NETWORK ARCHITECTURE UPGRADES 1

NETWORK ARCHITECHTURE UPGRADES

CHANDLER, ARIZONA

Prepared for:
David Demland

Prepared by:
Kiel E. Hawkins, Systems Administrator
Primavera Online High School

October 10, 2013

NETWORK ARCHITECTURE UPGRADES 2

555 5th Street

Chandler AZ, 85224

(555) 555-5555

Primavera Online High School

555 555th Street

Chandler Arizona, 85225

Attention: David Demland, CEO

NETWORK ARCHITECTURE UPGRADES

Primavera Online High School has been in business for many years without a dedicated Systems
Administrator. During this time, the Primavera network has grown organically as needed,
without the use of best practices or accounting for future growth. As such, the network has come
to a point where it can no longer sustain its current users or future needs.

This proposal consists of research showing the need for better failover and to utilize network
resources more efficiently. Cost analysis was done on three one minor and two major network
architecture revisions. Recommendations are provided that cover a wide range of cost structures
and equipment.

Thank you for your consideration. I look forward to hearing your response on the matter.

Kiel E. Hawkins

Systems Administrator
NETWORK ARCHITECTURE UPGRADES 3

Table of Contents
INTRODUCTION .............................................................................................................. 6
PROJECT DESCRIPTION ................................................................................................. 6
SCOPE OF STUDY............................................................................................................ 6
REPORT FORMAT............................................................................................................ 6
DISCUSSION ..................................................................................................................... 7
BUSINESS CONTINUITY/DISASTER RECOVERY ..................................................... 7
FAULT TOLERANCE ................................................................................................... 8
SINGLE POINT OF FAILURE...................................................................................... 8
COMPARISON OF TOPOLOGIES .................................................................................. 8
SOLUTION 1: VLANS .................................................................................................. 9
Cost ........................................................................................................................... 10
SOLUTION 2: VLANS, FIREWALLS, VIRTUAL SERVERS.................................. 10
Cost ........................................................................................................................... 11
SOLUTION 3: VLANS, FIREWALLS, VIRTUAL SERVERS, VDI ........................ 11
Cost ........................................................................................................................... 12
CONCLUSION ................................................................................................................. 12
RECOMMENDATIONS .................................................................................................. 13
REFERENCES ................................................................................................................. 14
NETWORK ARCHITECTURE UPGRADES 4

Illustrations

FIGURES
1. BUSINESS CONTINUITY SUBSECTIONS.7
2. CURRENT NETWORK TOPOLOGY.......9
3. SOLUTION 1 NETWORK TOPOLOGY.10
4. SOLUTION 2 NETWORK TOPOLOGY.11
5. SOLUTION 3 NETWORK TOPOLOGY.12
NETWORK ARCHITECTURE UPGRADES 5

EXECUTIVE SUMMARY

Primavera Online High School has been in business for many years without a dedicated
Systems Administrator. During this time, the Primavera network has grown organically as
needed, without the use of best practices or accounting for future growth. As such, the network
has come to a point where it can no longer sustain its current users or future needs.

Currently Primavera has approx. 150 users and has the potential for growth to over 200
within the next 12 months. In order to manage current bandwidth usage on the network and
prepare for easy expansion; I recommend that we (1) break the network in the Virtual LANs
(VLANS) to reduce noise on the network, (2) purchase a pair of virtual host servers to be used in
a clustered environment for all servers, (3) purchase two new firewalls to allow for WAN load
balancing and greater control of network flow, (4) consider moving away from desktops and
laptops for users and go towards a Virtual Desktop Infrastructure (VDI) for security and
maintenance.
NETWORK ARCHITECTURE UPGRADES 6

INTRODUCTION

This proposal discusses the immediate need to increase network performance and
upgrade infrastructure to handle current and future use.

PROJECT DESCRIPTION
Primavera Online High School has grown significantly in the last 5-7 years, while the
network was sufficient at the time, this is no longer the case. A dedicated Systems Admin was
hired to evaluate the current and future networking needs, then implement effective changes to
allow Primavera to expand with minimal growing pains.

SCOPE OF STUDY
This proposals purpose was to research and design solutions that will allow the Systems
Administrators of Primavera Online High School to provide a consistent available and efficient
work experience when using the company network resources. Any solutions must meet certain
criteria:

Minimize Network Noise

Increase availability to resources
Easy to install.
Easy to maintain.
Cost Effective.

Multiple technologies were investigated for use with the network:

VLANS
Virtual Servers
Server Clustering
WAN Load Balancing
Virtual Desktop Infrastructure

REPORT FORMAT

There are 3 main sections in this proposal:

1. Business Continuity Discussion: Shows a need for more redundancy and failover
2. Breakdown in three architectures with regards to equipment, design and cost
3. Conclusions and Recommendations
NETWORK ARCHITECTURE UPGRADES 7

DISCUSSION

Primavera Online High School has recently had multiple network outages and slow
network speeds that have forced it to look harder at the company Business Continuity Plan. This
plan is designed to ensure continued business even after a catastrophic failure such as power loss
or total network failure.

