Do An Thiet Ke Mang

Muc
Luc
Contents
Muc Luc................................................................................................................................................1
Contents................................................................................................................................................1
Thit b c sn Tr s chnh :........................................................................................................5
Chi nhnh 1 v chi nhnh 2 va c xy dng mi hon ton ....................................................5
M hinh mang toan nha chinh gm cac thit bi chinh c tp trung phong server va IT.
Ngoai ra am bao mc tin hiu gia cac thit bi co khoang cach hn 100m, ta dung cc
switch 24 v 48 port cac tng........................................................................................................8
Switch cc tng lu c port Uplink c tc 1000MB/s dng ni vi switch trung tm
m bo tc truyn d liu..........................................................................................................8
Router: H thng bao gm 2 router, 1 kt ni mng WAN va 1 Router kt ni ti 2 chi nhnh ...8
H thng cac may chu c t ti phng server c my lnh v h thng d phong UPS, may
chu Database cu hinh manh ap ng nhu cu x ly va ng b d liu t chi nhanh.
Database c bao v bng Server Backup.....................................................................................8
H thng Firewall: Firewall gate la s kt hp cua phn mm bao mt chuyn dung cua hang
checkpoint VPN-1 UTM chay trn phn cng chuyn dung crossbeam 6, IPS bo v vng
CSDL : database server, App server , DHCP server Web firewall bo v vng DMZ (cha
web v mail server) va h thng Scan virus chuyn dung cua hang Trend Micro t trc
Firewall gateway...............................................................................................................................8
Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh .....................................9
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN...........................................................9
Firewall: Firewall gate cho toan b h thng...................................................................................9
Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh....................................10
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN.........................................................10
Firewall: Firewall gate la s kt hp cua phn mm VPN-1 UTM cua hang checkpoint chay trn
phn cng chuyn dung crossbeam C6 h thng IPS cho Web, Mail Server.............................10
3. Quy hoch a ch IP cho h thng mng v thit b................................................................29
H thng Firewall gateway s kim sot lung d liu i qua bao gm: Truy cp t ngoi
Internet vo vng dch v trc tuyn, ngi dng mng LAN truy cp Internet qua ng
1
LeasedLine, ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng dng
v c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp l,
nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong mng vo cc
vng servers. ..................................................................................................................................50
Vi kinh nghim trin khai ca cng ty Misoft, kt hp vi s pht trin ca cng ngh, chng
ti xut h thng Firewall s l s kt hp gia Firewall VPN1- UTM ca hng Check Point
chy trn phn cng chuyn dng ca hng Crossbeam System. Check Point Firewall VPN1UTM hi cc yu t bo v mng bao gm cc tnh nng Firewall, AntiVirus, IPS v VPN
server ch trong mt sn phm. Check Point Firewall c ci trn mt cp thit b an ninh tch
hp chuyn dng ca hng Crossbeam System chy clustering ch HA (High availability)
m bo tnh sn sng cao v hiu nng hot ng ca ton mng. ............................................51
Vi mc quan trng nh trn, chng ti xut trin khai thit b phng chng xm nhp
Proventia Network IPS chuyn dng ca hng Internet Security Systems ISS. Thit b ny cho
php ngn chn trc cc cuc tn cng cha bit cng nh cc cuc tn cng bit nh DoS,
trojan, peer to peer download, backdoor, malicious http v file nh km e-mail m khng nh
hng n hot ng ca mng. c bit, thit b Proventia Network IPS c kh nng phn tch
v nhn dng cc giao thc c s dng trong VoIP nh SIP, MGCP, H.323, H.225, H.245,
Q.931, T.120 v SCCP xc nh cc cuc tn cng.................................................................52
Thit b ny s c t trc vng Server farm bo v cho c vng, kim sot ton b cc yu
cu truy cp d liu c mc Network v mc ng dng trn cc Server. C s d liu v cc
mu tn cng (attacking Signatures) s lun c h thng update t Internet Security Systems
X-Force theo thi gian thc, m bo ngn chn ti a cc tn cng c th xy ra hin nay.
Proventia Network IPS c tnh nng Fail-open v h tr cu hnh dng Active/Active,
Active/Passive do vy m bo tnh sn sng cao ca ton mng................................................52
Ngn chn tn cng ca Virus ti Gateway v trong cc vng mng...........................................53
Cc con ng m virus c th tn cng v bng pht vo mng ca cng ty chng khon tng
i a dng, xut pht t Internet, t ngi dng bn trong, bn ngoi mng v c bit qua
email. c mt h thng phng chng c hiu qu cao th cn phng v chng Virus va
Spyware ti c 4 lp mng: gateway, mailserver, server, PCs. H thng ny phi c qun l
tp trung, thng nht v lun lun c cp nht mu Virus va Spyware t nhng trung tm
phng chng Virus va Spyware ln trn th gii. Ngoi ra cn phi c mt chnh sch bo mt
chung v kt hp vi cc gii php bo mt khc phng chng Virus va Spyware hiu qu
hn..................................................................................................................................................53
Gii php tng th c chng ti xut da trn cng ngh v sn phm phng chng virus
ca hng Trend Micro. Cc sn phm bao gm:...........................................................................54
i vi ngn chn v phng chng AntiVirus ti Internet Gateway, chng ti s dng thit b
chuyn dng InterScan Gateway Appliance (ISGA) ca hng Trend Micro. y l thit b qut
virus, spyware, phishing ti Internet Gateway trn cc lung: SMTP, POP3, HTTP, FTP v c
2
bit m bo c tc ti im Gateway m hu ht cc traffice trao i thng tin gia mng

