High-level Design of an Enterprise Network

High-level Design of an Enterprise Network

Background and Summary

Amazon is an online operated store that deals with the sale of specific products, including furniture, clothes, electronics, homeware, and other essential products. The company operations are quickly developing business in customer satisfaction and dealing with goods volumes. The organization wants to grow the nearby grounds worldwide and is adding more stores in other nations. Right now, West Consulting hosts millions of exceptional clients among their two structures, and extra clients will be added to the organization once they finish the new structure. Amazon has been encountering weighty inertness issues with the current network design because of degrading organization network parts and expanding network traffic getting to servers furnished with their Computer-Aided Design (CAD) programming. The objective of the proposed network arrangement is to increment traffic stream on the network, interface different structures and a global area, use virtualization to lessen cost and execute more grounded security controls to get network from hazards and weaknesses. Data Security is a significant part of Amazon's operation, giving principles, guidelines, measures, and controls to guarantee classification, respectability, accessibility, and responsibility of business data and private business processes. This approach depends on an even standard security level to limit business data, items, and administration-related security chances. The Information Security Policy intends to: Secure and protect delicate data and business processes and empower and improve the security elements of the organization's solutions to the client’s services.?

Summary of Recommendations to Address Business Needs

Amazon has given data about the ideal recommendations for the new network foundation to address its needs and what is generally anticipated from the new setup. The organization must comprise the accompanying prerequisites given their data:

? A WLAN answer for the new structure and moves up to the existing WLAN to increment usefulness.

? Execute a Unified Communications System for the global videoconference calling with negligible inertness/interferences.

? IP Solution to oblige new clients in all areas.

? Expanded transmission capacity inside the organization and added association choices for overt repetitiveness.

? Server farm Solutions that use virtualization innovation to lessen cost.

? Further developed interface speed to the Internet.

? Security controls for Intranet servers and in general organization foundation.

These necessities are reasonably attainable, giving the ongoing organization foundation inside Amazon's global operations. Most gear in the organization is obsolete innovation; new gear ought to be thought of to get the availability that is wanted. Connected is a graph of the ongoing network foundation arrangements verbally given by the company Network Engineer. As displayed, constructing two hosts, a Cisco 6100 spine switch was introduced that upholds the two structures. Building 2 is associated with the spine switch through a 10GB fiber association, a distance of 1,000ft between each structure (Wang, 2017). Likewise, all floors contain 3 Cisco Catalyst 48-port 100Mbps Ethernet switches associated with the spine switch through a 12GB uplink port in each building. The two structures 1 and 2 have subnets containing a Cisco 2610 switch for each floor designed with Enhanced Interior Gateway Routing Protocol (EIGRP) associated with the spine switch with a 1GB association utilizing a T-1 connection. Moreover, each switch has a connection to a passage that utilizes WPA encryption and 802.11b WIFI principles utilized for gathering/meeting rooms. Finally, 5 Windows Server 2012 R2 (RAID 5) application servers run West Consulting's CAD programming, likewise 1 DHCP and FTP server ("The Importance of Using VLANs to Segment Network Traffic", 2022).

?

Proposed Network Design

The company network plan proposition for West has been effectively planned to meet or surpass the needs given by Amazon. The plan consolidates expanded transmission capacity, overt repetitiveness, real WLAN answers for current and new structures, reconsidered IP Tending to Schema, upgraded unified Data Center, network security controls, additionally coordinated voice, and video foundation for correspondence among different structures. The new plan setups will also improve West Consulting's organizational capacities with possible extensions for future development. The charts show the new organization plans for Campus LAN, Enterprise LAN, IP Schema, Data Center, WLAN, and Unified Interchanges System (UCS).

A couple of areas presenting challenges inside Amazon's ongoing network configuration are overt repetitiveness and insufficient transmission capacity for clients. To add overt network repetitiveness to the plan, it is recommended to carry out extra organization assets, for example, different spine switches, appropriation switches, access switches, and switches. Additionally, contemplations for elective ISPs are empowered as having numerous ISPs permits the organization to stay dynamic on the off chance that one ISP closes down or is encountering more slow organization speeds. Network overt repetitiveness increments network accessibility for clients in case of a disappointment happening someplace inside the network. Additionally, the organization should oversee expanding network transfer speed and controlling information traffic types. Data transmission can be expanded by using overt repetitiveness as a burden and adjusting the design to control the information stream, which reduces bottlenecking as clients attempt to arrange assets. Traffic types can be overseen by carrying out Quality of Service and traffic policing to alleviate superfluous transfer speed utilization from information or applications inside the organization (Kumar et al., 2018).

High-Level Network Design Diagram

??

Network Security

Network Threats and Risks

While planning a network for a company, security thought is expected to shield network resources from assaults. The chance of dangers and weaknesses in a network is unavoidable, particularly as innovation progresses in the future. A couple of organization dangers and weaknesses are unstable confirmation, network infusion defects, Distributed Denial of Administrations (DDoS), pernicious insider assaults, unapproved admittance to open ports, taken/lost gadgets, and phishing assaults. These dangers and weaknesses should be moderated, and risk appraisals should be performed to forestall the chance of organization assaults.

