... 63

8.2 Deliverables ................................................................................................................................................................... 63

8.3 Target Schedule ............................................................................................................................................................ 63

9 Security, Monitoring, and Maintenance ............................................................................................................................ 66

9.1 Security ........................................................................................................................................................................... 66

9.1.1 Policy & Procedure ................................................................................................................................................. 66

9.1.2 Physical Security....................................................................................................................................................... 68

9.1.3 Fingerprint Locks ..................................................................................................................................................... 73

9.2 Software ......................................................................................................................................................................... 73

9.3 Peripherals ..................................................................................................................................................................... 73

9.4 Wireless Network ....................................................................................................................................................... 73

9.4.1 BYOD ......................................................................................................................................................................... 73

9.5 Monitoring ..................................................................................................................................................................... 74

9.5.1 Ticketing System ...................................................................................................................................................... 74

9.5.2 Network Management ........................................................................................................................................... 75

9.6 Maintenance .................................................................................................................................................................. 79

9.6.1 Extended Service Level Agreements for Device Maintence ......................................................................... 79

10 Total Budget ...................................................................................................................................................................... 80

11 Supplemental Documents ............................................................................................................................................... 81

11.1 Equipment ...................................................................................................................................................................... 81

11.1.1 Edge Routers ........................................................................................................................................................ 81

11.1.2 Firewall ACN ....................................................................................................................................................... 82

11.1.3 Core Switches ..................................................................................................................................................... 83


5

11.1.4 Distribution Switches ......................................................................................................................................... 84

11.1.5 Access Switch HQ & Nebraska ....................................................................................................................... 85

11.1.6 Access Points for all locations ......................................................................................................................... 86

11.1.7 Wireless Control ................................................................................................................................................ 87

11.1.8 Active Directory & DHCP ............................................................................................................................... 88

11.1.9 Application Server .............................................................................................................................................. 89

11.1.10 Exchange Server ............................................................................................................................................. 90

11.1.11 Camera & Storage .......................................................................................................................................... 91

11.1.12 Web Server .......................................................................................................................................................... 92

11.1.13 Store Edge Routers........................................................................................................................................ 93

11.1.14 Store Firewalls ................................................................................................................................................ 94

11.1.15 Store Access Switches .................................................................................................................................. 95

11.1.16 Store Printer ........................................................................................................................................................ 96

11.1.17 Store Rack ............................................................................................................................................................ 97

11.1.18 HQ & Nebraska Printers .............................................................................................................................. 98

11.1.19 Security Cameras ................................................................................................................................................ 99

11.1.20 Cat6e Cable ................................................................................................................................................... 100

11.1.21 Computers ..................................................................................................................................................... 101

11.1.22 HQ & Nebraska UPS ................................................................................................................................... 102

11.1.23 Store UPS ....................................................................................................................................................... 103

11.1.24 HQ & Nebraska Racks ................................................................................................................................ 104

11.1.25 Key Card ........................................................................................................................................................ 105

11.1.26 Finger Print Access ...................................................................................................................................... 106


6

Muhammad Siddiqui

Eyad Abdalkarim

Joseph Evans

Dhaval Patel

Bakht Khan


7

1 EXECUTIVE SUMMARY

NetEngine Consulting LLC has been tasked with providing a secure and redundant network for Vincent Music

Outlet. NetEngine will provide a detailed proposal on WAN, LAN, datacenter, office and security design. VMO

has three buildings at the Chicago location and 150 retail stores; Building A, Building N, Building C, and retail

stores nationwide and international. Here is our list important people involved our project:

• Ken is the President of VMO.

• BOB is the Director of operations.

• Joe is the Tech Support.

• Mark is the software developer.

• JP is the representative of JP Telco

• KQ is the representative of KP Telco.

1.1 CHICAGO HQ: BUILDING A

1.1.1 Current Operation

There are tenants from first floor to the third floor. There are 40 nodes with a line rate of 10/100 Mbps

bridged by fiber to building D. The staff on the fourth floor will relocate to building N.

1.1.2 Requirements

We are required to use the basement for our data center design. We have 20 by 15 feet space available for

a telecom room. 150 by 150 feet is available for the datacenter, which will host data and voice communications.

There will only IT in the datacenter office and staff on the fourth floor. The fourth-floor staff will relocate back to

building A fourth floor after construction.

2 CURRENT OPERATIONS & REQUIREMENTS

2.1 CHICAGO HQ: BUILDING B


The management and operations department worked in this building, but will be demolished. This will

become a soccer field for the community to utilize. NetEngine is not responsible for working on this location.

2.2 CHICAGO HQ: BUILDING C

2.2.1 Current Operations

This is the main warehouse for VMO. This will house shipments and logistic operations to retail stores.

2.2.2 Requirements

We will provide Internet (WAN connections) from building C to building A, N and Lincoln, Nebraska


8

2.3 CHICAGO HQ: BUILDING D


This building D currently hosts the datacenter. However, the building will be demolished and the new

datacenter will be housed in building A. NetEngine is not responsible for working on this location.

2.4 CHICAGO HQ: BUILDING N


This building host all the corporate staff, including Executive, Human Resources, Legal, Operation and

Logistics, marketing, accounting and few warehouse staff. The Chicago HQ has a central PBX to 2 PRI. Phones

connected to PBX via 3 twisted pair and fiber mux. Voicemail is served by PBX. The cost for PRI trunk is $350

per month. The Analog cost is $22 per month. The minutes usage estimate is 5450 minutes to Nebraska and

1200 to retail stores.

2.4.2 Requirements

We are required to setup workstations for all employees' users. They will use the VMO application which

will need a server and storage to run on. The minimum bandwidth requirement for the application to run is

50Kbps.

2.5 LINCOLN, NEBRASKA


This is the call center for VMO. There are about 100 customer service representatives and 20

managers. Customer call into VMO customer service number and are connected with an agent which help

customers with any inquires. There are cat5 pairs which terminate in the telecom room. PC connect to

unmanaged switches. Staff have old AT&T phones which run off call center software. The phone connect to

public phone system via 4 ISDN PRI trunks.

2.5.2 Requirements

NetEngine is responsible for call center design and infrastructure for 100 employees and 20 managers.


9

3 NAMING SCHEME FOR ALL EQUIPMENTS

3.1 HEADQUARTER


10

3.2 LINCOLN, NEBRASKA AND RETAIL STORES

4 WIDE AREA NETWORK

4.1 WAN SUMMARY The Wide Area Network (WAN) will be responsible for connecting Chicago headquarters, the customer

service headquarters located in Chicago, and all retail stores. Each store will be connected through two T1

internet ISP lines and VPN tunnels to the main campus. All traffic will flow through the data center located at

the main campus, allowing a centrally managed network. The customer service headquarters will be connected

through a gigabit MPLS local loop. This was done to ensure that all devices will be able to access the application

server concurrently.

Additionally, the WAN will be responsible for providing credit card clearing to each retail location

through JP Telco’s dedicated credit card clearing service. This service will provide a dedicated T1 line from each

store to the clearing service. These lines will not interface directly with VMO’s core network. As a backup and

to cut down on costs, a second option for credit card clearing will be available via the traditional 1-800 clearing

method.


11

4.2 TOPOLOGY

4.2.1 HQ to Lincoln, Nebraska (Site to site connections)

For redundancy we have two T3 local loop lines going from Nebraska to JP ISP and KQ ISP. We also

have two T3 local loop lines going from Chicago to JP and KQ ISP as well.

Figure 1 HQ and Nebraska to JP and KQ ISP


12

4.2.2 HQ to Retail Store

Retails stores will be able to connect to the headquarters in Chicago via VPN Tunnel. There will be a T1

line for credit card clearing provided by JP and KQ Telco.

Figure 2 HQ to Retail Store

4.2.3 HQ to Internet

The headquarters in Chicago will be connected to JP and KQ ISP. There will be one line of 1GB Metro

Ethernet going to each ISP.

Figure 3 HQ to JP and KQ ISP


13

4.2.4 Lincoln, Nebraska to Internet

For the call center In Nebraska, it will be connected to JP and KQ ISP using T3 lines. One line is going to

each ISP.

Figure 4 Nebraska to JP and KQ ISP

4.2.5 Retail Stores to Internet

Retail stores will be connected to JP and KQ ISP. There will be oneT1 line going to each ISP.

Figure 5 Retail Store to JP and KQ ISP


14

4.3 IP ADDRESSING SCHEME IP Addressing:

Our nicest JP telco and KQ telco will provide all the public addresses for all the locations. We assume

that JP and KQ telco will provide range of 100.10.0.0/24 for all locations. So, our main location (HQ) will get

100.10.1.0/24 from JP telco and 100.10.2.0/24 from KQ telco. In Lincoln, Nebraska we assume that we will get

100.10.3.0/24 from JP telco and 100.10.4.0/24 from KQ telco. For all retail stores we assume that we will get

continually IP Addresses between 100.10.5.0/24 to 100.10.224.0/24.

IP ADDRESSING FOR ALL LOCATIONS

JPISP TO ACER1 100.10.1.0/24

KQISP TO ACER2 100.10.2.0/24

JPISP TO LNCR1 100.10.3.0/24

KQISP TO LNCR2 100.10.4.0/24

JPISP TO STORE1R1 100.10.5.0/24

KQISP TO STORE1R2 100.10.6.0/24

JPISP TO STORE2R1 100.10.7.0/24

KQISP TO STORE2R2 100.10.8.0/24

CONTINUALLY GOES ON WITH JPISP &

KQISP TO STORE3R1& STORE3R2 TO

STORE110R1 & STORE110R2

SAME HERE IT WILL CONTINUALLY GO FOR

ALL OTHER STORE WILL BE 100.10.9.0/24 TO

100.10.224.0/24

4.4 IP ROUTING PROTOCOLS & METHODS From the Chicago headquarters to Lincoln Nebraska call center there will be two T3 links running

MPLS on the local loop, at both locations, to two different ISP's. MPLS (multi-protocol label switching)

is a WAN technology that uses labels to decide where to forward packets. The labels are used to identify

the FEC (forward equivalency class). The FEC is collection of packets that are sent to a destination in

the same way, and the same path. This creates a virtual point to point link. The major benefit of MPLS is

that it grants us the ability to engineer the traffic leaving the VMO network. We can decide where and

how traffic will be routed to its destination allowing for faster more efficient packet delivery.

From the headquarters we have provided two ISP's for redundancy. Each ISP will provide metro

Ethernet connection to the internet. Metro Ethernet is an extension of Ethernet technology used in

LANS to a metropolitan area network (MAN). The benefits of using metro Ethernet in a large metropolis

like Chicago are that Ethernet is readily available. This brings an ease to connecting to the internet both

technically and financially.

The WAN connectivity of each store will include a T1 line to the internet, and a second T1 line

that will be a point to point connection to the headquarters. The second T1 will be a private line used

for credit card clearing. The T1 to the internet will be running BGP. BGP (border gateway protocol) is

the main protocol used on the internet. ISP's are provided and autonomous system number, which will

come into play when BGP peers are formed. BGP will form multiple peers that share routing information

with one another and will select the best route to take based on that information.


15

4.5 WAN PRICING

4.5.1 Pricing & Info

Costs:

Our team recommends using MPLS T3 lines to connect headquarter to Lincoln, Nebraska location (site

to site connection). Our best and nicest ISPs JP Telco and KQ telco provided price for T3 local loops from both

ends. So, here we have $2,200 per month from Headquarters’ local loop and from Lincoln, Nebraska’s local loop

price. Between those local loops we have two T1 lines, which cost $1,750 each month.

Cost to connect site to site (HQ to Lincoln, Nebraska)

Description Type of line Per Month For Three Years

JP Telco HQ Local loop T3 Local loop $2,200 $79,200

KQ Telco HQ Local loop T3 Local loop $2,200 $79,200

JP Telco T1 line T1 Line $1,750 $63,000

JP Telco T1 line T1 Line $1,750 $63,000

KQ Telco T1 line T1 Line $1,750 $63,000

KQ Telco T1 line T1 Line $1,750 $63,000

JP Telco Lincoln, NE Local loop T3 Local loop $2,200 $79,200

KQ Telco Lincoln, NE Local loop T3 Local loop $2,200 $79,200

Total

$15,800 $568,800


16

Our team recommends for internet connections to all locations from best and nicest JP Telco and KQ

Telco ISPs. So, we recommend using 1GB metro Ethernet to Internet from HQ, which cost $5,000 per month.

