Part A 30 pts Design Scenario Page 197 has a continuation o

Part A (30 pts): Design Scenario - Page 197 has a continuation of the Chapter 1 Design Scenario for ElectroMy Cycle. Attached and below is the scenario. In Chapter 1, “Analyzing Business Goals and Constraints,” you learned about ElectroMyCycle, a manufacturer of a new electric motorcycle. ElectroMyCycle has chosen you to design a new network that will let the company scale to a larger size. In Chapter 5, you learned that ElectroMyCycle’s network will support about 200 employees. The network will include a data center and a new state-of-the-art manufacturing facility. Users in the campus network will access the servers in the data center from their PCs. For online sales, ElectroMyCycle plans to have a DMZ that connects a web server, a DNS server, and an email server. ElectroMyCycle also plans to open a branch sales office in a city that is about 500 miles from ElectroMyCycle’s headquarters. Design and document an IP addressing scheme to meet ElectroMyCycle’s needs. Specify which IP address blocks will be assigned to different modules of your network design. Document whether you will use public or private addressing for each module. Document whether you will use manual or dynamic addressing for each module. Specify where (if anywhere) route summarization will occur.

Solution

ElectroMyCycle will sell its new motorcycle both online and through a large retail company. For online sales, ElectroMyCycle plans to have a DMZ that connects a public web server, a DNS server, and an email server. The web server needs to communicate with back-end servers in the data center that hold customer billing data. ElectroMyCycle also plans to open a branch sales office in the city where the retail company’s corporate headquarters reside, about 500 miles from ElectroMyCycle’s headquarters.

Design and draw a logical topology that will support ElectroMyCycle’s needs. In addition to meeting the specified needs, be sure to consider security.

Logical Network topology:

The logical topology of the network is shown in the form of three diagrams. First figure shows how the LAN and DMZ are connected to the internet. The second figure shows the three layers (core, distribution and access) of ElectroMyCycle Company’s LAN. The third figure throws light on the T-1 link present between ElectroMyCycle Company’s headquarters and their branch sales office (500 miles away from the HQ).

Figure-1: Diagram showing how the LAN, DMZ are connected to the internet.

It can be seen that the DMZ is separated from the LAN which contains the workstations, Manufacturing facility and the data center. However, a link (shown in brown) has been provided from the Webserver (DMZ) to the data center (LAN). This is present because the data backup of webserver is present on the data center servers.

Figure-2: Diagram showing the three layers of ElectroMyCycle Company’s LAN

In this figure, it is clear that the LAN of ElectroMyCycle Company has been logically divided into three layers – core distribution and access. Core layer contains the router that connects the LAN to ISP and DMZ and the switch via which the connection gets distributed in the LAN. The PCs shown in the figure shows the facility where in 200 employees will be accommodated (including the engineers).

Figure-3: This shows how a connection is made between the Headquarters and the branch sales office.

As shown in the diagram, either a T-1 link can be used or a Metro Ethernet virtual link can be used to connect both the facilities.

The network design as demonstrated by the logical topology of previous section makes sure that following company needs are satisfied:

Major user communities:

2)Network Administrators

3)Other employees

4)Online customers

5)Internal email users

6)Data center admins

NOTE: It is not compulsory that a single user cannot fall in more than one user community.

Following are the major data stores with its users’ description:

1)Data center servers: The data here will be used by customers (via web application),network admins, data center admins, engineers, etc.

2)Email server: This will contain a database that will support the internal email system of the company. All the employees will be its users

3)DNS server: it will have a mapping of the domain names and the network addresses. It will again be used by the employees of the company.

4)Routers: The routers will contain the routing table and thus a picture of the entire network topology will be present on them. This data will be used by all the stakeholders involuntarily.

The network Topology of ElectroMycycle has been drawn above. It is pretty evident that the datacenter is the major storage of all kinds of data, be it for the web server, or for the manufacturing facility equipments. Apart from the data center access, another major activity that will happen on the network is the web server access. Also, workstations of 200 employees will run applications that will create some network traffic. Therefore, listed below are the major network traffic flows:

1)The internet will send in a lot of traffic to the DMZ (webserver). As the company plans to have an online medium of sale too, a lot of customers are expected to access the webservers and order their units.

2)The employees and engineers will run applications like the email client, company’s website, and other internal applications with data storage in the data center. Therefore, another major traffic flow will exist between Workstations (PCs) and DMZ (Email server, Webserver and even DNS server) and also between Workstations and the data center

3)Manufacturing facility has networked equipments that communicate with data servers. Therefore, a lot of traffic flow is expected between data center and the manufacturing facility.

4)The webserver has its data backup o the servers at the data center, therefore DMZ(webserver) and the data center will also have a lot of traffic amongst them.

As it can be seen in the network topology, security has been implemented at various stages. First and foremost, a firewall is present which separates the DMZ and the LAN from the internet. This helps in filtering malicious and unnecessary network traffic.

Then comes the VLAN support. As it can be seen that distribution layer router is present that connects all the switches of the workstations (where the PCs are present). This distribution router ensures that the different PCs can be separated in the form of Virtual LANs. VLAN is a way to create a logical separation for different departments, user communities etc. It helps in preventing unauthorized access and helps in departmental information security.

The switches present at the access layer can help in providing port level security. The ports can be configured to provide a security circle that protects the network from unauthorized access cases.

Security breaches are also easier to track and manage. It is because of the layered topology where in core, distribution and access layers are separated in the network. Layered network segments help in easy organization and maintenance.

The switches present at the access layer can help in providing port level security. The ports can be configured to provide a security circle that protects the network from unauthorized access cases.

Security breaches are also easier to track and manage. It is because of the layered topology where in core, distribution and access layers are separated in the network. Layered network segments help in easy organization and maintenance.

Details pertaining to following questions can be asked while working on the project:

1)What are the different VLANs that need to be configured on the network of ElectroMotorcycle.

2)Are there any particular sites that you would like to block? Or what sort of traffic do you want to allow from the internet.

3)What are the different accesses that you would like to implement? All users might not be intended t allow access to all kinds of data. Which data community should be given access to what data?