11INTEGRATIVE NETWORK DESIGN PROJECT

Integrative Network Design ProjectJeremy FreemanNTC/362November 10, 2014Dean McIntyre

It has been decided that it will be beneficial to improve the connections of the three locations of Kudler Fine Foods currently using a Wide Area Network (WAN). The three locations are in Del Mar, La Jolla, and Encinitas California. The company has seen lots of growth after its first year, so any changes will need to be designed to support future expansion as new locations are added at a later date. There are no immediate plans for expansion, but it could be a project at some point in the future as long as Kudler Fine Foods remains profitable.

Currently, the three locations are connected by a T3 dedicated line WAN. All three locations have internal networks based around a 100baseT environment. Each location uses an IBM blade server. That server handles all the network, print, and file services.

The home office is in the La Jolla location. So that location has 3 networked printers and 19 VoIP phones. Currently 19 employees use Dell computers on the network. The other stores are smaller so the usage is a bit different. At each of the other locations, employees share a single networked multifunction printer. Each location uses 6 VoIP phones and only 6 employees are currently using Dell computers at each location.

All three locations are currently using a mix of fiber, WAN and WLAN networking standards. The La Jolla location also features a fiber link for the 10TB NAS used to back up the server.

The current system is sufficient for the current business, but does not allow for future expansion. Updating the network now, will allow future growth without major effort. Todays data communication networks allow for data to be transmitted from one terminal to another. That other terminal could be on the other side of the room or on the other side of the world. There are several components between those terminals, such as switches, routers, and cabling.

Most of the time the user interaction will take place at a terminal. Terminals can be as little as a screen and keyboard with no processing power or data storage. Many times, however, the terminal is a full computer that has data processing capabilities and data storage outside of the network. These are sometimes referred to as workstations since they have more abilities than basic terminals. Both terminals and workstations will have hardware to connect to the network. A network adapter may be built in, or a network interface card may be added to the computer to allow data transmission.

From the terminal, data travels through the transmission links that actually connect system components. Those links could be physical, like fiber optic cables, coaxial cables, or twisted pair copper wires. Those transmission links could also be over the air, like Infrared, microwaves or satellite options. The different transmission links vary in the amount of data they can transmit at any given time and on their effective range. Some can cover very long distances and carry lots of data.

The way the data is transmitted is also affected by the chosen transmission method. Transmission methods vary from analog to digital. And digital transmission could consist of circuit switching or packet switching. With circuit switching, the selected path for data to travel is fixed during the duration of the session. No other users can use that channel until the session has been completed. Packet switching, on the other hand delivers data in small groups that take different routes through the network to reach the destination. Upon arrival, the data is put back together in the proper order. Packet switching does not tie up a channel like circuit switching, since there is no dedicated path from the sender to the receiver.

Next in the network come switching devices. Switching devices include bridges gateways, and routers. These components direct the network traffic. Bridges are used to connect networks, even networks using different wiring. A gateway connects networks that are using different incompatible protocols. Gateways are complex devices that convert protocols so that the networks can communicate. Routers are commonly used devices that connect networks that use either the same or compatible protocols. The router selects the most efficient path to the destination.

Most networks, like the ones within each location of Kudler Fine foods, are local area networks (LAN). LAN components typically include connected devices, like computers and printers, a network server, and a way of connecting the devices. This usually means Ethernet cables or sometimes also wireless technology like wifi. The server acts as the brain of the network and allows multiple computers to share multiple devices like printers or network attached storage.

The individual locations are connected to each other in what is called a wide area network (WAN). Many times the locations are connected via phone lines. A modem is required on each end to facilitate communication across the WAN.

Since there are multiple locations within Kudler Fine Foods, managing network security is more complex. Every company needs a firewall. A firewall is a piece of hardware or software which prevents some communications on the network forbidden by the security policy, The firewall constantly checks network traffic to verify if it should be allowed onto the network. If anything is questionable, the firewall blocks the communication. In addition, as the company grows, it will be beneficial to have a virtual private network (VPN), which will allow individuals with secure access to the companys network. And just like other smaller networks, security software is needed to filter email and websites so that no viruses, spyware, malware, or other malicious threats can infect the network. The upgrades to the Kudler Fine Foods network will need to incorporate a variety of communication protocols. The main reasons for using multiple protocols are to provide maximum performance on the network and to ensure compatibility with a variety of different products. Some of the protocols utilized include TCP/IP, UDP, HTTP, Ethernet, and even POP3. Both hardware and software protocols are utilized in the existing system and will continue to be used after the upgrade.

The expansion of the network will have 2 phases. Phase one will improve the existing setup and improve network performance. Phase two will add a secure wireless network at each location to allow for the use of multiple new devices in the future. The network architecture will remain the same. The current Wide Area Network (WAN) uses a T3 dedicated line to connect the three locations. All three locations have internal networks based around a 100baseT environment. Each location uses an IBM blade server. That server handles all the network, print, and file services.

For Phase one of the proposed expansion, we must improve the existing network to get better performance. Adding new users would put more strain on the system so improvements must be made in advance to prevent any issues. At this stage, the best first step is completes some network traffic analysis. This step is important to determine who talks to whom and who talks when. This information is handy when optimizing the network and improving the network security. An attacker can gain important information by monitoring the frequency and timing of network packets. To defeat traffic analysis, a combination of encrypting messages and masking the channel is best. When no data is being sent, sending dummy traffic, which appears to be similar to the encrypted traffic, can mask the channel. That will keep bandwidth usage constant and help protect the channel from outside attacks.

