Network Design Assessment Item 2

Executive Summary

In designing a network, the company Smart Pharmacy is considered where it specializes in working for both international and national franchise clients based in Australia. The company is established in Botany, NSW Australia, through supplying medical services to worldwide franchises. By utilizing the top down approach of the network design, Smart Pharmacy has made an identical network design, which can address the technical and business goals, it provides proper security, user-friendly design and solutions without cloud intervenes.

Moreover, the report provides a detailed section regarding the project testing and planning utilizing the top down approach the project scope and goals have also been stated. A logical and physical diagram of the network has been provided which describes all about the location of devices along with security techniques. The DMZ zone for the servers that has been implemented is installed for isolating those devices from external vulnerabilities. Therefore, the tables of hardware requirements have also been provided along with explanation of its uses. At the end of the report, it has discussed about the routing and switching protocols along with testing plan and scripts.

Goal of the project

Designing network architecture for a corporate organization with diverse application, end-user device and user community mix is a complex task for majority of the networking teams. In this project its goal is to develop a secure network design of Smart Pharmacy in Australia. The report will be explaining the project regarding network topology of the organization and the number of equipment required in making the project. Utilizing the top down approach the design of the network will be followed to provide a cost effective solution in a efficient way between the franchise clients and the company

Scope of the project

The project scope is the portion of the project that involves in documenting the list of cost, functions, features, deadlines of specific goals. The project scope for the Smart pharmacy includes the design of the network utilizing the top down methodology such that it can provide an efficient and cost effective solution to business.

The design of the network requires communicating with the medicine delivery persons by locations tracking and distributing the order information that requires to be delivered to the patients at their home. The order confirmation will be done by the franchise clients by viewing the inventory stocks before delivery.

The scope is also to accomplish the goals of business like providing better products, services at affordable costs and in effective way. The technical goals concern about the protection of franchise clients and data of sales along with making a highly secured design of network, which can communicate the delivery persons and vehicles at Botany, NSW office. It allows the customers to check the orders for offering endorsement through online system.

The scope of the proposed project and its limitations will not intervene solutions of cloud and missing data such as the number of vehicles, number of patients, number of clients and entire budget for the project and the availability percentage required.

Business goals and project constraints

Business goals

According to the provided case study, organizational goals of the business for Smart Pharmacy are 3 key goals and they are as follows:

  • Smart Pharmacy and its first goal are to purchase its products from various manufacturers across the globe and will be delivering to each franchise at affordable cost in effective way and it can develop a better service to customers.
  • The second goal is to deliver better price-oriented products to patients (Clement and Puranam 2018). It can accomplish by minimizing the delivery operation cost from nearest local medicine providers to the location of clients.
  • The third goal is to provide a well efficient website where the patients or customers can browse through entire products of SP and selecting the franchise pharmacy and the products they will be capable of paying online and collect the products at chosen franchise.
  • Another goal is the on-tracking of vehicles for delivery and on- viewing of orders to be permitted by the customers before providing by vehicles to customers or patients.

Business constraints

No solution based on cloud storage is the limitation of the project, which would enable modern technology for fewer investments associated to constraints of cost.

The data regarding budget of the project will be beneficial for the network design more accurately, which is missing in this context.

List of Technical Goals and Tradeoffs

Technical Goals

  • Both for the sales and client, the security of data are required to be considered in the network design.
  • The utilization of cloud solution is not inspired and thus the servers are required to be located at Botany, NSW offices physically with entire transactional data (Karmakar et al. 2020)
  • A protected connection is between the Botany office and delivery vehicles required to be accomplished.

