Assignment Title – Advanced Network Design

Overview on Given Case Study

Big Oil had bought the university building name Sheffield Hallam University, as they migrate
from offline class to online education platform. But, here we have got a situation that, while
leaving the building they remove all the IT infrastructure connectivity and setup from the
building. And now we have to convert the class room into office room, halls into meeting
rooms. Also need to check where we can build the main Admin office and other setup of
network topology. So, our task is to provide a network design proposal to Big Oil company to
shift their different 1000 local offices into this University building.

Some, condition or we can priority stuff need to be including like we need better Wireless
Connectivity including IP phones access to office staff and VoIP services with VLAN integration.
Also, we need to check some issue already present in the present case study and some
assumption we can do to provide more better proposal for Big Oil corporation with reference
the Cisco “CCDA 200-310 Official Guide” for provide best network design and their
implementation guidelines.

Part – A: Identify Customer Design Requirements

Now, according to case study we need to provide a better IP addressing distribution for small
staff support as they have up to 15 members each. As, we can shift them to floor 1 st, 2nd and 3rd
of building as they have small Office room. They can be settling their, now to provide internet
connection we will provide LAN connection topology also for security implementation at switch
level we will configure VLAN protocol over the local office staff.
Due to this, only some member can get VoIP services as it mentions in the case study, we don’t
need to provide everyone IP phones connectivity so they can help to provide specific members
only.

Talking about the Local on-premise server setup so, we need to check first where we can setup
the Admin Room or Server Room in the building. As, per me we can setup the Admin Room in
the Ground Floor in middle of the building as its surrounded with other room and temperature
is also low which is ideal place for Server Rooms. Here, we need 5 physical servers and each
server is handling 100 virtual machines at a time. It means we have to see the best Network
design topology which can provide 99.99% performance to their customers and very less Down
time in a year.

Now jumping to official guide “CCDA 200-310” we need to propose best solution for fault
tolerance network for Big Oil Company, here we will follow the 5 steps for implementing the
solutions for the above case study given and check if some places we need assumption for
provide solutions we will work on it in the following documents.

Fig: Customer requirement model as per given in CCDA 200-310 official guide.
Now we follow the above figure 5 steps one by one to work on the proposal design solution for
the Big Oil Company new Office setup.

Let check in detail view for Design Needed as per Customer Requirement:

Step-1: Identify network applications and services

Now, we need to check the network connection which include wired and wireless both network
communication system in the building so we can complete the given requirement for the Big Oil
company. Now for setup the infrastructure network in the building we can do below stuff in
terms of application and services based

- Implementing servers monitoring system with high END CPU configuration

- Configuration and deployment of CDP and LLPD to interconnects the network and
hardware device to provide better management system in the building.
- SNMP protocol will help to monitor and check connectivity of every devices connected
in network to check their proper performance and any troubleshooting needed
- Some application we can implement or provide automation solutions like Ansible to
automate the task in Network operation and monitoring system
- For intelligence-based solution we can configure NBAR – Network based Application
Recognition Engine
- For IP phones services we need to configure VoIP network environments with Wireless
Access Point for better reach of network communication system
- Security level we can reach to Proxy Server, LanGuard, VPN and Firewall solutions.

Step-2: Define the Organization Goals

As I study the case study, so the main priority goal to organization is that, they are providing
99.99% downtime is maintain through out the year, and after shifting new office building they
need to maintain the same performance with new setup. Also, fault tolerance system should be
implemented properly as per our given network design proposal. So, I am just mentioning some
point below that should be define the Big Oil goals as respective to new office building;
 - Should have full fault tolerant network infrastructure setup
- Should provide 99.99% performance with downtime per year
- Need cooling system and power supply with backup storage
- Wired connectivity should be done properly and managed
- For private network setup as we provide some restricted network communication to
staff members we will need to setup VPN and VLAN protocols
- On core layer of network topology should have below options
o High reliable and high-end computing power system
o High performance and fault tolerance system
o Low latency in communication needed with QoS and management system
o Should have Disaster recover and risk assessment solutions presents
- Cost management on hardware devices and improvement needed on Customer Support
Services.