trong v mng ngoi u phi i qua. ...........................................................................................54
Cc web site thng tin v cc sn phm bo mt c xut trong gii php tng th v an
ton thng tin cho cc cng ty chng khon:.................................................................................55
Cc sn phm ca h thng Firewall/VPN....................................................................................55
Cc sn phm ca h thng phng chng xm nhp (IPS)...........................................................55
Cc sn phm ca h thng phng chng Virus............................................................................55
I.
1.
C s h tng v yu cu ca cng
ty ABC
C s h tng:
Tr s chnh : Ta nh 3 lu vi din tch mt sn 2400m2(60x40) , t Qun
Thanh Kh
Chi nhnh 1: Gm mt ta nh 2 lu v 1 tng hm, vi din tch mt sn
600m2(30x20), t Qun Lin Chiu
o Chi nhnh 2: Ta nh 4 lu , din tch mt sn 4000m2 . t Qun Ng
Hnh Sn
o C s vt cht a co sn cua tr s chnh:
H1.2. M hinh mang sn co cua cng ty ABC

Thit b c sn Tr s chnh :
Tn thit b
Hng sn xut
S lng
PC
PV-D5701
20
Mn hnh LCD
SAMSUNG E1920NX Wide
20
my in laser trng en
HP LaserJet P1102
SW 24 port l2
Switch Cisco WS-CE500-24TT
DataBase Server
IBM System x3550M3 (7944 - A2A)
Firewall ISA
Chi nhnh 1 v chi nhnh 2 va c xy dng mi hon ton .
2. Cac yu cu v h thng mang:
H1.3. Cac yu cu cua h thng mang
H thng my ch mnh , hot ng 24/24, m bo yu cu truy cp t mi tr s

v chi nhnh vo mi thi im. Thi gian phn hi cc yu cu p ng thi gian
thc.
H thng chm cng bng cch qut vn tay cho nhn vin trn tr s chnh v chi
nhnh trong vng 15 pht.
H thng mng phi c bo mt, cc h thng ngoi mng khng nhn thy m
hnh mng bn trong cng nh cc thit b.
H thng trang web qung b sn phm , h thng th in t.
6
H thng Voip
II.
Thit k h thng mang

1.
1.1.
M hinh mang logic:

Toa nha chinh:
H2.1 M hnh logic ta nh chnh
M hinh mang toan nha chinh gm cac thit bi chinh c tp trung phong
server va IT. Ngoai ra am bao mc tin hiu gia cac thit bi co khoang cach hn 100m,
ta dung cc switch 24 v 48 port cac tng.
Switch cc tng lu c port Uplink c tc 1000MB/s dng ni vi switch trung
tm m bo tc truyn d liu.
M hinh mang toan nha bao gm:

Router: H thng bao gm 2 router, 1 kt ni mng WAN va 1 Router kt ni ti 2 chi nhnh .
H thng cac may chu c t ti phng server c my lnh v h thng d phong UPS, may chu
Database cu hinh manh ap ng nhu cu x ly va ng b d liu t chi nhanh.
Database c bao v bng Server Backup.
H thng Firewall: Firewall gate la s kt hp cua phn mm bao mt chuyn dung cua hang
checkpoint VPN-1 UTM chay trn phn cng chuyn dung crossbeam 6, IPS bo v vng
CSDL : database server, App server , DHCP server Web firewall bo v vng DMZ
(cha web v mail server) va h thng Scan virus chuyn dung cua hang Trend Micro t
trc Firewall gateway.
1.2.
Chi nhnh 1:
Vi chi nhanh 1 kha nho nn ko co h thng Server ring, database se c truy cp t chi
nhanh chinh.
H2.2. M hnh logic chi nhnh 1
M hinh mang bao gm:

Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN
Firewall: Firewall gate cho toan b h thng
1.3.
Chi nhnh 2 :
Tp trung s lng ln nhn vin cua cng ty ABC
H2.3. M hnh logic chi nhnh 2

M hinh mang bao gm:
Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN
Firewall: Firewall gate la s kt hp cua phn mm VPN-1 UTM cua hang checkpoint chay trn
phn cng chuyn dung crossbeam C6 h thng IPS cho Web, Mail Server.
10
Ly do chon m hinh mang:
2.
Vi m hinh mang trn se am bao c cac yu cu v tc x ly, an toan thng

tin va bao mt d liu cho web, mail, server farm.
Chung ti chon m hinh trn theo hng m rng cac dich vu cho tng lai, m
hinh trn sn sang ap ng cac nhu cu v thm cac thit bi nh PC, IP Phone,
Print mt cach d dang.
H thng web co th dung mua hang va thanh toan trc tip mt cach an toan.
H thng IPX ring bit co th d dang m rng cac dich vu video conferencing d
dang Vi ng line ring nn mang Lan trong cng ty c bao v khoi cac
cuc tn cng t PSTN
Cc ta nh u c h thng my ch c s d liu ring,nhm gim ti cho my

ch CSDL ta trung tm. h thng CSDL 2 chi nhnh s c truyn v my
ch CSDL ta nh chnh vo thi gian nh sn qun l tp trung v backup
kp thi.
3.
3.1.
S vt l:
Toa nha chinh:
Tru s chinh din tich 2400 m2 - 132 nhn vin gm nhn vin cac phong Giam c
Pho Giam c
11
H2.4 S vt l Tr s chnh lu 1
Tr s chnh lu 1:
12
Quy tip tn: 2PC 1 IP Phone
Phong thu ngn: 5 PC 2 Print 2 POS 1 IP Phone
Phong giao hang: 1 PC 1 IP Phone
o Toa nha chinh - Tng 2:
13
Kho hang: 2 PC 2 IP Phone 2 Print
Nhn lp t: 2 PC 2 IP Phone
Bao hanh: 5 PC 5 IP Phone 2 Print
H2.7 S vt l Tr s chnh lu 1 phng server

14
Toa nha chinh - Tng 3:
15
Phong Giam c: 1 PC 1 IP Phone
Phong Pho Giam c: 1 PC 1 IP Phone
Phong Th Ky: 2 PC 2 IP Phone 2 Print
Phong Nghin Cu Thi Trng: 5 PC 2 IP Phone 2 Print
Phong Kinh Doanh: 6 PC 6 IP Phone 1 Print
Phong K Toan Tai Chinh: 5 PC 5 IP Phone 1 Print
Phong Nhn S: 5 PC 3 IP Phone 1 Print
Phong IT: 5 PC 1 IP Phone 1 Print
Phong Hop + Phong Nghi: 2 Acess point
3.2.
Chi nhnh 1:
Chi nhanh 1 din tich 600 m2 (30x20)
16
H2.7 S vt l Chi nhnh 1 lu 1
CN1 - Tng hm:

Kho Hang: 2PC 1 IP Phone 1 Print
17
H2.8 S vt l chi nhnh 1 lu 2
CN1 - Tng 1:
B phn lp t: 16 PC 16 IP Phone 3 Print
18
Phong bao hanh: 4 PC 1 IP Phone

Phong k toan: 8 PC 8 IP Phone 4 Print
1 Finger divice 1 may POS
CN1 - Tng 2:
19
Phong tip thi va hoch inh chin lc: 12 PC 12 IP Phone 2 Print

Phong tai chinh k toan: 14 PC 14 IP Phone 2 Print
Phong tip tn: 1 PC 1 IP Phone
Phong Giam c: 2 PC 2 IP Phone 1 Print
Phong Nhn S: 11 PC 11 IP Phone 2 Print
Phong IT: 6 PC 6 IP Phone
Phong Hop: 1 Access Point
3.3.
Chi nhanh 2:
Chi nhnh 2 vi din tch 4000 M2, nhng din tch mt sn xy dng l 3000m2(60x50) .
Chi nhnh 2 c 229 ngi bao gm qun l nhn vin bo v - lao cng.
20

CN2 - Lu 1 :
21
B phn thu ngn gm 6 PC + 2 my in + 1 my qut th .
B phn giao hng gm 2 PC + 1 my tin
B phn kho-lu 1 gm 1 PC + 1 my tin.
Quy tip tn 1 PC.
Ngoi ra, cn ni ti 2 my qut vn tay v 2 my qut th
H 2.11 Thit b CN2-lu 1

