I. Creating Our Scheme As the IT consultant, I would recommend GAI creates anew forest Named GAI and within that forest create two child domains, 1 foreach region. The child domains willcover the two offices in Los Angeles and New York.
I would place each of those domains on theirDC server, preferably 2 at each site to allow for fault tolerance. This is important since from prior experiencesnetwork without a robust fault tolerance as usually more vulnerable to networkcrashes and network crashes constitute a stoppage of work, which means losingcustomers and money. Next is important to think about security so I wouldrecommend implementing a Smart card system similar to what the military uses toease data security concerns. Smart cards are easy to distribute and because itcarries a chip, GAI could even use it to restrict access to buildings, offices,etc.
In addition, it can even be used to access the network thru the internetas long as GAI provides CAC readers to its employees. For the hi bandwidth users such as media I would givethem their own media server at each location. Might sound like a bit much butsince most of the time the team will require to access big files and be able toedit these files thru the day, it would be faster if we have a media serverclose. Of course cross domain will berequire so high speed connectivity is such as necessary which will be coverlater. Configure at least one DNS and DHCP server per siteand configure each system via DHCP to see the local DNS server as their primaryand the remote DNS server as the Secondary. Is also important to have IP ranges configure to provide more IP’s andhave more control of those statics IP used for Servers, Printers, Scanners,etc. Set up a Backup Server at each site, which is backed-upvia tape or external HDD and at least weekly.
These backups will be done at an off time and backups will be held atremote backup location, as the remote backup server should be located away fromthe main locations. Again might beextreme to some but in case of a fire or flooding, you can have your backupssafe and ready. I would also setup aCertificate and rights management server at each location to allow forredundancy and backup the initial certificate in a safe location.Setup at least one server in each location with a GUIand use it to manage the rest, which can be server core to reduce hardwarerequirements.
Again, setup DHCP withjust enough addresses for the network and also configure to use KERBEROS andMAC filtering to reduce the threat of intrusions and rogue access points, havea pool for each region with that region’s MACs assigned to it. Setup an exchange server for each region, one for eachchild domain with a trust between them. An application server would be beneficial as well, which likely need thefollowing applications: Microsoft Office, Adobe Photoshop, Adobe Premiere Pro,Active Client for login, Backup software, Antivirus, just to name a few. My next step would be to create a private networkshare for each department, with a separate Share that everyone can see andaccess for any information that they want to be available to the office. Media should have the largest quotas due tothe size of their product; again, Media gets a little more and specialtreatment because I believe the Media department is the bread and butter of thecompany.
The next step would be to createan OU for each Department, which can be further refined by any physicalorganization within each department. Wireless connectivity is a great idea and can be lookat later if desire. The network shouldbe linked thru cables to deliver superior security. This takes me to the use of Fiber cable as asubstitute for CAT 6, just because Fiber cable is extremely harder to break physicallyand harder to breach by an intruder.
As the Company grows, it should be highly consideredto move the DC servers to their own server and use the Network load balancingto ensure fault tolerance and speed of use. This is something to consider in the future but is important to have inmind as we build the network today. Datacenter should not be needed or purchase right now,unless it is desired to purchase a few higher end servers and implement VMservers rather than physical server for each set of roles. This can be costly but also save space whilealso increasing data space, network reliability and even more networkworkstations. How will VM help withnetwork workstations, by using Thin Clients, which could be implemented toreduce cost of individual workstations and increase security by removing anylocally stored data for users other than the high bandwidth users such as themedia department, which we know will require more data and easy access to it. Finally yet importantly, building a Windows Server networkwith Active Directory will offer an astonishing level of security by addingelements like group policies (they all can be setup to best support each user,department and requirements).
Roamingprofiles (they will permit GAI users to have access to matching data regardlessof which PC or website they have access to), file server (important serverbecause it give each user the ability to share assets and data within the GAIscheme in a protected way). II.Security Recommendations The use of security policy is not only necessary but Iwould go as far as saying that should be a requirement for any network. A complete and well thought out securitypolicy can eloquently rise the protection of GAI network. Notwithstanding ofthe simple fact that policies can be equallyextremely simple and very basic to manage or complex and difficult, it is usuallythe settle mostly the fine points that are exceptionally useful .TheGAI network should isolated the company scheme, properties and data form theuntrustworthy internet and individuals willing to cause damage to it. Although not require I believe is important to breakdown some of the basic components to build GAI network.
I have already talked about the Servers andarchitecture require to meet the needs of the company at the present time butis as important to understand some of the physical requirement. Here are just a few that would make thenetwork more efficient: APs – Subject to the size of the offices, you canrequire one to three units. Each delivera simple, integrated control GUI will could be control by the IT team.
