network infrastructure proposal
TRANSCRIPT
Vincent Music Outlets Network Infrastructure Proposal
NetEngine Consulting LLC 5/30/18 VMO Proposal
NetEngine Consulting LLC VMO Proposal
1
NetEngine Consulting LLC VMO Proposal
2
TABLE OF CONTENTS
1 Executive Summary ..................................................................................................................................................................7
1.1 Chicago HQ: Building A ................................................................................................................................................7
1.1.1 Current Operation ....................................................................................................................................................7
1.1.2 Requirements ..............................................................................................................................................................7
2 Current Operations & Requirements .................................................................................................................................7
2.1 Chicago HQ: Building B .................................................................................................................................................7
2.1.1 Current Operation ....................................................................................................................................................7
2.2 Chicago HQ: Building C ................................................................................................................................................7
2.2.1 Current Operations...................................................................................................................................................7
2.2.2 Requirements ..............................................................................................................................................................7
2.3 Chicago HQ: building D ................................................................................................................................................8
2.3.1 Current Operations...................................................................................................................................................8
2.4 Chicago HQ: Building N ................................................................................................................................................8
2.4.1 Current Operation ....................................................................................................................................................8
2.4.2 Requirements ..............................................................................................................................................................8
2.5 Lincoln, Nebraska ...........................................................................................................................................................8
2.5.1 Current Operations...................................................................................................................................................8
2.5.2 Requirements ..............................................................................................................................................................8
3 Naming Scheme for all equipments .....................................................................................................................................9
3.1 Headquarter .....................................................................................................................................................................9
3.2 Lincoln, Nebraska and retail stores ......................................................................................................................... 10
4 Wide Area Network ............................................................................................................................................................ 10
4.1 WAN Summary ............................................................................................................................................................ 10
4.2 Topology ........................................................................................................................................................................ 11
4.2.1 HQ to Lincoln, Nebraska (Site to site connections).................................................................................. 11
4.2.2 HQ to Retail Store ............................................................................................................................................. 12
4.2.3 HQ to Internet .................................................................................................................................................... 12
4.2.4 Lincoln, Nebraska to Internet.......................................................................................................................... 13
4.2.5 Retail Stores to Internet ................................................................................................................................... 13
4.3 IP Addressing Scheme ................................................................................................................................................. 14
4.4 IP Routing Protocols & Methods .............................................................................................................................. 14
4.5 WAN Pricing ................................................................................................................................................................. 15
4.5.1 Pricing & Info ............................................................................................................................................................ 15
NetEngine Consulting LLC VMO Proposal
3
5 Chicago HQ Location: Building A Datacenter ............................................................................................................... 17
5.1 Campus Layout ............................................................................................................................................................. 17
5.2 LAN Design of Headquarter ..................................................................................................................................... 19
5.3 Building A: Proposed Datacenter ............................................................................................................................. 20
5.3.1 Building Layout ......................................................................................................................................................... 20
5.3.2 LAN Topology ......................................................................................................................................................... 21
5.3.3 Rack Equipment ................................................................................................................................................... 22
5.3.4 Network Services .................................................................................................................................................... 24
5.3.5 Network Protocols and Strategies...................................................................................................................... 25
5.3.6 Redundancy ............................................................................................................................................................... 26
5.3.7 Chicago HeadQuarters IP Address Scheme ................................................................................................ 26
5.3.8 Equipment Information & Pricing......................................................................................................................... 28
5.4 Building N: Administration Offices .......................................................................................................................... 30
5.4.1 Building Layout ......................................................................................................................................................... 30
5.4.2 LAN Topology ......................................................................................................................................................... 32
5.4.3 Network Protocols & Strategies ......................................................................................................................... 32
5.4.4 Virtual Local Area Networks(VLANS) ............................................................................................................... 33
5.4.5 Redundancy ............................................................................................................................................................... 33
5.4.6 Rack Equipment ................................................................................................................................................... 34
5.4.7 Equipment Information & Pricing......................................................................................................................... 35
5.5 Building C: Warehouse ............................................................................................................................................... 36
5.5.1 Building Layout ......................................................................................................................................................... 36
5.5.2 LAN Topology ......................................................................................................................................................... 37
5.5.3 Network Protocols & Strategies ......................................................................................................................... 37
5.5.4 Redundancy ............................................................................................................................................................... 38
5.5.5 Rack Equipment ................................................................................................................................................... 39
5.5.6 Equipment Information & Pricing......................................................................................................................... 40
6 Lincoln, Nebraska Call Center .......................................................................................................................................... 41
6.1 Building Layout ............................................................................................................................................................. 41
6.2 Lan Topology ................................................................................................................................................................ 42
6.2.1 Wireless Network .................................................................................................................................................. 42
6.3 Network Protocols & Strategies .............................................................................................................................. 43
6.4 Redundancy ................................................................................................................................................................... 43
6.5 Rack Equipment ............................................................................................................................................................ 44
NetEngine Consulting LLC VMO Proposal
4
6.6 Lincoln, Nebraska IP Scheme .................................................................................................................................... 45
6.7 Equipment Information & Pricing ............................................................................................................................. 46
7 Retail Store Locations .......................................................................................................................................................... 47
7.1 Building Layout ............................................................................................................................................................. 47
7.2 Lan Topology ................................................................................................................................................................ 48
7.3 Network Protocols & Strategies .............................................................................................................................. 48
7.4 Redundancy ................................................................................................................................................................... 49
7.5 Rack Equipment ............................................................................................................................................................ 50
7.6 Local Retail Stores IP Scheme ................................................................................................................................... 51
7.7 Equipment Information & Pricing ............................................................................................................................. 62
8 Implementation Plan ............................................................................................................................................................. 63
8.1 Objectives ...................................................................................................................................................................... 63
8.2 Deliverables ................................................................................................................................................................... 63
8.3 Target Schedule ............................................................................................................................................................ 63
9 Security, Monitoring, and Maintenance ............................................................................................................................ 66
9.1 Security ........................................................................................................................................................................... 66
9.1.1 Policy & Procedure ................................................................................................................................................. 66
9.1.2 Physical Security....................................................................................................................................................... 68
9.1.3 Fingerprint Locks ..................................................................................................................................................... 73
9.2 Software ......................................................................................................................................................................... 73
9.3 Peripherals ..................................................................................................................................................................... 73
9.4 Wireless Network ....................................................................................................................................................... 73
9.4.1 BYOD ......................................................................................................................................................................... 73
9.5 Monitoring ..................................................................................................................................................................... 74
9.5.1 Ticketing System ...................................................................................................................................................... 74
9.5.2 Network Management ........................................................................................................................................... 75
9.6 Maintenance .................................................................................................................................................................. 79
9.6.1 Extended Service Level Agreements for Device Maintence ......................................................................... 79
10 Total Budget ...................................................................................................................................................................... 80
11 Supplemental Documents ............................................................................................................................................... 81
11.1 Equipment ...................................................................................................................................................................... 81
11.1.1 Edge Routers ........................................................................................................................................................ 81
11.1.2 Firewall ACN ....................................................................................................................................................... 82
11.1.3 Core Switches ..................................................................................................................................................... 83
NetEngine Consulting LLC VMO Proposal
5
11.1.4 Distribution Switches ......................................................................................................................................... 84
11.1.5 Access Switch HQ & Nebraska ....................................................................................................................... 85
11.1.6 Access Points for all locations ......................................................................................................................... 86
11.1.7 Wireless Control ................................................................................................................................................ 87
11.1.8 Active Directory & DHCP ............................................................................................................................... 88
11.1.9 Application Server .............................................................................................................................................. 89
11.1.10 Exchange Server ............................................................................................................................................. 90
11.1.11 Camera & Storage .......................................................................................................................................... 91
11.1.12 Web Server .......................................................................................................................................................... 92
11.1.13 Store Edge Routers........................................................................................................................................ 93
11.1.14 Store Firewalls ................................................................................................................................................ 94
11.1.15 Store Access Switches .................................................................................................................................. 95
11.1.16 Store Printer ........................................................................................................................................................ 96
11.1.17 Store Rack ............................................................................................................................................................ 97
11.1.18 HQ & Nebraska Printers .............................................................................................................................. 98
11.1.19 Security Cameras ................................................................................................................................................ 99
11.1.20 Cat6e Cable ................................................................................................................................................... 100
11.1.21 Computers ..................................................................................................................................................... 101
11.1.22 HQ & Nebraska UPS ................................................................................................................................... 102
11.1.23 Store UPS ....................................................................................................................................................... 103
11.1.24 HQ & Nebraska Racks ................................................................................................................................ 104
11.1.25 Key Card ........................................................................................................................................................ 105
11.1.26 Finger Print Access ...................................................................................................................................... 106
NetEngine Consulting LLC VMO Proposal
6
Muhammad Siddiqui
Eyad Abdalkarim
Joseph Evans
Dhaval Patel
Bakht Khan
NetEngine Consulting LLC VMO Proposal
7
1 EXECUTIVE SUMMARY
NetEngine Consulting LLC has been tasked with providing a secure and redundant network for Vincent Music
Outlet. NetEngine will provide a detailed proposal on WAN, LAN, datacenter, office and security design. VMO
has three buildings at the Chicago location and 150 retail stores; Building A, Building N, Building C, and retail
stores nationwide and international. Here is our list important people involved our project:
• Ken is the President of VMO.
• BOB is the Director of operations.
• Joe is the Tech Support.
• Mark is the software developer.
• JP is the representative of JP Telco
• KQ is the representative of KP Telco.
1.1 CHICAGO HQ: BUILDING A
1.1.1 Current Operation
There are tenants from first floor to the third floor. There are 40 nodes with a line rate of 10/100 Mbps
bridged by fiber to building D. The staff on the fourth floor will relocate to building N.
1.1.2 Requirements
We are required to use the basement for our data center design. We have 20 by 15 feet space available for
a telecom room. 150 by 150 feet is available for the datacenter, which will host data and voice communications.
There will only IT in the datacenter office and staff on the fourth floor. The fourth-floor staff will relocate back to
building A fourth floor after construction.
2 CURRENT OPERATIONS & REQUIREMENTS
2.1 CHICAGO HQ: BUILDING B
2.1.1 Current Operation
The management and operations department worked in this building, but will be demolished. This will
become a soccer field for the community to utilize. NetEngine is not responsible for working on this location.
2.2 CHICAGO HQ: BUILDING C
2.2.1 Current Operations
This is the main warehouse for VMO. This will house shipments and logistic operations to retail stores.
2.2.2 Requirements
We will provide Internet (WAN connections) from building C to building A, N and Lincoln, Nebraska
NetEngine Consulting LLC VMO Proposal
8
2.3 CHICAGO HQ: BUILDING D
2.3.1 Current Operations
This building D currently hosts the datacenter. However, the building will be demolished and the new
datacenter will be housed in building A. NetEngine is not responsible for working on this location.
2.4 CHICAGO HQ: BUILDING N
2.4.1 Current Operation
This building host all the corporate staff, including Executive, Human Resources, Legal, Operation and
Logistics, marketing, accounting and few warehouse staff. The Chicago HQ has a central PBX to 2 PRI. Phones
connected to PBX via 3 twisted pair and fiber mux. Voicemail is served by PBX. The cost for PRI trunk is $350
per month. The Analog cost is $22 per month. The minutes usage estimate is 5450 minutes to Nebraska and
1200 to retail stores.
2.4.2 Requirements
We are required to setup workstations for all employees' users. They will use the VMO application which
will need a server and storage to run on. The minimum bandwidth requirement for the application to run is
50Kbps.
2.5 LINCOLN, NEBRASKA
2.5.1 Current Operations
This is the call center for VMO. There are about 100 customer service representatives and 20
managers. Customer call into VMO customer service number and are connected with an agent which help
customers with any inquires. There are cat5 pairs which terminate in the telecom room. PC connect to
unmanaged switches. Staff have old AT&T phones which run off call center software. The phone connect to
public phone system via 4 ISDN PRI trunks.
2.5.2 Requirements
NetEngine is responsible for call center design and infrastructure for 100 employees and 20 managers.
NetEngine Consulting LLC VMO Proposal
9
3 NAMING SCHEME FOR ALL EQUIPMENTS
3.1 HEADQUARTER
NetEngine Consulting LLC VMO Proposal
10
3.2 LINCOLN, NEBRASKA AND RETAIL STORES
4 WIDE AREA NETWORK
4.1 WAN SUMMARY The Wide Area Network (WAN) will be responsible for connecting Chicago headquarters, the customer
service headquarters located in Chicago, and all retail stores. Each store will be connected through two T1
internet ISP lines and VPN tunnels to the main campus. All traffic will flow through the data center located at
the main campus, allowing a centrally managed network. The customer service headquarters will be connected
through a gigabit MPLS local loop. This was done to ensure that all devices will be able to access the application
server concurrently.
Additionally, the WAN will be responsible for providing credit card clearing to each retail location
through JP Telco’s dedicated credit card clearing service. This service will provide a dedicated T1 line from each
store to the clearing service. These lines will not interface directly with VMO’s core network. As a backup and
to cut down on costs, a second option for credit card clearing will be available via the traditional 1-800 clearing
method.
NetEngine Consulting LLC VMO Proposal
11
4.2 TOPOLOGY
4.2.1 HQ to Lincoln, Nebraska (Site to site connections)
For redundancy we have two T3 local loop lines going from Nebraska to JP ISP and KQ ISP. We also
have two T3 local loop lines going from Chicago to JP and KQ ISP as well.
Figure 1 HQ and Nebraska to JP and KQ ISP
NetEngine Consulting LLC VMO Proposal
12
4.2.2 HQ to Retail Store
Retails stores will be able to connect to the headquarters in Chicago via VPN Tunnel. There will be a T1
line for credit card clearing provided by JP and KQ Telco.
Figure 2 HQ to Retail Store
4.2.3 HQ to Internet
The headquarters in Chicago will be connected to JP and KQ ISP. There will be one line of 1GB Metro
Ethernet going to each ISP.
