The Patterns in Acme Enterprises Data Network - Term Paper Example

Introduction 2 Patterns: 3 Problem: 4 Pattern 2: Redundant Server Infrastructure: 8 Pattern 3: Maximization of the Bandwidth: 10 Problem: The connectivity between remote offices, business partners for their necessary applications gets affected by the fault broadcast domains. This affects the connectivity between them and the access layer switches. 10 Pattern 4: Firewall security infrastructure design 12 Problem: 12 Cyber Guard, firewall software has been identified recently as outdated and failure in challenging the security standards. However, there is a growing necessity to enhance security standards to reach the rations of the business purposes. 12 Introduction The pattern redundancy in Acme Enterprise’s Data Network is a group of well established, flexible and customary patterns that lead to high availability solutions in enterprise network infrastructures. ACME is in the midst of explosive growth. Recent and anticipated product launches will grow ACME into one of the top 10 companies of its line of business in the next few years. The ACME U.S. field force will grow from 1,000 to 2,500 sales representatives by the end of the current year. New and exciting sales-productivity business tools have either been recently deployed or will be enhanced over the next few months, including Intranet based applications for expense reporting, benefits administration, promotional supply ordering, training tools, etc. Next year their sales force automation system (SFA) will be replaced by a new SFA - a Customer Resources Management CRM-centric system. The computing and network infrastructure has become critical to the sales force; headquarter employees, remote offices and connectivity to external partners. Any network downtime impairs the productivity of employees, inhibits the ability of employees to do their jobs, and impacts the company’s ability to conduct business. To support growth ACME has an aggressive schedule to expand the sales force, add new business tools, grow their e-business capabilities, add capacity to the infrastructure, and implement complete fault tolerance and redundancy capabilities to achieve 100% availability. The patterns establish a firm foundation, understanding and approach to design, and implementation and deployment of full redundancy to the enterprise data network. Multiple patterns were introduced, each of which deals with a particular challenge during the process of creation. These patterns may be deployed separately; however, full deployment of all of them will achieve a great deal of resilience and high availability in the network. Patterns: Patterns are composition of networks that helps in the construction of creating a coherent theme of any discipline. It is intended to guide architectural designers. PATTERN 1: Redundant path in the core LAN and WAN Infrastructure. Problem: Context: The availability of multi-network applications could be brought out without giving place to failures of services in network by providing redundancy and enabling failovers. This would further help in harmonizing the traffic loads, which might disturb the multi-network supplies. Thus, prolonged connectivity is guaranteed. Forces: While on the WAN side, there arises problems in a single Cisco router that connects the headquarter of remotes sites in a network hence, leading to module failures in terms of frame work, power supply and failure of the core. These factors act as forces that carries the route cause of the problems. Solution: By implementing patterns will help the staff to be trained in improving the undisturbed connectivity of network supply. Also a baseline, traffic map and capturing of a fingerprint of network traffic are required. Any future changes proposed must be tested and validated in a laboratory setting since the Network will have multiple paths. An untested change might lead fic loop in the environment leaving the Network disabled and unusable. The suggested solution is that by enabling multiple paths of the Local network Area, routing engines, and generating primary and secondary paths to allow for load sharing between multiple primary paths by distributing the incoming traffic load. While, still providing the same level of redundancy and 100% availability to make certain 100% connectivity for remote business partners and the mobile sales force. Examples: 1. Dual Switches and Supervisors 2. First Hop Gate way Routing Protocol. 3. Utilizing Cisco Spanning Tree Protocol 4. Create a change control and validation process 5. Training and review 6. WAN Redundancy Resulting Context: Implementation of patterns has a steep learning curve for individuals responsible for understanding the new environment and training of current staff to a traffic map. Also a baseline, traffic map and capturing of a fingerprint of network traffic are required. Any future changes proposed must be tested and validated in a laboratory setting since the Network will have multiple paths. An untested change might lead fic loop in the environment leaving the Network disabled and unusable Rationale: 1) Implementation of Dual Switches and Supervisors: Providing two dual-layer switches, such as in the supervisor module in the Cisco Catalyst 6509, is smart design in that it adds redundancy in the network core. If one supervisory module fails, the other will pick up and continue to move data. Furthermore if chassis, power supply, and back plane failure of one switch occurs the network will continue to function, creating a truly fault tolerant, 100% availability network. Running 2 Cisco Catalyst 6509’s side-by-side would creates not only supervisory redundancy, but would have inter-floor connectivity redundancy, card redundancy, and port redundancy for 100% availability servers. 