OFFSHORE CPI Sdn. Bhd. Incorporated in 1985, presently in the oil profligate offshore industry started out with merely one office and three staff have developed and spread at that place concern to six strategic locations thorough out peninsular and east Malaysia and with more approaching offices in other locations around Malaysia.
Today OFFSHORE CPI has grown from a one degree office during the initial apparatus in 1985 to 3 floors in the same edifice. Timeliness of information and connectivity with security whether internally or externally are indispensable for the smooth operation within the organisation. OFFSHORE CPI implemented a web to provide for the turning figure of employees and to better connectivity between the subdivisions all around Malaysia. The web allowed employees to portion files, Internet and pressmans and thereby increasing productiveness and cut downing cost within the organisation.
The intent of this study is to suggest a solution to the web jobs faced by OFFSHORE CPI due to out-of-date web equipment and inefficient execution of the web. This study will critically analyse the current web apparatus of OFFSHORE CPI and suggest a solution that will include the specifications and the justification for the high-velocity engineerings, telegraphing, topology, security, protocols and the web direction system that will be used to get the better of the current jobs faced by OFFSHORE CPI. The proposal will concentrate on how to better public presentation, dependability, security and the scalability of the OFFSHORE CPI web. The proposed solution will run into and transcend the demands and aims of OFFSHORE CPI with respects to functionality at a really competitory monetary value.
Current Network Architecture
Presently the OFF-SHORE CPI chief web room is located on the 3rd floor of the edifice. The chief ground for this is so that the IT forces from their office can easy supervise it, which is near the waiter room where all the networking devices are kept.
The waiter room contains 4 application waiters, which are the Unix SCO Open Server, Windows NT waiter, and Card Reader record waiter. Other than that, it besides contains 1 unit 8 port 10/100 base TX switch, a router, an ADSL modem for entree to the cyberspace, 3 10 /100 base TX switches, 1 unit 10 base T hub and one CISCO device to enable the VPN to link to their subdivision in Penang. The current web architecture is depicted in Figure 1.
The current web apparatus is confronting the undermentioned jobs:
It will be hard to trouble-shoot in instance of web failure
The web has no monitoring station so it is hard to keep the web and to place failures. As more hardware is connected, the job of observing failure would be increased
Failure of the switch located on the second floor will take to a web failure on the first floor.
If the switch on the second floor fails, it will do the web to neglect on the first floor. The hub on the first floor is connected to one port of the switch on the second floor ; so extra computing machines being added to the first floor would do farther congestions. The extra package hits would do the web un-usable.
Higher opportunities of failure rate ( Topology and Device issue )
The current web has a batch of devices the topology of which needs to be upgraded if the organisation wants fast and timely information to be delivered to clients. The hardware being used is non good plenty for the bandwidth used and would do jobs if bandwidth use increased. The web will neglect if a device fails, as IT personal will hold to look into every machine to happen the mistake. For a company such as OFFSHORE this would intend a large loss to the concern even if the web was merely down for one twenty-four hours
Unable to to the full optimise its internetworking device resource capableness.
Current web architecture utilizing daisy ironss, whereby its VPN, waiters and workstations connected to the same switch are non synchronized. It will make congestion on the switch that carries the burden. Therefore, it will non be able to work at its optimum public presentation.
Current Network Diagram ( Figure 1 )
Due to the inaccessibility of certain information about the OFFSHORE CPI web, some premises will be made to quantify the jobs faced by the company.