During this time, additional users have been added to the current environment, but no
changes have been made to optimize the network for the current load, not to mention future load.

BUSINESS CONTINUITY/DISASTER RECOVERY

Over the last few years businesses have been more focused on two things, Business
Continuity (how to maintain business processes despite outside influences) and Disaster
Recovery (the ability to return business to normal after a failure). The IT department has several
disaster recovery plans in place should the network fail and business needs to continue. What was
not in place is sufficient automatic failover with regards to servers and network appliances. As
seen in figure 1 below, IT Disaster Recovery is one of the 4 core sections to Business continuity
and needs to have an equivalent priority.

Figure 1: Business Continuity Subsections

Any process with regards to Business Continuity and Disaster Recovery needs to have
two things addressed:
NETWORK ARCHITECTURE UPGRADES 8

FAULT TOLERANCE
Fault Tolerance is a necessary part of any essential system. These processes need
to be able to recover from faults or have another pathway they can take to their end goal.
Costs are involved, providing redundant systems and equipment comes with a price, and
the need to provide this level of continuous, uninterrupted operation needs to be carefully
evaluated (Conklin, White, Williams, Roger, Cothren, 2010).

Redundant systems mean 2x the costs. These Highly Available systems need to
have high-speed links between them and they need to be able to sense failure and
automatically recover, which also comes at a premium. As seen in figure 1 below, IT
Disaster Recovery is one of the 4 core sections to Business continuity and needs to have
an equivalent priority.

SINGLE POINT OF FAILURE

Single points of failure are parts of any process that rely on any one way of doing
things and that if interrupted can disrupt the whole process. Single points of failure need
to be identified if high availability is required because they are potentially the weak
links in the chain that can cause disruption of the organizations operations (Conklin,
White, Williams, Roger, Cothren, 2010).

COMPARISON OF TOPOLOGIES

Three primary changes are suggested through this proposal. One consists of just
configuration changes and will likely incur no cost. The two other proposed topologies do require
a financial investment, but the benefit is much greater as the cost increases. Current topologies
are using older hardware and a software firewall which is inefficient and has a potential to break
down at any time (see figure 2 below).
NETWORK ARCHITECTURE UPGRADES 9

150Mbps Dn 150Mbps Dn
10Mbps XO1 10Mbps XO2 COX1 COX2
30 up 30 up

Cisco Cisco
CM CM

PBX/Avaya QOS Switch

SG500 UTFW UTFW

P.O.E 10.0.2.2
Physical 192.168.4.22
V
O
I
C
E WGFW User GW
Softphones 192.168.4.21
10.10.1.0/24
EFW

Subnet: 192.168.4.0/22

Server GW
192.168.4.1 WGFW

Fax Server
P.O.E
D
A
T
A

Figure 2: Current Network Topology

SOLUTION 1: VLANS
The current network is setup as a flat network with no subnetting or vlans. This
means all devices are on the same subnet able to share data with no routing or
segregation. Due to this fact there is a significant amount of noise on the network that
can be eliminated by breaking up the network in a logical way.

It is proposed that we immediately break the network into the following VLAN
segments.

1. Student Advisor 1
2. Student Advisor 2
3. Server Room
4. IT Office
5. Enrollment Advisor
6. Offices(Default)
7. Maintenance(Native)
8. Guest Wireless

This setup can be done in an evening after all ports have been traced and mapped
to cubicles (see figure 3 below).
NETWORK ARCHITECTURE UPGRADES 10

150Mbps Dn 150Mbps Dn
10Mbps XO1 10Mbps XO2 COX1 COX2
30 up 30 up

Cisco Cisco
CM CM

PBX/Avaya QOS Switch

SG500 UTFW UTFW

P.O.E 10.0.2.2
Physical 192.168.4.22
V
O
I
C
E WGFW User GW
Softphones 192.168.4.21
10.10.1.0/24
EFW

Subnet: 192.168.4.0/22

Server GW
192.168.4.1 WGFW

D
A
Fax Server T
P.O.E A

VLANS

Figure 3: Solution 1 Network Topology

Cost
Currently there is no cost associated with VLAN creation and
configuration. Current switches are capable of this configuration and just need to
be setup properly during non-business hours.