Because we have mostly more than 600 users are working from this site. For Lincoln, NE our team recommends

using T3 line to the internet, which costs $3,500 per month. Because right now they just have 110 users are

accessing the internet. For all stores we recommend using T1 line to the internet, which cost $500 per line for all

in country stores and for international stores $3,500 per month for Saint Lambert, Quebec line, $1,850 per month

for Ottawa, Ontario line, $3,500 per month for Etobicoke, Ontario line, $1,900 per month for Winsdsor, Ontario

line and $2,400 per month for Ottawa, Ontario line.

Connections to internet for both sites and retail stores

Description Type of line Per Month For Three

Years

JP Telco HQ to internet 1GB Metro

Ethernet

$5,000 $180,000

KQ Telco HQ to internet 1GB Metro

Ethernet

$5,000 $180,000

JP Telco Lincoln, NE to internet T3 Line $3,500 $126,000

KQ Telco Lincoln, NE to internet T3 Line $3,500 $126,000

In country all retail stores to internet

with JP & KQ Telco

T1 Line $500 x 105 Stores x 2

ISPs = $105,000

$3,780,000

Saint Lambert, Quebec T1 Line $3,500 x 2 ISPs = $7,000 $252,000

Ottawa, Ontario T1 Line $1,850 x 2 ISPs = $3,700 $133,200

Etobicoke, Ontario T1 Line $3,500 x 2 ISPs = $7,000 $252,000

Winsdsor, Ontario T1 Line $1,900 x 2 ISPs = $3,800 $136,800

Ottawa, Ontario T1 Line $2,400 x 2 ISPs = $4,800 $172,800

Total

$148,300 $5,338,800

Our team recommends to connecting all stores to HQ through VPN because it is very important to

secure all the transactions and all the customers data. We have ASA 5505 firewalls at each retail stores and we

have very high-quality firewall at the HQ which will be capable of more than 1,200 VPN connections.

Credit Card Clearing:

Credit card clearing is use for authorization of credit cards, on Point of sale(POS) at each retail stores.

Daily averages of 40 transactions authorized at each cash register or POS. so our team used JP Telco’s credit card

clearing services. Which costs $2,000 per month for the T1 and $0.05 per clearing. So in total for 110 retail stores

it will cost $220 and for 300 retail stores, it will cost $600 per month.

Credit Card Clearing Price

110 Retail Stores x 40 authorizations x

$0.05

$220 daily for credit card clearing plus $2,000 per

month

300 Retail Stores x 40 authorizations x

$0.05

$600 daily for credit card clearing plus $2,000 per

month


17

5 CHICAGO HQ LOCATION: BUILDING A DATACENTER

5.1 CAMPUS LAYOUT

VMO’s campus includes several main buildings; Building A: management and new data center, Building A:

Warehouse, and Building N: 6 story new construction. Fiber has already been run to each building from building

A. An additional Fiber run will be installed from Building C to Building N for redundancy purposes. In the event

of hardware failure at the edge of any building, a secondary route will be available for all network traffic to flow

through.

Figure 6 Current Campus Design


18

After building B and D are demolished, there will be a new soccer field to reserve that space.

Figure 7 New VMO Campus Plan


19

5.2 LAN DESIGN OF HEADQUARTER

Figure 8 LAN design of HQ


20

5.3 BUILDING A: PROPOSED DATACENTER

5.3.1 Building Layout

Figure 9 Proposed Datacenter Design


21

5.3.2 LAN Topology

Figure 10 LAN of Building A


22

5.3.3 Rack Equipment

Figure 11 Server Racks

Figure 12 Equipment Types

All servers will be located at both VMO Chicago campus and the customer service

headquarters in Lincoln, Nebraska. Additionally, all servers are configured with redundant power

supplies and connected to a battery back-up UPS. All servers come with a 5 pack of Windows

Server 2016 Client Access Licenses for remote desktop (user based).

• Storage Server: Dell PowerEdge R740

The storage server(s) will provide networked storage for all users on the network. One will be placed in the

datacenter at the corporate campus in Chicago while the other will be place in the customer service

headquarters. The chosen chassis for the storage server is the Dell PowerEdge R740 with up to 16 2.5”

SAS/SATA HDDs. Each server is populated with 8 2.4TB 10K RPM SAS hard drives in a RAID 5 configuration,

allowing one drive to fail while keeping all data accessible. A 16 drive chassis was chosen to provide room for

expansion, with a theoretical maximum capacity of 36TB if configured with the same hard drives and raid

configuration. 10K RPM hard drives were chosen to increase read and write performance while also incurring

cost savings. Current market trends show that the price of solid state drives is significantly higher than

traditional hard drives. Redundant power supplies make sure that the server will still have power in case of a

PSU failure. Additionally, the server will be connected to a UPS battery backup, ensuring that the server has


23

enough power to shutdown gracefully or stay online until the backup generators come online. This server also

comes with 5 years of ProSupport from Dell with next business day onsite service. In the event of component

failure, Dell would be able to service the server by the next business day.

• Camera Server: Dell PowerEdge R740

The camera server will be responsible for managing and staring video data for VMO. This server has the

same specifications, configuration, and support as the storage server. This was done because both servers will

require a large amount of storage.

• Application Server: Dell PowerEdge R740

The application server will house VMO’s newly developed application that is responsible for the majority of

VMO’s operations. As such, this is a mission-critical piece of equipment. This server is configured with the same

chassis as the camera and storage servers. It houses 4 2.4TB 10K RPM self-encrypting hard drives. The self-

encrypting hard drives were used because of the possibility of containing sensitive information that should not

be accessible to the public.

• Domain Controller (Active Directory, DNS, DHCP): Dell PowerEdge R740

The Domain Controller, running Windows Server 2016 Standard, will be responsible for active directory,

DNS, and DHCP services. Two servers will be deployed, on at VMO’s main campus and the other at the

customer service headquarters. Each one will provide services at the location they are at. This server is

configured with 8 120GB SSDs in a RAID 5 configuration allowing for fast startup as well as blazing fast

read/write times. DHCP services will only be used for the main campus and the customer service headquarters.

IP address assignment will be done manually for the retail locations. Windows Active Directory will be used to

assign group policies to certain users and computers.

• Web Server: Dell PowerEdge R740

The web server will host any internal/external facing websites. It has been configured with 4 400GB SSDs in

a raid 5 configuration. Due to most of VMO’s business process taking place on the application server, the web

server does not require a massive amount of storage. We decided to utilize the speed and efficiency of solid

state drives to remove any bottlenecks on the server end. The domain controller will work closely with the web

server, providing internal DNS services for easy access from within the network.

• Exchange Server: Dell PowerEdge R740

We will be utilizing a hybrid system for company email services. Our primary service will be Office 365

Enterprise, a cloud-based email service that also provides a Microsoft Office product suite. The Office 365

service provides a custom email domain that will actively sync with the exchange server. This will allow us to still

send emails internally in the event that we lose connectivity to the Office 365 services. Since this server is acting


24

more as a backup than a piece of mission-critical equipment, the decision was made to use a single 120GB SSD

boot drive and a single 2.4TB 10K RPM SAS hard drive. No RAID configuration was set on this server as well.

• Monitoring/ System Log Server: Dell PowerEdge R740

Being able to monitor all aspects of VMO’s network is crucial for determining the health of the network, as

well as preventing unnecessary outages. The monitoring server will have Solarwinds services running on it to

monitor that network and notify staff of potential outages. This server has been configured with a 120GB SSD

boot drive as well as a 1TB 7.2K RPM NLSAS hard drive. This server will not require much storage as it is acting

more as a monitoring tool than a reporting tool. However, reporting tools are built into the Solarwinds suite,

allowing useful data collection VMO’s IT staff.

5.3.4 Network Services

5.3.4.1 Domain Name Services

Domain Name Services, or DNS allow users to connect to a website just by typing the address in words

instead of an IP Address. It does this by looking up the associated name to an IP similar to a phonebook. In the

case of DNS, an IP address is equivalent to a phone number and the URL is the name of a website, which is

easier to remember than an IP address. There are many DNS servers and they are organized in a hierarchy. If a

DNS server does not know the address of a website, then it goes to second DNS server which is higher up in

the hierarchy. There are several root DNS servers which will ensure the lookup a URL if other DNS servers

cannot find it. The root servers are update regularly to ensure all URLs inquiries are met if there is a change.

There is a Central Registry who maintain root servers and receives updates from other DNS servers. For

example, if you were to create a new website, the DNS service update it servers within 36 hour period, known

as propagation.

5.3.4.2 E-Mail Server

E-mail can be done by setting up an email server. Microsoft server 2008, 2012, and 2016 offer e-mail

server roles. The email address is usually associated with the domain address of the business. Users will connect

to [email protected]. The domain part of the address can be changed to the liking of the business. For

VMO, we can create a domain called VMO and an email server which users the @VMO.com. In addition, the

email server stores email locally. However, with cloud storage on the rise, technology companies like Google

and Microsoft are offering services to host the small business email servers. Thus, company emails servers will

be hosted/stored on the cloud.

In our proposed plan, we have a server running IPv4 which take care of the staff IP address. In addition, we have

114 public IP address which allow users to access the internet.

5.3.4.3 Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol, or DHCP allow the assignment of a private internet address. For

internet protocol version 4, there are two types; Public and Private IPs. A public IP address allows a user to

access the internet. A private IP address is used internally and cannot be routed through the internet without

another service called Network Address Translation. An IP addressed is linked to a device’s Media Access

Control Address, or MAC. The MAC address physically encoded during the time of manufacture.

mailto:[email protected]


25

When a devices attempts to connect to a network, a hotspot for example, it is automatically assigned an

IP address through the DHCP server. The host searches for a DHCP server, is assigned an IP address and lease

configuration. IP address are subjet to a lease period.

In our proposed plan, we have a DHCP server running IPv4 which take care of the users IP address.

5.3.4.4 Active Directory

Active Directory, or AD is domain controller which functions within a windows domain. It keeps track

of users and their privileges. It authenticates and authorizes users in cases such as logon, storage drive access,

installation access, and others. Also, it is responsible for the enforcement of security policies, including password

management. There is a hierarchical framework in place for the domain. The highest level is a forest, which

contains configuration, scheme and application information. The lowest level is a domain controller.

We propose to configure active directory and run the domain @vmo.com.

5.3.4.5 Web Server

A web server is hosted a company’s internal servers which make it easier to manage for the IT Staff. The

Web server can be outsourced to third parties such as Go Daddy, or Wix. For in house management of the

web server, it can be configured onto a windows server as additional role. From there, web developers in the IT

department would be responsible for creating website.

We propose to configure the webserver on a its own physical server. We will not use virtualization.

5.3.4.6 Application Server

The application server is configured on a server, which is separate from other servers. The application

server allows be communicate with a database server and storage server. Database, storage and application

server work together to provide a smooth running and mission critical for

5.3.4.7 SYSLOG Server

A syslog server which stores log information for all network devices requires. It removes the tedious

task of going to all the network devices and

We will have syslog server running on the storage sever.

5.3.4.8 File Server

File server is hosted on a storage server. It allows users to a access a common drive which is available to

set of users. Marketing will be access files stored on the marketing drive. There are different drives for different

departments. With different drives comes with different security policies.

5.3.5 Network Protocols and Strategies

5.3.5.1 EIGRP

For the internal network we will use eigrp. Eigrp (enhanced interior gateway protocol) is a cisco

proprietary routing protocol that uses bandwidth, trustworthiness of a link, and delay to calculate it’s metric for

route selection. Eigrp is an efficient routing protocol that allows for fast convergence and optimal bandwidth

allocation. If a link goes down in a network, eigrp is able to adapt to that change in the network in rapid time, by

its use of diffusing update algorithms. Eigrp also conserves bandwidth by not sending routing updates constantly,

or its use of hello packets as with ospf. As a result eigrp is an optimal choice for internal routing of VMO’s

infrastructure.


26

Building A will house the data center. The subnet of 192.168.9.192/27 will be used for all the servers. The

different stores and the Lincoln, Nebraska location will need to access these servers. Since there is a VPN

connection between these different locations a NAT (network address translation) exemption will be configured

for this subnet. NAT exemption will allow any traffic that is destined to a VPN peer to be exempt from being

natted/patted. Considering the packets will be traveling in a secure private network inaccessible from the outside,

there will be no need for explicit NAT/PAT.

5.3.6 Redundancy

In the case of router or switch failure, we have created a network which implements a two-path network.