If is assumed that in the current apparatus there is no security policies in topographic point
The web has no redundancy and failsafe mechanisms implemented
The web has no web direction system implemented
The web diagrams in this proposal merely shows a unsmooth perceptual experience of the physical locations of the web equipments
All workstations are equipped with 10/100 Base-T Network Interface Cards
It is besides assumed that the current cabling used throughout OFFSHORE CPI is CAT 5 UTP overseas telegrams
It is assumed that all workstations are running Windows XP Professional
All IP references are manually assigned to all workstations since DHCP is non enabled
There are no backup and catastrophe recovery programs in topographic point in the current web
It is assumed that OFFSHORE CPI is confronting protocol mutual exclusiveness issues
The router and switches used in the current web are consumer class devices and non suited for a corporate environment
The current VPN connexion is utilizing leased line
All devices in the web are working at Ethernet velocity
It is assumed that OFFSHORE-CPI did non put a bound to the budget for the undertaking
Proposed Network Architecture
The undermentioned subdivisions in this proposal will lucubrate on the proposed web architecture ; it will supply justifications for all the proposed alterations and the new engineerings that should be implemented in the bing web. The undermentioned subdivisions will be divided as follows for easy mention.
Local Area Network ( LAN ) Technology
Wide Area Network ( WAN ) Technology
Redundancy and Backup Strategies
Local Area Network ( LAN ) Technology
The current web employs IEEE 802.3 10 Mbps system ( Ethernet ) for high velocity communicating. This criterion is now disused due to low bandwidth handiness. The proposed LAN engineering that should be implemented is Gigabit Ethernet and Fast Ethernet.
In the proposed architecture the LAN Backbone and all the devices straight connected to it will be utilizing Gigabit Ethernet. The fibre ocular medium will follow the 1000 Base-LX Ethernet specification to accomplish Gigabit velocity ( 1000 Mbps ) . Gigabit velocity is necessary to get the better of the low bandwidth issues that are blighting the bing web. ( Ryan, 1997 ) states that “ it is clear that virtually all new web applications have important bandwidth intensive graphical content every bit good as complex client waiter operations. These new applications, combined with the gyrating growing in web traffic, have necessitated much higher web velocities every bit good as a important addition in throughput. To run into this demand, Gigabit Ethernet, with its 1000Mb/s capacity, has now become a cardinal component in mega-bandwidth provisioning ” .
The bing workstations will follow the 100 Base-T Fast Ethernet criterions to take advantage of the 100 Mbps throughput available utilizing the bing UTP overseas telegrams. It is recommended that all new workstation purchased should hold a web interface card ( NIC ) that supports 1000 Base-T Gigabit Ethernet to take full advantage of the new LAN architecture which offers velocity up 1000 Mbps. ( Intel, 2001 ) states that one of the primary advantage of utilizing Gigabit Ethernet is the “ increased bandwidth for higher public presentation and riddance of constrictions ” .
For a web to map optimally, good cabling has to be implemented for dependable informations communicating, otherwise the opportunities of public presentation and dependability debasement.
The proposed transmittal media for usage in OFFSHORE CPI are:
UTP CAT 5E/6 overseas telegrams for all workstations
Fiber Optic Cable for the anchor and switches connected to the anchor
Unshielded Distorted Pair ( UTP ) Cables
The bulk of webs are chiefly compromised of UTP and Fiber ocular overseas telegrams. UTP ( Cat 5e and 6 ) have now become the standard cabling for webs across the Earth because of its flexibleness, compatibility, low cost and high velocity it supports ( up to 1 Gbps ) .
The current web utilizations Unshielded Twisted Pair ( UTP ) Category 5 ( CAT-5 ) cables for linking different devices in the web. It is proposed that the bing overseas telegrams should be used to cut down cost. But it is extremely recommended that OFFSHORE CPI take all current cabling and replace them with UTP CAT 5E or CAT 6 telegraphing. Although it is the same as CAT 5 overseas telegrams ( Casazza, 2007 ) states that CAT 5E overseas telegrams are “ made to somewhat more rigorous criterions. Category 5E is recommended for all new installings, and was designed for transmittal velocities of up to one Gbit per second ( Gigabit Ethernet ) ” .