Step-3: Define Organization Constraints

For budget level, every business is stand or sustain for longer time. But with budget we need to
work on company policy, guidelines and working part in time scheduling is also important. So,
while developing design we need to remember this important constraint so that company have
some timeframe to work on loopholes already present and comeback with enhancement to
provide customer services better. So, we need to re-check these points before we deliver the
new Network Design Proposal to the Organization.

Step-4: Define Technical Goals

This section belongs to organization’s supportive application goals. As, it discusses on technical
aspect below:

- Enhancement needed in network infrastructure topology in terms of response and

latency
 - Ne to work on fault tolerance issues and downtime
- Improvement needed to customer services
- Well modified the network, it should be simple so management will be easy
- Network security is important key as its new building and security must be top priority
- Existing network topology will be modified or improve as either it needed at some
places

Step-5: Define the Technical Constraints

Now working on parameters and limit is the key solutions as per case study requirement. While
updating on new technologies will impact the present one, so we need to properly checkup for
design implementation place.

 Like need to check current bandwidth of network Speed and how much we need to
increases if needed for new application
 Need to check future aspect for expanding the resources and Customer involvement, as
then we need more computing and hardware resources to deliver the services
 Must work on legacy equipment’s need to support
 While modernize the existence network topology need to remember the dependencies
and issues arise while updating or upgrading hardware plus software resources

Now for further enhancement also needed as in case study some of the points are not covered
as we it talks about the 99.99% downtime performance per year. Also, business continuity point
of view we need to consider so more points, so these are the topics explain below:

- As we follow IT standard policies so we need to implement the QoS

- For private channel and secure channel communication from one site to another we
should implement VPN solutions
- For managing users and groups level management in staff members we need to
configure LDAP protocol solutions and for Windows we can deploy AD services
 - Need to provide a centralized security system, we can implement DMZ in Admin Area,
or setup the SOC system with SIEM tools for monitoring and threat hunting to get
incident reports
- Tools like Splunk, IBM QRadar, AlienVault, Arcsight, Sumo Logic, etc.
- For server room we need to increased physical security and only authorized person can
enter into room.
- CCTV we can deploy for further security monitoring process

 Network Design Approach

Here, we are providing a pre-define design approach as per the case study we have and follow
the guidelines given by Cisco CCDA 200-310. So, we will be working on TCP/IP model for
networking system configuration and follow Top-Down approach as referring below in an
image;

Fig: Design Approach we will follow for Big Oil Company

We will provide a proposal on based on above design model approach for current network
design requirement needed. Also, for future expansion based we need to design our Network
topology.

Part-B: Designing the Physical Network Topology

So, below we provide Admin and First Floor plan for network topology setup and devices will be
setup on each room and corner to get Internet access in the building.

Fig: Ground Floor Schematic Diagram

Here, in above figure we can see the floor plan, where we will setup the Admin Office and other
Rooms have Local Ethernet Network communication. Also, on lobby and corridor area, we will
implement Wireless Network communication using Router and Access Point process.
Fig: First Floor schematic plan

So, after connecting the setup with network devices the floor will look like below image setup;

