I. Creating Our Scheme
As the IT consultant, I would recommend GAI creates a
new forest Named GAI and within that forest create two child domains, 1 for
each region. The child domains will
cover the two offices in Los Angeles and New York. I would place each of those domains on their
DC server, preferably 2 at each site to allow for fault tolerance. This is important since from prior experiences
network without a robust fault tolerance as usually more vulnerable to network
crashes and network crashes constitute a stoppage of work, which means losing
customers and money.
Next is important to think about security so I would
recommend implementing a Smart card system similar to what the military uses to
ease data security concerns. Smart cards are easy to distribute and because it
carries a chip, GAI could even use it to restrict access to buildings, offices,
etc. In addition, it can even be used to access the network thru the internet
as long as GAI provides CAC readers to its employees.
For the hi bandwidth users such as media I would give
them their own media server at each location. Might sound like a bit much but
since most of the time the team will require to access big files and be able to
edit these files thru the day, it would be faster if we have a media server
close. Of course cross domain will be
require so high speed connectivity is such as necessary which will be cover
Configure at least one DNS and DHCP server per site
and configure each system via DHCP to see the local DNS server as their primary
and the remote DNS server as the Secondary.
Is also important to have IP ranges configure to provide more IP’s and
have more control of those statics IP used for Servers, Printers, Scanners,
Set up a Backup Server at each site, which is backed-up
via tape or external HDD and at least weekly.
These backups will be done at an off time and backups will be held at
remote backup location, as the remote backup server should be located away from
the main locations. Again might be
extreme to some but in case of a fire or flooding, you can have your backups
safe and ready. I would also setup a
Certificate and rights management server at each location to allow for
redundancy and backup the initial certificate in a safe location.
Setup at least one server in each location with a GUI
and use it to manage the rest, which can be server core to reduce hardware
requirements. Again, setup DHCP with
just enough addresses for the network and also configure to use KERBEROS and
MAC filtering to reduce the threat of intrusions and rogue access points, have
a pool for each region with that region’s MACs assigned to it.
Setup an exchange server for each region, one for each
child domain with a trust between them.
An application server would be beneficial as well, which likely need the
following applications: Microsoft Office, Adobe Photoshop, Adobe Premiere Pro,
Active Client for login, Backup software, Antivirus, just to name a few.
My next step would be to create a private network
share for each department, with a separate Share that everyone can see and
access for any information that they want to be available to the office. Media should have the largest quotas due to
the size of their product; again, Media gets a little more and special
treatment because I believe the Media department is the bread and butter of the
company. The next step would be to create
an OU for each Department, which can be further refined by any physical
organization within each department.
Wireless connectivity is a great idea and can be look
at later if desire. The network should
be linked thru cables to deliver superior security. This takes me to the use of Fiber cable as a
substitute for CAT 6, just because Fiber cable is extremely harder to break physically
and harder to breach by an intruder.
As the Company grows, it should be highly considered
to move the DC servers to their own server and use the Network load balancing
to ensure fault tolerance and speed of use.
This is something to consider in the future but is important to have in
mind as we build the network today.
Datacenter should not be needed or purchase right now,
unless it is desired to purchase a few higher end servers and implement VM
servers rather than physical server for each set of roles. This can be costly but also save space while
also increasing data space, network reliability and even more network
workstations. How will VM help with
network workstations, by using Thin Clients, which could be implemented to
reduce cost of individual workstations and increase security by removing any
locally stored data for users other than the high bandwidth users such as the
media department, which we know will require more data and easy access to it.
Finally yet importantly, building a Windows Server network
with Active Directory will offer an astonishing level of security by adding
elements like group policies (they all can be setup to best support each user,
department and requirements). Roaming
profiles (they will permit GAI users to have access to matching data regardless
of which PC or website they have access to), file server (important server
because it give each user the ability to share assets and data within the GAI
scheme in a protected way).
The use of security policy is not only necessary but I
would go as far as saying that should be a requirement for any network. A complete and well thought out security
policy can eloquently rise the protection of GAI network. Notwithstanding of
the simple fact that policies can be equally
extremely simple and very basic to manage or complex and difficult, it is usually
the settle mostly the fine points that are exceptionally useful .
GAI network should isolated the company scheme, properties and data form the
untrustworthy internet and individuals willing to cause damage to it.