Fiber Optic Cable
The proposed web architecture uses a anchor to transport all immense web traffic from the waiters to the workstations. To get the better of the congestion due to the heavy web traffic a Fiber Optic anchor needs to be implemented. Fiber ocular cabling is one of the fastest turning transmittal medium for new overseas telegram installings and ascents particularly for informations anchors. Fiber ocular overseas telegram is favored for applications that need truly high bandwidth. It is ideal for high data-rate systems which require the transportation of big, bandwidth devouring informations files such as Gigabit Ethernet, which is the proposed LAN system for OFFSHORE CPI. Harmonizing to ( Network Magazine, 2001 ) fiber ocular telegraphing offers the undermentioned advantages:
Immune to RFI & A ; EMI
Intrinsic security of transmittal
Reduced system costs
Reduced care costs
Lowest life rhythm costs
Synergistic planning lowers overall system cost factors
There are two types of Fiber Optic overseas telegrams available in informations networking, multimode fibre and individual manner fibre. Multimode fibre will be proposed in position of the fact that it less expensive to implement than individual manner installings as stated by ( Network Magazine, 2001 ) .
The current web architecture uses daisy chaining to link one floor to another. Using this architecture the failure of one switch in will ensue in denial of service to other floors. To get the better of this restriction it is proposed that a Hybrid Topology is used. The Star-Bus ( Tree ) Topology is the proposed loanblend topology for OFFSHORE CPI. The LAN anchor and the switches connected straight to the anchor will hold a Bus Topology so that all the switches can hold entree to high velocity anchor. All the workstations and waiters will be connected utilizing the Star Topology. The chief advantages of utilizing the Star Topology are as follows:
Ease of installing and constellation, ( Forouzan, 2001 ) states that “ in a star, each device needs merely one nexus and one I/O port to link it to any figure of others. This factor besides makes it easy to put in and reconfigure ” .
No breaks to the web when connecting or removing devices
Easy to observe mistakes to remove/replace constituents without entire loss of the web
All the switches and hubs in the current web apparatus needs to be replaced with Switches that support 10/100/1000 Base-T Ethernet. By utilizing a hub in the 1st floor the LAN is confronting public presentation jobs ensuing from bandwidth deficits and web constrictions. To get the better of this job it is a necessity to replace it with a switch. The usage of a switch in topographic point of a hub will profit the web by supplying a dedicated hit spheres between each port reduces media contention. By cut downing media contention a switch is able to supply a larger portion of available bandwidth to each node ( workstation ) . Switch overing engineering allows bandwidth to be scaled in both shared and dedicated LAN sections can relieve traffic constrictions between LANs.
Current execution of the router in the web is wrong, the router should be the first device the WAN should link to, since they do non send on broadcast traffic, they help command the traffic burden from the WAN. It is besides extremely recommended that the current consumer category router is removed and replaced with a router that offers strong firewall service to protect the web from invasion.
OFFSHORE CPI is confronting protocol mutual exclusiveness issues due to different types of protocols used in the web. There are three chief attacks to get the better ofing the protocol mutual exclusiveness job. First, you can implement most of the protocols on most of the machines. This requires a enormous attempt and is non truly a feasible attack, unless the figure of protocols involved is really little. A 2nd option is to utilize interlingual rendition machines. This is easier, since multiple protocols need merely be implemented in these machines, but it still requires a batch of work. Furthermore, the interlingual rendition machines will go constrictions. The 3rd and best method is to utilize one protocol throughout the web. The most popular protocol suite is TCP/IP. The TCP/IP protocol suite offer many advantages. ( Microsoft TechNet, 2004 ) , states TCI/IP suites is “ a criterion, routable endeavor networking protocol that is the most complete and accepted protocol available. All modern runing systems support TCP/IP, and most big private webs rely on TCP/IP for much of their traffic ” . TCP/IP is dependable engineering for linking dissimilar systems. Many TCP/IP application protocols were designed to entree and reassign informations between dissimilar systems. These protocols include HTTP, FTP, and Telnet. TCP/IP provides a robust, scaleable, cross-platform client/server model.