2) Utilizing First Hop Gateway Routing Protocol: Utilizing First Hop Gateway Routing protocol, such as Hot Standby Routing Protocol (HSRP), would enable fail over between primary and secondary routing engines. HSRP also allows for load sharing between multiple primary routers by distributing the incoming traffic load, while still providing the same level of redundancy and 100% availability. 3) Utilizing Cisco Spanning Tree Protocol: Cisco Spanning Tree Protocol would run trunks between the four supervisor modules to avoid layer 2 loops. Additionally, each switch will be designated the “root” bridge for a specific Virtual Local Area Network. Odd Virtual Local Area Network’s VLAN will run on the #1 switch while even Virtual Local Area Network’s VLAN will run on the #2 switch. This will help distribute the traffic across the two devices and in the event of failure the supporting Core switch will “pick up” for the troubled device and data will continue to flow. 4) Create a change control and validation process: Implement tracking, testing and validating of proposed changes in the Network and create a staging lab to test proposed configurations. 5) Training and review: Institute an annual training plan and peer configuration review. 6) WAN Redundancy: Use of redundant hardware at each critical location along with multiple and/or backup circuits can guarantee connectivity. Select the most cost effective, reliable WAN providers with the connectivity required. Use multiple Internet providers. Known Use: Dual Cores Network Infrastructure Pattern 2: Redundant Server Infrastructure: Problem: All servers are currently attached to a single point with a single network card and some applications are running on a single server, thus creating the potential for a single point of failure at the core network. Context: Providing the environment with a 100% availability server infrastructure. A fully distributed architecture of Network Load Balancing enables delivery of very high performance, fail-over protection and 100% availability servers for applications, files and database servers. Forces: Failure of Net work load balancing in multiple paths, lack of structured planning concerning the Network and its performance controlled by the staff, and less number of fail over. Solution: By providing a fully distributed architectural framework of Network Load Balancing, with the help of teamed servers and redundant server components, TCP/IP-based services, and RAID to balance storage services a 100% redundancy could be established. Examples: 1. Teamed Servers 2. Redundant Server Components 3. Storage Redundancy 4. Server load balancing Rationale: 1) Teamed Servers: All servers will have multiple network interface cards that are “teamed” for load balancing. 2) Redundant Server Components: All servers should have dual power supplies on separate power circuits, with redundant fans for cooling and redundant multi-processors 3) Storage Redundancy: All servers should have RAID, Level 5, for all drive configurations. If the servers connect to Storage Area Network SAN, they must connect with dual Host adapters.4) Server Load Balancing: Network Load Balancing, a clustering technology, should be implemented to enhance the scalability and availability of mission-critical, TCP/IP-based services. All clustered servers should have multiple NIC’s in both hosts, load balancing across both boxes, and run replication software so that if a single part of the cluster fails the server will remain. Resulting Context: This pattern would increase the possibility of getting a 100% availability of the server infrastructure and deliver of excellent performance with failover protection and reliability for applications of files and database servers also. Over all sustaining the reliability of the sever and net work supply will be there. Related Patterns: Known Use: Pattern 3: Maximization of the Bandwidth: Problem: The connectivity between remote offices, business partners for their necessary applications gets affected by the fault broadcast domains. This affects the connectivity between them and the access layer switches. Context: If a reliable connectivity is given by reducing, the fault broadcast domains then there would not be risks affecting the network with several floors of the office surrounding. Forces: There is currently a single Gigabit Ethernet link running from each link to the Core Network. The current domain is a single link that connects each floor to a single point at the network core. The entire network is a single broadcast domain. For example when the network is down, the sixth floor, east side would have up to 144 users unable to work if a network issue exists. Solution: Designing second layer of switches and multiple broad casts could reduce domains with the additional implementation of Gigabit Ethernet link allowed to run between the core server and the connectivity areas the fault domain. Examples: 1) Design and implement a second layer of switches 2) Design multiple broadcast domains Rationale: 1) Design and implement a second layer of switches. Design even smaller domains by introducing redundant Gigabit Ethernet trunks to each link closet to reduce, for example, each floor default domain from 144 to 48 hosts. 