SOLUTION 2: VLANS, FIREWALLS, VIRTUAL SERVERS

This solution consists of the same VLAN breakdown as solution 1, but with
additional failover and high availability technologies.
Per the diagram below (figure 4), a new Untangle firewall modem u500 would be
purchased. This firewall will be capable of WAN load balancing, which will allow the
school to pair its two Cox internet connections together and use them as a single
connection.
Current servers are over 5 years old, some as old as 9 years. We will be
purchasing a pair of Virtual Hosts and configuring them in a highly available cluster so
that one will failover to the other when issues arise. This setup allows for all servers to
maintain as much uptime as possible. After this is setup, all physical servers will be spun
up on the new virtual cluster.
NETWORK ARCHITECTURE UPGRADES 11

150Mbps Dn 150Mbps Dn
10Mbps XO1 10Mbps XO2 COX1 COX2
30 up 30 up

Cisco Cisco
CM CM

PBX/Avaya QOS Switch

Untangle
SG500 Firewall
u500
P.O.E 10.0.2.2
Physical 192.168.4.22
V
O
I
C
E User GW
Softphones 192.168.4.21
10.10.1.0/24
EFW

Subnet: 192.168.4.0/22

Server GW
192.168.4.1 WGFW

P.O.E
Fax Server D
A
T Virtual Server Cluster
A

High Speed Network

VLANS Storage

Figure 4: Solution 2 Network Topology

Cost
Current cost breakdown of this solution is below:

Item Quantity Cost Per Item Total

Cost
Dell PowerEdge R910 Rack Server 2 19,702.68 39,405.36
Untangle Firewall model u500 2 5,845.00 11,690.00
Total 51,095.36

SOLUTION 3: VLANS, FIREWALLS, VIRTUAL SERVERS, VDI

Solution 3 builds upon the previous solutions by adding a VDI (Virtual Desktop
Infrastructure) into the network. This solutions removes the need for individual laptops
for each user and instead provides a zero client device which just displays the desktop.
All processing is done by a central server and each user has a virtual desktop they can
access and use.
This provides additional security as no data is actually on the zero client and as
these are virtual images, they can be configured to be very resistant to viruses and
intrusion. The clients are 80% more energy efficient and require much less maintenance
from an end user standpoint than traditional client/server architecture.
NETWORK ARCHITECTURE UPGRADES 12

150Mbps Dn 150Mbps Dn
10Mbps XO1 10Mbps XO2 COX1 COX2
30 up 30 up

Cisco Cisco
CM CM

PBX/Avaya QOS Switch

Untangle
SG500 Firewall
u500
P.O.E 10.0.2.2
Physical 192.168.4.22
V
O
I
C
E User GW
Softphones 192.168.4.21
10.10.1.0/24
EFW

Subnet: 192.168.4.0/22

Server GW
192.168.4.1 WGFW

Virtual Desktop P.O.E

Fax Server Server Cluster D
A
T Virtual Server Cluster
A

High Speed Network

Storage
Virtual PCs on LAN VLANS

Figure 5: Solution 3 Network Topology

Cost
Current cost breakdown of this solution is below:

Item Quantity Cost Per Item Total Cost

Dell PowerEdge R910 Rack Server 2 19,702.68 39,405.36
Untangle Firewall model u500 2 5,845.00 11,690.00
Vmware V-Sphere Enterprise licenses for VM 4 5,802.36 23,209.44
Servers
Vmware Horizon View 10 user licenses 15 3,025.00 45,375.00
Viewsonic SD-Z225 Zero client 150 499.00 74,850.00
Reclaim 150 laptops for loan program 150 -250.00 -37,500.00
Total 157,029.80

CONCLUSION

In conclusion, the Primavera network is currently outdated and at times can hinder
productivity. At a minimum the network noise needs to be cleaned up and QoS fine-tuned. Future
proofing the network against growth is a major goal and the cost-benefit ratio should be
considered for any technology that is put in place.
NETWORK ARCHITECTURE UPGRADES 13

RECOMMENDATIONS

Based on the technology involved and cost differences, I recommend that we at the very
least implement VLANs right now to more efficiently utilize the current network resources.
However, Primavera Online High School should consider Solution 3 as something to move
towards. The cost benefit ratio is high and it will allow the school to be future proof for the next
5-7 years.
NETWORK ARCHITECTURE UPGRADES 14

REFERENCES

Conklin, W. A., White, G., Williams, D., Roger, D., & Cothren, C. (2010). Principles of
computer security comptia security and beyond. (2nd ed., pp. 243-244 and 504).
McGraw-Hill.

Dell. (2013). Poweredge r910 rack server. Retrieved from

http://www.dell.com/us/business/p/poweredge-r910/fs

Untangle. (2013). u500 appliance. Retrieved from http://www.untangle.com/store/u500-

appliance-v2.html

Viewsonic. (2013). Sd-z225 optimized for vmware view. Retrieved from

http://www.viewsonic.com/us/desktop-virtualization/zero-client/sd-z225.html

Vmware. (2013). Desktop virtualization and mobile computing. Retrieved from

http://www.vmware.com/products/