Dynamic Host Configuration Protocol ( DHCP )
The current web at OFFSHORE CPI has no DHCP service, because of this all the web constellations like IP references for all the workstations has to be assigned manually. This can be truly clip devouring if many workstations are added to the web and when they are invariably moved around the web. To get the better of this restriction, OFFSHORE CPI should run a DHCP service in one of the waiters. DHCP provides constellations to all the nodes dynamically so that manual constellation is non needed as stated by ( Palmer and Sinclair, 2003 ) DHCP is used to “ enable a waiter with DHCP services to observe the presence of a new workstation, waiter, or web device, and to delegate it an IP reference ” .
Wide Area Network ( WAN ) Technology
Leased Line ( Internet )
OFFSHORE CPI plans to open the organisations merchandise outsourcing section doors to let clients to obtain existent clip merchandise monetary value citations this means there is a demand to offer a fast, dedicated and a more dependable than the ADSL connexion. The job with ADSL is the high contention ratio, intending that the available bandwidth is shared with other companies and users unlike a dedicated leased line where the available bandwidth has no contention ratio in other words the bandwidth is non shared. With a leased line OFFSHORE CPI has full usage of all the Internet bandwidth all of the clip, the bandwidth is non portion it with another 20 companies as is the instance with ADSL. ( Onestopclick, 2007 ) states that one of the benefits of a leased line is that it is “ unafraid and private – dedicated entirely to the client ” . ( Onestopclick, 2007 ) besides states that the leased line velocity is “ symmetrical, uncontended and direct ” . It is extremely recommended that to implement a leased line for OFFSHORE CPI ‘s Head one-fourth where all the nucleus applications are situated, but for the subdivision offices normal ADSL connexion will be sufficient.
Virtual Private Network ( VPN )
The current web at OFFSHORE CPI uses a dedicated chartered line to link to its subdivision offices. To cut down cost, OFFSHORE CPI can utilize IP VPN to link to its subdivision offices utilizing the Internet. Since the proposed web architecture uses a chartered line to link to the Internet, OFFSHORE CPI can utilize IP VPN to burrow through the Internet to link the subdivision offices ; this will vastly cut down costs, since this will extinguish the repeating cost that is needed to utilize a dedicated chartered line for each subdivision office. This will enable all the subdivision offices to entree services in the chief office thorough the cyberspace, doing the web more scalable, ( Mitchell, 2007 ) states “ Internet based VPNs avoid this scalability job by merely tapping into the the public lines and web capableness readily available. Particularly for remote and international locations, an Internet VPN offers superior range and quality of service ” . ( Mitchell, 2007 ) besides states that VPN can cut down cost by utilizing public web substructure like the Internet to do a connexion to other offices.
Due to the deficiency of firewall in the current web, the OFFSHORE CPI is mark to malicious onslaughts from the Internet. By holding implementing a strong firewall architecture for the Internet ( WAN – Wide Area Network ) connexion OFFSHORE CPI will be good protected from all kinds of problem that can be perpetuated on the Internet.
Demilitarized Zone ( DMZ ) or Screened-Subnet firewall is the proposed firewall architecture for OFFSHORE CPI. This firewall architecture employs two packet-filtering routers and a bastion host. This firewall architecture is the most unafraid manner to implement a firewall because it supports both Network and Application Layer security while specifying a “ demilitarized zone ” web.
There are several cardinal benefits to the deployment of a screened subnet firewall system. An interloper must check three separate devices ( without sensing ) to infiltrate the private web: External router, Bastion Host and the Internal Router. Because the outside router advertises merely the DMZ web to the Internet, systems on the Internet do non hold paths to the protected private web ( OFFSHORE CPI LAN ) . The internal web is “ unseeable ” from the exterior. Because the inside router advertises merely the DMZ web to the private web, systems on the private web do non hold paths to the Internet. This means that the Internet is unseeable to the private web. It is recommended that the Bastion Host run Microsoft Internet Security and Acceleration ( ISA ) Server 2006 which is one the most robust Application Layer Firewall in the market. Microsoft ISA Server 2006 provides other services such as cache ( placeholder ) , VPN connexion direction, and unafraid waiter publication.