CN2 lu 2 : gm :
22
Thu Ngn : 6 ngi
Giao hng : 10 ngi
Qun kho : 5 ngi
Nhn vin t vn : 30 ngi
Lp t , bo tr: 20
Chi tit thit k :

CN2- lu 2 gm 1 switch 48 port + patch panel 48 port, c dn ti cc PC v my in ti
tt c cc phng ban lu 2.
H2.13 Chi tit thit b CN2- lu 2

CN2-lu2 gm cc thit b:
23
B phn thu ngn gm 6 PC + 2 my in + 2 my qut th.
Giao hng gm 2 pc v 1 my in.
B phn lp t-bo tr gm 20 PC v 2 my in.
Switch c ni ln switch trung tm bng port uplink 1000Mb/s.
Cn2 - Lu 3 :
24

CN2 lu 3 : S lng nhn vin lu 2 gm 56 ngi c phn b nh sau :
25
Thu Ngn : 6 ngi : 6 PC + 2 my in .
Nhn vin t vn : 30 ngi : 20 PC + 2 my tin.
Bo hnh : 18 ngi : 18 PC + 2 my tin.
Tip vin phng bo hnh: 2
1 switch 48 port dn dy m tng i n cc PC cc phng, quy .
Kt ni ln switch trung tm lu 4 bng port uplink.
CN2 - Lu 4 :

y l lu t h thng my ch, cc switch ca cc lu s c dn ln tng 4 ny .
26
CN2 lu 4 gm : phng gim c chi nhnh , phng k ton, phng qun l nhn s,
phng server , th vin, hi trng .
CN2 lu 4 c 49 ngi c phn b :
Gim c : 1
Th k: 1
K ton : 15
Nhn S: 18
IT : 8
Qun th : 6
M hnh cc thit b s dng :
H 2.16 : Chi tit thit b CN2 lu 4
27
Phng gim c 1 PC
Phng Th k 1PC + 1 my in
Phng nhn s 16 PC + 2 my in
Phng k ton 15 PC + 2 my in
Phng IT 6 PC + 1 my in
Phng hp gm 1 access point + 1 PC + 1 my chiu
Phng gii tr + th vin : 1 access point
Phong server : 1 Database server + 1 DHCP server .
1 switch 48 port + 2 sw 24 port + 2 patch panel 48 port kt ni ti cc

phng ban.
Switch trung tm l 1 sw 24 port L3 c tc x l cao v 1 sw d phng

c thit k theo m hnh phn cp .
H thng firewall Check point v IPS
Mt router kt ni ra internet v kt ni ti chi nhnh trung tm.
Gii thch v s chn lc cc thit b :

28
S dng Access Point phng hp v phng th vin tin li cho vic s dng laptop
kt ni internet v ti nguyn trong khi hi hp , v 1 access point trong phng th vin
nhn vin s dng laptop vo gi gii lao.
ng kt ni t cc switch cc lu n swich trung tm u dng port uplink tc
1000 mb/s, trong khi t cc switch n cc PC l tc d 100MB/s nhm m bo tc
truyn d liu v gii quyt vn tt ngn khi nhiu lung d liu up ln cng 1
lc.
H thng core gm 1 sw L3 , y chn Cisco Switch WS-C3560G-24TS-S vi thong
s Catalyst 3560 24 10/100/1000T + 4 SFP + IPB Image (24 port ca Sw L3 ny u
t n tc 1000mb/s), bn ta dng 1 Sw na thit k theo m hnh phn cp
nhm d phng trng hp sw core gp s c .
3. Quy hoch a ch IP cho h thng mng v thit b

M hnh chung :
29
H 2.17 M hnh chung quy nh a chi IP
Thit b
K hiu Cng
IP
Subnet mask
Default gateway Ghi ch
Router
ta nh
chnh
R1
S0/0
192.168.200.1
255.255.255.252
N/A
Kt ni vi
R2
R1
S0/1
192.168.200.5
255.255.255.252
N/A
Kt ni vi
30
R3
Router
CN1
Router
CN2
R1
F0/0
192.168.1.1
255.255.255.0
Kt ni ti
sw core
bn trong
mng
R2
S0/1
192.168.200.6
255.255.255.252
N/A
Kt ni vi
R1
R2
F0/0
192.168.10.1
255.255.255.0
N/A
Kt ni ti
sw core
bn trong
mng
R3
S0/1
192.168.200.2
255.255.255.252
N/A
Kt ni vi
R1
R3
F0/0
192.168.100.1
255.255.255.0
N/A
Kt ni ti
sw core
bn trong
mng
Bng 1 : a ch IP trn cc cng router
Tr s chnh :
IP Internet: 203.100.100.3 v 203.100.100.4
IP Web server: 203.100.100.1
IP Mail server: 203.100.100.2
31
Chi nhnh 1: IP Internet: 203.101.101.1 - 4