There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the network equipment

fails in the primary path, the secondary path will activate and update routing tables appropriately, therefore

bypassing the failed router or switch. Similarly, we have implemented primary and secondary links are at all

locations, including Building A: Datacenter, Building N: Administration, Building C: Warehouse. Moreover, if

equipment fails, the secondary path will handle the network. In usual day to day operation, the secondary path

stays passive, it activates when the redundant neighbor does not send “Alive” packet, which is when the second

path router assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make

necessary changes while securing uptime. With so many devices and equipment involved in the network, it is vital

to have redundancy to ensure 99.999% uptime.

5.3.7 Chicago HeadQuarters IP Address Scheme

Major Network: 192.168.0.0/20

Available IP addresses in major network: 4094

Number of IP addresses needed: 2548

Available IP addresses in allocated subnets: 2548

About 64% of available major network address space is used

About 100% of subnetted network address space is used

Subnet

Name

Needed

Size

Allocated

Size

Address Mask Dec Mask Assignable

Range

Broadcast

Building

N

254 254 192.168.0.0 /24 255.255.255.0 192.168.0.1 -

192.168.0.254

192.168.0.255

Building

N

254 254 192.168.1.0 /24 255.255.255.0 192.168.1.1 -

192.168.1.254

192.168.1.255

Building

N

254 254 192.168.2.0 /24 255.255.255.0 192.168.2.1 -

192.168.2.254

192.168.2.255

Building

N

254 254 192.168.3.0 /24 255.255.255.0 192.168.3.1 -

192.168.3.254

192.168.3.255

Building

N

254 254 192.168.4.0 /24 255.255.255.0 192.168.4.1 -

192.168.4.254

192.168.4.255

Building

N

254 254 192.168.5.0 /24 255.255.255.0 192.168.5.1 -

192.168.5.254

192.168.5.255


27

Building

N

126 126 192.168.6.0 /25 255.255.255.128 192.168.6.1 -

192.168.6.126

192.168.6.127

Building

N

126 126 192.168.6.128 /25 255.255.255.128 192.168.6.129 -

192.168.6.254

192.168.6.255

Building

N

126 126 192.168.7.0 /25 255.255.255.128 192.168.7.1 -

192.168.7.126

192.168.7.127

Building

N

126 126 192.168.7.128 /25 255.255.255.128 192.168.7.129 -

192.168.7.254

192.168.7.255

Building

N

126 126 192.168.8.0 /25 255.255.255.128 192.168.8.1 -

192.168.8.126

192.168.8.127

Building

N

126 126 192.168.8.128 /25 255.255.255.128 192.168.8.129 -

192.168.8.254

192.168.8.255

Building

C

62 62 192.168.9.0 /26 255.255.255.192 192.168.9.1 -

192.168.9.62

192.168.9.63

Building

C

62 62 192.168.9.64 /26 255.255.255.192 192.168.9.65 -

192.168.9.126

192.168.9.127

Building

N

62 62 192.168.9.128 /26 255.255.255.192 192.168.9.129 -

192.168.9.190

192.168.9.191

Data

Center

30 30 192.168.9.192 /27 255.255.255.224 192.168.9.193 -

192.168.9.222

192.168.9.223

Data

Center

14 14 192.168.9.224 /28 255.255.255.240 192.168.9.225 -

192.168.9.238

192.168.9.239

ACFW1

TO

ACFW2

2 2 192.168.9.240 /30 255.255.255.252 192.168.9.241 -

192.168.9.242

192.168.9.243

ACFW1

TO

ACSW1

2 2 192.168.9.244 /30 255.255.255.252 192.168.9.245 -

192.168.9.246

192.168.9.247

ACFW2

TO

ACSW2

2 2 192.168.9.248 /30 255.255.255.252 192.168.9.249 -

192.168.9.250

192.168.9.251

ACR1 TO

ACFW1

2 2 192.168.9.252 /30 255.255.255.252 192.168.9.253 -

192.168.9.254

192.168.9.255

ACR1 TO

ACFW2

2 2 192.168.10.0 /30 255.255.255.252 192.168.10.1 -

192.168.10.2

192.168.10.3

ACR1 TO

ACR2

2 2 192.168.10.4 /30 255.255.255.252 192.168.10.5 -

192.168.10.6

192.168.10.7

ACR2 TO

ACFW1

2 2 192.168.10.8 /30 255.255.255.252 192.168.10.9 -

192.168.10.10

192.168.10.11

ACR2 TO

ACFW2

2 2 192.168.10.12 /30 255.255.255.252 192.168.10.13 -

192.168.10.14

192.168.10.15

ACSW1

TO

ACSW2

2 2 192.168.10.16 /30 255.255.255.252 192.168.10.17 -

192.168.10.18

192.168.10.19

ACSW1

TO

CDSW1

2 2 192.168.10.20 /30 255.255.255.252 192.168.10.21 -

192.168.10.22

192.168.10.23


28

ACSW1

TO

CDSW2

2 2 192.168.10.24 /30 255.255.255.252 192.168.10.25 -

192.168.10.26

192.168.10.27

ACSW1

TO

NDSW1

2 2 192.168.10.28 /30 255.255.255.252 192.168.10.29 -

192.168.10.30

192.168.10.31

ACSW1

TO

NDSW2

2 2 192.168.10.32 /30 255.255.255.252 192.168.10.33 -

192.168.10.34

192.168.10.35

ACSW2

TO

CDSW1

2 2 192.168.10.36 /30 255.255.255.252 192.168.10.37 -

192.168.10.38

192.168.10.39

ACSW2

TO

CDSW2

2 2 192.168.10.40 /30 255.255.255.252 192.168.10.41 -

192.168.10.42

192.168.10.43

ACSW2

TO

NDSW1

2 2 192.168.10.44 /30 255.255.255.252 192.168.10.45 -

192.168.10.46

192.168.10.47

ACSW2

TO

NDSW2

2 2 192.168.10.48 /30 255.255.255.252 192.168.10.49 -

192.168.10.50

192.168.10.51

CDSW1

TO

CDSW2

2 2 192.168.10.52 /30 255.255.255.252 192.168.10.53 -

192.168.10.54

192.168.10.55

NDSW1

TO

NDSW2

2 2 192.168.10.56 /30 255.255.255.252 192.168.10.57 -

192.168.10.58

192.168.10.59

5.3.8 Equipment Information & Pricing

Headquarter- Building A

Item Unit Price Quantity Total Cost

Cisco ASR 901 10G

Router (Edge

Router)

$4,032.99 2 $8,065.98

Cisco Firepower

2110 NGFW

(Firewall)

$8,471.99 2 $16,943.98

Cisco Catalyst 9500-

48 ports (Core

Switch)

$16,519.99 2 $33,039.98

Cisco Catalyst

2960L48 ports

(Access Switch)

$1,876.99 3 $5,630.97

Cisco Aironet

18321- Wireless

Access Point

$367.99 1 $367.99


29

Cisco 2504 Wireless

Controller

$4,397.99 1 $4,397.99

Dell PowerEdge

R740 for

AD/DNS/DHCP

$9,737.90 1 $9,737.90

Dell PowerEdge

R740 for Application

Server

$11,685.51 1 $11,685.51

Dell PowerEdge

R740 for Exchange

Server

$7,766.48 1 $7,766.48

Dell PowerEdge

R740 for Camera &

Storage

$13,084.37 2 $26,168.74

Dell PowerEdge

R740 for Web

Server

$8,473.27 1 $8,473.27

HP Color LaserJet

Pro M477fdn

$379.00 1 $379.00

TRENDnet TV

IP310P1 PoE

Network Camera

$129.99 5 $649.95

CAT6e 23/44 pair

550MHz Plenum

Wires

$236.36 10 $2,363.60

HP 24-g010- all in

one A8 7410

$507.99 3 1,523.97

APC Smart- UPS X

1500VA

$804.99 7 $5,634.93

42U Adjustable 4

Server Equipment

Rack

$333.99 5 $1,669.95

Timemoto TM-626

Fingerprint Sensor

$449.00 1 $449.00

Isonas Pure Key

Card Access

$1,356.00 1 $1,356.00

Total cost for

Building A

$146,305.19


30

5.4 BUILDING N: ADMINISTRATION OFFICES Building N, a newly constructed six-story building, will house offices for employees on VMO’s campus.

This building is comprised of six floors, each with 100 nodes. All networking equipment for the building will be

housed in the basement.



31


32

5.4.2 LAN Topology

Figure 13 LAN of Building N

5.4.3 Network Protocols & Strategies

Each department in building N will be configured in its own VLAN. From there the access switches

connected to the distribution switch will be configured with an 802.1q trunk port. This will allow the different

VLANS to communicate with one another. The distribution switches will be configured with HSRP or hot standby

routing protocol. This will create a virtual link within the distribution switch that will act as the default gateway of

the end nodes.

The distribution switches connected to the access switches will also be configured with IP SLA. IP SLA is

a feature in cisco devices that monitor in real time the performance of the network. IP SLA will give feedback on

packet loss, connectivity and delay. There are multiple timestamps on an IP SLA packet. If the latency of the packets

exceed a certain time it could indicate there is an issue with the receiving device. If there is an issue with a link

then the distribution switch will have a failover link which will transfer data sent from the access switches to a

secondary link for transit.

Building N will have private ip addresses on each floor for all devices. The hosts will be the only devices

needing to egress and ingress the network. There will be public IP’s assigned on the outside interfaces of the

routers connected to both JP Telco and KQ telco. Since there aren’t many public ip addresses available along with

the inability to traverse the internet with a private IP address, NetEngine has decided to PAT (port address


33

translation) the private ip address to the public ip on the outside interface of the router connected to JP Telco.

PAT is the process of having all the private ip addresses in a network access the internet using a single public ip

address. The distinguishing factor of all the ip addresses is the logical port number that is assigned to each session.

The number of port numbers that are assignable depends on the memory of the device. In the case of the router

we will purchase for VMO headquarters has total memory of 100 GB. Each PAT entry needs 160 bits of memory

to be allocated. This will allow for an abundance of public ip addresses to be used. The private ip address range of

each floor is listed below, along with an example of their public IP with port number.

• Floor 6: 192.168.5.0 – 100.10.1.1: 5001

• Floor 5: 192.168.5.0 – 100.10.1.1: 5002

• Floor 4: 192.168.5.0 – 100.10.1.1: 5003

• Floor 3: 192.168.5.0 – 100.10.1.1: 5004

• Floor 2: 192.168.5.0 – 100.10.1.1: 5005

• Floor 1: 192.168.5.0 – 100.10.1.1: 5006

• Basement: 192.168.5.0 – 100.10.1.1: 5007

5.4.4 Virtual Local Area Networks(VLANS)

Floor # of Users VLANs 6th Floor Admin Staff: 50 users Access point VLAN 10 (254 Hosts)

Switch VLAN (124 Hosts)

5th Floor Management: 50 Users

Legal: 10 Users

Access point VLAN 10 (254 Hosts)


4th Floor Marketing: 100 Users Access point VLAN 10 (254 Hosts)


3rd Floor Marketing: 50 users

Logistics: 50 Users



2nd Floor Accounting: 50 Users

HR: 10 Users



1st Floor Operations: 100 Users Access point VLAN 10 (254 Hosts)


5.4.5 Redundancy

In the case of router or switch failure, we have created a network which implements a two-path network.



bypassing the failed router or switch. Similarly, we have implemented primary and secondary links are all locations,

including Building A: Datacenter, Building N: Administration, Building C: Warehouse. Moreover, if equipment fails,

the secondary path will handle the network. In usually day to day operation, the secondary path stays passive, it

activates when the redundant neighbor does not send “Alive” packet, which is when the second path router

assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make necessary

changes while not worry about the network. With so many devices and equipment involved in the network, it is

vital to have redundancy to ensure 99.999% uptime.


34


In building N, there are two racks that are composed of 26 access switches, 1 UPS and 2 distribution

switches. The role of the access switches is to connect all the end devices to the network. From there the access

switches are connected to the distribution switches. Distribution switches are also known as layer three switches

due to their routing capabilities. These switches are meant to provide the access layer a path to the core layer so

that the network devices can send packets to one another and to the WAN. The configuration to the distribution

switches we will use for VMO headquarters are also configured with a trunk port allowing for inter-vlan routing

without the core switch.