As the OFFSHORE CPI webs continue to turn in size and complexness, there is an increasing demand for practical local country webs ( VLANs ) to supply some manner of structuring this growing logically. ( Drakos and Moore, 2005 ) states that “ fundamentally, a VLAN is a aggregation of nodes that are grouped together in a individual broadcast sphere that is based on something other than physical location ” .
Following benefits provides the justification why VLANs should be implemented at OFFSHORE CPI as stated bu ( Drakor and Moore, 2005 ) :
“ Security: Separating systems that have sensitive informations from the remainder of the web decreases the opportunities that people will derive entree to information they are non authorized to see.
Performance/Bandwidth: Careful monitoring of web usage allows the web decision maker to make VLANs that cut down the figure of router hops and increase the evident bandwidth for web users.
Broadcasts/Traffic flow: Since a principle component of a VLAN is the fact that it does non go through broadcast traffic to nodes that are non portion of the VLAN, it automatically reduces broadcasts. Access lists provide the web decision maker with a manner to command who sees what web traffic. An entree list is a tabular array the web decision maker creates that lists which references have entree to that web.
Departments/Specific occupation types: Companies may desire VLANs put up for sections that are heavy web users ( such as multimedia or technology ) , or a VLAN across sections that is dedicated to specific types of employees ( such as directors or gross revenues people ) ” .
Since the OFFSHORE CPI web will be connected to the Internet 24/7, the whole web will be exposed to malicious package like virus. To forestall the reproduction of virus in the web, OFFSHORE CPI must put in strong antivirus package like Symantec Antivirus Corporate Edition, which has all the characteristics required to back up a corporate environment antivirus solution. Symantec Antivirus has a Client/Server architecture, whereby all the virus updates are installed on the Server and the waiter maintains the security updates and deploys all the updates to the workstations, so that each and every workstation does non necessitate to update there virus definition on there ain, the waiter will take attention of it.
Gateway security Loss in productiveness
Since OFFSHORE CPI is puting considerable clip and money in upgrading the web. Rather than puting more on web applied scientists to take attention of the web, it would be more cost-efficient if the web system could look out for itself for the most and, in the procedure, execute everyday undertakings for the applied scientist. This agreement would liberate up batch of clip for the web applied scientist and will enable the applied scientist to work on the hereafter development of the web. ( Leinwand and Conroy, 1996 ) states that “ one time a information web is in topographic point, efficient direction will maximise its possible ” .
To pull off the OFFSHORE CPI web a SNMP ( Simple Network Management Protocol ) web supervising station will be implemented to roll up all the direction informations of all the devices in the web. SNMP as stated by ( Leinwand and Conroy, 1996 ) has “ so far proved to be rather successful ” .
The proposed web architecture will implement the Simple Network Management Protocol on all web constituents, including workstations. Using SNMP will let all devices to describe exceeding conditions, and besides provide the web applied scientists with control over their operation.
The Network Monitoring station will run CiscoWorks LAN Management. This is one of the most popular networking monitoring package suite that is available today. CiscoWorks LMS provides ( Cisco, 2007 ) : “ A centralised system for sharing device information across all LMS applications, bettering manageableness and system broad consciousness of web alterations ” . CiscoWorks LMS features Network find, topology positions, end-station trailing, and VLAN direction. It is able to analyse real-time web mistake analysis with easy-to-deploy device-specific best-practice templets. CiscoWorks LMS has Hardware and package stock list direction characteristics, centralized constellation tools, and Syslog monitoring. It is able to Monitor and track the web response clip and handiness. It provides real-time device, nexus, and port-traffic direction, analysis, and coverage.
Backup/Disaster Recovery Strategy
The current web has no backup and catastrophe recovery in topographic point. Planing in progress is indispensable to guarantee that downtime caused by a catastrophe will be acceptable to OFFSHORE CPI. A combination of tape and Hot ( online ) backup solution is the best option for OFFSHORE CPI, since they are running critical applications on the waiters, a backup waiter should be implemented to take changeless backup of the waiters and the backup waiter can be used if one of the chief waiters fail. OFFSHORE CPI should maintain the backup tapes off site in instance of a major catastrophe. They should besides implement an online backup waiter in one of the regional offices so that it takes a backup of the waiters in the chief office, this will forestall the break of service in the regional offices in instance of catastrophe.