Figure 3 HQ to JP and KQ ISP
NetEngine Consulting LLC VMO Proposal
13
4.2.4 Lincoln, Nebraska to Internet
For the call center In Nebraska, it will be connected to JP and KQ ISP using T3 lines. One line is going to
each ISP.
Figure 4 Nebraska to JP and KQ ISP
4.2.5 Retail Stores to Internet
Retail stores will be connected to JP and KQ ISP. There will be oneT1 line going to each ISP.
Figure 5 Retail Store to JP and KQ ISP
NetEngine Consulting LLC VMO Proposal
14
4.3 IP ADDRESSING SCHEME IP Addressing:
Our nicest JP telco and KQ telco will provide all the public addresses for all the locations. We assume
that JP and KQ telco will provide range of 100.10.0.0/24 for all locations. So, our main location (HQ) will get
100.10.1.0/24 from JP telco and 100.10.2.0/24 from KQ telco. In Lincoln, Nebraska we assume that we will get
100.10.3.0/24 from JP telco and 100.10.4.0/24 from KQ telco. For all retail stores we assume that we will get
continually IP Addresses between 100.10.5.0/24 to 100.10.224.0/24.
IP ADDRESSING FOR ALL LOCATIONS
JPISP TO ACER1 100.10.1.0/24
KQISP TO ACER2 100.10.2.0/24
JPISP TO LNCR1 100.10.3.0/24
KQISP TO LNCR2 100.10.4.0/24
JPISP TO STORE1R1 100.10.5.0/24
KQISP TO STORE1R2 100.10.6.0/24
JPISP TO STORE2R1 100.10.7.0/24
KQISP TO STORE2R2 100.10.8.0/24
CONTINUALLY GOES ON WITH JPISP &
KQISP TO STORE3R1& STORE3R2 TO
STORE110R1 & STORE110R2
SAME HERE IT WILL CONTINUALLY GO FOR
ALL OTHER STORE WILL BE 100.10.9.0/24 TO
100.10.224.0/24
4.4 IP ROUTING PROTOCOLS & METHODS From the Chicago headquarters to Lincoln Nebraska call center there will be two T3 links running
MPLS on the local loop, at both locations, to two different ISP's. MPLS (multi-protocol label switching)
is a WAN technology that uses labels to decide where to forward packets. The labels are used to identify
the FEC (forward equivalency class). The FEC is collection of packets that are sent to a destination in
the same way, and the same path. This creates a virtual point to point link. The major benefit of MPLS is
that it grants us the ability to engineer the traffic leaving the VMO network. We can decide where and
how traffic will be routed to its destination allowing for faster more efficient packet delivery.
From the headquarters we have provided two ISP's for redundancy. Each ISP will provide metro
Ethernet connection to the internet. Metro Ethernet is an extension of Ethernet technology used in
LANS to a metropolitan area network (MAN). The benefits of using metro Ethernet in a large metropolis
like Chicago are that Ethernet is readily available. This brings an ease to connecting to the internet both
technically and financially.
The WAN connectivity of each store will include a T1 line to the internet, and a second T1 line
that will be a point to point connection to the headquarters. The second T1 will be a private line used
for credit card clearing. The T1 to the internet will be running BGP. BGP (border gateway protocol) is
the main protocol used on the internet. ISP's are provided and autonomous system number, which will
come into play when BGP peers are formed. BGP will form multiple peers that share routing information
with one another and will select the best route to take based on that information.
NetEngine Consulting LLC VMO Proposal
15
4.5 WAN PRICING
4.5.1 Pricing & Info
Costs:
Our team recommends using MPLS T3 lines to connect headquarter to Lincoln, Nebraska location (site
to site connection). Our best and nicest ISPs JP Telco and KQ telco provided price for T3 local loops from both
ends. So, here we have $2,200 per month from Headquarters’ local loop and from Lincoln, Nebraska’s local loop
price. Between those local loops we have two T1 lines, which cost $1,750 each month.
Cost to connect site to site (HQ to Lincoln, Nebraska)
Description Type of line Per Month For Three Years
JP Telco HQ Local loop T3 Local loop $2,200 $79,200
KQ Telco HQ Local loop T3 Local loop $2,200 $79,200
JP Telco T1 line T1 Line $1,750 $63,000
JP Telco T1 line T1 Line $1,750 $63,000
KQ Telco T1 line T1 Line $1,750 $63,000
KQ Telco T1 line T1 Line $1,750 $63,000
JP Telco Lincoln, NE Local loop T3 Local loop $2,200 $79,200
KQ Telco Lincoln, NE Local loop T3 Local loop $2,200 $79,200
Total
$15,800 $568,800
NetEngine Consulting LLC VMO Proposal
16
Our team recommends for internet connections to all locations from best and nicest JP Telco and KQ
Telco ISPs. So, we recommend using 1GB metro Ethernet to Internet from HQ, which cost $5,000 per month.
Because we have mostly more than 600 users are working from this site. For Lincoln, NE our team recommends
using T3 line to the internet, which costs $3,500 per month. Because right now they just have 110 users are
accessing the internet. For all stores we recommend using T1 line to the internet, which cost $500 per line for all
in country stores and for international stores $3,500 per month for Saint Lambert, Quebec line, $1,850 per month
for Ottawa, Ontario line, $3,500 per month for Etobicoke, Ontario line, $1,900 per month for Winsdsor, Ontario
line and $2,400 per month for Ottawa, Ontario line.
Connections to internet for both sites and retail stores
Description Type of line Per Month For Three
Years
JP Telco HQ to internet 1GB Metro
Ethernet
$5,000 $180,000
KQ Telco HQ to internet 1GB Metro
Ethernet
$5,000 $180,000
JP Telco Lincoln, NE to internet T3 Line $3,500 $126,000
KQ Telco Lincoln, NE to internet T3 Line $3,500 $126,000
In country all retail stores to internet
with JP & KQ Telco
T1 Line $500 x 105 Stores x 2
ISPs = $105,000
$3,780,000
Saint Lambert, Quebec T1 Line $3,500 x 2 ISPs = $7,000 $252,000
Ottawa, Ontario T1 Line $1,850 x 2 ISPs = $3,700 $133,200
Etobicoke, Ontario T1 Line $3,500 x 2 ISPs = $7,000 $252,000
Winsdsor, Ontario T1 Line $1,900 x 2 ISPs = $3,800 $136,800
Ottawa, Ontario T1 Line $2,400 x 2 ISPs = $4,800 $172,800
Total
$148,300 $5,338,800
Our team recommends to connecting all stores to HQ through VPN because it is very important to
secure all the transactions and all the customers data. We have ASA 5505 firewalls at each retail stores and we
have very high-quality firewall at the HQ which will be capable of more than 1,200 VPN connections.
Credit Card Clearing:
Credit card clearing is use for authorization of credit cards, on Point of sale(POS) at each retail stores.
Daily averages of 40 transactions authorized at each cash register or POS. so our team used JP Telco’s credit card
clearing services. Which costs $2,000 per month for the T1 and $0.05 per clearing. So in total for 110 retail stores
it will cost $220 and for 300 retail stores, it will cost $600 per month.
Credit Card Clearing Price
110 Retail Stores x 40 authorizations x
$0.05
$220 daily for credit card clearing plus $2,000 per
month
300 Retail Stores x 40 authorizations x
$0.05
$600 daily for credit card clearing plus $2,000 per
month
NetEngine Consulting LLC VMO Proposal
17
5 CHICAGO HQ LOCATION: BUILDING A DATACENTER
5.1 CAMPUS LAYOUT
VMO’s campus includes several main buildings; Building A: management and new data center, Building A:
Warehouse, and Building N: 6 story new construction. Fiber has already been run to each building from building
A. An additional Fiber run will be installed from Building C to Building N for redundancy purposes. In the event
of hardware failure at the edge of any building, a secondary route will be available for all network traffic to flow
through.
Figure 6 Current Campus Design
NetEngine Consulting LLC VMO Proposal
18
After building B and D are demolished, there will be a new soccer field to reserve that space.
Figure 7 New VMO Campus Plan
NetEngine Consulting LLC VMO Proposal
19
5.2 LAN DESIGN OF HEADQUARTER
Figure 8 LAN design of HQ
NetEngine Consulting LLC VMO Proposal
20
5.3 BUILDING A: PROPOSED DATACENTER
5.3.1 Building Layout
Figure 9 Proposed Datacenter Design
NetEngine Consulting LLC VMO Proposal
21
5.3.2 LAN Topology
Figure 10 LAN of Building A
NetEngine Consulting LLC VMO Proposal
22
5.3.3 Rack Equipment
Figure 11 Server Racks
Figure 12 Equipment Types
All servers will be located at both VMO Chicago campus and the customer service
headquarters in Lincoln, Nebraska. Additionally, all servers are configured with redundant power
supplies and connected to a battery back-up UPS. All servers come with a 5 pack of Windows
Server 2016 Client Access Licenses for remote desktop (user based).
• Storage Server: Dell PowerEdge R740
The storage server(s) will provide networked storage for all users on the network. One will be placed in the
datacenter at the corporate campus in Chicago while the other will be place in the customer service
headquarters. The chosen chassis for the storage server is the Dell PowerEdge R740 with up to 16 2.5”
SAS/SATA HDDs. Each server is populated with 8 2.4TB 10K RPM SAS hard drives in a RAID 5 configuration,
allowing one drive to fail while keeping all data accessible. A 16 drive chassis was chosen to provide room for
expansion, with a theoretical maximum capacity of 36TB if configured with the same hard drives and raid
configuration. 10K RPM hard drives were chosen to increase read and write performance while also incurring
cost savings. Current market trends show that the price of solid state drives is significantly higher than
traditional hard drives. Redundant power supplies make sure that the server will still have power in case of a
PSU failure. Additionally, the server will be connected to a UPS battery backup, ensuring that the server has
NetEngine Consulting LLC VMO Proposal
23
enough power to shutdown gracefully or stay online until the backup generators come online. This server also
comes with 5 years of ProSupport from Dell with next business day onsite service. In the event of component
failure, Dell would be able to service the server by the next business day.
• Camera Server: Dell PowerEdge R740
The camera server will be responsible for managing and staring video data for VMO. This server has the
same specifications, configuration, and support as the storage server. This was done because both servers will
require a large amount of storage.
• Application Server: Dell PowerEdge R740
The application server will house VMO’s newly developed application that is responsible for the majority of
VMO’s operations. As such, this is a mission-critical piece of equipment. This server is configured with the same
chassis as the camera and storage servers. It houses 4 2.4TB 10K RPM self-encrypting hard drives. The self-
encrypting hard drives were used because of the possibility of containing sensitive information that should not
be accessible to the public.
• Domain Controller (Active Directory, DNS, DHCP): Dell PowerEdge R740
The Domain Controller, running Windows Server 2016 Standard, will be responsible for active directory,
DNS, and DHCP services. Two servers will be deployed, on at VMO’s main campus and the other at the
customer service headquarters. Each one will provide services at the location they are at. This server is
configured with 8 120GB SSDs in a RAID 5 configuration allowing for fast startup as well as blazing fast
read/write times. DHCP services will only be used for the main campus and the customer service headquarters.
IP address assignment will be done manually for the retail locations. Windows Active Directory will be used to
assign group policies to certain users and computers.
• Web Server: Dell PowerEdge R740
The web server will host any internal/external facing websites. It has been configured with 4 400GB SSDs in
a raid 5 configuration. Due to most of VMO’s business process taking place on the application server, the web
server does not require a massive amount of storage. We decided to utilize the speed and efficiency of solid
state drives to remove any bottlenecks on the server end. The domain controller will work closely with the web
server, providing internal DNS services for easy access from within the network.
• Exchange Server: Dell PowerEdge R740
We will be utilizing a hybrid system for company email services. Our primary service will be Office 365
Enterprise, a cloud-based email service that also provides a Microsoft Office product suite. The Office 365
service provides a custom email domain that will actively sync with the exchange server. This will allow us to still
send emails internally in the event that we lose connectivity to the Office 365 services. Since this server is acting
NetEngine Consulting LLC VMO Proposal
24
more as a backup than a piece of mission-critical equipment, the decision was made to use a single 120GB SSD
boot drive and a single 2.4TB 10K RPM SAS hard drive. No RAID configuration was set on this server as well.
• Monitoring/ System Log Server: Dell PowerEdge R740
Being able to monitor all aspects of VMO’s network is crucial for determining the health of the network, as
well as preventing unnecessary outages. The monitoring server will have Solarwinds services running on it to
monitor that network and notify staff of potential outages. This server has been configured with a 120GB SSD
boot drive as well as a 1TB 7.2K RPM NLSAS hard drive. This server will not require much storage as it is acting
more as a monitoring tool than a reporting tool. However, reporting tools are built into the Solarwinds suite,
allowing useful data collection VMO’s IT staff.
5.3.4 Network Services
5.3.4.1 Domain Name Services
Domain Name Services, or DNS allow users to connect to a website just by typing the address in words
instead of an IP Address. It does this by looking up the associated name to an IP similar to a phonebook. In the
case of DNS, an IP address is equivalent to a phone number and the URL is the name of a website, which is
easier to remember than an IP address. There are many DNS servers and they are organized in a hierarchy. If a
DNS server does not know the address of a website, then it goes to second DNS server which is higher up in
the hierarchy. There are several root DNS servers which will ensure the lookup a URL if other DNS servers
cannot find it. The root servers are update regularly to ensure all URLs inquiries are met if there is a change.
There is a Central Registry who maintain root servers and receives updates from other DNS servers. For
example, if you were to create a new website, the DNS service update it servers within 36 hour period, known
as propagation.
5.3.4.2 E-Mail Server
E-mail can be done by setting up an email server. Microsoft server 2008, 2012, and 2016 offer e-mail
server roles. The email address is usually associated with the domain address of the business. Users will connect
to [email protected]. The domain part of the address can be changed to the liking of the business. For
VMO, we can create a domain called VMO and an email server which users the @VMO.com. In addition, the
email server stores email locally. However, with cloud storage on the rise, technology companies like Google
and Microsoft are offering services to host the small business email servers. Thus, company emails servers will
be hosted/stored on the cloud.