Figure 15 Server Equipment


35


Headquarter- Building N



48 Ports Switch

$6,311.99 2 $12,623.98

Cisco Catalyst

2960L- 48 Ports

Switch

$1,876.99 26 $48,801.74

Cisco Aironet

18321- Wireless

Access Point

$367.99 54 $19,871.46

Cisco 2504 Wireless

Controller

$4,397.99 1 $4,397.99

HP Color LaserJet

Pro M477fdn

$379.00 80 $30,320.00

TRENDnet TV

IP310P1 PoE

Network Camera

$129.99 60 $7,799.40

CAT6e 23/44 pair

550MHz Plenum

Wires

$236.36 75 $17,727

HP 24-g010- all in

one A8 7410

$507.99 600 304,794.00

APC Smart- UPS X

1500VA

$804.99 1 $804 .99

42U Adjustable 4

Server Equipment

Rack

$333.99 2 $667.98

Isonas Pure Key

Card Access

$1,356.00 14 $18,984.00

Total cost for

Building N

$466,792.54


36

5.5 BUILDING C: WAREHOUSE



37

5.5.2 LAN Topology

Figure 16 LAN of Building C

5.5.3 Network Protocols & Strategies

For building C, the same protocols and strategies will be used as in building N. The VLANS will be

determined by which device is on that VLAN. Hosts used by the warehouse workers will be put on VLAN 10,

while cameras, printers, and access points will be in VLAN 20. For the host VLAN 10 a /26 mask was used to

allocate enough space for 62 users. The same /26 mask is used for the second VLAN 20.

The distribution switches connected to the access switches will be configured with 802.1q trunk ports.

This will allow for the different VLANS to communicate with one another. From there the distribution switches

will also be configured with HSRP. This will allow the switch to create a virtual link that will act as the default

gateway of all the devices. HSRP will also allow us to configure priority to the connected links. With this we can

configure a primary link and a secondary link. In the case of primary link going down, the traffic will be forwarded

to the secondary link allowing for failover. To do this IP SLA will also be configured which will give feedback in

real time on different network metrics such as jitter, delay, and RTT.

Similar to building N, the hosts in the warehouse will be the only devices that need to undergo port

address translation. All of the hosts are on network 192.168.9.0/24. Using PAT, the ip addresses will use the public

ip address of 100.10.1.1/24 to access the internet.


38

5.5.4 Redundancy

In the case of router or switch failure, we have created a network which implements a two-path

network. There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the

network equipment fails in the primary path, the secondary path will activate and update routing tables

appropriately, therefore bypassing the failed router or switch. Similarly, we have implemented primary

and secondary links are all locations, including Building A: Datacenter, Building N: Administration,

Building C: Warehouse. Moreover, if equipment fails, the secondary path will handle the network. In

usually day to day operation, the secondary path stays passive, it activates when the redundant neighbor

does not send “Alive” packet, which is when the second path router assumes it is offline. In the meantime,

a network engineer can replace the failed equipment and make necessary changes while not worry about

the network. With so many devices and equipment involved in the network, it is vital to have redundancy

to ensure 99.999% uptime.


39


Building C will have 2 distribution switches, 1 UPS and 2 access switches. The access switches will provide

the end devices with network access. The distribution switches will be configured with trunk ports to allow inter-

vlan routing and will create a path for the access switches to the core switch.




40


Headquarter- Building C



48 Ports Switch

$6,311.99 2 $12,623.98

Cisco Catalyst

2960L- 48 Ports

Switch

$1,876.99 2 $3,753.98

Cisco Aironet

18321- Wireless

Access Point

$367.99 6 $2,207.94

Cisco 2504 Wireless

Controller

$4,397.99 1 $4,397.99

HP Color LaserJet

Pro M477fdn

$379.00 4 $1,516.00

TRENDnet TV

IP310P1 PoE

Network Camera

$129.99 10 $1,299.90

CAT6e 23/44 pair

550MHz Plenum

Wires

$236.36 15 $3,545.40

HP 24-g010- all in

one A8 7410

$507.99 25 12,699.75

APC Smart- UPS X

1500VA

$804.99 1 $804 .99

42U Adjustable 4

Server Equipment

Rack

$333.99 2 $667.98

Isonas Pure Key

Card Access

$1,356.00 1 $1,356.00

Total cost for

Building C

$44,873.91


41

6 LINCOLN, NEBRASKA CALL CENTER

The customer service headquarters, located in Lincoln, Nebraska, receives all phone and mail

orders. It is also responsible for all customer service inquires for VMO. There are 20 managers and

100 customer service agents for a total of 120 employees at the customer service headquarters. As

part of the new infrastructure redesign, a completely new data infrastructure will be provided and

implemented.

6.1 BUILDING LAYOUT


42

6.2 LAN TOPOLOGY

6.2.1 Wireless Network

Part of this new redesign is the inclusion of a network for wireless devices (printers, laptops,

etc..). This will be done through implementation of a newly designed wireless network, utilizing

multiple Cisco access points. Two network SSIDs will be created, one for company use and the other

for guest wireless access. These two SSIDs will be broadcasted over Cisco Aironet 1832l wireless APs.

These APs support dual band operation as well as 802.11ac support.

SSID VLAN

VMO 24

VMO-Guest 25

The wireless access points will be controlled by a Cisco 2504 series wireless controller. It will be

able to manage up to 25 APs. Each building will have one of these controllers on premises, allowing for

easy and fast configuration and management of each AP. Additionally, these wireless controllers

support high-availability failover for added redundancy and ease of mind.


43

6.3 NETWORK PROTOCOLS & STRATEGIES For the internal network, the end point devices will dynamically get IP addresses from the DHCP server.

Using HSRP protocol on the core switches, a virtual default gateway will be configured. HSRP will also allow for

higher priority to one core switch which will make it the primary egress device.

The core switches are connected to the firewalls, with static routes configured on the switch to the

firewalls. There will be two firewalls in this location allowing for high availability. In the case of device failure, the

firewalls will be configured with failover. This will allow the functionality of the main firewall connected to the JP

telco LAN router to switch over to the secondary firewall.

The hosts in the call center in Lincoln, Nebraska will have the private ip address range of 172.16.0.0/24 and

the servers will be in the range of 172.16.2.0/27. The storage server will need to be able to have access from the

stores. This is where the credit card clearing data will be stored. A NAT exemption rule will be made on the

firewall to exempt the natting of ip addresses from these locations. There will be a PAT rule also be put in place

to allow for public ip addresses to traverse the public web.

6.4 REDUNDANCY In the case of router or switch failure, we have created a network which implements a two-path network.



bypassing the failed router or switch. Moreover, if equipment fails, the secondary path will handle the network. In

usually day to day operation, the secondary path stays passive, it activates when the redundant neighbor does not

send “Alive” packet, which is when the second path router assumes it is offline. In the meantime, a network

engineer can replace the failed equipment and make necessary changes while not worry about the network. With

so many devices and equipment involved in the network, it is vital to have redundancy to ensure 99.999% uptime.


44

6.5 RACK EQUIPMENT The racks in Lincoln, Nebraska will house 10 access switches, 2 edge routers, 2 firewalls, 2 servers, 3 UPS’s

and the 2 core switches. The access switches will provide network access for all the end devices, while the core

switches will provide inter-vlan routing via 802.1q trunk ports and access to the WAN.




45

6.6 LINCOLN, NEBRASKA IP SCHEME







Subnet

Name

Needed

Size

Allocated

Size

Address Mask Dec Mask Assignable

Range

Broadcast

Regular

Users

254 254 172.16.0.0 /24 255.255.255.0 172.16.0.1 -

172.16.0.254

172.16.0.255

Regular

Users (APs,

Cameras)

254 254 172.16.1.0 /24 255.255.255.0 172.16.1.1 -

172.16.1.254

172.16.1.255

Data Center 30 30 172.16.2.0 /27 255.255.255.224 172.16.2.1 -

172.16.2.30

172.16.2.31

Data Center

(APs,

Cameras)

14 14 172.16.2.32 /28 255.255.255.240 172.16.2.33 -

172.16.2.46

172.16.2.47

LNCFW1

TO

LNCFW2

2 2 172.16.2.48 /30 255.255.255.252 172.16.2.49 -

172.16.2.50

172.16.2.51

LNCFW1

TO

LNCSW1

2 2 172.16.2.52 /30 255.255.255.252 172.16.2.53 -

172.16.2.54

172.16.2.55

LNCFW2

TO

LNCSW2

2 2 172.16.2.56 /30 255.255.255.252 172.16.2.57 -

172.16.2.58

172.16.2.59

LNCR1 TO

LNCFW1

2 2 172.16.2.60 /30 255.255.255.252 172.16.2.61 -

172.16.2.62

172.16.2.63

LNCR1 TO

LNCFW2

2 2 172.16.2.64 /30 255.255.255.252 172.16.2.65 -

172.16.2.66

172.16.2.67

LNCR1 TO

LNCR2

2 2 172.16.2.68 /30 255.255.255.252 172.16.2.69 -

172.16.2.70

172.16.2.71

LNCR2 TO

LNCFW1

2 2 172.16.2.72 /30 255.255.255.252 172.16.2.73 -

172.16.2.74

172.16.2.75

LNCR2 TO

LNCFW2

2 2 172.16.2.76 /30 255.255.255.252 172.16.2.77 -

172.16.2.78

172.16.2.79


46

6.7 EQUIPMENT INFORMATION & PRICING

Lincoln, Nebraska


Cisco ASR 901 10G

Router (Edge

Router)

$4,032.99 2 $8,065.98

Cisco Firepower

2110 NGFW

(Firewall)

$8,471.99 2 $16,943.98


48 ports (Core

Switch)

$16,519.99 2 $33,039.98

Cisco

Catalyst2960L-48

ports (Access

Switch)

$1,876.99 10 $18,769.90

Dell PowerEdge

R740 for Camera &

Storage

$13,084.37 2 $26,168.74

Cisco Aironet

18321- Wireless

Access Point

$367.99 8 $2,943.92

Cisco 2504 Wireless

Controller

$4,397.99 1 $4,397.99

HP Color LaserJet

Pro M477fdn

$379.00 11 $4,169.00

TRENDnet TV

IP310P1 PoE

Network Camera

$129.99 20 $2,599.80

CAT6e 23/44 pair

550MHz Plenum

Wires

$236.36 25 $5,909.00

HP 24-g010- all in

one A8 7410

$507.99 120 $60,958.80

APC Smart- UPS X

1500VA

$804.99 1 $804.99

42U Adjustable 4

Server Equipment

Rack

$333.99 2 $667.98

Isonas Pure Key

Card Access

$1,356.00 3 $4,068.00

Total cost for

Building Lincoln, NE

$189,508.06


47

7 RETAIL STORE LOCATIONS

7.1 BUILDING LAYOUT

Each retail location has 4 Point-of-Sale (POS) terminals requiring credit card clearing services.

These credit card clearing services will be provided by JP Telco via a dedicated T1 link.


48

7.2 LAN TOPOLOGY

Figure 21 Lan Topology for Store

7.3 NETWORK PROTOCOLS & STRATEGIES The T1 to the internet and the point to point T1 will be running BGP. BGP (border gateway protocol) is

the main protocol used on the internet. ISP's are provided an autonomous system number, which will come into

play when BGP peers are formed. BGP will form multiple peers that share routing information with one another

and will select the best route to take based on that information.

The firewalls at each location will be running an IPSEC VPN. IPSEC VPN offers strong encryption via two

different methods, tunnel and transport. In tunnel mode both the payload of the packet and the header information

are encrypted, and a new headers will be attached. One of the two headers added are AH (authentication header)

which complies with AH protocol. AH protocol is responsible for authentication of the packet using algorithms

such as hmac-sha and hmac-md5.

The next header that is attached is the ESP header. The ESP header is responsible for the integrity of the

data, meaning it makes sure the payload stays secure until it reaches its destination. It does this by using

confidentiality, authentication, or both methods by encrypting the data with the same algorithms as AH. Either


49

one of these protocols will encapsulate the data packets or both can be used in conjunction with one another. As

a result of the combination of IPSEC tunneling from firewall to firewall, and a secondary T1 for credit card clearing;

this will provide secure transport of customer data along with multiple avenues of transport to make sure data

reaches headquarters.

The point of sale devices in the stores will have their traffic destined for the headquarters encrypted via the

VPN on the credit card clearing line provided by JP Telco. The stores will have private ip addresses similar to the

store at DePaul University of 10.110.2.96/27. There won’t be need for explicit PAT for these devices considering

they will be traveling through a point to point line on top of a VPN, allowing for secure travel. Any other devices

that are using the T1 to traverse the internet will be able to using dynamic NAT. This will allow the different

devices in the private network to be dynamically assigned a public ip from a pool of addresses given by JP Telco.