Measurements must be taken before and after the completion of phase one to ensure there was a network performance improvement. Improving the network should reduce latency, improve response time, and improve jitter or packet delay variation. Latency is a measurement of the amount of time for a packet to travel from source to destination plus the time from the destination back to the source not including the amount of time that a destination system spends processing the packet. Response time is the elapsed time between the end of a command on a computer system and the beginning of a response. Jitter is the variation in the time between packets arriving. A network with constant latency has no jitter. Jitter can be caused be caused by various reasons, such as network congestion or route changes. These measurements will help determine the quality of service or overall performance of the network

The current network performs well. There have been no complaints regarding response times. Latency and jitter are within reason considering the distances between the locations. It is important to remember that speed does not equate to latency. Speed refers to how quickly something can be downloaded, while latency refers to the length of time it takes a packet to travel from Point A to Point B. Since the network currently has decent speeds, there may be software solutions required to improve latency measurements.

Since the business has locations that share information, another important measurement to consider is the data transfer rate. This is a measurement of the amount of data being moved from one place to another within a certain timeframe. By increasing bandwidth, we can improve the data transfer rate.

Phase two of the upgrade will add a secure wireless network at each location. This will require the use of both network switches and routers. Switches create networks. Routers connect networks. Switches are used to connect computers, printers and servers within a location. A router links computers to the Internet, so users can share the connection.

Updating the switches and routers for more capacity and wireless capabilities will allow additional devices to be connected to the networks at each existing location. Routers will allow highly secure VPN access for five to 100 remote workers, depending on the model. Built-in firewalls, advanced encryption, and authentication features protect against external threats. Additionally, switches will utilize a variety of communication protocols that will connect all the necessary components. Those include advanced QoS, IPv6 support, and 10 Gigabit Ethernet connectivity. This should ensure the system is able to deliver the capabilities needed to support usage today and tomorrow as the system expands.

VoIP functionality will be added as well. A PBX (Private Branch Exchange) is a telephone switching system. The PBX manages both incoming and outgoing calls for the company's internal users. A PBX is connected to the public phone system and can automatically route incoming calls to specific extensions. It also shares and manages multiple lines. The PBX system will require external and internal phone lines; a computer server that manages call switching and routing; and a console for manual control. Business VoIP providers usually feature a hosted PBX as part of their basic packages. A hosted PBX has all of the same features as a traditional PBX machine without the need for expensive machinery. A switch will be necessary for transferring calls from one line to another. Switches range in price depending on the number of devices they can accommodate. For Kudler Fine Foods, a good VoIP solution will include an NEC SL1100 Main KSU, a 16 channel VoIP daughter board which includes 4 SIP Trunk ports, and 6 IP 24-Button Business Telephones for each location. The advantage of SIP Trunking is it will allow the connection of an analog PBX and analog office equipment to the Internet so that VoIP services can be used without replacing lots of devices.For security, many companies use firewall software to protect computers against hacker attacks and other Internet threats. A better method is to deploy a hardware firewall, which also uses software to block unauthorized access to computers. This method is preferred because it will be easier to maintain and less expensive in the long run. This is because firewall software programs must be installed on each individual PC it's meant to protect. To protect all of the company's computers, each one must have a software firewall installed. This can become expensive and difficult to maintain and support. So the hardware-based firewall is the better solution for Kudler Fine Foods. In addition to a firewall, antivirus, antispam, antispyware, and content filtering will also help to protect the network. To avoid physical vulnerabilities, a common sense security approach will be used. All Ethernet ports not in use must be inactive. USB ports on computers will be disabled so that they cannot be used to connect Mass Storage Devices that can upload malicious files or download sensitive documents. VoIP security systems using security cameras and sensors that are operated over Internet service, can be included to provide a higher level of security. VoIP alarm systems can include a variety of accessories to customize the installation. Things like bells, alarms, buzzers, and speakers, can be easily programmed and managed over the Internet. Doors to IT areas will remain locked with the only access allowed for IT personnel. Security badges must be scanned to enter and will create a time-stamp to verify who entered the room and when. That should reduce any internal attacks from employees. Daily security scans of the network will identify any external security breaches so they can be eliminated in a timely manner.

As Kudler Fine Foods grows and expands, the network will continue to be the backbone that keeps all locations connected. From the existing stores to future locations, a WAN will be used to tie all locations together. Internally, a WLAN will be the network configuration. Updating the existing networks can be completed within 1-3 months. Expansion of new locations can be integrated into the construction of the location. Rollout time will be minimal. The changes suggested were chosen based on ease of integration and deployment. Minimal changes are required to the existing system and new locations can be added at will. Each new location will mirror the existing layout, which will save time and money. Additionally, it will make the systems easier to support and maintain as each location will use identical hardware and software setups.

References

Groth, David and Skandler, Toby (2009). Network+ Study Guide, Fourth Edition. Sybex, Inc.

Demichelis, Carlo (November 2000) - "Packet Delay Variation Comparison between ITU-T and IETF Draft Definitions"

ITU-T Recommendation Y.1540 (February 1999) "Internet Protocol Data Communication Service - IP Packet Transfer and Availability Performance Parameters"