The scheme used when implementing the new web in OFFSHORE CPI should turn out agencies to do the least possible break to the web services that are presently being used by terminal users. The new web constituents like the fiber ocular overseas telegram should foremost be implemented without taking any bing web constituents, in other words the new web will be running in analogue to the old web, the new web will move as a pilot web and will be continuously tested by linking it to the old web and find the QOS ( Quality of Service ) offered by the new web. Once the new web has sufficient QOS, all the bing waiters and workstations will be transferred to the new web and the old web will travel offline when all bugs in the new web is worked out. The execution scheme is as follow:
Installation of LAN Backbone
Installation of Cables in all the sections
Installation of Switches and Routers in all the section
Testing the Backbone, Cables and other devices
Transfering the waiters to the new web and Testing
Transfering the workstations to the new web
Removing old web devices
Entire continuance ( estimation ) for execution: 19 Dayss
Hardware and Software
UTP Cat 5E Cable Roll ( 300 FT )
Fiber Optic Cable Roll ( 200 FT )
Cisco Gigabit NIC of Servers
Cisco Catalyst 4908G Gigabit Backbone Switch
Cisco 24 Port Catalyst Switch with GBIC card
Cisco 3725 Firewall Router
MS Windows Server 2003 Upgrade
Microsoft ISA Server 2006 ( 100 Client Licenses )
Symantec AntiVirus Corporate Edition ( 100 Licenses )
Symantec Backup Exec
2 Mbps Leased Line Internet Installation
2 Mbps Leased Line Internet Charges/ Annually – RM 90,000.00
Annually Care Charges – RM 12,000.00
The tabular array below states the intangible benefits that OFFSHORE CPI can deduce from the execution of the new web.
Decreased Anxiety ( from increased dependability )
Increased Connectivity ( between HQ and subdivision offices )
Ease of Record Keeping ( few lost files and faster handiness )
Entire Intangible Benefits: RM 170,000.00
Payback Time period: Investing / Benefits = ( 51725 + 90000 + 12000 ) / 170000 = 0.904
The estimated back period is 10 Calendar months
Tax return on Investment = ( Gain from Investment – Cost of Investment ) / Cost of Investment
= ( 170,000 – 153725 ) / 153725
The betterment of information exchange is a cardinal component for the hereafter development of any company. By constructing a strong information exchange substructure OFFSHORE CPI will derive vastly in the yearss to come. The proposed solution will increase public presentation, dependability, security and the scalability of the OFFSHORE CPI web. The proposed solution will run into and transcend the demands and aims of OFFSHORE CPI with respects to functionality at a really competitory monetary value. The Cost-Benefit analysis proves that it is a feasible undertaking that OFFSHORE CPI should prosecute. As OFFSHORE CPI is a spread outing company, the proposed web will be aid OFFSHORE CPI to remain competitory.
( Word Count: xxxx )
Mentions and Bibliography
hypertext transfer protocol: //www.lanshack.com/cat5e-tutorial.aspx
hypertext transfer protocol: //www.networkmagazineindia.com/200205/krone2.shtml
hypertext transfer protocol: //www.cisco.com/en/US/products/sw/cscowork/ps2425/index.html
hypertext transfer protocol: //www.onestopclick.com/topic/internet-access/leased-line/70_20.html
hypertext transfer protocol: //www.microsoft.com/technet/network/evaluate/technol/tcpipfund/tcpipfund_ch01.mspx
hypertext transfer protocol: //compnetworking.about.com/od/vpn/f/vpn_benefits.htm
hypertext transfer protocol: //www.jungo.com/openrg/doc/3.15/programer_guide/html/html_pg/node216.html
Leinwand, A. and Conroy, K. F. , 1996, Summary. In: 2nd Edition, Network Management, A Practical Perspective, USA, Addison Wesley Longman, 1996, p 15.