Tradeoffs

  • Scalability is not required for the current business, but it can be acknowledged that the industry could enhance its growth in the future.
  • Around 95% availability could be accomplished depending on the design of Smart Pharmacy network.
  • The performance will increase, as the response time for server and entire communication of the devices for good score.
  • One of the key concerns of the business goals is security of the sales and client’s sensitive data (Evtodieva et al. 2016)
  • The manageability for the network device and tools requires extra staffs for any type of physical issues
  • As there are minimum software and hardware required, the affordability would be a good point for the business requirements.
  • The usability will be considered at all user levels as a core function, if the organization is to focus on its requirements.
  1. Affordability: 20
  2. Adaptability: 5
  3. Usability: 5
  4. Manageability: 5
  5. Security: 15
  6. Network performance: 20
  7. Availability: 20
  8. Scalability: 10

Total: 100

Table of Data Stores, Network Applications, User Communities, and Traffic Flows

User Communities

Below table depicts the user communities and therefore, all of them are assumed:

Name of the User Community

Community Size (Users Number)

Location(s) of the Community

Application(s) Used by Community

MD

(The managing director of SP)

One

Botany, NSW Office

FTP server and Application server

Accounts and Finance manager

One

Botany, NSW Office

FTP server and Database server

Logistics manger

One

Botany, NSW Office

Application server.

Purchasing manager

One

Botany, NSW Office

FTP server and Database server

Franchise (clients)

60 (assumed number)

Botany, NSW Office

Webserver

Storekeeper

One

Botany, NSW Office

Webserver

Deliveryman

30 (approximately)

Australia (Remote places)

Webserver and IoT devices.

Table 1: User communities

Data stores

Data Stores

Location

Application (s

Used by User Community (or Communities)

Webserver

Botany, NSW Office

Apache web server will be utilized for access to website in order to make transactions and live view of orders (Habibullah, Rondeau and Georges 2018)

Purchasing manager

Application server

Botany, NSW Office

For making automation to the business process

MD

Logistics manger

Database

Botany, NSW Office

For storing client’s data and transactions

Accounts and finance manager

FTP Server

Botany, NSW Office

Cyberduck, Fillezilla

MD

Accountant

Logistics manager

DHCP server

Botany, NSW Office

Utilized for allocating IP address for all present devices

Utilized by all inner devices of Smart Pharmacy

Table 2: Data stores

Network Applications along with the Traffic Flows

Application name

Type of Traffic Flow

Protocols that are Utilized by Application

User Communities that Utilize the Application

Data Stores (Servers, Hosts, and others

Estimated Requirement of Bandwidth

QoS Requirements

Automated application software

Program software with automation and internal users ( Sheikh 2020)

Un-reserved number of ports

Logistics manager and MD

Server

2-4 Mbps

It is to ensure that the automation process stores the transaction orders and associated data

FileZilla (FTP application)

Server to clients

Cyberduck, Fillezilla

Purchasing manager, Accounts manager and MD

Server

2-3 Mbps

Locally upload and download the files

ExpressVPN

Clients to the servers

IPsec protocol

Storekeeper and delivery persons

VPN server

2-4 Mbps

Requires to offer secured connections

Apache Webserver

Server to the browser of clients

TCP port 433 https

Logistics manager and delivery persons

Record the web pages

1-3 Mbps

Requires to secure and ensure less network load delay

DCHP server

Server to client machines

TCP port number 67 and 68.

Entire devices in Smart Pharmacy network

Configured DHCP Server

2-3 Mbps

NO conflicts in IP and minimize the work of admin

Table 3: Network applications that are used along with the traffic flows

Justification and explaining the design of the logical network

The logical diagram provided in this section will consider the technical goals and the business, which has been developed using the top down approach. The assumptions have been made for the delivery vehicles, which are connected to the network using the cellular network by the Virtual Private Number (VPN). An enterprise server is utilized by SP only cannot be utilized by external users. The public access servers like DNS, FTP and webserver are secured in DMZ by separating the servers from inner network. Through filtering the malevolent traffic, the DMZ zone is protected by firewall.

On both the switches, the users are connected to the staff’s devices like to a standard printer, PC and a telephone. The below diagram is classified into access, distributed and core layer. It has the user community utilizing the network resources. Between the access and core layer, the distribution layer is present, which supports rapid communication between the departments and prevents a direct link from the core devices. Moreover, the DMZ servers are isolated from the network LAN as they are accessed publicly and thus it is made to isolate from its internal network in order to have a robust security. The enterprise server networks are utilized for internal means for the development of business and are utilized for only office purpose.