In our proposed plan, we have a server running IPv4 which take care of the staff IP address. In addition, we have
114 public IP address which allow users to access the internet.
5.3.4.3 Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol, or DHCP allow the assignment of a private internet address. For
internet protocol version 4, there are two types; Public and Private IPs. A public IP address allows a user to
access the internet. A private IP address is used internally and cannot be routed through the internet without
another service called Network Address Translation. An IP addressed is linked to a device’s Media Access
Control Address, or MAC. The MAC address physically encoded during the time of manufacture.
NetEngine Consulting LLC VMO Proposal
25
When a devices attempts to connect to a network, a hotspot for example, it is automatically assigned an
IP address through the DHCP server. The host searches for a DHCP server, is assigned an IP address and lease
configuration. IP address are subjet to a lease period.
In our proposed plan, we have a DHCP server running IPv4 which take care of the users IP address.
5.3.4.4 Active Directory
Active Directory, or AD is domain controller which functions within a windows domain. It keeps track
of users and their privileges. It authenticates and authorizes users in cases such as logon, storage drive access,
installation access, and others. Also, it is responsible for the enforcement of security policies, including password
management. There is a hierarchical framework in place for the domain. The highest level is a forest, which
contains configuration, scheme and application information. The lowest level is a domain controller.
We propose to configure active directory and run the domain @vmo.com.
5.3.4.5 Web Server
A web server is hosted a company’s internal servers which make it easier to manage for the IT Staff. The
Web server can be outsourced to third parties such as Go Daddy, or Wix. For in house management of the
web server, it can be configured onto a windows server as additional role. From there, web developers in the IT
department would be responsible for creating website.
We propose to configure the webserver on a its own physical server. We will not use virtualization.
5.3.4.6 Application Server
The application server is configured on a server, which is separate from other servers. The application
server allows be communicate with a database server and storage server. Database, storage and application
server work together to provide a smooth running and mission critical for
5.3.4.7 SYSLOG Server
A syslog server which stores log information for all network devices requires. It removes the tedious
task of going to all the network devices and
We will have syslog server running on the storage sever.
5.3.4.8 File Server
File server is hosted on a storage server. It allows users to a access a common drive which is available to
set of users. Marketing will be access files stored on the marketing drive. There are different drives for different
departments. With different drives comes with different security policies.
5.3.5 Network Protocols and Strategies
5.3.5.1 EIGRP
For the internal network we will use eigrp. Eigrp (enhanced interior gateway protocol) is a cisco
proprietary routing protocol that uses bandwidth, trustworthiness of a link, and delay to calculate it’s metric for
route selection. Eigrp is an efficient routing protocol that allows for fast convergence and optimal bandwidth
allocation. If a link goes down in a network, eigrp is able to adapt to that change in the network in rapid time, by
its use of diffusing update algorithms. Eigrp also conserves bandwidth by not sending routing updates constantly,
or its use of hello packets as with ospf. As a result eigrp is an optimal choice for internal routing of VMO’s
infrastructure.
NetEngine Consulting LLC VMO Proposal
26
Building A will house the data center. The subnet of 192.168.9.192/27 will be used for all the servers. The
different stores and the Lincoln, Nebraska location will need to access these servers. Since there is a VPN
connection between these different locations a NAT (network address translation) exemption will be configured
for this subnet. NAT exemption will allow any traffic that is destined to a VPN peer to be exempt from being
natted/patted. Considering the packets will be traveling in a secure private network inaccessible from the outside,
there will be no need for explicit NAT/PAT.
5.3.6 Redundancy
In the case of router or switch failure, we have created a network which implements a two-path network.
There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the network equipment
fails in the primary path, the secondary path will activate and update routing tables appropriately, therefore
bypassing the failed router or switch. Similarly, we have implemented primary and secondary links are at all
locations, including Building A: Datacenter, Building N: Administration, Building C: Warehouse. Moreover, if
equipment fails, the secondary path will handle the network. In usual day to day operation, the secondary path
stays passive, it activates when the redundant neighbor does not send “Alive” packet, which is when the second
path router assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make
necessary changes while securing uptime. With so many devices and equipment involved in the network, it is vital
to have redundancy to ensure 99.999% uptime.
5.3.7 Chicago HeadQuarters IP Address Scheme
Major Network: 192.168.0.0/20
Available IP addresses in major network: 4094
Number of IP addresses needed: 2548
Available IP addresses in allocated subnets: 2548
About 64% of available major network address space is used
About 100% of subnetted network address space is used
Subnet
Name
Needed
Size
Allocated
Size
Address Mask Dec Mask Assignable
Range
Broadcast
Building
N
254 254 192.168.0.0 /24 255.255.255.0 192.168.0.1 -
192.168.0.254
192.168.0.255
Building
N
254 254 192.168.1.0 /24 255.255.255.0 192.168.1.1 -
192.168.1.254
192.168.1.255
Building
N
254 254 192.168.2.0 /24 255.255.255.0 192.168.2.1 -
192.168.2.254
192.168.2.255
Building
N
254 254 192.168.3.0 /24 255.255.255.0 192.168.3.1 -
192.168.3.254
192.168.3.255
Building
N
254 254 192.168.4.0 /24 255.255.255.0 192.168.4.1 -
192.168.4.254
192.168.4.255
Building
N
254 254 192.168.5.0 /24 255.255.255.0 192.168.5.1 -
192.168.5.254
192.168.5.255
NetEngine Consulting LLC VMO Proposal
27
Building
N
126 126 192.168.6.0 /25 255.255.255.128 192.168.6.1 -
192.168.6.126
192.168.6.127
Building
N
126 126 192.168.6.128 /25 255.255.255.128 192.168.6.129 -
192.168.6.254
192.168.6.255
Building
N
126 126 192.168.7.0 /25 255.255.255.128 192.168.7.1 -
192.168.7.126
192.168.7.127
Building
N
126 126 192.168.7.128 /25 255.255.255.128 192.168.7.129 -
192.168.7.254
192.168.7.255
Building
N
126 126 192.168.8.0 /25 255.255.255.128 192.168.8.1 -
192.168.8.126
192.168.8.127
Building
N
126 126 192.168.8.128 /25 255.255.255.128 192.168.8.129 -
192.168.8.254
192.168.8.255
Building
C
62 62 192.168.9.0 /26 255.255.255.192 192.168.9.1 -
192.168.9.62
192.168.9.63
Building
C
62 62 192.168.9.64 /26 255.255.255.192 192.168.9.65 -
192.168.9.126
192.168.9.127
Building
N
62 62 192.168.9.128 /26 255.255.255.192 192.168.9.129 -
192.168.9.190
192.168.9.191
Data
Center
30 30 192.168.9.192 /27 255.255.255.224 192.168.9.193 -
192.168.9.222
192.168.9.223
Data
Center
14 14 192.168.9.224 /28 255.255.255.240 192.168.9.225 -
192.168.9.238
192.168.9.239
ACFW1
TO
ACFW2
2 2 192.168.9.240 /30 255.255.255.252 192.168.9.241 -
192.168.9.242
192.168.9.243
ACFW1
TO
ACSW1
2 2 192.168.9.244 /30 255.255.255.252 192.168.9.245 -
192.168.9.246
192.168.9.247
ACFW2
TO
ACSW2
2 2 192.168.9.248 /30 255.255.255.252 192.168.9.249 -
192.168.9.250
192.168.9.251
ACR1 TO
ACFW1
2 2 192.168.9.252 /30 255.255.255.252 192.168.9.253 -
192.168.9.254
192.168.9.255
ACR1 TO
ACFW2
2 2 192.168.10.0 /30 255.255.255.252 192.168.10.1 -
192.168.10.2
192.168.10.3
ACR1 TO
ACR2
2 2 192.168.10.4 /30 255.255.255.252 192.168.10.5 -
192.168.10.6
192.168.10.7
ACR2 TO
ACFW1
2 2 192.168.10.8 /30 255.255.255.252 192.168.10.9 -
192.168.10.10
192.168.10.11
ACR2 TO
ACFW2
2 2 192.168.10.12 /30 255.255.255.252 192.168.10.13 -
192.168.10.14
192.168.10.15
ACSW1
TO
ACSW2
2 2 192.168.10.16 /30 255.255.255.252 192.168.10.17 -
192.168.10.18
192.168.10.19
ACSW1
TO
CDSW1
2 2 192.168.10.20 /30 255.255.255.252 192.168.10.21 -
192.168.10.22
192.168.10.23
NetEngine Consulting LLC VMO Proposal
28
ACSW1
TO
CDSW2
2 2 192.168.10.24 /30 255.255.255.252 192.168.10.25 -
192.168.10.26
192.168.10.27
ACSW1
TO
NDSW1
2 2 192.168.10.28 /30 255.255.255.252 192.168.10.29 -
192.168.10.30
192.168.10.31
ACSW1
TO
NDSW2
2 2 192.168.10.32 /30 255.255.255.252 192.168.10.33 -
192.168.10.34
192.168.10.35
ACSW2
TO
CDSW1
2 2 192.168.10.36 /30 255.255.255.252 192.168.10.37 -
192.168.10.38
192.168.10.39
ACSW2
TO
CDSW2
2 2 192.168.10.40 /30 255.255.255.252 192.168.10.41 -
192.168.10.42
192.168.10.43
ACSW2
TO
NDSW1
2 2 192.168.10.44 /30 255.255.255.252 192.168.10.45 -
192.168.10.46
192.168.10.47
ACSW2
TO
NDSW2
2 2 192.168.10.48 /30 255.255.255.252 192.168.10.49 -
192.168.10.50
192.168.10.51
CDSW1
TO
CDSW2
2 2 192.168.10.52 /30 255.255.255.252 192.168.10.53 -
192.168.10.54
192.168.10.55
NDSW1
TO
NDSW2
2 2 192.168.10.56 /30 255.255.255.252 192.168.10.57 -
192.168.10.58
192.168.10.59
5.3.8 Equipment Information & Pricing
Headquarter- Building A
Item Unit Price Quantity Total Cost
Cisco ASR 901 10G
Router (Edge
Router)
$4,032.99 2 $8,065.98
Cisco Firepower
2110 NGFW
(Firewall)
$8,471.99 2 $16,943.98
Cisco Catalyst 9500-
48 ports (Core
Switch)
$16,519.99 2 $33,039.98
Cisco Catalyst
2960L48 ports
(Access Switch)
$1,876.99 3 $5,630.97
Cisco Aironet
18321- Wireless
Access Point
$367.99 1 $367.99
NetEngine Consulting LLC VMO Proposal
29
Cisco 2504 Wireless
Controller
$4,397.99 1 $4,397.99
Dell PowerEdge
R740 for
AD/DNS/DHCP
$9,737.90 1 $9,737.90
Dell PowerEdge
R740 for Application
Server
$11,685.51 1 $11,685.51
Dell PowerEdge
R740 for Exchange
Server
$7,766.48 1 $7,766.48
Dell PowerEdge
R740 for Camera &
Storage
$13,084.37 2 $26,168.74
Dell PowerEdge
R740 for Web
Server
$8,473.27 1 $8,473.27
HP Color LaserJet
Pro M477fdn
$379.00 1 $379.00
TRENDnet TV
IP310P1 PoE
Network Camera
$129.99 5 $649.95
CAT6e 23/44 pair
550MHz Plenum
Wires
$236.36 10 $2,363.60
HP 24-g010- all in
one A8 7410
$507.99 3 1,523.97
APC Smart- UPS X
1500VA
$804.99 7 $5,634.93
42U Adjustable 4
Server Equipment
Rack
$333.99 5 $1,669.95
Timemoto TM-626
Fingerprint Sensor
$449.00 1 $449.00
Isonas Pure Key
Card Access
$1,356.00 1 $1,356.00
Total cost for
Building A
$146,305.19
NetEngine Consulting LLC VMO Proposal
30
5.4 BUILDING N: ADMINISTRATION OFFICES Building N, a newly constructed six-story building, will house offices for employees on VMO’s campus.
This building is comprised of six floors, each with 100 nodes. All networking equipment for the building will be
housed in the basement.
5.4.1 Building Layout
NetEngine Consulting LLC VMO Proposal
31
NetEngine Consulting LLC VMO Proposal
32
5.4.2 LAN Topology
Figure 13 LAN of Building N
5.4.3 Network Protocols & Strategies
Each department in building N will be configured in its own VLAN. From there the access switches
connected to the distribution switch will be configured with an 802.1q trunk port. This will allow the different
VLANS to communicate with one another. The distribution switches will be configured with HSRP or hot standby
routing protocol. This will create a virtual link within the distribution switch that will act as the default gateway of
the end nodes.
The distribution switches connected to the access switches will also be configured with IP SLA. IP SLA is
a feature in cisco devices that monitor in real time the performance of the network. IP SLA will give feedback on
packet loss, connectivity and delay. There are multiple timestamps on an IP SLA packet. If the latency of the packets
exceed a certain time it could indicate there is an issue with the receiving device. If there is an issue with a link
then the distribution switch will have a failover link which will transfer data sent from the access switches to a
secondary link for transit.
Building N will have private ip addresses on each floor for all devices. The hosts will be the only devices
needing to egress and ingress the network. There will be public IP’s assigned on the outside interfaces of the
routers connected to both JP Telco and KQ telco. Since there aren’t many public ip addresses available along with
the inability to traverse the internet with a private IP address, NetEngine has decided to PAT (port address
NetEngine Consulting LLC VMO Proposal
33
translation) the private ip address to the public ip on the outside interface of the router connected to JP Telco.
PAT is the process of having all the private ip addresses in a network access the internet using a single public ip
address. The distinguishing factor of all the ip addresses is the logical port number that is assigned to each session.