Chi nhnh 2: IP Internet: 203.102.102.1 - 4
H thng s dng VLAN chia mng .
Li ch ca VLAN
Tit kim bng thng ca h thng mng:
Tng kh nng bo mt:
D dng thm hay bt my tnh vo VLAN:
Gip mng c tnh linh ng cao:
H thng Vlan c biu din qua cc bng sau :
Ta nh trung tm
STT VLAN
32
S thit b cn
cp a ch
MAX IP
Di a ch (IP u/subnet Mask -> IP

cui/subnet Mask)
Lp t
13
30
192.168.1.0/27 192.168.1. 31/27
Thu ngn
30
192.168.1.32/27 192.168.1.63/27
Nhn s
14
192.168.1.64/28 192.168.1.79 /28
K ton
14
192.168.1.80/28 192.168.1.95 /28
Nghin cu
14
192.168.1.96/28 192.168.1.111 /28
Server Farm
14
192.168.1.112/28 192.168.1.127 /28
Giao hng
14
192.168.1.128/28 192.168.1.143 /28
Tip Tn
14
192.168.1.144/28 192.168.1.159 /28
Kho hng
14
192.168.1.160/28 192.168.1.175 /28
10
Qut th
192.168.1.176/28 192.168.1.183 /28
11
Qut vn tay
192.168.1.184/28 192.168.1.191 /28
12
Gim c
192.168.1.192/28 192.168.1.199 /28
13
Ph gim c
192.168.1.200/28 192.168.1.207 /28
14
DMZ
192.168.1.208/28 192.168.1.215 /28
15
AP HP
192.168.1.216/28 192.168.1.223 /28
16
AP Gii tr
192.168.1.224/29 192.168.1.231 /29
17
IT
192.168.1.232/29 192.168.1.239 /29
18
Th k
192.168.1.240/29 192.168.1.247 /29
19
Router 1
192.168.1.248/30 192.168.1. 251/30
20
Router 2
192.168.1.252/30 192.168.1.255 /30
20
IP Phone
64
254
192.168.5.0/24 192.168.5.255 /24
Bng thng tin chi tit cc thit b trn tng Vlan :
Vit tt :
33
A : Vlan
B:Loi Thit B
C: Tn thit b
D: S lng
E: cng giao tip
F: a ch IP /subnet Mask (di a chl DHCP cp )
G: default gateway
STT A
Lp t
PC
PV-D5701
11
RJ45 192.168.1.2/27
192.168.1. 30/27
Lpt
My in
HP LaserJet
P1102
RJ45
Thu ngn
PC
PV-D5701
Thu ngn
My in
HP LaserJet
P1102
RJ45 192.168.1.34/27
192.168.1.33
192.168.1.62/27
RJ45
Nhn s
PC
PV-D5701
Nhn s
My in
HP LaserJet
P1102
K ton
PC
PV-D5701
K ton
My in
HP LaserJet
34
G
192.168.1.1
RJ45 192.168.1.66/28
192.168.1.65
192.168.1.78 /28
RJ45
RJ45 192.168.1.82/28
192.168.1.81
192.168.1.94 /28
RJ45
P1102
Nghincu PC
PV-D5701
10
Nghincu My in
HP LaserJet
P1102
RJ45 192.168.1.98/28
192.168.1.97
192.168.1.110/28
RJ45
11
Server Farm Print Server D-LINK DPR1061
RJ45 192.168.1.114/28
192.168.1.113
12
Server Farm DHCP

server
IBM System
1
X3500 M3 (7380 42A)
RJ45 192.168.1.115/28
192.168.1.113
13
Server Farm DataBase

Server
IBM System 1
x3550M3 (7944 A2A)
RJ45 192.168.1.116/28
192.168.1.113
14
Server Farm Backup

server
IBM System
1
X3500 M3 (7380 42A)
RJ45 192.168.1.117/28
192.168.1.113
15
Giaohng
PC
PV-D5701
RJ45 192.168.1.130/28 192.168.1.129