Moreover, there are two switches that are connected to users in order to avoid single point failure and therefore, the people share a standard office printer. Alongside, there is a telephone that will work utilizing voice over internet protocols.

The GPS enabled vehicles that are provided is made of assumption and it is ensured that every vehicle’s person will be utilizing the technology of VPN software according to requirement of SP.

Logical Network Diagram

Network Design Assessment Item 2 img1

Figure: Logical Network diagram of SP

(Source: Created by Learner)

IP addressing scheme

Naming of network

Subnets

Ranges

Address number

ISP to Router

200.0.0.0/31

200.0.0.1

2

Router to FW1

200.0.0.3/31

200.0.0.4

2

Router to FW2 (DMZ)

200.0.0.6/31

200.0.0.7

2

DMZ Server to FW2

192.168.0.0/30

192.168.0.1 to 192.168.0.2

4

Enterprise Server to FW1 (firewall)

192.168.0.4/30

192.168.0.5 to 192.168.0.6

4

FW1 to DSW1 (distribution switch)

192.168.0.8/30

192.168.0.9 to 192.168.0.9

4

FW1 to DSW2

192.168.0.12/30

192.168.0.13 to 192.168.0.14

4

DW1 to ASW1and2

(Access switch)

192.168.0.16/30

192.168.0.17 to 192.168.0.18/30

4

DW2 to ASW1and2

192.168.0.20/30

192.168.0.21 to 192.168.0.22

4

ASW1 to staffs

192.168.0.24/28

192.168.0.25 to 192.168.0.38

16

ASW1 to staffs

192.168.0.40/28

192.168.0.41 to 192.168.0.55

16

Table 4: IP addressing scheme of SP

(Source: Created by learner)

List of routing and switching protocols, and security mechanisms

Routing

Name of protocols

Location of router

OSPF

Core R1 (LAN interior core layer network)

STATIC

FW1 (inner DMZ routers)

BGP

R1(external routers)

Switching

Switching Protocol

Location of switch

Virtual LAN

Sw1 and Sw2

STP (Spanning tree protocol)

MSW1 and MSW2 (core layer)

Security mechanisms

Smart Pharmacy has some security mechanism on its network layers referenced to OSI layers connection.

Physical layer

In this specific layer, the physical network cables that are connected are exposed to minimize and destroy the communication availability. Thus, to overcome this issue, the utilization of access cards and surveillance cameras in SP are required.

Data link layer

The switch and its protection are requiring through blocking the unutilized ports. So, a logical security by utilizing the protocol of WPA2 is needed for WLAN communications and thereafter, a VLAN can be utilized to isolate the user group utilizing the applications or the server

Network Layer

It is the core layer in the network design and is more likely to be attacked from external side. So a robust password utilizing suitable protocol configuration of VPN or ACL is needed.

Transport layer

The data encryption in this layer will be secured through developing authenticity by utilizing Secure socket layer to get the SSH and https in accessing the databases

Application layer

The DNS and Websewrver protection can be secured through utilizing high end firewalls, which can monitor the traffic by filtering it and thus make a good policy of protection.

Physical layer

At Botany, NSW office, a role based access will be provided to users that will provide a privilege and responsibility to them while accessing network data. Therefore, utilizing access cards will be needed for entering or exiting from office.

Physical network diagram

Network Design Assessment Item 2 img2

Figure 2: Physical diagram of SP

(Source: Created by learner)

Networking & communication devices and applications

Location devices

Manufacturer and model

Costs

Router

TP-Link Safestream Multi WAN VPN Router

$600.00

Firewall

Zyxel ZyWALL (USG) UTM Firewall, Gigabit Ports, 20 IPSec VPN, 5 SSL VPN

$360.20

Switch

NETGEAR 24-Port Gigabit Ethernet Unmanaged Switch (JGS524)

$525.30

Servers

Dell PowerEdge T40 Server, BTX Intel Xeon E-2224G 3.5GHz, 8GB 2666MT/s DDR4, 1TB 7.2K RPM SATA

$13,455.00

Printer

Canon TR8620 All-In-One Printer

$2500.50

Telephone

SP-6651-K10

$400.00

Justification of the networking & communication devices and applications required

Router: The selected router will be utilized to interact with VPN access and configure NAT.