The number of port numbers that are assignable depends on the memory of the device. In the case of the router
we will purchase for VMO headquarters has total memory of 100 GB. Each PAT entry needs 160 bits of memory
to be allocated. This will allow for an abundance of public ip addresses to be used. The private ip address range of
each floor is listed below, along with an example of their public IP with port number.
• Floor 6: 192.168.5.0 – 100.10.1.1: 5001
• Floor 5: 192.168.5.0 – 100.10.1.1: 5002
• Floor 4: 192.168.5.0 – 100.10.1.1: 5003
• Floor 3: 192.168.5.0 – 100.10.1.1: 5004
• Floor 2: 192.168.5.0 – 100.10.1.1: 5005
• Floor 1: 192.168.5.0 – 100.10.1.1: 5006
• Basement: 192.168.5.0 – 100.10.1.1: 5007
5.4.4 Virtual Local Area Networks(VLANS)
Floor # of Users VLANs 6th Floor Admin Staff: 50 users Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
5th Floor Management: 50 Users
Legal: 10 Users
Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
4th Floor Marketing: 100 Users Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
3rd Floor Marketing: 50 users
Logistics: 50 Users
Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
2nd Floor Accounting: 50 Users
HR: 10 Users
Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
1st Floor Operations: 100 Users Access point VLAN 10 (254 Hosts)
Switch VLAN (124 Hosts)
5.4.5 Redundancy
In the case of router or switch failure, we have created a network which implements a two-path network.
There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the network equipment
fails in the primary path, the secondary path will activate and update routing tables appropriately, therefore
bypassing the failed router or switch. Similarly, we have implemented primary and secondary links are all locations,
including Building A: Datacenter, Building N: Administration, Building C: Warehouse. Moreover, if equipment fails,
the secondary path will handle the network. In usually day to day operation, the secondary path stays passive, it
activates when the redundant neighbor does not send “Alive” packet, which is when the second path router
assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make necessary
changes while not worry about the network. With so many devices and equipment involved in the network, it is
vital to have redundancy to ensure 99.999% uptime.
NetEngine Consulting LLC VMO Proposal
34
5.4.6 Rack Equipment
In building N, there are two racks that are composed of 26 access switches, 1 UPS and 2 distribution
switches. The role of the access switches is to connect all the end devices to the network. From there the access
switches are connected to the distribution switches. Distribution switches are also known as layer three switches
due to their routing capabilities. These switches are meant to provide the access layer a path to the core layer so
that the network devices can send packets to one another and to the WAN. The configuration to the distribution
switches we will use for VMO headquarters are also configured with a trunk port allowing for inter-vlan routing
without the core switch.
Figure 14 Server Racks
Figure 15 Server Equipment
NetEngine Consulting LLC VMO Proposal
35
5.4.7 Equipment Information & Pricing
Headquarter- Building N
Item Unit Price Quantity Total Cost
Cisco Catalyst 3850-
48 Ports Switch
$6,311.99 2 $12,623.98
Cisco Catalyst
2960L- 48 Ports
Switch
$1,876.99 26 $48,801.74
Cisco Aironet
18321- Wireless
Access Point
$367.99 54 $19,871.46
Cisco 2504 Wireless
Controller
$4,397.99 1 $4,397.99
HP Color LaserJet
Pro M477fdn
$379.00 80 $30,320.00
TRENDnet TV
IP310P1 PoE
Network Camera
$129.99 60 $7,799.40
CAT6e 23/44 pair
550MHz Plenum
Wires
$236.36 75 $17,727
HP 24-g010- all in
one A8 7410
$507.99 600 304,794.00
APC Smart- UPS X
1500VA
$804.99 1 $804 .99
42U Adjustable 4
Server Equipment
Rack
$333.99 2 $667.98
Isonas Pure Key
Card Access
$1,356.00 14 $18,984.00
Total cost for
Building N
$466,792.54
NetEngine Consulting LLC VMO Proposal
36
5.5 BUILDING C: WAREHOUSE
5.5.1 Building Layout
NetEngine Consulting LLC VMO Proposal
37
5.5.2 LAN Topology
Figure 16 LAN of Building C
5.5.3 Network Protocols & Strategies
For building C, the same protocols and strategies will be used as in building N. The VLANS will be
determined by which device is on that VLAN. Hosts used by the warehouse workers will be put on VLAN 10,
while cameras, printers, and access points will be in VLAN 20. For the host VLAN 10 a /26 mask was used to
allocate enough space for 62 users. The same /26 mask is used for the second VLAN 20.
The distribution switches connected to the access switches will be configured with 802.1q trunk ports.
This will allow for the different VLANS to communicate with one another. From there the distribution switches
will also be configured with HSRP. This will allow the switch to create a virtual link that will act as the default
gateway of all the devices. HSRP will also allow us to configure priority to the connected links. With this we can
configure a primary link and a secondary link. In the case of primary link going down, the traffic will be forwarded
to the secondary link allowing for failover. To do this IP SLA will also be configured which will give feedback in
real time on different network metrics such as jitter, delay, and RTT.
Similar to building N, the hosts in the warehouse will be the only devices that need to undergo port
address translation. All of the hosts are on network 192.168.9.0/24. Using PAT, the ip addresses will use the public
ip address of 100.10.1.1/24 to access the internet.
NetEngine Consulting LLC VMO Proposal
38
5.5.4 Redundancy
In the case of router or switch failure, we have created a network which implements a two-path
network. There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the
network equipment fails in the primary path, the secondary path will activate and update routing tables
appropriately, therefore bypassing the failed router or switch. Similarly, we have implemented primary
and secondary links are all locations, including Building A: Datacenter, Building N: Administration,
Building C: Warehouse. Moreover, if equipment fails, the secondary path will handle the network. In
usually day to day operation, the secondary path stays passive, it activates when the redundant neighbor
does not send “Alive” packet, which is when the second path router assumes it is offline. In the meantime,
a network engineer can replace the failed equipment and make necessary changes while not worry about
the network. With so many devices and equipment involved in the network, it is vital to have redundancy
to ensure 99.999% uptime.
NetEngine Consulting LLC VMO Proposal
39
5.5.5 Rack Equipment
Building C will have 2 distribution switches, 1 UPS and 2 access switches. The access switches will provide
the end devices with network access. The distribution switches will be configured with trunk ports to allow inter-
vlan routing and will create a path for the access switches to the core switch.
Figure 17 Server Racks
Figure 18 Server Equipment
NetEngine Consulting LLC VMO Proposal
40
5.5.6 Equipment Information & Pricing
Headquarter- Building C
Item Unit Price Quantity Total Cost
Cisco Catalyst 3850-
48 Ports Switch
$6,311.99 2 $12,623.98
Cisco Catalyst
2960L- 48 Ports
Switch
$1,876.99 2 $3,753.98
Cisco Aironet
18321- Wireless
Access Point
$367.99 6 $2,207.94
Cisco 2504 Wireless
Controller
$4,397.99 1 $4,397.99
HP Color LaserJet
Pro M477fdn
$379.00 4 $1,516.00
TRENDnet TV
IP310P1 PoE
Network Camera
$129.99 10 $1,299.90
CAT6e 23/44 pair
550MHz Plenum
Wires
$236.36 15 $3,545.40
HP 24-g010- all in
one A8 7410
$507.99 25 12,699.75
APC Smart- UPS X
1500VA
$804.99 1 $804 .99
42U Adjustable 4
Server Equipment
Rack
$333.99 2 $667.98
Isonas Pure Key
Card Access
$1,356.00 1 $1,356.00
Total cost for
Building C
$44,873.91
NetEngine Consulting LLC VMO Proposal
41
6 LINCOLN, NEBRASKA CALL CENTER
The customer service headquarters, located in Lincoln, Nebraska, receives all phone and mail
orders. It is also responsible for all customer service inquires for VMO. There are 20 managers and
100 customer service agents for a total of 120 employees at the customer service headquarters. As
part of the new infrastructure redesign, a completely new data infrastructure will be provided and
implemented.
6.1 BUILDING LAYOUT
NetEngine Consulting LLC VMO Proposal
42
6.2 LAN TOPOLOGY
6.2.1 Wireless Network
Part of this new redesign is the inclusion of a network for wireless devices (printers, laptops,
etc..). This will be done through implementation of a newly designed wireless network, utilizing
multiple Cisco access points. Two network SSIDs will be created, one for company use and the other
for guest wireless access. These two SSIDs will be broadcasted over Cisco Aironet 1832l wireless APs.
These APs support dual band operation as well as 802.11ac support.
SSID VLAN
VMO 24
VMO-Guest 25
The wireless access points will be controlled by a Cisco 2504 series wireless controller. It will be
able to manage up to 25 APs. Each building will have one of these controllers on premises, allowing for
easy and fast configuration and management of each AP. Additionally, these wireless controllers
support high-availability failover for added redundancy and ease of mind.
NetEngine Consulting LLC VMO Proposal
43
6.3 NETWORK PROTOCOLS & STRATEGIES For the internal network, the end point devices will dynamically get IP addresses from the DHCP server.
Using HSRP protocol on the core switches, a virtual default gateway will be configured. HSRP will also allow for
higher priority to one core switch which will make it the primary egress device.
The core switches are connected to the firewalls, with static routes configured on the switch to the
firewalls. There will be two firewalls in this location allowing for high availability. In the case of device failure, the
firewalls will be configured with failover. This will allow the functionality of the main firewall connected to the JP
telco LAN router to switch over to the secondary firewall.
The hosts in the call center in Lincoln, Nebraska will have the private ip address range of 172.16.0.0/24 and
the servers will be in the range of 172.16.2.0/27. The storage server will need to be able to have access from the
stores. This is where the credit card clearing data will be stored. A NAT exemption rule will be made on the
firewall to exempt the natting of ip addresses from these locations. There will be a PAT rule also be put in place
to allow for public ip addresses to traverse the public web.
6.4 REDUNDANCY In the case of router or switch failure, we have created a network which implements a two-path network.
There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the network equipment
fails in the primary path, the secondary path will activate and update routing tables appropriately, therefore
bypassing the failed router or switch. Moreover, if equipment fails, the secondary path will handle the network. In
usually day to day operation, the secondary path stays passive, it activates when the redundant neighbor does not
send “Alive” packet, which is when the second path router assumes it is offline. In the meantime, a network
engineer can replace the failed equipment and make necessary changes while not worry about the network. With
so many devices and equipment involved in the network, it is vital to have redundancy to ensure 99.999% uptime.
NetEngine Consulting LLC VMO Proposal
44
6.5 RACK EQUIPMENT The racks in Lincoln, Nebraska will house 10 access switches, 2 edge routers, 2 firewalls, 2 servers, 3 UPS’s
and the 2 core switches. The access switches will provide network access for all the end devices, while the core
switches will provide inter-vlan routing via 802.1q trunk ports and access to the WAN.
Figure 19 Server Racks
Figure 20 Server Equipment
NetEngine Consulting LLC VMO Proposal
45
6.6 LINCOLN, NEBRASKA IP SCHEME
Major Network: 172.16.0.0/22
Available IP addresses in major network: 1022
Number of IP addresses needed: 568
Available IP addresses in allocated subnets: 568
About 58% of available major network address space is used
About 100% of subnetted network address space is used
Subnet
Name
Needed
Size
Allocated
Size
Address Mask Dec Mask Assignable
Range
Broadcast
Regular
Users
254 254 172.16.0.0 /24 255.255.255.0 172.16.0.1 -
172.16.0.254
172.16.0.255
Regular
Users (APs,
Cameras)
254 254 172.16.1.0 /24 255.255.255.0 172.16.1.1 -
172.16.1.254
172.16.1.255
Data Center 30 30 172.16.2.0 /27 255.255.255.224 172.16.2.1 -
172.16.2.30
172.16.2.31
Data Center
(APs,
Cameras)
14 14 172.16.2.32 /28 255.255.255.240 172.16.2.33 -
172.16.2.46
172.16.2.47
LNCFW1
TO
LNCFW2
2 2 172.16.2.48 /30 255.255.255.252 172.16.2.49 -
172.16.2.50
172.16.2.51
LNCFW1
TO
LNCSW1
2 2 172.16.2.52 /30 255.255.255.252 172.16.2.53 -
172.16.2.54
172.16.2.55
LNCFW2
TO
LNCSW2
2 2 172.16.2.56 /30 255.255.255.252 172.16.2.57 -
172.16.2.58
172.16.2.59
LNCR1 TO
LNCFW1
2 2 172.16.2.60 /30 255.255.255.252 172.16.2.61 -
172.16.2.62
172.16.2.63
LNCR1 TO
LNCFW2
2 2 172.16.2.64 /30 255.255.255.252 172.16.2.65 -
172.16.2.66
172.16.2.67
LNCR1 TO
LNCR2
2 2 172.16.2.68 /30 255.255.255.252 172.16.2.69 -
172.16.2.70
172.16.2.71
LNCR2 TO
LNCFW1
2 2 172.16.2.72 /30 255.255.255.252 172.16.2.73 -
172.16.2.74
172.16.2.75
LNCR2 TO
LNCFW2
2 2 172.16.2.76 /30 255.255.255.252 172.16.2.77 -
172.16.2.78
172.16.2.79
NetEngine Consulting LLC VMO Proposal
46
6.7 EQUIPMENT INFORMATION & PRICING
Lincoln, Nebraska
Item Unit Price Quantity Total Cost
Cisco ASR 901 10G
Router (Edge
Router)
$4,032.99 2 $8,065.98
Cisco Firepower
2110 NGFW
(Firewall)
$8,471.99 2 $16,943.98
Cisco Catalyst 9500-
48 ports (Core
Switch)
$16,519.99 2 $33,039.98
Cisco
Catalyst2960L-48
ports (Access
Switch)
$1,876.99 10 $18,769.90
Dell PowerEdge
R740 for Camera &
Storage
$13,084.37 2 $26,168.74
Cisco Aironet
18321- Wireless
Access Point
$367.99 8 $2,943.92
Cisco 2504 Wireless
Controller
$4,397.99 1 $4,397.99
HP Color LaserJet
Pro M477fdn
$379.00 11 $4,169.00
TRENDnet TV
IP310P1 PoE
Network Camera
$129.99 20 $2,599.80
CAT6e 23/44 pair
550MHz Plenum
Wires
$236.36 25 $5,909.00
HP 24-g010- all in
one A8 7410
$507.99 120 $60,958.80
APC Smart- UPS X
1500VA
$804.99 1 $804.99
42U Adjustable 4
Server Equipment
Rack
$333.99 2 $667.98
Isonas Pure Key
Card Access
$1,356.00 3 $4,068.00
Total cost for
Building Lincoln, NE
$189,508.06
NetEngine Consulting LLC VMO Proposal
47
7 RETAIL STORE LOCATIONS
7.1 BUILDING LAYOUT
Each retail location has 4 Point-of-Sale (POS) terminals requiring credit card clearing services.