Security Methods to Protect Assets

?Security techniques utilized to safeguard network resources from assaults and the execution strategies to guarantee network security include a couple of fundamental practices. First and foremost, information should be characterized by significance, so information is recognized and focused on for securement by the network executives. Then, network access, use, and approaches ought to be set up in light of jobs that are relegated to clients by IT administrators. This training will guarantee end clients should have qualifications to get sufficiently close to the organization and other IT assets. Likewise, IT Security Heads should perform network risk appraisals intermittently. These evaluations help recognize weaknesses inside the organization and are used to make answers for relieving the weaknesses before they become genuine dangers to the organization's resources.

According to (Li et al., 2019), one of the numerous significant safety efforts for each association to carry out is to guarantee workers are very much informed about the expected dangers. Furthermore, weaknesses of malignant programming programs and other organization assaults illuminate measures to dispose of these dangers. Numerous associations have established security techniques, from recognizing and focusing on private data to observing frameworks to uphold security conventions. Others have set up an organization strategy that limits workers from carrying individual gadgets to the organization and trusted status for authorities who manage characterized and personal data. West counseling organization isn't quite the same as such associations and can carry out such security conventions to guarantee organization resources are secured. There will be a framework to screen all ports and IP locations to forestall cruel assaults. Antiviruses will be introduced on each PC programming to forestall malevolent dangers.?

Organization access control identifications will be given to all clients with extraordinary freedom given to not many clients who work in regions with grouped and private data. Amazon will likewise use a layered guard framework that will guarantee security scanner checks for all representatives and guests coming through the structures. There will be firewalls introduced for all organizations, and our organization's small organization will be as per IEEE Protocol standard 802.11 distributed in 1999. WAN security will be essential for the organization by changing our Internet Convention Virtual Private Network (IP VPN) from public to private. A VLAN is valid for Amazon's utilization mainly because it can fragment a more prominent organization into more modest sections. Network division is helpful because it gets to the next level of security, consistency, and execution of an organization. There is an assortment of ways a VLAN can be used to meet Amazon's organization's requirements. One utilization of a VLAN is to utilize division to separate visitor traffic from staff traffic. This empowers visitor clients to get to the web without being in a similar organization as representatives. They can likewise be utilized to restrict client admittance to a specific network portion, which then, at that point, permits just approved clients to approach networks with exceptionally touchy data.

If there should arise an occurrence of a security break or organization assault, workers must know of the lines of reportage and correspondence to address such dangers and weaknesses. This is why episode reaction and dealing with plans and rules ought to be preserved and practiced every time to make representatives acquainted with the entire interaction. Amazon can report likely dangers and organizational assaults to the Chief Information Officer utilizing the V3PN supplier procedure. Flagging traffic is scrambled and communicated over the VPN (IPSec/GRE) passages to the Chief Information Officer (CIO) at the focal site. Voice discussions are laid out, and conveyor traffic additionally streams scrambled over the VPN burrows. The VPN is straightforward for these applications.

Taking care of Security Incidents

It is excellent practice to make a group devoted to security occurrence reaction to deal with security occurrences inside an organization. The group is answerable for network checking, getting and circulating data about episodes to the proper faculty, archiving occurrence reports, performing network examining, sending fix refreshes, and offering help to involved gatherings of the occurrence. In case of an organization assault, the Security Incident Response Group partner should be advised as he will start dispersing data all through his group about the occurrence. Assuming the assault undermines that network resources, the group will want to respond rapidly with an occurrence reaction plan made by the group. The arrangement is utilized to moderate the assault, erase compromised documents (if necessary), reestablish any/all lost e information, fix weaknesses, and start changing organization passwords. The table below represents the security effectiveness comparison.?

Moreover, the processes to enhance adequate security, the following table represents the recommended next-generation firewalls to ensure adequate protection of the organization's data.?

One thought for solidifying the server farm is to bring together more servers. The endeavor information focus ordinarily considers various client systems administration to create an exceptionally accessible and practical end client prerequisite for the undertaking. The specialized thought for big business server farm will incorporate virtualization of our organization, server and capacity, debacle recuperation, network, security, strategy and control, and superior execution. The first specialized thought component our group should cautiously note for the plan of the undertaking server farm is its area. It is critical to note that the area for the server farm will decide its openness and operationality. For example, assuming the area of your server farm is near a fiasco inclined region, there is a probability of losing information availability and the organization network during such calamities. Aside from the area, the dependability of the power source is a significant specialized thought. There should be a solid power source, a cooling framework for your servers, and power contingency plans. A Remote LAN regulator that will be utilized in mix with the LWAPP to oversee passages on the organization will be added to the plan. The WLAN regulator will empower West Consulting to have more control of the consumer it has associated with the organization utilizing WIFI.?