7.4 REDUNDANCY In the case of router or switch failure, we have created a network which implements a two-path

network. There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the

network equipment fails in the primary path, the secondary path will activate and update routing tables

appropriately, therefore bypassing the failed router or switch. Moreover, if equipment fails, the secondary

path will handle the network. In usually day to day operation, the secondary path stays passive, it activates

when the redundant neighbor does not send “Alive” packet, which is when the second path router

assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make

necessary changes while not worry about the network. With so many devices and equipment involved

in the network, it is vital to have redundancy to ensure 99.999% uptime.


50

7.5 RACK EQUIPMENT

The racks in the stores will house the firewall, routers and access switches.

Figure 22 Server Rack



51

7.6 LOCAL RETAIL STORES IP SCHEME For the VMO retail stores, we plan to assign two subnets at each store. The first subnet is for

Vlan 10, which will have 14 available host /28. The second subnet is for Vlan 20, which will have 30

hosts for local users and /27. We allocated a10.10.0.0/18 for retail stores and subnetted in variable

lengths. The







Subnet Name Neede

d Size

Allocate

d Size

Address Mas

k

Dec Mask Assignable

Range

Broadcast

A.C.C. 14 14 10.10.13.192 /28 255.255.255.240 10.10.13.193 -

10.10.13.206

10.10.13.207

A.C.C. 30 30 10.10.0.0 /27 255.255.255.224 10.10.0.1 -

10.10.0.30

10.10.0.31

A.S.U. 14 14 10.10.13.208 /28 255.255.255.240 10.10.13.209 -

10.10.13.222

10.10.13.223

A.S.U. 30 30 10.10.0.32 /27 255.255.255.224 10.10.0.33 -

10.10.0.62

10.10.0.63

Addam's

University -

Raliegh

30 30 10.10.0.64 /27 255.255.255.224 10.10.0.65 -

10.10.0.94

10.10.0.95

Addam's

University -

Raliegh

14 14 10.10.13.224 /28 255.255.255.240 10.10.13.225 -

10.10.13.238

10.10.13.239

Alamance 14 14 10.10.13.240 /28 255.255.255.240 10.10.13.241 -

10.10.13.254

10.10.13.255

Alamance 30 30 10.10.0.96 /27 255.255.255.224 10.10.0.97 -

10.10.0.126

10.10.0.127

Alcorn State 30 30 10.10.0.128 /27 255.255.255.224 10.10.0.129 -

10.10.0.158

10.10.0.159

Alcorn State 14 14 10.10.14.0 /28 255.255.255.240 10.10.14.1 -

10.10.14.14

10.10.14.15

B.U. 14 14 10.10.14.16 /28 255.255.255.240 10.10.14.17 -

10.10.14.30

10.10.14.31

B.U. 30 30 10.10.0.160 /27 255.255.255.224 10.10.0.161 -

10.10.0.190

10.10.0.191

Baylor

Medical Book

Store

14 14 10.10.14.32 /28 255.255.255.240 10.10.14.33 -

10.10.14.46

10.10.14.47


52

Baylor

Medical Book

Store

30 30 10.10.0.192 /27 255.255.255.224 10.10.0.193 -

10.10.0.222

10.10.0.223

Becker

College

30 30 10.10.0.224 /27 255.255.255.224 10.10.0.225 -

10.10.0.254

10.10.0.255

Becker

College

14 14 10.10.14.48 /28 255.255.255.240 10.10.14.49 -

10.10.14.62

10.10.14.63

Blackhawk 14 14 10.10.14.64 /28 255.255.255.240 10.10.14.65 -

10.10.14.78

10.10.14.79

Blackhawk 30 30 10.10.1.0 /27 255.255.255.224 10.10.1.1 -

10.10.1.30

10.10.1.31

Butler 14 14 10.10.14.80 /28 255.255.255.240 10.10.14.81 -

10.10.14.94

10.10.14.95

Butler 30 30 10.10.1.32 /27 255.255.255.224 10.10.1.33 -

10.10.1.62

10.10.1.63

C.S.M. 14 14 10.10.14.96 /28 255.255.255.240 10.10.14.97 -

10.10.14.110

10.10.14.111

C.S.M. 30 30 10.10.1.64 /27 255.255.255.224 10.10.1.65 -

10.10.1.94

10.10.1.95

Carroll 30 30 10.10.1.96 /27 255.255.255.224 10.10.1.97 -

10.10.1.126

10.10.1.127

Carroll 14 14 10.10.14.112 /28 255.255.255.240 10.10.14.113 -

10.10.14.126

10.10.14.127

Central 14 14 10.10.14.128 /28 255.255.255.240 10.10.14.129 -

10.10.14.142

10.10.14.143

Central 30 30 10.10.1.128 /27 255.255.255.224 10.10.1.129 -

10.10.1.158

10.10.1.159

Champlain

College

Bookstore

14 14 10.10.14.144 /28 255.255.255.240 10.10.14.145 -

10.10.14.158

10.10.14.159

Champlain

College

Bookstore

30 30 10.10.1.160 /27 255.255.255.224 10.10.1.161 -

10.10.1.190

10.10.1.191

City

University

14 14 10.10.14.160 /28 255.255.255.240 10.10.14.161 -

10.10.14.174

10.10.14.175

City

University

30 30 10.10.1.192 /27 255.255.255.224 10.10.1.193 -

10.10.1.222

10.10.1.223

College of the

Canyons

30 30 10.10.1.224 /27 255.255.255.224 10.10.1.225 -

10.10.1.254

10.10.1.255

College of the

Canyons

14 14 10.10.14.176 /28 255.255.255.240 10.10.14.177 -

10.10.14.190

10.10.14.191

Columbia 30 30 10.10.2.0 /27 255.255.255.224 10.10.2.1 -

10.10.2.30

10.10.2.31

Columbia 14 14 10.10.14.192 /28 255.255.255.240 10.10.14.193 -

10.10.14.206

10.10.14.207

Creighton 30 30 10.10.2.32 /27 255.255.255.224 10.10.2.33 -

10.10.2.62

10.10.2.63

Creighton 14 14 10.10.14.208 /28 255.255.255.240 10.10.14.209 -

10.10.14.222

10.10.14.223


53

Daemen

College

14 14 10.10.14.224 /28 255.255.255.240 10.10.14.225 -

10.10.14.238

10.10.14.239

Daemen

College

30 30 10.10.2.64 /27 255.255.255.224 10.10.2.65 -

10.10.2.94

10.10.2.95

DePaul

University

30 30 10.10.2.96 /27 255.255.255.224 10.10.2.97 -

10.10.2.126

10.10.2.127

DePaul

University

14 14 10.10.14.240 /28 255.255.255.240 10.10.14.241 -

10.10.14.254

10.10.14.255

Dominican 30 30 10.10.2.128 /27 255.255.255.224 10.10.2.129 -

10.10.2.158

10.10.2.159

Dominican 14 14 10.10.15.0 /28 255.255.255.240 10.10.15.1 -

10.10.15.14

10.10.15.15

Drew 14 14 10.10.15.16 /28 255.255.255.240 10.10.15.17 -

10.10.15.30

10.10.15.31

Drew 30 30 10.10.2.160 /27 255.255.255.224 10.10.2.161 -

10.10.2.190

10.10.2.191

F.S.C.C. 14 14 10.10.15.32 /28 255.255.255.240 10.10.15.33 -

10.10.15.46

10.10.15.47

F.S.C.C. 30 30 10.10.2.192 /27 255.255.255.224 10.10.2.193 -

10.10.2.222

10.10.2.223

Fisk

University

30 30 10.10.2.224 /27 255.255.255.224 10.10.2.225 -

10.10.2.254

10.10.2.255

Fisk

University

14 14 10.10.15.48 /28 255.255.255.240 10.10.15.49 -

10.10.15.62

10.10.15.63

Fitchburg

State College

30 30 10.10.3.0 /27 255.255.255.224 10.10.3.1 -

10.10.3.30

10.10.3.31

Fitchburg

State College

14 14 10.10.15.64 /28 255.255.255.240 10.10.15.65 -

10.10.15.78

10.10.15.79

Florida State 30 30 10.10.3.32 /27 255.255.255.224 10.10.3.33 -

10.10.3.62

10.10.3.63

Florida State 14 14 10.10.15.80 /28 255.255.255.240 10.10.15.81 -

10.10.15.94

10.10.15.95

Florida State

University

14 14 10.10.15.96 /28 255.255.255.240 10.10.15.97 -

10.10.15.110

10.10.15.111

Florida State

University

30 30 10.10.3.64 /27 255.255.255.224 10.10.3.65 -

10.10.3.94

10.10.3.95

Fontbonne 30 30 10.10.3.96 /27 255.255.255.224 10.10.3.97 -

10.10.3.126

10.10.3.127

Fontbonne 14 14 10.10.15.112 /28 255.255.255.240 10.10.15.113 -

10.10.15.126

10.10.15.127

Fort Hays

State

University

30 30 10.10.3.128 /27 255.255.255.224 10.10.3.129 -

10.10.3.158

10.10.3.159

Fort Hays

State

University

14 14 10.10.15.128 /28 255.255.255.240 10.10.15.129 -

10.10.15.142

10.10.15.143

Franklin

Pierce

College

14 14 10.10.15.144 /28 255.255.255.240 10.10.15.145 -

10.10.15.158

10.10.15.159


54

Franklin

Pierce

College

30 30 10.10.3.160 /27 255.255.255.224 10.10.3.161 -

10.10.3.190

10.10.3.191

G.W. 14 14 10.10.15.160 /28 255.255.255.240 10.10.15.161 -

10.10.15.174

10.10.15.175

G.W. 30 30 10.10.3.192 /27 255.255.255.224 10.10.3.193 -

10.10.3.222

10.10.3.223

GMU 30 30 10.10.3.224 /27 255.255.255.224 10.10.3.225 -

10.10.3.254

10.10.3.255

GMU 14 14 10.10.15.176 /28 255.255.255.240 10.10.15.177 -

10.10.15.190

10.10.15.191

Georgetown

University

30 30 10.10.4.0 /27 255.255.255.224 10.10.4.1 -

10.10.4.30

10.10.4.31

Georgetown

University

14 14 10.10.15.192 /28 255.255.255.240 10.10.15.193 -

10.10.15.206

10.10.15.207

Holy Names

College

30 30 10.10.4.32 /27 255.255.255.224 10.10.4.33 -

10.10.4.62

10.10.4.63

Holy Names

College

14 14 10.10.15.208 /28 255.255.255.240 10.10.15.209 -

10.10.15.222

10.10.15.223

Humber

College

Campus

Store

30 30 10.10.4.64 /27 255.255.255.224 10.10.4.65 -

10.10.4.94

10.10.4.95

Humber

College

Campus

Store

14 14 10.10.15.224 /28 255.255.255.240 10.10.15.225 -

10.10.15.238

10.10.15.239

Huntington 30 30 10.10.4.96 /27 255.255.255.224 10.10.4.97 -

10.10.4.126

10.10.4.127

Huntington 14 14 10.10.15.240 /28 255.255.255.240 10.10.15.241 -

10.10.15.254

10.10.15.255

IIT 14 14 10.10.16.0 /28 255.255.255.240 10.10.16.1 -

10.10.16.14

10.10.16.15

IIT 30 30 10.10.4.128 /27 255.255.255.224 10.10.4.129 -

10.10.4.158

10.10.4.159

Kentucky

Wesleyan

30 30 10.10.4.160 /27 255.255.255.224 10.10.4.161 -

10.10.4.190

10.10.4.191

Kentucky

Wesleyan

14 14 10.10.16.16 /28 255.255.255.240 10.10.16.17 -

10.10.16.30

10.10.16.31

Lake Forest

College

30 30 10.10.4.192 /27 255.255.255.224 10.10.4.193 -

10.10.4.222

10.10.4.223

Lake Forest

College

14 14 10.10.16.32 /28 255.255.255.240 10.10.16.33 -

10.10.16.46

10.10.16.47

Librairie de la

Cite'

Colle'giale

14 14 10.10.16.48 /28 255.255.255.240 10.10.16.49 -

10.10.16.62

10.10.16.63

Librairie de la

Cite'