Fig: Network devices setup various room in first floor of university building
A. Location Part
a. Well the admin room or the server room will be on ground floor as we can see in
the above figure also as we implement the new design. Reason is simple,
temperature will be lower and also security area is also good in middle of the
building.
b. For IT support staff room, we will replace the Class Room into office and office
room also into office room, so that Big Oil organization employees will be
distributed easily over the 4-floor building
B. Planning and setup system for Wiring
a. Here we will be trying to wiring under the floor or over the top floor surface as, it
will save time, and also management of wire is also easy.
b. Also, for building protection we need to setup fire, water, and short circuit
sensor for alert system
C. Number of access points
a. So, on all 4-floor building we need atleast 25 Access points, on lobby, hall room,
meeting room and gallery area.
b. On each office room we not needed as their we setup ethernet connection
network access
c. For position part, we will try to covering every corner of the building as possible
D. Rack Numbers and their specification
a. So, we have 5 physical server setup and each server have 2 server rack
b. Then as they handle 100 virtual machines currently, but here we will take new
server with higher end configure, as we taken CISCO server rack, which handling
250 virtual machines, these is for future expansion basis.
E. Cable implementation
a. As case study based we don’t need enterprise level ethernet cables
b. As here for staff member need just normal Internet bandwidth access
c. So, here we will take 100 MBPS Fast Ethernet cables and implement
 d. 100Base TX fast ethernet cable will be uses
F. Location and Number of Patch panels and wall sockets
a. Here we can provide the exact location, as we need atleast two Wall Socket on
each office so, if we take first floor as example, their we need 20 wall socket in
office room, 6 in Hall meeting, 6 in meeting rooms, 10 in Auditorium and some in
stores and lounge area.
b. So, total around 50+ socket and patch panel will be setup
c. Also, on each floor we will setup Switch devices and power supply backup with
UPS
G. Expansion perspective
a. Yes, expansion and future aspect is on priority based
b. For network devices and cabling system and security on the top

Table for the device’s equipment and costing:

Sr. No. Product Name Number of Vendor Costing

equipment estimation
required
1. Access Point – 15*2=30 Cisco Embedded 63,454.4$ USD
wireless routers Access points Wireless 1st floor applied
Controller only

2. Rack server 5 physical Cisco -VM250 80000.92$ USD *

servers 5 = 4,00,000.6$
USD
3. Cabling CAB- Cisco Ethernet 75$ USD per 5-
ETHERNET- Cable Shielded meter length
5MSH 2KM 5M
meter length
just
 assumption
4. Wall sockets 50 sockets Legrand vendor 20$ per room
5. Patch Panel 50 panel per Syska vendor 55$ per room
floor area

Part-C: Enterprise campus and Internet Access design

a. Location for switch will be on each floor

a. Routers will on each floor, and admin room to justify three-layer network
topology we setup
b. Firewall will be enabled and setup in admin room, as all the traffic will be
monitor from that network gateway only
c. Routers is connected with ISP and the wireless router will also setup for wireless
communication and for IP phones
b. Power Consumption per rack
Fig: As per this Site, we need up to 80kW energy consumption

c. Routing and switch protocols

a. Need to limit the VLANs connection
b. Provide VTP transparent mode
c. Use cisco STP toolkit
d. Provide Loop guard and LanGuard for monitoring system
d. Logical and Physical network design
a. Physical view
Fig: Physical desing view of Ground Floor plan room

b. Logical view
Fig: Logical Network design

e. Network security design

Fig: Security system design include all servers and routers and endpoint solutions at
DMZ zone

Table of costing network devices

Sr. No, Product Name Vendor Costing

1. Routers Cisco router and 5999$ USD
wireless routers
2. Switches 3560-24PS multilayer 10050$ USD
switch and 2960-
 3. Internet Connectivity Wired cabling – 4500$ USD per 5 KM
ethernet cabling and lenght
wired
4. Firewall hardware Netgear firewall 1500$ USD

Part-D: Management and Monitoring Implementation and Deployment Plan

 Network security

Here we implementation various solution for network security, like we enable VPN, proxy,
VLANs, port security, Web application firewall, Threat management solutions and Incident
report solutions needed

 Monitoring implementation

Here we can setup SOC – Security operation center as an Centralized system from where we
can monitor network traffic system, web and mail traffic. Analysis any malicious control for
Inbound and outbound traffic system. Tools like Server protection from Trend Micro, Solar
winds, Dark trace, SIEM tools like Splunk, IBM QRadar, ArcSight, etc.

 Continuous Security Implementation and automation monitoring system needed

Here we can setup DevSecOps pipeline for monitoring and production and operation of
application. Apart from that we can follow 4 step solution process

- Secure – identification and confirmation

- Screening – Intrusion and reaction
- Testing – Assessment and security reviewing
- Improvement – Data investing and revealing the process