Although not require I believe is important to break
down some of the basic components to build GAI network. I have already talked about the Servers and
architecture require to meet the needs of the company at the present time but
is as important to understand some of the physical requirement. Here are just a few that would make the
network more efficient:
APs – Subject to the size of the offices, you can
require one to three units. Each deliver
a simple, integrated control GUI will could be control by the IT team. Theoretically, they deliver dual band Wi-Fi
for exceptional performance and coverage, and spontaneous hand-off so
individuals within the company could move around the offices without any issues
or lack of connectivity. Just as important,
they offer a “guest WI-FI” option for those customers who come to GAI. This would permit GAI the ability to provide a
restricted WIFI for their customers on one VLAN and an unobstructed WI-FI for
their employees on a separate VLAN.
Switch – A 48-port gigabit layer 3 switches would deliver
the maximum flexibility and forthcoming growth.
Current desires can be easily met with plus it will provide adequate
room for growth. Most switches are
either 24 or 48 ports variations so without any other choice in-between, a 48
port is our best bet. A fully programmed
switch will give the GAI the choice to create VLANS for the APs as stated
above. In addition, the IT team should create
“port security”, locking each single network port to a specific MAC
address, which would offer an added level of security. The Power-Over-Ethernet (POE) option in the switch
will deliver a simple way to provide power to the selected APs without the requirement
to run added cables.
Router/Firewall – There are a great amount of choices offered
for a business like GAI when it comes to router/firewall. To offer a reasonable cost, the biggest
degree of security and all-out flexibility for forthcoming requirements an
open-source router/firewall would be the perfect choice. A stateful packet filtering firewall, captive
portal with MAC filtering, RADIUS support, DHCP server, high-speed VPN support
and extensive reporting and monitoring features (5). This should offer GAI present business needs and
would afford sufficiently room for upcoming development. The configuration and control of this
equipment can be accomplish via an internal web-based interface and is extremely
easy to dol.
Fiber Optical Cable – I would encourage GAI to purchase
and install Fiber Optical cable thru the office because not only does it
deliver increasable more bandwidth compare to CAT 6 but also a more secure and
protect network. Your idea of networks
should be all about security, Fiber offers a tougher shell that will not emit
signals and is extremely challenging to infiltrate. If the infrastructure of the office were made of
CAT 6, it would be easy to use media converters who will allow migration from
CAT 6 to Fiber at a low cost and with uninterrupted links. Either way the GAI network would be fast and
Windows Active Directory – Is the focal point of any
well develop network. It will offer I single
user name and password safety, secure CAC login, it will also decrease overhead
through normalization, develop services though consolidated administration. In addition, it will provide security and guidelines
over Group policies, will provide rapid access and centralized storage over
roaming profiles and file server.
Backups – Should be done daily,
weekly, monthly, and yearly and placed an outside location. This will allow access to the information in
the case of an emergency like a fire or flooding. You can also use the cloud option, especially
if you encrypted the backups. The cloud will
allow the data to be stored in a remote location without having to purchase
another office space.
Application Server – This
will allow all applications to be in one server with the latest virus
definitions and up to the minute updates. All software would be loaded to this Server,
then push to each workstation allowing a more control, and secure environment. From prior experience these is one of the
best of way to avoid viruses infiltrating the network or hackers getting an
easy opening to the data.
Exchange Server – It offers two roles today, the edge
transport server and the mailbox server.
Here are some of the things that will need to be executed
to guarantee the network will be secure, run efficiently and the employee’s data
will be safe.
– Give procedural
training of wireless network to the IT guys so that this may give an improved wireless
network conservation and enhanced care to users.
users of the services and all the good things a wireless network as well as
their utilities. In addition, appeal
that they are outlined in well-known security policies.
a system of uniform measures for the access points and other devices by constructing
the proper settings and setup.
– Make and
trial a “Contingency Plan” which would detail the essential procedures in case
the network should undergo a major disaster.
a “Contingency Plan”, which covers the required actions that should
be taken when there is a failure on the servers, switches, routers, and backup
a guide for configuration and management for the complete structure: switches,
access points, control of points of access, authentication, Active Directory,
administrator, and how to monitor the network (4). Also, have numerous points to access backups
(cloud) or in a detached physical location.
frequently the Authentication Server and Active Directory Server, and check the
physical state of the each server occasionally.
backup for each users’ authentication servers.
This server must handle all the users on the network and passwords. It should also contain all the certificates provided
from the certification server to each user so that it can offer an extra layer
of noise range and sniffer amplifiers before, during, and after the connection
of some point of access and check all fiber optical cables thru the offices.
of all, trimestral training on how to digitally sign and encrypt emails will be
highly recommend for our users. As well
as training on phishing tactics and suspicious emails with or without attach