192.168.1.142/28
16
TipTn
pc
PV-D5701
RJ45 192.168.1.146/28 192.168.1.145

192.168.1.158/28
17
Khohng
PC
PV-D5701
18
Khohng
My in
HP LaserJet
P1102
RJ45 192.168.1.162/28 192.168.1.161

192.168.1.174/28
RJ45
19
Qutth
Qutth
RJ45 192.168.1.178/28 192.168.1.177

192.168.1.182/28
20
Qutvntay Qutvntay TimeWORKS - 2

Fingerprint Time
RJ45 192.168.1.186/28 192.168.1.185

192.168.1.190/28
21
Gimc
PC
PV-D7502
RJ45 192.168.1.194/28
192.168.1.193
22
Phgimc PC
PV-D7502
RJ45 192.168.1.202/28
192.168.1.201
35
LPV-VT6280
23
DMZ
Web server IBM System 1

x3550M3 (7944 A2A)
RJ45 192.168.1.210/28
192.168.1.209
24
DMZ
Mail server IBM System 1

x3550M3 (7944 A2A)
RJ45 192.168.1.211/28
192.168.1.209
25
AP HP
Access Point LINKSYS

WRT160N
RJ45 192.168.1.218/28 192.168.1.217

192.168.1.222/28
26
AP Giitr
Access Point LINKSYS

WRT160N
RJ45 192.168.1.226/29 192.168.1.225

192.168.1.230/29
27
IT
PC
PV-D7502
28
IT
My in
HP LaserJet
P1102
RJ45 192.168.1.234/29 192.168.1.233

192.168.1.238/29
RJ45
29
Thk
GD+PGD
PC
PV-D5701
RJ45 192.168.1.242/29 192.168.1.241

192.168.1.246/29
30
Thk
GD+PGD
My in
HP LaserJet
P1102
RJ45
31
Router 1
Router
CISCO2821
RJ45 192.168.1.249/30
192.168.1. 250 /30
32
Router 2
Router
CISCO2821
RJ45 192.168.1.253/30
192.168.1.254/30
33
IP Phone
IP Phone
Grandstream
GXE5028 VoIP
Phone System GXE-5028
64
RJ45 192.168.5.2/24
192.168.5.254 /24
Bng 3 Ta trung tm chia IP cho tng thit b
Chi nhnh 1 quy hoch a ch IP

36
192.168.5.1
STT
VLAN
S thit b
cn cp a
ch
S a ch IP ti Di a ch (IP u/subnet Mask -> IP

a c th d
cui/subnet Mask)
dng
IP Phone
63
126
192.168.10.0/25 192.168.10.127
K ha n v 12
thanh ton
30
192.168.10.128/27 192.168.10.159
Bo tr, lp t, 13
bo hnh
30
192.168.10.160/27 192.168. 10.191
Tip th kinh
doanh
14
30
192.168.10.192/27 192.168.10.223
K ton ti
chnh
16
30
192.168.10.224/27 192.168.10.255
Nhn s
11
30
192.168.11.0/27 192.168.11.31
IT
14
192.168.11.32/27 192.168.11.47
Server Farm
14
192.168.11.48/28 192.168.11.63
Qun kho hng 3
192.168.11.64/28 192.168.11.71
10
My qut vn 1
tay
192.168.11.72/28 192.168.11. 79
11
My qut th
192.168.11.80/28 192.168.11.87
12
Gim c
192.168.11.88/28 192.168.11.95
13
Th k
192.168.11.96/28 192.168.11.103
14
Tip tn
192.168.11.104/28 192.168. 11.111
15
Router
192.168.11.112/28 192.168.11.115
Bng 4 : quy hoch a ch IP chi nhnh 1
37
Bng thng tin chi tit chia IP cho tng loi thit b trn tng VLan c th :
STT
IP Phone
IP Phone
Grandstream GXE5028
VoIP Phone System GXE-5028
63
RJ45 192.168.10.2/25 192.168.10.1

192.168.10.126/25
Khanvt PC /my in
hanhton
PV-D5701/
12
RJ45 192.168.10.130/27 192.168.10.12

192.168.10.158 9
Botr, lpt,PC /my in

bohnh
PV-D5701/
13
RJ45 192.168.10.162/27 192.168.10.16

192.168. 10.190 1
Tipthkinhdo PC /my in
anh
PV-D5701/
14
RJ45 192.168.10.194/27 192.168.10.19

192.168.10.222 3
Ktontichn PC /my in
h
PV-D5701/
16
RJ45 192.168.10.226/27 192.168.10.22

192.168.10.254 5
Nhns
PV-D5701/
11
RJ45 192.168.11.2/27
192.168.11.30
RJ45 192.168.11.34/27 192.168.11.33