These credit card clearing services will be provided by JP Telco via a dedicated T1 link.
NetEngine Consulting LLC VMO Proposal
48
7.2 LAN TOPOLOGY
Figure 21 Lan Topology for Store
7.3 NETWORK PROTOCOLS & STRATEGIES The T1 to the internet and the point to point T1 will be running BGP. BGP (border gateway protocol) is
the main protocol used on the internet. ISP's are provided an autonomous system number, which will come into
play when BGP peers are formed. BGP will form multiple peers that share routing information with one another
and will select the best route to take based on that information.
The firewalls at each location will be running an IPSEC VPN. IPSEC VPN offers strong encryption via two
different methods, tunnel and transport. In tunnel mode both the payload of the packet and the header information
are encrypted, and a new headers will be attached. One of the two headers added are AH (authentication header)
which complies with AH protocol. AH protocol is responsible for authentication of the packet using algorithms
such as hmac-sha and hmac-md5.
The next header that is attached is the ESP header. The ESP header is responsible for the integrity of the
data, meaning it makes sure the payload stays secure until it reaches its destination. It does this by using
confidentiality, authentication, or both methods by encrypting the data with the same algorithms as AH. Either
NetEngine Consulting LLC VMO Proposal
49
one of these protocols will encapsulate the data packets or both can be used in conjunction with one another. As
a result of the combination of IPSEC tunneling from firewall to firewall, and a secondary T1 for credit card clearing;
this will provide secure transport of customer data along with multiple avenues of transport to make sure data
reaches headquarters.
The point of sale devices in the stores will have their traffic destined for the headquarters encrypted via the
VPN on the credit card clearing line provided by JP Telco. The stores will have private ip addresses similar to the
store at DePaul University of 10.110.2.96/27. There won’t be need for explicit PAT for these devices considering
they will be traveling through a point to point line on top of a VPN, allowing for secure travel. Any other devices
that are using the T1 to traverse the internet will be able to using dynamic NAT. This will allow the different
devices in the private network to be dynamically assigned a public ip from a pool of addresses given by JP Telco.
7.4 REDUNDANCY In the case of router or switch failure, we have created a network which implements a two-path
network. There primary path is served by JP Telco and the secondary path is served by KQ Telco. If the
network equipment fails in the primary path, the secondary path will activate and update routing tables
appropriately, therefore bypassing the failed router or switch. Moreover, if equipment fails, the secondary
path will handle the network. In usually day to day operation, the secondary path stays passive, it activates
when the redundant neighbor does not send “Alive” packet, which is when the second path router
assumes it is offline. In the meantime, a network engineer can replace the failed equipment and make
necessary changes while not worry about the network. With so many devices and equipment involved
in the network, it is vital to have redundancy to ensure 99.999% uptime.
NetEngine Consulting LLC VMO Proposal
50
7.5 RACK EQUIPMENT
The racks in the stores will house the firewall, routers and access switches.
Figure 22 Server Rack
Figure 23 Server Equipment
NetEngine Consulting LLC VMO Proposal
51
7.6 LOCAL RETAIL STORES IP SCHEME For the VMO retail stores, we plan to assign two subnets at each store. The first subnet is for
Vlan 10, which will have 14 available host /28. The second subnet is for Vlan 20, which will have 30
hosts for local users and /27. We allocated a10.10.0.0/18 for retail stores and subnetted in variable
lengths. The
Major Network: 10.10.0.0/18
Available IP addresses in major network: 16382
Number of IP addresses needed: 4840
Available IP addresses in allocated subnets: 4840
About 32% of available major network address space is used
About 100% of subnetted network address space is used
Subnet Name Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
A.C.C. 14 14 10.10.13.192 /28 255.255.255.240 10.10.13.193 -
10.10.13.206
10.10.13.207
A.C.C. 30 30 10.10.0.0 /27 255.255.255.224 10.10.0.1 -
10.10.0.30
10.10.0.31
A.S.U. 14 14 10.10.13.208 /28 255.255.255.240 10.10.13.209 -
10.10.13.222
10.10.13.223
A.S.U. 30 30 10.10.0.32 /27 255.255.255.224 10.10.0.33 -
10.10.0.62
10.10.0.63
Addam's
University -
Raliegh
30 30 10.10.0.64 /27 255.255.255.224 10.10.0.65 -
10.10.0.94
10.10.0.95
Addam's
University -
Raliegh
14 14 10.10.13.224 /28 255.255.255.240 10.10.13.225 -
10.10.13.238
10.10.13.239
Alamance 14 14 10.10.13.240 /28 255.255.255.240 10.10.13.241 -
10.10.13.254
10.10.13.255
Alamance 30 30 10.10.0.96 /27 255.255.255.224 10.10.0.97 -
10.10.0.126
10.10.0.127
Alcorn State 30 30 10.10.0.128 /27 255.255.255.224 10.10.0.129 -
10.10.0.158
10.10.0.159
Alcorn State 14 14 10.10.14.0 /28 255.255.255.240 10.10.14.1 -
10.10.14.14
10.10.14.15
B.U. 14 14 10.10.14.16 /28 255.255.255.240 10.10.14.17 -
10.10.14.30
10.10.14.31
B.U. 30 30 10.10.0.160 /27 255.255.255.224 10.10.0.161 -
10.10.0.190
10.10.0.191
Baylor
Medical Book
Store
14 14 10.10.14.32 /28 255.255.255.240 10.10.14.33 -
10.10.14.46
10.10.14.47
NetEngine Consulting LLC VMO Proposal
52
Baylor
Medical Book
Store
30 30 10.10.0.192 /27 255.255.255.224 10.10.0.193 -
10.10.0.222
10.10.0.223
Becker
College
30 30 10.10.0.224 /27 255.255.255.224 10.10.0.225 -
10.10.0.254
10.10.0.255
Becker
College
14 14 10.10.14.48 /28 255.255.255.240 10.10.14.49 -
10.10.14.62
10.10.14.63
Blackhawk 14 14 10.10.14.64 /28 255.255.255.240 10.10.14.65 -
10.10.14.78
10.10.14.79
Blackhawk 30 30 10.10.1.0 /27 255.255.255.224 10.10.1.1 -
10.10.1.30
10.10.1.31
Butler 14 14 10.10.14.80 /28 255.255.255.240 10.10.14.81 -
10.10.14.94
10.10.14.95
Butler 30 30 10.10.1.32 /27 255.255.255.224 10.10.1.33 -
10.10.1.62
10.10.1.63
C.S.M. 14 14 10.10.14.96 /28 255.255.255.240 10.10.14.97 -
10.10.14.110
10.10.14.111
C.S.M. 30 30 10.10.1.64 /27 255.255.255.224 10.10.1.65 -
10.10.1.94
10.10.1.95
Carroll 30 30 10.10.1.96 /27 255.255.255.224 10.10.1.97 -
10.10.1.126
10.10.1.127
Carroll 14 14 10.10.14.112 /28 255.255.255.240 10.10.14.113 -
10.10.14.126
10.10.14.127
Central 14 14 10.10.14.128 /28 255.255.255.240 10.10.14.129 -
10.10.14.142
10.10.14.143
Central 30 30 10.10.1.128 /27 255.255.255.224 10.10.1.129 -
10.10.1.158
10.10.1.159
Champlain
College
Bookstore
14 14 10.10.14.144 /28 255.255.255.240 10.10.14.145 -
10.10.14.158
10.10.14.159
Champlain
College
Bookstore
30 30 10.10.1.160 /27 255.255.255.224 10.10.1.161 -
10.10.1.190
10.10.1.191
City
University
14 14 10.10.14.160 /28 255.255.255.240 10.10.14.161 -
10.10.14.174
10.10.14.175
City
University
30 30 10.10.1.192 /27 255.255.255.224 10.10.1.193 -
10.10.1.222
10.10.1.223
College of the
Canyons
30 30 10.10.1.224 /27 255.255.255.224 10.10.1.225 -
10.10.1.254
10.10.1.255
College of the
Canyons
14 14 10.10.14.176 /28 255.255.255.240 10.10.14.177 -
10.10.14.190
10.10.14.191
Columbia 30 30 10.10.2.0 /27 255.255.255.224 10.10.2.1 -
10.10.2.30
10.10.2.31
Columbia 14 14 10.10.14.192 /28 255.255.255.240 10.10.14.193 -
10.10.14.206
10.10.14.207
Creighton 30 30 10.10.2.32 /27 255.255.255.224 10.10.2.33 -
10.10.2.62
10.10.2.63
Creighton 14 14 10.10.14.208 /28 255.255.255.240 10.10.14.209 -
10.10.14.222
10.10.14.223
NetEngine Consulting LLC VMO Proposal
53
Daemen
College
14 14 10.10.14.224 /28 255.255.255.240 10.10.14.225 -
10.10.14.238
10.10.14.239
Daemen
College
30 30 10.10.2.64 /27 255.255.255.224 10.10.2.65 -
10.10.2.94
10.10.2.95
DePaul
University
30 30 10.10.2.96 /27 255.255.255.224 10.10.2.97 -
10.10.2.126
10.10.2.127
DePaul
University
14 14 10.10.14.240 /28 255.255.255.240 10.10.14.241 -
10.10.14.254
10.10.14.255
Dominican 30 30 10.10.2.128 /27 255.255.255.224 10.10.2.129 -
10.10.2.158
10.10.2.159
Dominican 14 14 10.10.15.0 /28 255.255.255.240 10.10.15.1 -
10.10.15.14
10.10.15.15
Drew 14 14 10.10.15.16 /28 255.255.255.240 10.10.15.17 -
10.10.15.30
10.10.15.31
Drew 30 30 10.10.2.160 /27 255.255.255.224 10.10.2.161 -
10.10.2.190
10.10.2.191
F.S.C.C. 14 14 10.10.15.32 /28 255.255.255.240 10.10.15.33 -
10.10.15.46
10.10.15.47
F.S.C.C. 30 30 10.10.2.192 /27 255.255.255.224 10.10.2.193 -
10.10.2.222
10.10.2.223
Fisk
University
30 30 10.10.2.224 /27 255.255.255.224 10.10.2.225 -
10.10.2.254
10.10.2.255
Fisk
University
14 14 10.10.15.48 /28 255.255.255.240 10.10.15.49 -
10.10.15.62
10.10.15.63
Fitchburg
State College
30 30 10.10.3.0 /27 255.255.255.224 10.10.3.1 -
10.10.3.30
10.10.3.31
Fitchburg
State College
14 14 10.10.15.64 /28 255.255.255.240 10.10.15.65 -
10.10.15.78
10.10.15.79
Florida State 30 30 10.10.3.32 /27 255.255.255.224 10.10.3.33 -
10.10.3.62
10.10.3.63
Florida State 14 14 10.10.15.80 /28 255.255.255.240 10.10.15.81 -
10.10.15.94
10.10.15.95
Florida State
University
14 14 10.10.15.96 /28 255.255.255.240 10.10.15.97 -
10.10.15.110
10.10.15.111
Florida State
University
30 30 10.10.3.64 /27 255.255.255.224 10.10.3.65 -
10.10.3.94
10.10.3.95
Fontbonne 30 30 10.10.3.96 /27 255.255.255.224 10.10.3.97 -
10.10.3.126
10.10.3.127
Fontbonne 14 14 10.10.15.112 /28 255.255.255.240 10.10.15.113 -
10.10.15.126
10.10.15.127
Fort Hays
State
University
30 30 10.10.3.128 /27 255.255.255.224 10.10.3.129 -
10.10.3.158
10.10.3.159
Fort Hays
State
University
14 14 10.10.15.128 /28 255.255.255.240 10.10.15.129 -
10.10.15.142
10.10.15.143
Franklin
Pierce
College
14 14 10.10.15.144 /28 255.255.255.240 10.10.15.145 -
10.10.15.158
10.10.15.159
NetEngine Consulting LLC VMO Proposal
54
Franklin
Pierce
College
30 30 10.10.3.160 /27 255.255.255.224 10.10.3.161 -
10.10.3.190
10.10.3.191
G.W. 14 14 10.10.15.160 /28 255.255.255.240 10.10.15.161 -
10.10.15.174
10.10.15.175
G.W. 30 30 10.10.3.192 /27 255.255.255.224 10.10.3.193 -
10.10.3.222
10.10.3.223
GMU 30 30 10.10.3.224 /27 255.255.255.224 10.10.3.225 -
10.10.3.254
10.10.3.255
GMU 14 14 10.10.15.176 /28 255.255.255.240 10.10.15.177 -
10.10.15.190
10.10.15.191
Georgetown
University
30 30 10.10.4.0 /27 255.255.255.224 10.10.4.1 -
10.10.4.30
10.10.4.31
Georgetown
University
14 14 10.10.15.192 /28 255.255.255.240 10.10.15.193 -
10.10.15.206
10.10.15.207
