Network Design Template
Project Client
Organisation: Globex Corp
Contact: Paul Smyth
System Name
Date of Design Document
Document Status
Drafting Phase
Version Number
V001.1
Prepared by
Contents
- INTRODUCTION 3
2.1. DOCUMENT PURPOSE 3
2.2. INTENDED AUDIENCE 3
2.3. SCOPE 3
- EXECUTIVE SUMMARY 3-4
- NETWORK INFRASTRUCTURE DESIGN 5-7
4.1 NETWORK TOPOLOGY
4.2 NETWORK DEVICE SPECIFICATION
- HARDWARE
- VLANS
4.3 NETWORK DESIGN 5
- ACTIVE DIRECTORY DOMAIN SERVICES (ADDS) DESIGN 7
5.1. ORGANISATIONAL UNIT (OU) STRUCTURE 8
5.2. USER ACCOUNTS 8
5.3. HOME FOLDERS 8
5.4. LIST OF USER ACCOUNTS AND GROUPS 8
- OTHER SERVER ROLES 9
- CLOUD………………………………………………………………………………………………………………………………………………………9
- BACKUP AND RESTORE PLAN………………………………………………………………………………………………………………….10
- DISASTER RECOVERY MECHANISM…………………………………………………………………………………………………………10
Introduction
Document Purpose
This document describes the “as built” design and testing of an xxx system encompassing:
Logical Network Design
ADDS Schema
OU
Trees
Forest
DNS & DHCP Configuration Systems
This document will enable the System Administrator to understand the total logical Networking design needed for Globex Corp, also the ADDS schema needed for the specified task in the Project Scope.
Intended Audience
The intended audience for this document is those who are involved in this project, i.e. the client organization and the hired company to design the networking infrastructure. This includes both type of people/staff on the both sides, i.e. business and technical.
Scope
The Network Design & ADDS Schema of the three physical Branches and the cloud. The final working prototype is targeted as the outcome of this project. The scope of this project contains the following:
Network architecture design.
DNS & DHCP Configuration
ADDS Schema
What is out of scope? The following things are out of the scope of this document/project:
Actual Implementation Techniques
Executive Summary
3.1 Network Scenario: Server Placements and Logical Mapping
3.2 Block Diagram for Departments and Interconnections
Each Centre Has 4 Functional Departments namely IT – Looking after the IT Infrastructure.
Sales – Looking after Sales and Customer Handling.
Procurement and Training & Facilitation – For Raw material procurement, training on new agro-techniques and facilitation to the farmers.
Network Infrastructure Design
Network Topology
A Star Network Topology is suggested for the design as it would be a hub and spoke model whose fault toleration is high until the hub is damaged. In the case of such situation replacing the Hub Device will rectify the network.
The logical network diagram for the 3 Centres and their department follow a star network topology, which is shown in the below figure.
All the centers follow a similar network design for their departments.
Network Device Specifications
Hardware: For each Centre, 4 Hubs one for each department, 1 Layer 3 Switch, 1 Wireless Access Point, PCs for Each department.
Routers: 1 for each center location, 1 Core Layer Router, & 1 for the cloud.
VLANs: One For each department, One for the two servers, One For The wireless Access Point.
Network Design
Albury Centre
Waga Waga Centre
Griffith Centre
Active Directory Domain Services (ADDS) Design
The ADDS Schema, Forest, and domains of albury.com, waga.com, and Griffith.com
OU Schema
User Accounts
Requirements stating that all users have individual profiles with unique usernames and passwords will be met by the following standards:
Accounts will be created with the permission to handle the respective department tasks
All the Accounts will have access to Microsoft Office, and the basic software provided by the company.
The respective department’s Users will access only the respective folders on the server which they have access to.
Home folders
When accounts are created, an administrator will assign the respective department privileges to the home folders of the users
Passwords must contain minimum six characters including one uppercase, one symbol, and one lowercase.
Passwords will automatically expire after six months
List of User Accounts and Groups
The following table lists user accounts and their groups
User
Department
Group
User 1
Sales
Sales
User 2
Procurement
Procurement
User 3
IT
IT
User 4
Training
Training
Admin
IT
Admin
Desktop Computer OU
Desktops will be added to the respective center’s domain (Albury.com/waga.com/Griffith.com) and managed within the Computers OU.
Group Policy
Group policy will be configured to ensure users will access only the specified type of file.
All group members will have the same user rights and permissions inherited to them of the respective group
Group policy will be configured to ensure computers will inherit similar settings and permissions belonging to the respective group.
DHCP
DHCP will be configured on Server1 on each location.
DNS
DNS will be installed and configured on Server 1 of each zone.
Other Server Roles
File server (NTFS / Share permissions / DFS): Server 1 of each site
Print Server: Server 1 of each Site
Database Server: Server 2 of Each Site
Cloud configuration
The cloud is equipped with two servers and one router with switching interface.
Server 1
Server 1 is having the capability of VPN tunneling and Firewall.
The VPN server provides all remote users with access to globex.com domain.
Firewall Provides extra protection towards Intrusion.
Server 2
Server 2 provides soft phone features to the registered users using VoIP.
Backup and restore plan
The backup will be kept on Server 2 of each location with a periodic backup taken every 4 hours.
For Database, the server takes backup every 10 minutes of the whole new database entries
Disaster Recovery mechanism
In case of any disaster, the whole system will be rebooted using the latest backup taken by the server
References
389 Directory Service. http://directory.fedoraproject.org/
Microsoft Active Directory. https://msdn.microsoft.com/en-us/library/bb742424.aspx
Apache Directory Service. http://directory.apache.org/
Berkeley Internet Name Domain (BIND). https://www.isc.org/downloads/bind
Microsoft DNS. http://www.microsoft.com/dns
PowerDNS. http://www.powerdns.com/
DNS mask. http://www.thekelleys.org.uk/dnsmasq/doc.html
FreeRADIUS. http://www.freeradius.org/
Netfilter. http://www.netfilter.org/
Microsoft Windows firewall. https://en.wikipedia.org/wiki/Windows_Security_Center
OSSEC. https://ossec.github.io/
Snort. http://www.snort.org/
OpenVPN. https://openvpn.net/index.php/open-source.html
Elasticsearch. https://www.elastic.co/products/elasticsearch
Apache Lucene. http://lucene.apache.org/
Logstash. https://www.elastic.co/products/logstash
Kibana. https://www.elastic.co/products/kibana
Skype. http://www.skype.com/
Blink. http://icanblink.com/
Session Initiation Protocol. https://en.wikipedia.org/wiki/Session_Initiation_Protocol
TeamViewer. http://www.teamviewer.com/
AMANDA. http://www.amanda.org/