?High-Level Network Design Policy

The high-level network design policy focuses on the security measures vital in securing the organization's information. This includes determining the critical network assets and their roles in the present network design. The company data centers are made using software and hardware infrastructure that successfully interconnect to offer essential services for the network. Other critical assets include servers, subnets, routers, ethernets, and others vital in designing the organization's network infrastructure. Undertaking server generally farms house servers which are the fundamental parts that give clients the administrations they demand. West counseling organization's server farm will house servers that oversee responsibility. Other organization resources that will be seen in our server farm incorporate switches that will achieve parcel sending capacities; switches that interface gadgets together; regulators to oversee work process; entryways that act as the intersection between networks found in the server farm, and the more extensive web and in conclusion clients who will be the customers of the data found in information parcels. Many organization resources share a common planning framework that depends on IP, ethernet, and other systems administration innovations (Fernando et al., 2018). Every one of these network parts makes up the network resources of the Amazon venture information server.

Virtualization

Use of Virtualization in an incorporated Data Center to make Virtual Machine (VM) servers will increment processing power inside the organization in a savvy way. Combining all servers to an incorporated area empowers the likelihood of utilizing virtualization advances to execute VMs to increment our assets. All ongoing servers will be kept up with at the server farm, making it a lot simpler to control. Each server can have VMs that will go about as actual servers, reducing the expense of purchasing extra server parts. Likewise, involving virtualization for servers utilizes virtual advancements that can be utilized to make VLAN networks inside the Enterprise. This will lessen the expense of purchasing extra hardware immediately. LANs can be sectioned into VLANs utilizing Virtual Switches that work precisely the same as actual switches. They are utilized to imitate the qualities of actual switches (Rathore et al., 2017). The other benefit to involving virtualization is it increments network security as virtual sections are harder to enter and challenging to track down for assailants.

Execution Plan

Through the method involved with planning the new organization foundation for West Consulting, we will carry out the Cisco Design Lifecycle standard. The Cisco Design Lifecycle (CDL) comprises three stages: Plan, Build, and Manage. Each period of the CDL has subcategories which are processes that happen during that stage. During the planning period of the lifecycle, the organization investigation and system happens, making an organization plan and characterizing an arrangement to execute the plan. The building period of the lifecycle happens during the approval of the organization proposition, arrangement of the new foundation, and relocation of all information to the new framework. The board stage offers consistent help for the new organization framework's item, arrangement, enhancement, and activities. The Cisco Design Lifecycle's principal objective is to keep the task coordinated, get an unmistakable agreement and approval of the organization plan prerequisites, speed up execution to fulfill time constraints, increment business coherence, and further develop efficiencies of organization and business processes. To guarantee the task plan and organization configuration tend to every one of the ideal prerequisites From Amazon, we plan to use the "Hierarchical Approach ."The utilization of the recorded prerequisites West Consulting gave and dissecting the current organization helped make a plan to increment the most extreme effectiveness of the organization. The hierarchical methodology permits us to plan the organization from the top and work our direction down through the organization plan. The planning approach empowers us to acquire a more extensive extent of the organization prerequisites and the capacity to achieve current and future organization objectives that West Consulting has intended to use.?

Future Network Growth

The utilization of the Amazon network design executes a progressive model that characterizes every gadget's jobs inside the three-level methodology by improving on network plan, what's more, diminishing shortcomings in every level. The plan brings the advantage of measured quality, adaptability, strength, and adaptability to Amazon. Particularity and versatility are accomplished by permitting expandability and incorporation to the plan if Amazon decides to increment organization assets for future extension. Network accessibility and dependability with added overt repetitiveness make the proposed plan address the critical strength issues. Adaptability is conceivable with the utilization of Quality of Service and traffic policing approaches to guarantee smart burden-sharing by using all organizational parts inside the plan.

References

Fernando, Y., Chidambaram, R., & Wahyuni-TD, I. (2018). The impact of Big Data analytics and data security practices on service supply chain performance. Benchmarking: An International Journal, 25(9), 4009-4034. https://doi.org/10.1108/bij-07-2017-0194

Kumar, P., Raj, P., & Jelciana, P. (2018). Exploring Data Security Issues and Solutions in Cloud Computing. Procedia Computer Science, 125, 691-697. https://doi.org/10.1016/j.procs.2017.12.089

Li, Y., Huang, G., Wang, C., & Li, Y. (2019). Analysis framework of network security situational awareness and comparison of implementation methods. EURASIP Journal On Wireless Communications And Networking, 2019(1). https://doi.org/10.1186/s13638-019-1506-1

Rathore, S., Sharma, P., Loia, V., Jeong, Y., & Park, J. (2017). Social network security: Issues, challenges, threats, and solutions. Information Sciences, 421, 43-69. https://doi.org/10.1016/j.ins.2017.08.063

The Importance of Using VLANs to Segment Network Traffic. Linkedin.com. (2022). Retrieved 14 May 2022, from https://www.dhirubhai.net/pulse/importance-using-vlans-segment-network-traffic-mike.

Wang, R. (2017). Research on Data Security Technology Based on Cloud Storage. Procedia Engineering, 174, 1340-1355. https://doi.org/10.1016/j.proeng.2017.01.286