Holy Names
College
30 30 10.10.4.32 /27 255.255.255.224 10.10.4.33 -
10.10.4.62
10.10.4.63
Holy Names
College
14 14 10.10.15.208 /28 255.255.255.240 10.10.15.209 -
10.10.15.222
10.10.15.223
Humber
College
Campus
Store
30 30 10.10.4.64 /27 255.255.255.224 10.10.4.65 -
10.10.4.94
10.10.4.95
Humber
College
Campus
Store
14 14 10.10.15.224 /28 255.255.255.240 10.10.15.225 -
10.10.15.238
10.10.15.239
Huntington 30 30 10.10.4.96 /27 255.255.255.224 10.10.4.97 -
10.10.4.126
10.10.4.127
Huntington 14 14 10.10.15.240 /28 255.255.255.240 10.10.15.241 -
10.10.15.254
10.10.15.255
IIT 14 14 10.10.16.0 /28 255.255.255.240 10.10.16.1 -
10.10.16.14
10.10.16.15
IIT 30 30 10.10.4.128 /27 255.255.255.224 10.10.4.129 -
10.10.4.158
10.10.4.159
Kentucky
Wesleyan
30 30 10.10.4.160 /27 255.255.255.224 10.10.4.161 -
10.10.4.190
10.10.4.191
Kentucky
Wesleyan
14 14 10.10.16.16 /28 255.255.255.240 10.10.16.17 -
10.10.16.30
10.10.16.31
Lake Forest
College
30 30 10.10.4.192 /27 255.255.255.224 10.10.4.193 -
10.10.4.222
10.10.4.223
Lake Forest
College
14 14 10.10.16.32 /28 255.255.255.240 10.10.16.33 -
10.10.16.46
10.10.16.47
Librairie de la
Cite'
Colle'giale
14 14 10.10.16.48 /28 255.255.255.240 10.10.16.49 -
10.10.16.62
10.10.16.63
Librairie de la
Cite'
Colle'giale
30 30 10.10.4.224 /27 255.255.255.224 10.10.4.225 -
10.10.4.254
10.10.4.255
NetEngine Consulting LLC VMO Proposal
55
Loyola
University
New Orleans
30 30 10.10.5.0 /27 255.255.255.224 10.10.5.1 -
10.10.5.30
10.10.5.31
Loyola
University
New Orleans
14 14 10.10.16.64 /28 255.255.255.240 10.10.16.65 -
10.10.16.78
10.10.16.79
Lyndon 14 14 10.10.16.80 /28 255.255.255.240 10.10.16.81 -
10.10.16.94
10.10.16.95
Lyndon 30 30 10.10.5.32 /27 255.255.255.224 10.10.5.33 -
10.10.5.62
10.10.5.63
M.S.U. 30 30 10.10.5.64 /27 255.255.255.224 10.10.5.65 -
10.10.5.94
10.10.5.95
M.S.U. 14 14 10.10.16.96 /28 255.255.255.240 10.10.16.97 -
10.10.16.110
10.10.16.111
MSU 30 30 10.10.5.96 /27 255.255.255.224 10.10.5.97 -
10.10.5.126
10.10.5.127
MSU 14 14 10.10.16.112 /28 255.255.255.240 10.10.16.113 -
10.10.16.126
10.10.16.127
Manhattan 30 30 10.10.5.128 /27 255.255.255.224 10.10.5.129 -
10.10.5.158
10.10.5.159
Manhattan 14 14 10.10.16.128 /28 255.255.255.240 10.10.16.129 -
10.10.16.142
10.10.16.143
Marietta
College
14 14 10.10.16.144 /28 255.255.255.240 10.10.16.145 -
10.10.16.158
10.10.16.159
Marietta
College
30 30 10.10.5.160 /27 255.255.255.224 10.10.5.161 -
10.10.5.190
10.10.5.191
Marquette
University
14 14 10.10.16.160 /28 255.255.255.240 10.10.16.161 -
10.10.16.174
10.10.16.175
Marquette
University
30 30 10.10.5.192 /27 255.255.255.224 10.10.5.193 -
10.10.5.222
10.10.5.223
McCook 30 30 10.10.5.224 /27 255.255.255.224 10.10.5.225 -
10.10.5.254
10.10.5.255
McCook 14 14 10.10.16.176 /28 255.255.255.240 10.10.16.177 -
10.10.16.190
10.10.16.191
Merritt 14 14 10.10.16.192 /28 255.255.255.240 10.10.16.193 -
10.10.16.206
10.10.16.207
Merritt 30 30 10.10.6.0 /27 255.255.255.224 10.10.6.1 -
10.10.6.30
10.10.6.31
Mississippi
State
University
14 14 10.10.16.208 /28 255.255.255.240 10.10.16.209 -
10.10.16.222
10.10.16.223
Mississippi
State
University
30 30 10.10.6.32 /27 255.255.255.224 10.10.6.33 -
10.10.6.62
10.10.6.63
NWU 14 14 10.10.16.224 /28 255.255.255.240 10.10.16.225 -
10.10.16.238
10.10.16.239
NWU 30 30 10.10.6.64 /27 255.255.255.224 10.10.6.65 -
10.10.6.94
10.10.6.95
NetEngine Consulting LLC VMO Proposal
56
Norfolk State
University
30 30 10.10.6.96 /27 255.255.255.224 10.10.6.97 -
10.10.6.126
10.10.6.127
Norfolk State
University
14 14 10.10.16.240 /28 255.255.255.240 10.10.16.241 -
10.10.16.254
10.10.16.255
North
Central
30 30 10.10.6.128 /27 255.255.255.224 10.10.6.129 -
10.10.6.158
10.10.6.159
North
Central
14 14 10.10.17.0 /28 255.255.255.240 10.10.17.1 -
10.10.17.14
10.10.17.15
Notre Dame 30 30 10.10.6.160 /27 255.255.255.224 10.10.6.161 -
10.10.6.190
10.10.6.191
Notre Dame 14 14 10.10.17.16 /28 255.255.255.240 10.10.17.17 -
10.10.17.30
10.10.17.31
OSU at
Oklahoma
City
14 14 10.10.17.32 /28 255.255.255.240 10.10.17.33 -
10.10.17.46
10.10.17.47
OSU at
Oklahoma
City
30 30 10.10.6.192 /27 255.255.255.224 10.10.6.193 -
10.10.6.222
10.10.6.223
Oak Ridge
Campus
30 30 10.10.6.224 /27 255.255.255.224 10.10.6.225 -
10.10.6.254
10.10.6.255
Oak Ridge
Campus
14 14 10.10.17.48 /28 255.255.255.240 10.10.17.49 -
10.10.17.62
10.10.17.63
Oauchita
Bapitst
University
14 14 10.10.17.64 /28 255.255.255.240 10.10.17.65 -
10.10.17.78
10.10.17.79
Oauchita
Bapitst
University
30 30 10.10.7.0 /27 255.255.255.224 10.10.7.1 -
10.10.7.30
10.10.7.31
Olivet
Nazarene
University
14 14 10.10.17.80 /28 255.255.255.240 10.10.17.81 -
10.10.17.94
10.10.17.95
Olivet
Nazarene
University
30 30 10.10.7.32 /27 255.255.255.224 10.10.7.33 -
10.10.7.62
10.10.7.63
Our Lady of
Holy Cross
14 14 10.10.17.96 /28 255.255.255.240 10.10.17.97 -
10.10.17.110
10.10.17.111
Our Lady of
Holy Cross
30 30 10.10.7.64 /27 255.255.255.224 10.10.7.65 -
10.10.7.94
10.10.7.95
P.S.U. 14 14 10.10.17.112 /28 255.255.255.240 10.10.17.113 -
10.10.17.126
10.10.17.127
P.S.U. 30 30 10.10.7.96 /27 255.255.255.224 10.10.7.97 -
10.10.7.126
10.10.7.127
Pepperdine 30 30 10.10.7.128 /27 255.255.255.224 10.10.7.129 -
10.10.7.158
10.10.7.159
Pepperdine 14 14 10.10.17.128 /28 255.255.255.240 10.10.17.129 -
10.10.17.142
10.10.17.143
Phillips
Community
College
14 14 10.10.17.144 /28 255.255.255.240 10.10.17.145 -
10.10.17.158
10.10.17.159
NetEngine Consulting LLC VMO Proposal
57
Phillips
Community
College
30 30 10.10.7.160 /27 255.255.255.224 10.10.7.161 -
10.10.7.190
10.10.7.191
Pima -
Downtown
30 30 10.10.7.192 /27 255.255.255.224 10.10.7.193 -
10.10.7.222
10.10.7.223
Pima -
Downtown
14 14 10.10.17.160 /28 255.255.255.240 10.10.17.161 -
10.10.17.174
10.10.17.175
Pima -East 14 14 10.10.17.176 /28 255.255.255.240 10.10.17.177 -
10.10.17.190
10.10.17.191
Pima -East 30 30 10.10.7.224 /27 255.255.255.224 10.10.7.225 -
10.10.7.254
10.10.7.255
Pima -West 30 30 10.10.8.0 /27 255.255.255.224 10.10.8.1 -
10.10.8.30
10.10.8.31
Pima -West 14 14 10.10.17.192 /28 255.255.255.240 10.10.17.193 -
10.10.17.206
10.10.17.207
Prairie View
A & M
University
30 30 10.10.8.32 /27 255.255.255.224 10.10.8.33 -
10.10.8.62
10.10.8.63
Prairie View
A & M
University
14 14 10.10.17.208 /28 255.255.255.240 10.10.17.209 -
10.10.17.222
10.10.17.223
Rivier 14 14 10.10.17.224 /28 255.255.255.240 10.10.17.225 -
10.10.17.238
10.10.17.239
Rivier 30 30 10.10.8.64 /27 255.255.255.224 10.10.8.65 -
10.10.8.94
10.10.8.95
Rollins 30 30 10.10.8.96 /27 255.255.255.224 10.10.8.97 -
10.10.8.126
10.10.8.127
Rollins 14 14 10.10.17.240 /28 255.255.255.240 10.10.17.241 -
10.10.17.254
10.10.17.255
Rutgers 14 14 10.10.18.0 /28 255.255.255.240 10.10.18.1 -
10.10.18.14
10.10.18.15
Rutgers 30 30 10.10.8.128 /27 255.255.255.224 10.10.8.129 -
10.10.8.158
10.10.8.159
Salem State
College
14 14 10.10.18.16 /28 255.255.255.240 10.10.18.17 -
10.10.18.30
10.10.18.31
Salem State
College
30 30 10.10.8.160 /27 255.255.255.224 10.10.8.161 -
10.10.8.190
10.10.8.191
Seattle Pacific
University
14 14 10.10.18.32 /28 255.255.255.240 10.10.18.33 -
10.10.18.46
10.10.18.47
Seattle Pacific
University
30 30 10.10.8.192 /27 255.255.255.224 10.10.8.193 -
10.10.8.222
10.10.8.223
Seton Hall 30 30 10.10.8.224 /27 255.255.255.224 10.10.8.225 -
10.10.8.254
10.10.8.255
Seton Hall 14 14 10.10.18.48 /28 255.255.255.240 10.10.18.49 -
10.10.18.62
10.10.18.63
Seton Hill
College
14 14 10.10.18.64 /28 255.255.255.240 10.10.18.65 -
10.10.18.78
10.10.18.79
Seton Hill
College
30 30 10.10.9.0 /27 255.255.255.224 10.10.9.1 -
10.10.9.30
10.10.9.31
NetEngine Consulting LLC VMO Proposal
58
Sidwell
Friends
School
14 14 10.10.18.80 /28 255.255.255.240 10.10.18.81 -
10.10.18.94
10.10.18.95
Sidwell
Friends
School
30 30 10.10.9.32 /27 255.255.255.224 10.10.9.33 -
10.10.9.62
10.10.9.63
Southeast
Arkansas
College
14 14 10.10.18.96 /28 255.255.255.240 10.10.18.97 -
10.10.18.110
10.10.18.111
Southeast
Arkansas
College
30 30 10.10.9.64 /27 255.255.255.224 10.10.9.65 -
10.10.9.94
10.10.9.95
Southern
Arkansas
University
14 14 10.10.18.112 /28 255.255.255.240 10.10.18.113 -
10.10.18.126
10.10.18.127
Southern
Arkansas
University
30 30 10.10.9.96 /27 255.255.255.224 10.10.9.97 -
10.10.9.126
10.10.9.127
Southwestern
Oklahoma
State
University
14 14 10.10.18.144 /28 255.255.255.240 10.10.18.145 -
10.10.18.158
10.10.18.159
Southwestern
Oklahoma
State
University
30 30 10.10.9.160 /27 255.255.255.224 10.10.9.161 -
10.10.9.190
10.10.9.191
Southwestern
Oklahoma
State
University
30 30 10.10.9.128 /27 255.255.255.224 10.10.9.129 -
10.10.9.158
10.10.9.159
Southwestern
Oklahoma
State
University
14 14 10.10.18.128 /28 255.255.255.240 10.10.18.129 -
10.10.18.142
10.10.18.143
St. Clair
College
14 14 10.10.18.160 /28 255.255.255.240 10.10.18.161 -
10.10.18.174
10.10.18.175
St. Clair
College
30 30 10.10.9.192 /27 255.255.255.224 10.10.9.193 -
10.10.9.222
10.10.9.223
State Tech 14 14 10.10.18.176 /28 255.255.255.240 10.10.18.177 -
10.10.18.190
10.10.18.191
State Tech 30 30 10.10.9.224 /27 255.255.255.224 10.10.9.225 -
10.10.9.254
10.10.9.255
T.S.U. 14 14 10.10.18.192 /28 255.255.255.240 10.10.18.193 -
10.10.18.206
10.10.18.207
T.S.U. 30 30 10.10.10.0 /27 255.255.255.224 10.10.10.1 -
10.10.10.30
10.10.10.31
Texas A & M
International
University
14 14 10.10.18.208 /28 255.255.255.240 10.10.18.209 -
10.10.18.222
10.10.18.223
NetEngine Consulting LLC VMO Proposal
59
Texas A & M
International
University
30 30 10.10.10.32 /27 255.255.255.224 10.10.10.33 -
10.10.10.62
10.10.10.63
Texas
Southern
14 14 10.10.18.224 /28 255.255.255.240 10.10.18.225 -
10.10.18.238
10.10.18.239
Texas
Southern
30 30 10.10.10.64 /27 255.255.255.224 10.10.10.65 -
10.10.10.94
10.10.10.95
The Matador 14 14 10.10.18.240 /28 255.255.255.240 10.10.18.241 -
10.10.18.254
10.10.18.255
The Matador 30 30 10.10.10.96 /27 255.255.255.224 10.10.10.97 -
10.10.10.126
10.10.10.127
Tompkins
Cortland
Community
College
30 30 10.10.10.128 /27 255.255.255.224 10.10.10.129 -
10.10.10.158
10.10.10.159
Tompkins
Cortland
Community
College
14 14 10.10.19.0 /28 255.255.255.240 10.10.19.1 -
10.10.19.14
10.10.19.15
U-Mass 30 30 10.10.10.160 /27 255.255.255.224 10.10.10.161 -
10.10.10.190
10.10.10.191
U-Mass 14 14 10.10.19.16 /28 255.255.255.240 10.10.19.17 -
10.10.19.30
10.10.19.31
U.C. 14 14 10.10.19.32 /28 255.255.255.240 10.10.19.33 -
10.10.19.46
10.10.19.47
U.C. 30 30 10.10.10.192 /27 255.255.255.224 10.10.10.193 -
10.10.10.222
10.10.10.223
U.N.E.