2) Design multiple broadcast domains. However, this may produce excessive traffic that not all hosts need to “see” and can create network congestion and bottleneck. Resulting Context: This pattern would help in balancing the connectivity of the sever within the single domain. As there is a strong requirement for server within a multistoried office setting for business and office partners. Primarily a single Gigabit Ethernet link has been in use, but with the provision of second layer switches instead of single and multiple broadcast domains instead of single would improve the failure of connectivity within the domain. Thus, bandwidth could be maximized and multiple broadcasts could be introduced. Related Patterns: Known Use: Fault broadcast domain for the access user layer switches Pattern 4: Firewall security infrastructure design Problem: Cyber Guard, firewall software has been identified recently as outdated and failure in challenging the security standards. However, there is a growing necessity to enhance security standards to reach the rations of the business purposes. Context: To implement firewall software to secure external connectivity so as to enable the enterprise to define and enforce a single, comprehensive Security Policy is required to protect all network resources. To ask Inspection Technology and the Open Platform for Security (OPSEC™) to deliver a highly scalable solution that is able to integrate and centrally manage all aspects of the network which is in high demand at present. Forces: An outdated model of Cyber Guard, lack of security in external connectivity and finally the presence of single point host, these determined the failure in supporting software security. Solution: By implementing firewall software to secure external connectivity and enable the enterprise to define and enforce a single, comprehensive Security Policy that protects all network resources. To use three-tier architecture, and to ask Inspection Technology and the Open Platform for Security (OPSEC™) to deliver a highly scalable solution that is able to integrate and centrally manage all aspects of the network. Examples: 1) Implement a firewall 2) Use Firewall Cluster 3) Design multiple zones behind the firewall chambers Resulting Context: A secured external and inetrnet connectivity could be obtained within the business partners. With the implication of multiple zones behind the firewall clusters which will be provided with their own a specific IPs the servers will get ready to authenticate and apply itself for security policies to remote users while enabling proxy services for internet connectivity as well. Rationale: 1) Implement a Firewall Use Check Points’ Firewall-1 as the firewall software to secure external connectivity with a business partners, Internet and external connections. 2) Firewall Cluster Implement a Firewall-1 “cluster” with two Firewall members. 3) Design multiple zones behind the Firewall Cluster The new firewall should have several different “zones.” Each zone should have its own IP address range, serve different purposes and have a unique function. To achieve the highest security segregate traffic at the point of entry into the network, Zone one will be VPN connectivity. It will interface with a pair of Cisco routers connected to a DS3 circuit for inbound and outbound traffic associated with the mobile sales force and regional sales offices utilizing broadband connectivity. Zone two will be the “DMZ,” containing RSA two-factor authentication and RADIUS servers, the VPN concentrator engine Switches, email, proxy and DNS servers. These servers will be used to authenticate and apply security policies to remote users while replicating internal email servers, as well as providing DNS and proxy services for Internet connectivity. Zone three will connect to the headquarter campus and provide connectivity to all major sites in North and South America. Zone four will provide connectivity to business partners who store all the resources for the Sales Forces Automation system, along with their other business partner(s), with which they share files, email and presentation services. A fifth zone will initially be implemented for the current remote access solution, to ensure all remote users have connectivity during the pilot program and any future migration to the new VPN solution Related Patterns: Known Use: Firewall security infrastructure design Read More