Colle'giale

30 30 10.10.4.224 /27 255.255.255.224 10.10.4.225 -

10.10.4.254

10.10.4.255


55

Loyola

University

New Orleans

30 30 10.10.5.0 /27 255.255.255.224 10.10.5.1 -

10.10.5.30

10.10.5.31

Loyola

University

New Orleans

14 14 10.10.16.64 /28 255.255.255.240 10.10.16.65 -

10.10.16.78

10.10.16.79

Lyndon 14 14 10.10.16.80 /28 255.255.255.240 10.10.16.81 -

10.10.16.94

10.10.16.95

Lyndon 30 30 10.10.5.32 /27 255.255.255.224 10.10.5.33 -

10.10.5.62

10.10.5.63

M.S.U. 30 30 10.10.5.64 /27 255.255.255.224 10.10.5.65 -

10.10.5.94

10.10.5.95

M.S.U. 14 14 10.10.16.96 /28 255.255.255.240 10.10.16.97 -

10.10.16.110

10.10.16.111

MSU 30 30 10.10.5.96 /27 255.255.255.224 10.10.5.97 -

10.10.5.126

10.10.5.127

MSU 14 14 10.10.16.112 /28 255.255.255.240 10.10.16.113 -

10.10.16.126

10.10.16.127

Manhattan 30 30 10.10.5.128 /27 255.255.255.224 10.10.5.129 -

10.10.5.158

10.10.5.159

Manhattan 14 14 10.10.16.128 /28 255.255.255.240 10.10.16.129 -

10.10.16.142

10.10.16.143

Marietta

College

14 14 10.10.16.144 /28 255.255.255.240 10.10.16.145 -

10.10.16.158

10.10.16.159

Marietta

College

30 30 10.10.5.160 /27 255.255.255.224 10.10.5.161 -

10.10.5.190

10.10.5.191

Marquette

University

14 14 10.10.16.160 /28 255.255.255.240 10.10.16.161 -

10.10.16.174

10.10.16.175

Marquette

University

30 30 10.10.5.192 /27 255.255.255.224 10.10.5.193 -

10.10.5.222

10.10.5.223

McCook 30 30 10.10.5.224 /27 255.255.255.224 10.10.5.225 -

10.10.5.254

10.10.5.255

McCook 14 14 10.10.16.176 /28 255.255.255.240 10.10.16.177 -

10.10.16.190

10.10.16.191

Merritt 14 14 10.10.16.192 /28 255.255.255.240 10.10.16.193 -

10.10.16.206

10.10.16.207

Merritt 30 30 10.10.6.0 /27 255.255.255.224 10.10.6.1 -

10.10.6.30

10.10.6.31

Mississippi

State

University

14 14 10.10.16.208 /28 255.255.255.240 10.10.16.209 -

10.10.16.222

10.10.16.223

Mississippi

State

University

30 30 10.10.6.32 /27 255.255.255.224 10.10.6.33 -

10.10.6.62

10.10.6.63

NWU 14 14 10.10.16.224 /28 255.255.255.240 10.10.16.225 -

10.10.16.238

10.10.16.239

NWU 30 30 10.10.6.64 /27 255.255.255.224 10.10.6.65 -

10.10.6.94

10.10.6.95


56

Norfolk State

University

30 30 10.10.6.96 /27 255.255.255.224 10.10.6.97 -

10.10.6.126

10.10.6.127

Norfolk State

University

14 14 10.10.16.240 /28 255.255.255.240 10.10.16.241 -

10.10.16.254

10.10.16.255

North

Central

30 30 10.10.6.128 /27 255.255.255.224 10.10.6.129 -

10.10.6.158

10.10.6.159

North

Central

14 14 10.10.17.0 /28 255.255.255.240 10.10.17.1 -

10.10.17.14

10.10.17.15

Notre Dame 30 30 10.10.6.160 /27 255.255.255.224 10.10.6.161 -

10.10.6.190

10.10.6.191

Notre Dame 14 14 10.10.17.16 /28 255.255.255.240 10.10.17.17 -

10.10.17.30

10.10.17.31

OSU at

Oklahoma

City

14 14 10.10.17.32 /28 255.255.255.240 10.10.17.33 -

10.10.17.46

10.10.17.47

OSU at

Oklahoma

City

30 30 10.10.6.192 /27 255.255.255.224 10.10.6.193 -

10.10.6.222

10.10.6.223

Oak Ridge

Campus

30 30 10.10.6.224 /27 255.255.255.224 10.10.6.225 -

10.10.6.254

10.10.6.255

Oak Ridge

Campus

14 14 10.10.17.48 /28 255.255.255.240 10.10.17.49 -

10.10.17.62

10.10.17.63

Oauchita

Bapitst

University

14 14 10.10.17.64 /28 255.255.255.240 10.10.17.65 -

10.10.17.78

10.10.17.79

Oauchita

Bapitst

University

30 30 10.10.7.0 /27 255.255.255.224 10.10.7.1 -

10.10.7.30

10.10.7.31

Olivet

Nazarene

University

14 14 10.10.17.80 /28 255.255.255.240 10.10.17.81 -

10.10.17.94

10.10.17.95

Olivet

Nazarene

University

30 30 10.10.7.32 /27 255.255.255.224 10.10.7.33 -

10.10.7.62

10.10.7.63

Our Lady of

Holy Cross

14 14 10.10.17.96 /28 255.255.255.240 10.10.17.97 -

10.10.17.110

10.10.17.111

Our Lady of

Holy Cross

30 30 10.10.7.64 /27 255.255.255.224 10.10.7.65 -

10.10.7.94

10.10.7.95

P.S.U. 14 14 10.10.17.112 /28 255.255.255.240 10.10.17.113 -

10.10.17.126

10.10.17.127

P.S.U. 30 30 10.10.7.96 /27 255.255.255.224 10.10.7.97 -

10.10.7.126

10.10.7.127

Pepperdine 30 30 10.10.7.128 /27 255.255.255.224 10.10.7.129 -

10.10.7.158

10.10.7.159

Pepperdine 14 14 10.10.17.128 /28 255.255.255.240 10.10.17.129 -

10.10.17.142

10.10.17.143

Phillips

Community

College

14 14 10.10.17.144 /28 255.255.255.240 10.10.17.145 -

10.10.17.158

10.10.17.159


57

Phillips

Community

College

30 30 10.10.7.160 /27 255.255.255.224 10.10.7.161 -

10.10.7.190

10.10.7.191

Pima -

Downtown

30 30 10.10.7.192 /27 255.255.255.224 10.10.7.193 -

10.10.7.222

10.10.7.223

Pima -

Downtown

14 14 10.10.17.160 /28 255.255.255.240 10.10.17.161 -

10.10.17.174

10.10.17.175

Pima -East 14 14 10.10.17.176 /28 255.255.255.240 10.10.17.177 -

10.10.17.190

10.10.17.191

Pima -East 30 30 10.10.7.224 /27 255.255.255.224 10.10.7.225 -

10.10.7.254

10.10.7.255

Pima -West 30 30 10.10.8.0 /27 255.255.255.224 10.10.8.1 -

10.10.8.30

10.10.8.31

Pima -West 14 14 10.10.17.192 /28 255.255.255.240 10.10.17.193 -

10.10.17.206

10.10.17.207

Prairie View

A & M

University

30 30 10.10.8.32 /27 255.255.255.224 10.10.8.33 -

10.10.8.62

10.10.8.63

Prairie View

A & M

University

14 14 10.10.17.208 /28 255.255.255.240 10.10.17.209 -

10.10.17.222

10.10.17.223

Rivier 14 14 10.10.17.224 /28 255.255.255.240 10.10.17.225 -

10.10.17.238

10.10.17.239

Rivier 30 30 10.10.8.64 /27 255.255.255.224 10.10.8.65 -

10.10.8.94

10.10.8.95

Rollins 30 30 10.10.8.96 /27 255.255.255.224 10.10.8.97 -

10.10.8.126

10.10.8.127

Rollins 14 14 10.10.17.240 /28 255.255.255.240 10.10.17.241 -

10.10.17.254

10.10.17.255

Rutgers 14 14 10.10.18.0 /28 255.255.255.240 10.10.18.1 -

10.10.18.14

10.10.18.15

Rutgers 30 30 10.10.8.128 /27 255.255.255.224 10.10.8.129 -

10.10.8.158

10.10.8.159

Salem State

College

14 14 10.10.18.16 /28 255.255.255.240 10.10.18.17 -

10.10.18.30

10.10.18.31

Salem State

College

30 30 10.10.8.160 /27 255.255.255.224 10.10.8.161 -

10.10.8.190

10.10.8.191

Seattle Pacific

University

14 14 10.10.18.32 /28 255.255.255.240 10.10.18.33 -

10.10.18.46

10.10.18.47

Seattle Pacific

University

30 30 10.10.8.192 /27 255.255.255.224 10.10.8.193 -

10.10.8.222

10.10.8.223

Seton Hall 30 30 10.10.8.224 /27 255.255.255.224 10.10.8.225 -

10.10.8.254

10.10.8.255

Seton Hall 14 14 10.10.18.48 /28 255.255.255.240 10.10.18.49 -

10.10.18.62

10.10.18.63

Seton Hill

College

14 14 10.10.18.64 /28 255.255.255.240 10.10.18.65 -

10.10.18.78

10.10.18.79

Seton Hill

College

30 30 10.10.9.0 /27 255.255.255.224 10.10.9.1 -

10.10.9.30

10.10.9.31


58

Sidwell

Friends

School

14 14 10.10.18.80 /28 255.255.255.240 10.10.18.81 -

10.10.18.94

10.10.18.95

Sidwell

Friends

School

30 30 10.10.9.32 /27 255.255.255.224 10.10.9.33 -

10.10.9.62

10.10.9.63

Southeast

Arkansas

College

14 14 10.10.18.96 /28 255.255.255.240 10.10.18.97 -

10.10.18.110

10.10.18.111

Southeast

Arkansas

College

30 30 10.10.9.64 /27 255.255.255.224 10.10.9.65 -

10.10.9.94

10.10.9.95

Southern

Arkansas

University

14 14 10.10.18.112 /28 255.255.255.240 10.10.18.113 -

10.10.18.126

10.10.18.127

Southern

Arkansas

University

30 30 10.10.9.96 /27 255.255.255.224 10.10.9.97 -

10.10.9.126

10.10.9.127

Southwestern

Oklahoma

State

University

14 14 10.10.18.144 /28 255.255.255.240 10.10.18.145 -

10.10.18.158

10.10.18.159

Southwestern

Oklahoma

State

University

30 30 10.10.9.160 /27 255.255.255.224 10.10.9.161 -

10.10.9.190

10.10.9.191

Southwestern

Oklahoma

State

University

30 30 10.10.9.128 /27 255.255.255.224 10.10.9.129 -

10.10.9.158

10.10.9.159

Southwestern

Oklahoma

State

University

14 14 10.10.18.128 /28 255.255.255.240 10.10.18.129 -

10.10.18.142

10.10.18.143

St. Clair

College

14 14 10.10.18.160 /28 255.255.255.240 10.10.18.161 -

10.10.18.174

10.10.18.175

St. Clair

College

30 30 10.10.9.192 /27 255.255.255.224 10.10.9.193 -

10.10.9.222

10.10.9.223

State Tech 14 14 10.10.18.176 /28 255.255.255.240 10.10.18.177 -

10.10.18.190

10.10.18.191

State Tech 30 30 10.10.9.224 /27 255.255.255.224 10.10.9.225 -

10.10.9.254

10.10.9.255

T.S.U. 14 14 10.10.18.192 /28 255.255.255.240 10.10.18.193 -

10.10.18.206

10.10.18.207

T.S.U. 30 30 10.10.10.0 /27 255.255.255.224 10.10.10.1 -

10.10.10.30

10.10.10.31

Texas A & M

International

University

14 14 10.10.18.208 /28 255.255.255.240 10.10.18.209 -

10.10.18.222

10.10.18.223


59

Texas A & M

International

University

30 30 10.10.10.32 /27 255.255.255.224 10.10.10.33 -

10.10.10.62

10.10.10.63

Texas

Southern

14 14 10.10.18.224 /28 255.255.255.240 10.10.18.225 -

10.10.18.238

10.10.18.239

Texas

Southern

30 30 10.10.10.64 /27 255.255.255.224 10.10.10.65 -

10.10.10.94

10.10.10.95

The Matador 14 14 10.10.18.240 /28 255.255.255.240 10.10.18.241 -

10.10.18.254

10.10.18.255

The Matador 30 30 10.10.10.96 /27 255.255.255.224 10.10.10.97 -

10.10.10.126

10.10.10.127

Tompkins

Cortland

Community

College

30 30 10.10.10.128 /27 255.255.255.224 10.10.10.129 -

10.10.10.158

10.10.10.159

Tompkins

Cortland

Community

College

14 14 10.10.19.0 /28 255.255.255.240 10.10.19.1 -

10.10.19.14

10.10.19.15

U-Mass 30 30 10.10.10.160 /27 255.255.255.224 10.10.10.161 -

10.10.10.190

10.10.10.191

U-Mass 14 14 10.10.19.16 /28 255.255.255.240 10.10.19.17 -

10.10.19.30

10.10.19.31

U.C. 14 14 10.10.19.32 /28 255.255.255.240 10.10.19.33 -

10.10.19.46

10.10.19.47

U.C. 30 30 10.10.10.192 /27 255.255.255.224 10.10.10.193 -

10.10.10.222

10.10.10.223

U.N.E.