College at
Westbrook
College
14 14 10.10.19.48 /28 255.255.255.240 10.10.19.49 -
10.10.19.62
10.10.19.63
U.N.E.
College at
Westbrook
College
30 30 10.10.10.224 /27 255.255.255.224 10.10.10.225 -
10.10.10.254
10.10.10.255
UA at Pine
Bluff
30 30 10.10.11.0 /27 255.255.255.224 10.10.11.1 -
10.10.11.30
10.10.11.31
UA at Pine
Bluff
14 14 10.10.19.64 /28 255.255.255.240 10.10.19.65 -
10.10.19.78
10.10.19.79
UIS 14 14 10.10.19.80 /28 255.255.255.240 10.10.19.81 -
10.10.19.94
10.10.19.95
UIS 30 30 10.10.11.32 /27 255.255.255.224 10.10.11.33 -
10.10.11.62
10.10.11.63
University of
Arkansas
30 30 10.10.11.64 /27 255.255.255.224 10.10.11.65 -
10.10.11.94
10.10.11.95
University of
Arkansas
14 14 10.10.19.96 /28 255.255.255.240 10.10.19.97 -
10.10.19.110
10.10.19.111
University of
Baltimore
30 30 10.10.11.96 /27 255.255.255.224 10.10.11.97 -
10.10.11.126
10.10.11.127
NetEngine Consulting LLC VMO Proposal
60
University of
Baltimore
14 14 10.10.19.112 /28 255.255.255.240 10.10.19.113 -
10.10.19.126
10.10.19.127
University of
Dallas
30 30 10.10.11.128 /27 255.255.255.224 10.10.11.129 -
10.10.11.158
10.10.11.159
University of
Dallas
14 14 10.10.19.128 /28 255.255.255.240 10.10.19.129 -
10.10.19.142
10.10.19.143
University of
Dubuque
14 14 10.10.19.144 /28 255.255.255.240 10.10.19.145 -
10.10.19.158
10.10.19.159
University of
Dubuque
30 30 10.10.11.160 /27 255.255.255.224 10.10.11.161 -
10.10.11.190
10.10.11.191
University of
Indianapolis
30 30 10.10.11.192 /27 255.255.255.224 10.10.11.193 -
10.10.11.222
10.10.11.223
University of
Indianapolis
14 14 10.10.19.160 /28 255.255.255.240 10.10.19.161 -
10.10.19.174
10.10.19.175
University of
Miami
14 14 10.10.19.176 /28 255.255.255.240 10.10.19.177 -
10.10.19.190
10.10.19.191
University of
Miami
30 30 10.10.11.224 /27 255.255.255.224 10.10.11.225 -
10.10.11.254
10.10.11.255
University of
Nebraska at
Lincoln
30 30 10.10.12.0 /27 255.255.255.224 10.10.12.1 -
10.10.12.30
10.10.12.31
University of
Nebraska at
Lincoln
14 14 10.10.19.192 /28 255.255.255.240 10.10.19.193 -
10.10.19.206
10.10.19.207
University of
Ottawa
14 14 10.10.19.208 /28 255.255.255.240 10.10.19.209 -
10.10.19.222
10.10.19.223
University of
Ottawa
30 30 10.10.12.32 /27 255.255.255.224 10.10.12.33 -
10.10.12.62
10.10.12.63
University of
Tulsa
14 14 10.10.19.224 /28 255.255.255.240 10.10.19.225 -
10.10.19.238
10.10.19.239
University of
Tulsa
30 30 10.10.12.64 /27 255.255.255.224 10.10.12.65 -
10.10.12.94
10.10.12.95
University of
Wisconsin at
Parkside
30 30 10.10.12.96 /27 255.255.255.224 10.10.12.97 -
10.10.12.126
10.10.12.127
University of
Wisconsin at
Parkside
14 14 10.10.19.240 /28 255.255.255.240 10.10.19.241 -
10.10.19.254
10.10.19.255
W.S.S.U. 30 30 10.10.12.128 /27 255.255.255.224 10.10.12.129 -
10.10.12.158
10.10.12.159
W.S.S.U. 14 14 10.10.20.0 /28 255.255.255.240 10.10.20.1 -
10.10.20.14
10.10.20.15
Washington
University
30 30 10.10.12.160 /27 255.255.255.224 10.10.12.161 -
10.10.12.190
10.10.12.191
Washington
University
14 14 10.10.20.16 /28 255.255.255.240 10.10.20.17 -
10.10.20.30
10.10.20.31
Webster 30 30 10.10.12.192 /27 255.255.255.224 10.10.12.193 -
10.10.12.222
10.10.12.223
NetEngine Consulting LLC VMO Proposal
61
Webster 14 14 10.10.20.32 /28 255.255.255.240 10.10.20.33 -
10.10.20.46
10.10.20.47
West
Charleston
30 30 10.10.12.224 /27 255.255.255.224 10.10.12.225 -
10.10.12.254
10.10.12.255
West
Charleston
14 14 10.10.20.48 /28 255.255.255.240 10.10.20.49 -
10.10.20.62
10.10.20.63
Western New
Mexico
University
30 30 10.10.13.0 /27 255.255.255.224 10.10.13.1 -
10.10.13.30
10.10.13.31
Western New
Mexico
University
14 14 10.10.20.64 /28 255.255.255.240 10.10.20.65 -
10.10.20.78
10.10.20.79
Westfield
Campus
30 30 10.10.13.32 /27 255.255.255.224 10.10.13.33 -
10.10.13.62
10.10.13.63
Westfield
Campus
14 14 10.10.20.80 /28 255.255.255.240 10.10.20.81 -
10.10.20.94
10.10.20.95
Wilmington
College
30 30 10.10.13.64 /27 255.255.255.224 10.10.13.65 -
10.10.13.94
10.10.13.95
Wilmington
College
14 14 10.10.20.96 /28 255.255.255.240 10.10.20.97 -
10.10.20.110
10.10.20.111
Worcester
State College
30 30 10.10.13.96 /27 255.255.255.224 10.10.13.97 -
10.10.13.126
10.10.13.127
Worcester
State College
14 14 10.10.20.112 /28 255.255.255.240 10.10.20.113 -
10.10.20.126
10.10.20.127
Wright 30 30 10.10.13.128 /27 255.255.255.224 10.10.13.129 -
10.10.13.158
10.10.13.159
Wright 14 14 10.10.20.128 /28 255.255.255.240 10.10.20.129 -
10.10.20.142
10.10.20.143
Yavapai 14 14 10.10.20.144 /28 255.255.255.240 10.10.20.145 -
10.10.20.158
10.10.20.159
Yavapai 30 30 10.10.13.160 /27 255.255.255.224 10.10.13.161 -
10.10.13.190
10.10.13.191
NetEngine Consulting LLC VMO Proposal
62
7.7 EQUIPMENT INFORMATION & PRICING
Retail Stores
Item Unit Price Quantity Total Cost
Cisco ISR 4221 Edge
Router
$856.99 220 $188,537.80
Cisco ASA 5505
Firewall- Sec.
Appliance
$424.99 110 $46,748.90
Cisco Small
Business SF220-48
ports Switch
$334.99 110 $36,848.90
HP OfficeJet Pro
8210 Color Inkjet
$129.99 110 $14,298.90
TRENDnet TV
IP310P1 PoE
Network Camera
$129.99 110 $14,298.90
Cisco 8811 VoIP
Phone for Data
Center
$387.99 110 $42,678.90
HP 24-g010- all in
one A8 7410
$507.99 110 $55,878.90
APC UPS Pro
700VA UPS
$125.99 110 $12,473.01
6U Wall Mount
Rack Enclosure
Cabinet
$159.99 110 $17,598.90
Total cost for all
Retail Stores
$429,363.11
NetEngine Consulting LLC VMO Proposal
63
8 IMPLEMENTATION PLAN
8.1 OBJECTIVES • Research, design, and present a secure, redundant, and up-to-date network infrastructure for VMO.
• Create an as-built documentation of designed network.
• Create new topology for network infrastructure.
• Design a new IP addressing scheme for all VMO retail stores as well as corporate headquarters and
customer service headquarters.
• Price all network links and related networking equipment.
• Create a contiguous network connecting all retail stores to the main headquarters.
• Define and create a new network policy.
• Provide a timeline for implementation.
• Price out all services, support, and any additional equipment.
• Find a balance between redundancy and cost.
• Secure all aspects of the newly redesigned network infrastructure. (physically and virtually)
• Provide a network infrastructure that facilitates access to VMO’s new application by every device
concurrently.
8.2 DELIVERABLES • 100+ page as-built network documentation.
• A short presentation to upper management on our proposed network infrastructure redesign.
8.3 TARGET SCHEDULE We want estimate the proposed project will take around six months to ensure smooth transition and operation.
Here is how we will proceed:
NetEngine Consulting LLC VMO Proposal
64
Time Tasks Comments Milestone
Week 1 - Proposal is approved.
- A team of five will be split
between HQ and Lincoln
Nebraska.
- Equipment list ordered
- Team B: 2 NetEngine Employees
will go to Nebraska
NetEngine will survey
the site in Chicago and
Nebraska
Team A: 3 engineers
work at HQ
Team B: make multiple
trips to HQ and
Nebraska
Equipment
Order is placed.
Equipment is
shipped to
corresponding
buildings.
Week 2 - JP and KQ Telco will setup Fiber
- MPLS connect at Lincoln
Nebraska.
- Main router configuration
Fiber connections to
HQ buildings
Week 3 - JP and KQ Telco available on-
site for HQ and Nebraska (end of onsite support)
Return 2 engineers
from Lincoln park to configuring servers
MPLS
connection Established:
Nebraska is
Online
Building A is
Online
Week 4 - Network equipment
configuration building A + N
Server Setup Begins
Week 5 - UPS Power Testing
- Network configuration
- DNS DHCP server at building A
and N
- Setup of Application Server for
VMO
Week 7 Network Equipment configurations
building C
Building N is
Online
Week 8 Troubleshooting connectivity between
buildings & network configuration
2 Engineers leave to
Lincoln Nebraska
Week 9 Troubleshooting connectivity between
buildings + network configuration
Building C is
Online
Week
10
Running Cat5e and Cat6 cables all
locations
Various Servers
are Online
Week
11
Running Cat5e and Cat6 cables all
locations
Week
12
Setup of Phones at all sites Cabling is
Finished
Week
13
Setup of Phones at all sites
NetEngine Consulting LLC VMO Proposal
65
Important Note: Before beginning of the VMO network implementation, Building A basement will
need to be cleaned and renovated. NetEngine will send out five network engineers. Here are cost
associate for the project:
Estimated Hours 40 Hours x (5 x IT) x 21 Weeks
= 4200
NetEngine Hourly Rate $40 per hour
Estimated contract cost (5
engineers)
$168,000
Week
14
Setup of PCs at all sites by VMO IT NetEngine will
configure Active
Directory and users
info
Phones are
Online
Week 15
Setup of PCs at all sites by VMO IT NetEngine will configure Active
Directory and users
info
Week
16
Setup of Access Points by VMO IT NetEngine will
configure the APs via
wireless controller
PCs are Online
Week
17
Setup of Access points by VMO IT NetEngine will
configure the APs via
wireless controller
Week
18
Retail Store will be shipped necessary
equipment
NetEngine will manage
Retail store equipment
and setup
WiFi is Online
Week
19
Testing ISP and WAN connectivity at
Retail Stores
Week
20
Testing ISP and WAN connectivity at
Retail Stores
Week
21
Ensure UPS power backup are working.
Ensure database are automatically
backup
Retail Stores are
Online
Week
22
End of VMO Implementation VMO network
is Online
NetEngine Consulting LLC VMO Proposal
66
9 SECURITY, MONITORING, AND MAINTENANCE
9.1 SECURITY
9.1.1 Policy & Procedure
9.1.1.1 Internal DNS
Internal DNS is used to for queries against the internal network. For example, internal DNS allows a user
to type internal.vmo.local into their computer and gain access to the appropriate service. Without internal
DNS, a user on the internal network would have to know the IP address of a specific server. This will be useful
for users to quickly and easily gain access to the application server by simply typing app.vmo.local into a web
browser.
DNS services will be handled by the Domain Controller. The domain controller is also responsible for
DHCP and Active Directory services. VMO will have multiple domain controllers at both the customer service
headquarters as well as the main campus in Chicago.