Theoretically, they deliver dual band Wi-Fifor exceptional performance and coverage, and spontaneous hand-off soindividuals within the company could move around the offices without any issuesor lack of connectivity. Just as important,they offer a “guest WI-FI” option for those customers who come to GAI. This would permit GAI the ability to provide arestricted WIFI for their customers on one VLAN and an unobstructed WI-FI fortheir employees on a separate VLAN.
Switch – A 48-port gigabit layer 3 switches would deliverthe maximum flexibility and forthcoming growth. Current desires can be easily met with plus it will provide adequateroom for growth. Most switches areeither 24 or 48 ports variations so without any other choice in-between, a 48port is our best bet. A fully programmedswitch will give the GAI the choice to create VLANS for the APs as statedabove. In addition, the IT team should create”port security”, locking each single network port to a specific MACaddress, which would offer an added level of security.
The Power-Over-Ethernet (POE) option in the switchwill deliver a simple way to provide power to the selected APs without the requirementto run added cables. Router/Firewall – There are a great amount of choices offeredfor a business like GAI when it comes to router/firewall. To offer a reasonable cost, the biggestdegree of security and all-out flexibility for forthcoming requirements anopen-source router/firewall would be the perfect choice. A stateful packet filtering firewall, captiveportal with MAC filtering, RADIUS support, DHCP server, high-speed VPN supportand extensive reporting and monitoring features (5). This should offer GAI present business needs andwould afford sufficiently room for upcoming development. The configuration and control of thisequipment can be accomplish via an internal web-based interface and is extremelyeasy to dol.Fiber Optical Cable – I would encourage GAI to purchaseand install Fiber Optical cable thru the office because not only does itdeliver increasable more bandwidth compare to CAT 6 but also a more secure andprotect network. Your idea of networksshould be all about security, Fiber offers a tougher shell that will not emitsignals and is extremely challenging to infiltrate.
If the infrastructure of the office were made ofCAT 6, it would be easy to use media converters who will allow migration fromCAT 6 to Fiber at a low cost and with uninterrupted links. Either way the GAI network would be fast andsecure. Windows Active Directory – Is the focal point of anywell develop network. It will offer I singleuser name and password safety, secure CAC login, it will also decrease overheadthrough normalization, develop services though consolidated administration.
In addition, it will provide security and guidelinesover Group policies, will provide rapid access and centralized storage overroaming profiles and file server. Backups – Should be done daily,weekly, monthly, and yearly and placed an outside location. This will allow access to the information inthe case of an emergency like a fire or flooding. You can also use the cloud option, especiallyif you encrypted the backups.
The cloud willallow the data to be stored in a remote location without having to purchaseanother office space. Application Server – Thiswill allow all applications to be in one server with the latest virusdefinitions and up to the minute updates. All software would be loaded to this Server,then push to each workstation allowing a more control, and secure environment.
From prior experience these is one of thebest of way to avoid viruses infiltrating the network or hackers getting aneasy opening to the data. Exchange Server – It offers two roles today, the edgetransport server and the mailbox server. III.Application/End-User RecommendationsHere are some of the things that will need to be executedto guarantee the network will be secure, run efficiently and the employee’s datawill be safe. – Give proceduraltraining of wireless network to the IT guys so that this may give an improved wirelessnetwork conservation and enhanced care to users.
– Adviseusers of the services and all the good things a wireless network as well astheir utilities. In addition, appealthat they are outlined in well-known security policies.- Introducea system of uniform measures for the access points and other devices by constructingthe proper settings and setup. – Make andtrial a “Contingency Plan” which would detail the essential procedures in casethe network should undergo a major disaster. – Accomplisha “Contingency Plan”, which covers the required actions that shouldbe taken when there is a failure on the servers, switches, routers, and backupsystems.
– Producea guide for configuration and management for the complete structure: switches,access points, control of points of access, authentication, Active Directory,administrator, and how to monitor the network (4). Also, have numerous points to access backups(cloud) or in a detached physical location.- Examiningfrequently the Authentication Server and Active Directory Server, and check thephysical state of the each server occasionally.- Obtainbackup for each users’ authentication servers. This server must handle all the users on the network and passwords. It should also contain all the certificates providedfrom the certification server to each user so that it can offer an extra layerof security.
– Analysisof noise range and sniffer amplifiers before, during, and after the connectionof some point of access and check all fiber optical cables thru the offices. – Lastof all, trimestral training on how to digitally sign and encrypt emails will behighly recommend for our users. As wellas training on phishing tactics and suspicious emails with or without attachfiles.