192.168.11.46
Server Farm DHCP server IBM System X3500 M3 1

(7380 - 42A)
RJ45 192.168.11.50/28 192.168.11.49
Server Farm Print server
D-LINK DPR-1061
RJ45 192.168.11.51/28 192.168.11.49
Server Farm DataBase

Server
IBM System X3500 M3 1

(7380 - 42A)
RJ45 192.168.11.52/28 192.168.11.49
QunkhohngPC /my in
PV-D5701/
RJ45 192.168.11.66/28 192.168.11.65

192.168.11.70
10 MyqutvntaMyqutvnta TimeWORKS y
y
Fingerprint Time
RJ45 192.168.11.74/28 192.168.11.73
11 Myqutth Myqutth
PS/2 192.168.11.82/28 192.168.11.81
PC /my in
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
7
IT
PC /my in
PV-D5701/
HP LaserJet P1102
HP LaserJet P1102
38
LPV-VT6280
192.168.11.1
12 Gimc
PC
PV-D7502
RJ45 192.168.11.90/28 192.168.11.89
13 Thk
PC /my in
PV-D5701/
RJ45 192.168.11.98/28 192.168.11.97

192.168.11.102
HP LaserJet P1102
14 Tiptn
pc
PV-D5701
RJ45 192.168.11.106/28 192.168.11.10

5
15 Router
Router
CISCO2821
RJ45 192.168.11.113/30
Bng 5 : CN1 chia IP cho tng thit b
Chi nhnh 2:
STT
tn phng
S thit b
cn cp a
ch
S a ch IP ti Dy a ch IP
a c th d
dng
Lp t
30
62
192.168.100.0/26 192.168.100.63
Thu ngn
24
62
192.168.100.64/26 192.168.100.127
Bo tr
22
62
192.168.100.128/26 192.168.100.191
bo hnh
22
62
192.168.100.192/26 192.168.100.255
nhn s
20
30
192.168.101.0/27 192.168.101.31
k ton
17
30
192.168.101.32/27 192.168.101.63
giao hng
14
192.168.101.64/28 192.168.101.79
kho
14
192.168.101.80/28 192.168.101.95
tip tn
14
192.168.101.96/28 192.168.101.111
39
10
relex
14
192.168.101.112/28 192.168.101.127
11
IT
14
192.168.101.128/28 192.168.101.143
12
qut th
192.168.101.144/29 192.168.101.151
13
vn tay
192.168.101.152/29 192.168.101.159
14
hp
192.168.101.160/29 192.168.101.167
15
gim c
192.168.101.168/29 192.168.101.175
16
TK GD
192.168.101.176/29 192.168.101.183
17
PGD
192.168.101.184/29 192.168.101.191
18
TK PGD
192.168.101.192/29 192.168.101.199
19
server
192.168.101.200/29 192.168.101.207
20
router
192.168.101.208/30 192.168.101.211
21
IP Phone
51
254
192.168.500.0/24 192.168.500.255
Bng 6 : quy hoch a ch IP chi nhnh 2

CN2- Chi tit chia IP trn tng thit b
STT A
PC /my in PV-D5701/
Lpt
30
RJ45 192.168.100.2/26 192.168.100.1

192.168.100.62
24
RJ45 192.168.100.66/26
192.168.100.126
192.168.100.65
22
RJ45 192.168.100.130/26
192.168.100.190
192.168.100.129
22
RJ45 192.168.100.194/26
192.168.100.193
HP LaserJet
P1102
2
Thu ngn PC /my in PV-D5701/

HP LaserJet
P1102
Botr
PC /my in PV-D5701/
HP LaserJet
P1102
bohnh
40
PC /my in PV-D5701/
HP LaserJet
P1102
5
nhns
PC /my in PV-D5701/
192.168.100.254
20
RJ45 192.168.101.2/27
192.168.101.30
192.168.101.1
17
RJ45 192.168.101.34/27
192.168.101.62
192.168.101.33
RJ45 192.168.101.66/28
192.168.101.78
192.168.101.65
RJ45 192.168.101.80/28
192.168.101.94
192.168.101.81
HP LaserJet
P1102
6
kton
PC /my in PV-D5701/
HP LaserJet
P1102
giaohng PC /my in PV-D5701/