College at

Westbrook

College

14 14 10.10.19.48 /28 255.255.255.240 10.10.19.49 -

10.10.19.62

10.10.19.63

U.N.E.

College at

Westbrook

College

30 30 10.10.10.224 /27 255.255.255.224 10.10.10.225 -

10.10.10.254

10.10.10.255

UA at Pine

Bluff

30 30 10.10.11.0 /27 255.255.255.224 10.10.11.1 -

10.10.11.30

10.10.11.31

UA at Pine

Bluff

14 14 10.10.19.64 /28 255.255.255.240 10.10.19.65 -

10.10.19.78

10.10.19.79

UIS 14 14 10.10.19.80 /28 255.255.255.240 10.10.19.81 -

10.10.19.94

10.10.19.95

UIS 30 30 10.10.11.32 /27 255.255.255.224 10.10.11.33 -

10.10.11.62

10.10.11.63

University of

Arkansas

30 30 10.10.11.64 /27 255.255.255.224 10.10.11.65 -

10.10.11.94

10.10.11.95

University of

Arkansas

14 14 10.10.19.96 /28 255.255.255.240 10.10.19.97 -

10.10.19.110

10.10.19.111

University of

Baltimore

30 30 10.10.11.96 /27 255.255.255.224 10.10.11.97 -

10.10.11.126

10.10.11.127


60

University of

Baltimore

14 14 10.10.19.112 /28 255.255.255.240 10.10.19.113 -

10.10.19.126

10.10.19.127

University of

Dallas

30 30 10.10.11.128 /27 255.255.255.224 10.10.11.129 -

10.10.11.158

10.10.11.159

University of

Dallas

14 14 10.10.19.128 /28 255.255.255.240 10.10.19.129 -

10.10.19.142

10.10.19.143

University of

Dubuque

14 14 10.10.19.144 /28 255.255.255.240 10.10.19.145 -

10.10.19.158

10.10.19.159

University of

Dubuque

30 30 10.10.11.160 /27 255.255.255.224 10.10.11.161 -

10.10.11.190

10.10.11.191

University of

Indianapolis

30 30 10.10.11.192 /27 255.255.255.224 10.10.11.193 -

10.10.11.222

10.10.11.223

University of

Indianapolis

14 14 10.10.19.160 /28 255.255.255.240 10.10.19.161 -

10.10.19.174

10.10.19.175

University of

Miami

14 14 10.10.19.176 /28 255.255.255.240 10.10.19.177 -

10.10.19.190

10.10.19.191

University of

Miami

30 30 10.10.11.224 /27 255.255.255.224 10.10.11.225 -

10.10.11.254

10.10.11.255

University of

Nebraska at

Lincoln

30 30 10.10.12.0 /27 255.255.255.224 10.10.12.1 -

10.10.12.30

10.10.12.31

University of

Nebraska at

Lincoln

14 14 10.10.19.192 /28 255.255.255.240 10.10.19.193 -

10.10.19.206

10.10.19.207

University of

Ottawa

14 14 10.10.19.208 /28 255.255.255.240 10.10.19.209 -

10.10.19.222

10.10.19.223

University of

Ottawa

30 30 10.10.12.32 /27 255.255.255.224 10.10.12.33 -

10.10.12.62

10.10.12.63

University of

Tulsa

14 14 10.10.19.224 /28 255.255.255.240 10.10.19.225 -

10.10.19.238

10.10.19.239

University of

Tulsa

30 30 10.10.12.64 /27 255.255.255.224 10.10.12.65 -

10.10.12.94

10.10.12.95

University of

Wisconsin at

Parkside

30 30 10.10.12.96 /27 255.255.255.224 10.10.12.97 -

10.10.12.126

10.10.12.127

University of

Wisconsin at

Parkside

14 14 10.10.19.240 /28 255.255.255.240 10.10.19.241 -

10.10.19.254

10.10.19.255

W.S.S.U. 30 30 10.10.12.128 /27 255.255.255.224 10.10.12.129 -

10.10.12.158

10.10.12.159

W.S.S.U. 14 14 10.10.20.0 /28 255.255.255.240 10.10.20.1 -

10.10.20.14

10.10.20.15

Washington

University

30 30 10.10.12.160 /27 255.255.255.224 10.10.12.161 -

10.10.12.190

10.10.12.191

Washington

University

14 14 10.10.20.16 /28 255.255.255.240 10.10.20.17 -

10.10.20.30

10.10.20.31

Webster 30 30 10.10.12.192 /27 255.255.255.224 10.10.12.193 -

10.10.12.222

10.10.12.223


61

Webster 14 14 10.10.20.32 /28 255.255.255.240 10.10.20.33 -

10.10.20.46

10.10.20.47

West

Charleston

30 30 10.10.12.224 /27 255.255.255.224 10.10.12.225 -

10.10.12.254

10.10.12.255

West

Charleston

14 14 10.10.20.48 /28 255.255.255.240 10.10.20.49 -

10.10.20.62

10.10.20.63

Western New

Mexico

University

30 30 10.10.13.0 /27 255.255.255.224 10.10.13.1 -

10.10.13.30

10.10.13.31

Western New

Mexico

University

14 14 10.10.20.64 /28 255.255.255.240 10.10.20.65 -

10.10.20.78

10.10.20.79

Westfield

Campus

30 30 10.10.13.32 /27 255.255.255.224 10.10.13.33 -

10.10.13.62

10.10.13.63

Westfield

Campus

14 14 10.10.20.80 /28 255.255.255.240 10.10.20.81 -

10.10.20.94

10.10.20.95

Wilmington

College

30 30 10.10.13.64 /27 255.255.255.224 10.10.13.65 -

10.10.13.94

10.10.13.95

Wilmington

College

14 14 10.10.20.96 /28 255.255.255.240 10.10.20.97 -

10.10.20.110

10.10.20.111

Worcester

State College

30 30 10.10.13.96 /27 255.255.255.224 10.10.13.97 -

10.10.13.126

10.10.13.127

Worcester

State College

14 14 10.10.20.112 /28 255.255.255.240 10.10.20.113 -

10.10.20.126

10.10.20.127

Wright 30 30 10.10.13.128 /27 255.255.255.224 10.10.13.129 -

10.10.13.158

10.10.13.159

Wright 14 14 10.10.20.128 /28 255.255.255.240 10.10.20.129 -

10.10.20.142

10.10.20.143

Yavapai 14 14 10.10.20.144 /28 255.255.255.240 10.10.20.145 -

10.10.20.158

10.10.20.159

Yavapai 30 30 10.10.13.160 /27 255.255.255.224 10.10.13.161 -

10.10.13.190

10.10.13.191


62

7.7 EQUIPMENT INFORMATION & PRICING

Retail Stores


Cisco ISR 4221 Edge

Router

$856.99 220 $188,537.80

Cisco ASA 5505

Firewall- Sec.

Appliance

$424.99 110 $46,748.90

Cisco Small

Business SF220-48

ports Switch

$334.99 110 $36,848.90

HP OfficeJet Pro

8210 Color Inkjet

$129.99 110 $14,298.90

TRENDnet TV

IP310P1 PoE

Network Camera

$129.99 110 $14,298.90

Cisco 8811 VoIP

Phone for Data

Center

$387.99 110 $42,678.90

HP 24-g010- all in

one A8 7410

$507.99 110 $55,878.90

APC UPS Pro

700VA UPS

$125.99 110 $12,473.01

6U Wall Mount

Rack Enclosure

Cabinet

$159.99 110 $17,598.90

Total cost for all

Retail Stores

$429,363.11


63

8 IMPLEMENTATION PLAN

8.1 OBJECTIVES • Research, design, and present a secure, redundant, and up-to-date network infrastructure for VMO.

• Create an as-built documentation of designed network.

• Create new topology for network infrastructure.

• Design a new IP addressing scheme for all VMO retail stores as well as corporate headquarters and

customer service headquarters.

• Price all network links and related networking equipment.

• Create a contiguous network connecting all retail stores to the main headquarters.

• Define and create a new network policy.

• Provide a timeline for implementation.

• Price out all services, support, and any additional equipment.

• Find a balance between redundancy and cost.

• Secure all aspects of the newly redesigned network infrastructure. (physically and virtually)

• Provide a network infrastructure that facilitates access to VMO’s new application by every device

concurrently.

8.2 DELIVERABLES • 100+ page as-built network documentation.

• A short presentation to upper management on our proposed network infrastructure redesign.

8.3 TARGET SCHEDULE We want estimate the proposed project will take around six months to ensure smooth transition and operation.

Here is how we will proceed:


64

Time Tasks Comments Milestone

Week 1 - Proposal is approved.

- A team of five will be split

between HQ and Lincoln

Nebraska.

- Equipment list ordered

- Team B: 2 NetEngine Employees

will go to Nebraska

NetEngine will survey

the site in Chicago and

Nebraska

Team A: 3 engineers

work at HQ

Team B: make multiple

trips to HQ and

Nebraska

Equipment

Order is placed.

Equipment is

shipped to

corresponding

buildings.

Week 2 - JP and KQ Telco will setup Fiber

- MPLS connect at Lincoln

Nebraska.

- Main router configuration

Fiber connections to

HQ buildings

Week 3 - JP and KQ Telco available on-

site for HQ and Nebraska (end of onsite support)

Return 2 engineers

from Lincoln park to configuring servers

MPLS

connection Established:

Nebraska is

Online

Building A is

Online

Week 4 - Network equipment

configuration building A + N

Server Setup Begins

Week 5 - UPS Power Testing

- Network configuration

- DNS DHCP server at building A

and N

- Setup of Application Server for

VMO

Week 7 Network Equipment configurations

building C

Building N is

Online

Week 8 Troubleshooting connectivity between

buildings & network configuration

2 Engineers leave to

Lincoln Nebraska

Week 9 Troubleshooting connectivity between

buildings + network configuration

Building C is

Online

Week

10

Running Cat5e and Cat6 cables all

locations

Various Servers

are Online

Week

11

Running Cat5e and Cat6 cables all

locations

Week

12

Setup of Phones at all sites Cabling is

Finished

Week

13

Setup of Phones at all sites


65

Important Note: Before beginning of the VMO network implementation, Building A basement will

need to be cleaned and renovated. NetEngine will send out five network engineers. Here are cost

associate for the project:

Estimated Hours 40 Hours x (5 x IT) x 21 Weeks

= 4200

NetEngine Hourly Rate $40 per hour

Estimated contract cost (5

engineers)

$168,000

Week

14

Setup of PCs at all sites by VMO IT NetEngine will

configure Active

Directory and users

info

Phones are

Online

Week 15

Setup of PCs at all sites by VMO IT NetEngine will configure Active

Directory and users

info

Week

16

Setup of Access Points by VMO IT NetEngine will

configure the APs via

wireless controller

PCs are Online

Week

17

Setup of Access points by VMO IT NetEngine will

configure the APs via

wireless controller

Week

18

Retail Store will be shipped necessary

equipment

NetEngine will manage

Retail store equipment

and setup

WiFi is Online

Week

19

Testing ISP and WAN connectivity at

Retail Stores

Week

20

Testing ISP and WAN connectivity at

Retail Stores

Week

21

Ensure UPS power backup are working.

Ensure database are automatically

backup

Retail Stores are

Online

Week

22

End of VMO Implementation VMO network

is Online


66

9 SECURITY, MONITORING, AND MAINTENANCE

9.1 SECURITY

9.1.1 Policy & Procedure

9.1.1.1 Internal DNS

Internal DNS is used to for queries against the internal network. For example, internal DNS allows a user

to type internal.vmo.local into their computer and gain access to the appropriate service. Without internal

DNS, a user on the internal network would have to know the IP address of a specific server. This will be useful

for users to quickly and easily gain access to the application server by simply typing app.vmo.local into a web

browser.