Firewall: The inner network and DMZ can be secured to filter the user packets

Switches: The selected switch will be supporting the bandwidth for the flow of traffic across the network

Server: The selected server can be utilized for multiple user access and Virtual machines

Printer: The selected printer can deliver multiple jobs developed at single signal

Telephone: The selected telephone model is for SP and will be connected to internet access.

Test plan

Sl. No

Requirements

Typical components

Description

1.

Introduction

1. Test Approach

The system network and its main objective are to protect the client and transactional data.

2. Scope

From external side of the enterprise, the network must not be accessed by public and thus there are certain particular servers that are kept isolated from the core network that are vulnerable to exterior threats (Dadheech, Choudhary and Bhatia, 2018)

3. Assumptions

The demilitarized (DMZ) zone is thus created for those servers. It has the DNS, mail and web server altogether. Depending on the utilization of resource the traffic can be relied on users.

2

Static testing

1. Improvements

The objective is to test the confidential network areas that are in DMZ. It should be test with penetration testing to verify the network strength and security of before going to the phase of implementation.

2. Standards

The kali tools are utilized widely for the testing and for network security analysis.

3. Developing the documentation standards

It can be predefined about the acceptance criteria where it can be deciding that how firewall of DMZ blocks the undesired request of TCP (Iovan and Robu 2016). Documentation has been done accordingly.

3

Dynamic testing

1. Test data

The test types can be analysing by implementing the test on the device types like webserver situated at the DMZ.

2. Conditions

The users can actually know about the load time duration and request response from the clients in order to make secure transactions (Bhardwa et al. 2016).

3. Results

Between 8AM to 5PM, the number of request of traffic during office hours is referred as peak time and there must not be any delay in webserver loading.

4. Log status

Generated successfully

4

Environment

1. Strategy

Top-down approach

2. Tools

Cisco Packet Tracer

3. Platform

Network simulation

4. Report

Success

Table: Testing plan

References

Bhardwaj, A., Subrahmanyam, G.V.B., Avasthi, V. and Sastry, H., 2016. Design a resilient network infrastructure security policy framework. Indian Journal of Science and Technology, 9(19), pp.1-8.

Clement, J. and Puranam, P., 2018. Searching for structure: Formal organization design as a guide to network evolution. Management Science, 64(8), pp.3879-3895.

Dadheech, K., Choudhary, A. and Bhatia, G., 2018, April. De-Militarized Zone: A Next Level to Network Security. In 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT) (pp. 595-600). IEEE.

Evtodieva, T.E., Davydova, N.N., Videneeva, S.V. and Fedorov, V.A., 2016. The Concept of Network Organization and Design of Networks in Logistics. International Journal of Economic Perspectives, 10(3).

Habibullah, K.M., Rondeau, E. and Georges, J.P., 2018. Reducing energy consumption of network infrastructure using spectral approach. In Technology for Smart Futures (pp. 235-250). Springer, Cham.

Iovan, A. and Robu, R., 2016, February. Handling of the demilitarized zone using service providers in SAP. In IOP Conference Series: Materials Science and Engineering (Vol. 106, No. 1, p. 012003).

Karmakar, K.K., Varadharajan, V., Tupakula, U., Nepal, S. and Thapa, C., 2020, June. Towards a Security Enhanced Virtualised Network Infrastructure for Internet of Medical Things (IoMT). In 2020 6th IEEE Conference on Network Softwarization (NetSoft) (pp. 257-261). IEEE.

Sheikh, A.F., 2020. Network Fundamentals and Infrastructure Security. In CompTIA Security+ Certification Assignment Guide (pp. 9-34). Apress, Berkeley, CA.Network Fundamentals and Infrastructure Security. In CompTIA Security+ Certification Assignment Guide (pp. 9-34). Apress, Berkeley, CA.

citation generator
citaion generator
make money online