All computers on the network must use the same Internal DNS services. This will be accomplished
through DHCP scopes that specify the proper DNS servers for the network. A DNS forwarder will also be used
for external DNS, pointing to Google’s DNS services. (8.8.8.8 / 8.8.4.4)
9.1.1.2 Endpoints
All computers on the network will have to use the company-approved endpoint solution. This is to ensure
that all devices can be properly monitored for malware and viruses. Any device that is not supported by the
company-approved endpoint solution will be removed from the network. That device will have to be updated to
a supported operating system to gain access to VMO’s network. This is to ensure that the device is secure from
any threats due to outdated or unsupported operating systems.
9.1.1.3 Administrator Access
Standard users are not to have administrative access to any server in the VMO domain/network. All
admins are required to have their own username and password. Primary/default administrative accounts should
not be used unless absolutely necessary. This is to ensure that any changes made to the network can be tracked.
Standard users should not have administrative access to their local machines. This is to prevent the
installation of unwanted or malicious software such as; spyware, adware, crypto locker, etc...
If local administrator access is required, proper precautions must be taken to insure the security and
integrity of the network. In the even that an admin is found to have installed malicious and/or unwanted software,
that administrator shall lose their administrative access.
9.1.1.4 Network Domains and Passwords
All users are required to adhere to the following password policy:
• All users are required to change their passwords after 90 days or security breach, whichever comes first.
• Users who ignore requests to change passwords will be locked out of their account.
• New passwords cannot be the same as the previous three passwords.
• Per Office 365 requirements, users must provide a personal contact number and/or a personal email
address in order to register with Microsoft password recovery services.
NetEngine Consulting LLC VMO Proposal
67
• All passwords must be at least 7 characters long and include a special character. (See detailed password
requirements below.)
• Passwords cannot be the same as the users first or last name. Additionally, passwords cannot contain a
user’s first or last name.
Detailed Password Requirements:
Passwords must include 3 of the following 5 categories:
• Uppercase characters
• Lowercase characters
• Based-ten digits (0-9)
• Non-alphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
• Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase.
9.1.1.5 Operating System
Every operating system has a support lifecycle. The following operating systems are supported on the VMO
domain/network:
• Windows 7 Professional
• Windows 8
• Windows 8.1
• Windows 10
Once a device leaves extended support, it will no longer be allowed on the VMO domain/network. This is to
ensure that all devices are secure from operating system vulnerabilities.
All operating systems must be current on all security patches. Major updates, and service packs. Additionally,
all devices on the domain/network are required to have automatic updates enabled. This will be enforced through
group policy rules on the active directory server.
Operating systems such as Windows 10 enforce automatic security updates. Any attempt to circumvent this
will result in that PC being taken off the domain/network. Again, all update policies and procedures will be
controlled through group policy.
9.1.1.6 Non-Supported Operating Systems
Any operating system that is not supported by Microsoft is not allowed on the network under any
circumstances. These operating systems include but are not limited to:
• Windows 2000
• Windows XP
• Old build of Windows 7
• Windows Vista
• Windows Server NT
• Windows Server 2000, 2003, and 2008.
Any device running one of the above operating systems should be taken off the network immediately and
replaced as soon as possible. An up to date list of currently supported operating systems by Microsoft can be
found here: Windows lifecycle fact sheet.
NetEngine Consulting LLC VMO Proposal
68
9.1.2 Physical Security
Figure 24 Chicago 1st Floor Plan: ID Cards
NetEngine Consulting LLC VMO Proposal
69
Figure 25 Building N 2nd Floor: Door Access
NetEngine Consulting LLC VMO Proposal
70
Figure 26 Nebraska Floor Plan: Door Access
NetEngine Consulting LLC VMO Proposal
71
Figure 27 Warehouse Floor Plan: Door Access
NetEngine Consulting LLC VMO Proposal
72
Figure 28 Retail Store Floor Plan: Door Access
NetEngine Consulting LLC VMO Proposal
73
9.1.3 Fingerprint Locks
As another layer of security, NetEngine decided to implement a fingerprint scanner at the data center
entrance in building A. The cloud based fingerprint scanner will allow for easier management for authorized
users. With this you will be able to know when employees enter the datacenter and scalable from dozens to
thousands of employees.
9.1.3.1 Security Cameras
In an effort to secure both the new network and VMO in general, a new security camera system has
been designed and installed. 207 new cameras will be installed throughout VMO to ensure that all aspects of the
environment are secure. Additionally, a new server has been deployed for the cameras to record to.
9.2 SOFTWARE In an effort to ensure security of the network, users are not allowed to install software on their local
machines without explicit approval from a network administrator/IT department. Users must request software to
be installed on their local machine. Once a request is approved by the IT department, a time and date will be setup
with the user for installation of the requested software. Software can be installed physically, remotely, or by means
of automation (through group policy/active directory).
All software must be up to date with the latest security patches. Additionally, automatic software updates should
be enabled if available.
9.3 PERIPHERALS All peripherals should have up to date firmware installed to ensure the safety and security of the VMO
network. A storage device, such as a USB flash drive, should not be inserted into a local machine unless the device
is from a known and trusted source.
9.4 WIRELESS NETWORK Two wireless networks will be available for use. The SSIDs are VMO and VMO-Guest.
The VMO network allows full access into the corporate network at each site. Access to the VMO
wireless network is only to be set up on company machines and devices. The VMO network is not for personal
use. The password for this network is not available for standard users. Any company equipment that requires
access to the VMO wireless network will be set up by the IT department. Under no circumstances should the
VMO wireless network password be shared with standard users or members from outside of the organization.
9.4.1 BYOD
BYOD (Bring Your Own Device) machines are able to connect to the VMO network upon request.
Access will be granted upon completion of a BYOD Agreement form. Additionally, a security scan will be
performed on the device to ensure that it adheres to existing policies and procedures. Any BYOD device that
does not require access to the corporate wireless network can connect to the VMO-Guest network.
NetEngine Consulting LLC VMO Proposal
74
9.5 MONITORING
9.5.1 Ticketing System
The ticketing system will be built on the Freshservice platform. It is a fully integrated ITIL and ITSM system,
allowing for fast and easy ticket creation and agent assignment. This is a powerful system that will be able to handle
requests throughout the entire network.
When an issue comes up, the user simply sends an email to the dedicated support email address,
[email protected]. After they send an email, a support ticket is automatically created and is then assignable to
an agent. These agents will be comprised of the existing IT staff at VMO. From there, the agent can assign a priority
level and either attempt to resolve the issue or escalate it.
Freshservice also supports IT project management, making it easy to collaborate, assign tasks, and track
progress on various projects. It features a real time project dashboard that gives detailed progress on projects as
well as a timeline.
Based on the size of VMO's network, we recommend Freshservice's Estate plan. This plan is ideal for larger
teams or companies with multiple locations. It brings the following features:
• Incident management
• Knowledge base
• Self-service portal
• Automations
• Standard reports
• Marketplace
• Unlimited end users
• Service catalog
• Asset management
• Custom and scheduled reports
• Domain whitelisting
• Multiple SLA’s
• Unlimited mailboxes
• Change, problem, and release management
• Software license management
• Customizable agent roles
• Custom SSL and email servers
• Enterprise analytics
• Contract management
• Project management
NetEngine Consulting LLC VMO Proposal
75
9.5.2 Network Management
We recommend the various packages offered by SolarWinds, which make network manage a breeze than a
headache. Here are some of the packages we would implement:
The key features of SolarWinds Network Tool are:
• Multi-vendor network monitor
o Regardless of brand, the network software will be compatible
• Path visualization
o Allow to see the network like viewing traffic on a street or online map
• Performance metrics
o Like bandwidth and other speed metrics
• Firewall Insight
o The application can provide an overview on firewall status and traffic
The key features of Log and Event Manager are:
• Fast Compliance reporting
o In the case of security audits
• Real time event correlation
• Real time remediation
• Advance search & Forensic analysis
• File integrity monitor
• USB device monitor
The Key features of Database Performance Analyzer are:
• Database tuning and SQL query advising
• Identify real time database problems
• True root cause analysis
• Multi-vendor support from one management interface
• Low overhead on monitored Databases
The key features of Path Manager are:
• Windows Update Server Patch Management
• Vulnerability Management
• Pre-built and tested packages
• Patch compliance reports
• Patch status dashboard
With all of these services/applications offered by SolarWinds, this will cut down time for troubleshooting
and increase network productivity and efficiency.
NetEngine Consulting LLC VMO Proposal
76
Figure 29 Solarwindws Patch Manager
Figure 30 Solarwinds Network Performance Monitor
NetEngine Consulting LLC VMO Proposal
77
Figure 31 Solarwind Database Performance Analyzer
Figure 32 Solarwinds Log & Event Manager
NetEngine Consulting LLC VMO Proposal
78
Figure 33 Solarwinds SIEM Tool
NetEngine Consulting LLC VMO Proposal
79
9.6 MAINTENANCE
9.6.1 Extended Service Level Agreements for Device Maintence
Product Price Amount Total
Headquarters and
Lincoln Nebraska access
switch extended service
level agreement
285.99 41 11,725.59
Distribution switch
extended service level
agreement
1953.99 4 7,815.96
Core switch extended
service level agreement
3096.99 4 12,387.96
Cisco aironet access
point extended service
level agreement
28.99 69 2,000.32
Cisco 2504 wireless
controller
1007.99 4 4,031.96
Headquarters and
Lincoln Nebraska
Safeware printer 3 year
warranty
69.99 96 6,719.04
Stores Safeware printer
3 year warranty
17.99 110 1,978.90
Cameras safeware 3
year warranty
22.99 207 4,758.93
Headquarters and
Lincoln, Nebraska edge
router extended service
level agreement
479.99 4 1,919.96
Safe ware desktop 4
year warranty
74.99 930 69,740.70
Stores asa firewall cisco
extended service
warranty
209.99 110 23,098.90
Headquarters and
Lincoln Nebraska
firewall cisco extended
service level agreement
999.99 4 3,999.96
Store edge router cisco
extended service level
agreement
108.99 220 23,977.80
Store ups system
extended service level
agreement
34.99 9 314.91
Headquarters and
Lincoln Nebraska UPS
warranty
86.99 11 956.89
Total 175,427.78
NetEngine Consulting LLC VMO Proposal
80
10 TOTAL BUDGET
Total price for equipments in HQ, Nebraska and retail stores:
Locations Total cost
Headquarter- Building A $146,305.19
Headquarter- Building C $44,873.91
Headquarter- Building N $466,792.54
Lincoln, Nebraska $189,508.06
Retail Stores $429,363.11
Total Budget for all equipments $1,276,842.81
Total price for management software:
Management Software
Network Performance Monitor $2,895.00
Log & Event Manager $4,585.00
Database Performance Analyzer $1,995.00
Patch Manager $3,690.00
Security Information and Event Management
(SIEM) Tool
$4,585.00
Total $17,750.00
Headquarter, Lincoln, NE and Retails Stores
Description One Month One Year Three Years
HQ to Lincoln, NE $15,800 $189,600 $568,800.00
HQ to Internet $10,000 $120,000 $360,000.00
Equipment of HQ $657,971.64
Lincoln, NE to Internet $7,000 $84,000 $252,000.00
Equipment of Lincoln, NE $189,508.06
Retail Stores to Internet $500 $5,338,800.00
Equipment of all Retail Stores $429,363.11
Credit card Clearing $8,600 $103,200 $309,600.00
Management Software $17,750.00
Microsoft exchange backup $673.99
Exchange Server $16,000 $192,000 $576,000.00
Equipment Warranty $175,427.78
Estimated Contract Cost $168,000
Total $9,043,894.58
NetEngine Consulting LLC VMO Proposal
81
11 SUPPLEMENTAL DOCUMENTS
11.1 EQUIPMENT
11.1.1 Edge Routers
NetEngine Consulting LLC VMO Proposal
82
11.1.2 Firewall ACN
NetEngine Consulting LLC VMO Proposal
83
11.1.3 Core Switches
NetEngine Consulting LLC VMO Proposal
84
11.1.4 Distribution Switches
NetEngine Consulting LLC VMO Proposal
85
11.1.5 Access Switch HQ & Nebraska
NetEngine Consulting LLC VMO Proposal
86
11.1.6 Access Points for all locations
NetEngine Consulting LLC VMO Proposal
87
11.1.7 Wireless Control
NetEngine Consulting LLC VMO Proposal
88
11.1.8 Active Directory & DHCP
NetEngine Consulting LLC VMO Proposal
89
11.1.9 Application Server
NetEngine Consulting LLC VMO Proposal
90
11.1.10 Exchange Server
NetEngine Consulting LLC VMO Proposal
91
11.1.11 Camera & Storage
NetEngine Consulting LLC VMO Proposal
92
11.1.12 Web Server
NetEngine Consulting LLC VMO Proposal
93
11.1.13 Store Edge Routers
NetEngine Consulting LLC VMO Proposal
94
11.1.14 Store Firewalls
NetEngine Consulting LLC VMO Proposal
95
11.1.15 Store Access Switches
NetEngine Consulting LLC VMO Proposal
96
11.1.16 Store Printer
NetEngine Consulting LLC VMO Proposal
97
11.1.17 Store Rack
NetEngine Consulting LLC VMO Proposal
98
11.1.18 HQ & Nebraska Printers
NetEngine Consulting LLC VMO Proposal
99
11.1.19 Security Cameras
NetEngine Consulting LLC VMO Proposal
100
11.1.20 Cat6e Cable
NetEngine Consulting LLC VMO Proposal
101
11.1.21 Computers
NetEngine Consulting LLC VMO Proposal
102
11.1.22 HQ & Nebraska UPS
NetEngine Consulting LLC VMO Proposal
103
11.1.23 Store UPS
NetEngine Consulting LLC VMO Proposal
104
11.1.24 HQ & Nebraska Racks
NetEngine Consulting LLC VMO Proposal
105
11.1.25 Key Card
NetEngine Consulting LLC VMO Proposal
106
11.1.26 Finger Print Access