DNS services will be handled by the Domain Controller. The domain controller is also responsible for

DHCP and Active Directory services. VMO will have multiple domain controllers at both the customer service

headquarters as well as the main campus in Chicago.

All computers on the network must use the same Internal DNS services. This will be accomplished

through DHCP scopes that specify the proper DNS servers for the network. A DNS forwarder will also be used

for external DNS, pointing to Google’s DNS services. (8.8.8.8 / 8.8.4.4)

9.1.1.2 Endpoints

All computers on the network will have to use the company-approved endpoint solution. This is to ensure

that all devices can be properly monitored for malware and viruses. Any device that is not supported by the

company-approved endpoint solution will be removed from the network. That device will have to be updated to

a supported operating system to gain access to VMO’s network. This is to ensure that the device is secure from

any threats due to outdated or unsupported operating systems.

9.1.1.3 Administrator Access

Standard users are not to have administrative access to any server in the VMO domain/network. All

admins are required to have their own username and password. Primary/default administrative accounts should

not be used unless absolutely necessary. This is to ensure that any changes made to the network can be tracked.

Standard users should not have administrative access to their local machines. This is to prevent the

installation of unwanted or malicious software such as; spyware, adware, crypto locker, etc...

If local administrator access is required, proper precautions must be taken to insure the security and

integrity of the network. In the even that an admin is found to have installed malicious and/or unwanted software,

that administrator shall lose their administrative access.

9.1.1.4 Network Domains and Passwords

All users are required to adhere to the following password policy:

• All users are required to change their passwords after 90 days or security breach, whichever comes first.

• Users who ignore requests to change passwords will be locked out of their account.

• New passwords cannot be the same as the previous three passwords.

• Per Office 365 requirements, users must provide a personal contact number and/or a personal email

address in order to register with Microsoft password recovery services.


67

• All passwords must be at least 7 characters long and include a special character. (See detailed password

requirements below.)

• Passwords cannot be the same as the users first or last name. Additionally, passwords cannot contain a

user’s first or last name.

Detailed Password Requirements:

Passwords must include 3 of the following 5 categories:

• Uppercase characters

• Lowercase characters

• Based-ten digits (0-9)

• Non-alphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

• Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase.

9.1.1.5 Operating System

Every operating system has a support lifecycle. The following operating systems are supported on the VMO

domain/network:

• Windows 7 Professional

• Windows 8

• Windows 8.1

• Windows 10

Once a device leaves extended support, it will no longer be allowed on the VMO domain/network. This is to

ensure that all devices are secure from operating system vulnerabilities.

All operating systems must be current on all security patches. Major updates, and service packs. Additionally,

all devices on the domain/network are required to have automatic updates enabled. This will be enforced through

group policy rules on the active directory server.

Operating systems such as Windows 10 enforce automatic security updates. Any attempt to circumvent this

will result in that PC being taken off the domain/network. Again, all update policies and procedures will be

controlled through group policy.

9.1.1.6 Non-Supported Operating Systems

Any operating system that is not supported by Microsoft is not allowed on the network under any

circumstances. These operating systems include but are not limited to:

• Windows 2000

• Windows XP

• Old build of Windows 7

• Windows Vista

• Windows Server NT

• Windows Server 2000, 2003, and 2008.

Any device running one of the above operating systems should be taken off the network immediately and

replaced as soon as possible. An up to date list of currently supported operating systems by Microsoft can be

found here: Windows lifecycle fact sheet.

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet


68

9.1.2 Physical Security

Figure 24 Chicago 1st Floor Plan: ID Cards


69

Figure 25 Building N 2nd Floor: Door Access


70

Figure 26 Nebraska Floor Plan: Door Access


71

Figure 27 Warehouse Floor Plan: Door Access


72

Figure 28 Retail Store Floor Plan: Door Access


73

9.1.3 Fingerprint Locks

As another layer of security, NetEngine decided to implement a fingerprint scanner at the data center

entrance in building A. The cloud based fingerprint scanner will allow for easier management for authorized

users. With this you will be able to know when employees enter the datacenter and scalable from dozens to

thousands of employees.

9.1.3.1 Security Cameras

In an effort to secure both the new network and VMO in general, a new security camera system has

been designed and installed. 207 new cameras will be installed throughout VMO to ensure that all aspects of the

environment are secure. Additionally, a new server has been deployed for the cameras to record to.

9.2 SOFTWARE In an effort to ensure security of the network, users are not allowed to install software on their local

machines without explicit approval from a network administrator/IT department. Users must request software to

be installed on their local machine. Once a request is approved by the IT department, a time and date will be setup

with the user for installation of the requested software. Software can be installed physically, remotely, or by means

of automation (through group policy/active directory).

All software must be up to date with the latest security patches. Additionally, automatic software updates should

be enabled if available.

9.3 PERIPHERALS All peripherals should have up to date firmware installed to ensure the safety and security of the VMO

network. A storage device, such as a USB flash drive, should not be inserted into a local machine unless the device

is from a known and trusted source.

9.4 WIRELESS NETWORK Two wireless networks will be available for use. The SSIDs are VMO and VMO-Guest.

The VMO network allows full access into the corporate network at each site. Access to the VMO

wireless network is only to be set up on company machines and devices. The VMO network is not for personal

use. The password for this network is not available for standard users. Any company equipment that requires

access to the VMO wireless network will be set up by the IT department. Under no circumstances should the

VMO wireless network password be shared with standard users or members from outside of the organization.

9.4.1 BYOD

BYOD (Bring Your Own Device) machines are able to connect to the VMO network upon request.

Access will be granted upon completion of a BYOD Agreement form. Additionally, a security scan will be

performed on the device to ensure that it adheres to existing policies and procedures. Any BYOD device that

does not require access to the corporate wireless network can connect to the VMO-Guest network.


74

9.5 MONITORING

9.5.1 Ticketing System

The ticketing system will be built on the Freshservice platform. It is a fully integrated ITIL and ITSM system,

allowing for fast and easy ticket creation and agent assignment. This is a powerful system that will be able to handle

requests throughout the entire network.

When an issue comes up, the user simply sends an email to the dedicated support email address,

[email protected]. After they send an email, a support ticket is automatically created and is then assignable to

an agent. These agents will be comprised of the existing IT staff at VMO. From there, the agent can assign a priority

level and either attempt to resolve the issue or escalate it.

Freshservice also supports IT project management, making it easy to collaborate, assign tasks, and track

progress on various projects. It features a real time project dashboard that gives detailed progress on projects as

well as a timeline.

Based on the size of VMO's network, we recommend Freshservice's Estate plan. This plan is ideal for larger

teams or companies with multiple locations. It brings the following features:

• Incident management

• Knowledge base

• Self-service portal

• Automations

• Standard reports

• Marketplace

• Unlimited end users

• Service catalog

• Asset management

• Custom and scheduled reports

• Domain whitelisting

• Multiple SLA’s

• Unlimited mailboxes

• Change, problem, and release management

• Software license management

• Customizable agent roles

• Custom SSL and email servers

• Enterprise analytics

• Contract management

• Project management


75

9.5.2 Network Management

We recommend the various packages offered by SolarWinds, which make network manage a breeze than a

headache. Here are some of the packages we would implement:

The key features of SolarWinds Network Tool are:

• Multi-vendor network monitor

o Regardless of brand, the network software will be compatible

• Path visualization

o Allow to see the network like viewing traffic on a street or online map

• Performance metrics

o Like bandwidth and other speed metrics

• Firewall Insight

o The application can provide an overview on firewall status and traffic

The key features of Log and Event Manager are:

• Fast Compliance reporting

o In the case of security audits

• Real time event correlation

• Real time remediation

• Advance search & Forensic analysis

• File integrity monitor

• USB device monitor

The Key features of Database Performance Analyzer are:

• Database tuning and SQL query advising

• Identify real time database problems

• True root cause analysis

• Multi-vendor support from one management interface

• Low overhead on monitored Databases

The key features of Path Manager are:

• Windows Update Server Patch Management

• Vulnerability Management

• Pre-built and tested packages

• Patch compliance reports

• Patch status dashboard

With all of these services/applications offered by SolarWinds, this will cut down time for troubleshooting

and increase network productivity and efficiency.


76

Figure 29 Solarwindws Patch Manager

Figure 30 Solarwinds Network Performance Monitor


77

Figure 31 Solarwind Database Performance Analyzer

Figure 32 Solarwinds Log & Event Manager


78

Figure 33 Solarwinds SIEM Tool


79

9.6 MAINTENANCE

9.6.1 Extended Service Level Agreements for Device Maintence

Product Price Amount Total

Headquarters and

Lincoln Nebraska access

switch extended service

level agreement

285.99 41 11,725.59

Distribution switch

extended service level

agreement

1953.99 4 7,815.96

Core switch extended

service level agreement

3096.99 4 12,387.96

Cisco aironet access

point extended service

level agreement

28.99 69 2,000.32

Cisco 2504 wireless

controller

1007.99 4 4,031.96

Headquarters and

Lincoln Nebraska

Safeware printer 3 year

warranty

69.99 96 6,719.04

Stores Safeware printer

3 year warranty

17.99 110 1,978.90

Cameras safeware 3

year warranty

22.99 207 4,758.93

Headquarters and

Lincoln, Nebraska edge

router extended service

level agreement

479.99 4 1,919.96

Safe ware desktop 4

year warranty

74.99 930 69,740.70

Stores asa firewall cisco

extended service

warranty

209.99 110 23,098.90

Headquarters and

Lincoln Nebraska

firewall cisco extended

service level agreement

999.99 4 3,999.96

Store edge router cisco


agreement

108.99 220 23,977.80

Store ups system


agreement

34.99 9 314.91

Headquarters and

Lincoln Nebraska UPS

warranty

86.99 11 956.89

Total 175,427.78


80

10 TOTAL BUDGET

Total price for equipments in HQ, Nebraska and retail stores:

Locations Total cost

Headquarter- Building A $146,305.19

Headquarter- Building C $44,873.91

Headquarter- Building N $466,792.54

Lincoln, Nebraska $189,508.06

Retail Stores $429,363.11

Total Budget for all equipments $1,276,842.81

Total price for management software:

Management Software

Network Performance Monitor $2,895.00

Log & Event Manager $4,585.00

Database Performance Analyzer $1,995.00

Patch Manager $3,690.00

Security Information and Event Management

(SIEM) Tool

$4,585.00

Total $17,750.00

Headquarter, Lincoln, NE and Retails Stores

Description One Month One Year Three Years

HQ to Lincoln, NE $15,800 $189,600 $568,800.00

HQ to Internet $10,000 $120,000 $360,000.00

Equipment of HQ $657,971.64

Lincoln, NE to Internet $7,000 $84,000 $252,000.00

Equipment of Lincoln, NE $189,508.06

Retail Stores to Internet $500 $5,338,800.00

Equipment of all Retail Stores $429,363.11

Credit card Clearing $8,600 $103,200 $309,600.00

Management Software $17,750.00

Microsoft exchange backup $673.99

Exchange Server $16,000 $192,000 $576,000.00

Equipment Warranty $175,427.78

Estimated Contract Cost $168,000

Total $9,043,894.58


81

11 SUPPLEMENTAL DOCUMENTS

11.1 EQUIPMENT

11.1.1 Edge Routers


82

11.1.2 Firewall ACN


83

11.1.3 Core Switches


84

11.1.4 Distribution Switches


85

11.1.5 Access Switch HQ & Nebraska


86

11.1.6 Access Points for all locations


87

11.1.7 Wireless Control


88

11.1.8 Active Directory & DHCP


89

11.1.9 Application Server


90

11.1.10 Exchange Server


91

11.1.11 Camera & Storage


92

11.1.12 Web Server


93

11.1.13 Store Edge Routers


94

11.1.14 Store Firewalls


95

11.1.15 Store Access Switches


96

11.1.16 Store Printer


97

11.1.17 Store Rack


98

11.1.18 HQ & Nebraska Printers


99

11.1.19 Security Cameras


100

11.1.20 Cat6e Cable


101

11.1.21 Computers


102

11.1.22 HQ & Nebraska UPS


103

11.1.23 Store UPS


104

11.1.24 HQ & Nebraska Racks


105

11.1.25 Key Card


106

11.1.26 Finger Print Access