HP LaserJet
P1102
kho
PC /my in PV-D5701/
HP LaserJet
P1102
tiptn
PC
PV-D5701
RJ45 192.168.101.98/28
192.168.101.110
192.168.101.97
10
relex
AP/PC
LINKSYS
WRT160N/
RJ45 192.168.101.114/28
192.168.101.126
192.168.101.113
RJ45 192.168.101.130/28
192.168.101.142
192.168.101.129
PS/2
192.168.101.146/29
192.168.101.150
192.168.101.145
(1 -5)
PV-D5701
11
IT
PC /my in PV-D5701/
HP LaserJet
P1102
12
qutth
qutth
LPV-VT6280
13
vntay
vntay
TimeWORKS - 2
Fingerprint Time
RJ45 192.168.101.154/29
192.168.101.158
192.168.101.153
14
hp
AP/PC
LINKSYS
WRT160N/
RJ45 192.168.101.162/29
192.168.101.166
192.168.101.161
RJ45 192.168.101.170/29
192.168.101.169
(1 -1)
PV-D5701
15
gimc
41
PC
PV-D7502
192.168.101.174
16
TK GD
PC /my in PV-D5701/
RJ45 192.168.101.178/29
192.168.101.182
192.168.101.177
HP LaserJet
P1102
17
PGD
PC
PV-D7502
RJ45 192.168.101.186/29
192.168.101.185
18
TK PGD
PC /my in PV-D5701/
RJ45 192.168.101.194/29
192.168.101.198
192.168.101.193
HP LaserJet
P1102
19
server
DataBase IBM System

1
Server
X3500 M3 (7380
- 42A)
RJ45 192.168.101.202/29
192.168.101.201
19
server
DHCP-File IBM System

1
server
X3500 M3 (7380
- 42A)
RJ45 192.168.101.203/29
192.168.101.201
20
router
router
RJ45 192.168.101.209/30
21
IP Phone IP Phone
CISCO2821
Grandstream
GXE5028 VoIP
Phone System GXE-5028
51 RJ45 192.168.500.2/24
192.168.500.254
Bng 7 CN2 chia IP cho tng thit b
42
192.168.500.1
III. CAC DICH VU H THNG

1. Dch v kt ni Internet v kt ni gia ta nh chnh vi
cc chi nhnh
A . Internet :
43
H3.1 - Internet
Nhu cu lp t Internet
Ngay nay vi s bung n manh me cua Internet a lam cho nhu cu s dung Internet ngay cang
tng trong cng ng dn c noi chung c bit la trong cac cng ty noi ring. Cng vic hin ai
ngay cang lin quan mt thit n mang Internet : mail, web, hi nghi qua mang, lam vic t xa
Chinh vi vy vic lp t va s dung mang Internet trong mt cng ty la ht sc quan trong, no
khng nhng phuc vu cng vic hang ngay ma con thuc y s phat trin cua cng ty ngay cang
hin ai va chuyn nghip hn.
i vi mt cng ty ban hang ln v nhiu chi nhnh nh ABC vic kt ni internet rt quan
trng trong hot ng ca cng ty cng nh s pht trin v m rng sau ny.
a. La chon nha cung cp va goi cc
Nha cung cp : Viettel Telecom.
Cng ty ABC la mt cng ty chuyn v mua ban san phm in t ,chi nhanh chinh co s
lng nhn vin nhiu nht , hu ht mi nhn vin u co may tinh (co ni mang Internet) nn
44
chung em chon goi cc la FTTP Pro. Va, chung em s dung goi cc FTTP Office cho 2 chi
nhanh con lai.
b. . Mang WAN
H3.2 Mng wan

La chon dich vu MegaWan
Gii thiu v MegaWan:
45
MegaWAN l dch v kt ni mng my tnh ti nhiu im c nh khc nhau trn din rng
ca cc t chc, doanh nghip. y l mng ring o kt ni mng ring ni ht, lin tnh, quc t
truyn s liu, truyn d liu thng tin rt tin li v ng tin cy cho doanh nghip trong kinh
doanh.
MegaWan rt cn thit cho cc t chc, doanh nghip c nhiu chi nhnh, nhiu im giao dch
cn phi kt ni truyn d liu nh: Ngn hng, Bo him, Hng khng, Cty chng khon ...
MegaWan kt ni cc mng my tnh trong nc v quc t bng ng dy thu bao SHDSL
(cng ngh ng dy thu bao s i xng) hoc ADSL (cng ngh ng dy thu bao s bt
i xng) kt hp vi cng ngh MPLS/VPN.
MPLS l thut ng vit tt cho Multi-Protocol Label Switching (chuyn mch nhn a giao thc).
Nguyn tc c bn ca MPLS l thay i cc thit b lp 2 trong mng nh cc thit b chuyn
mch ATM thnh cc LSR (label-switching router-B nh tuyn c
huyn mch nhn). LSR c th c xem nh mt s kt hp gia h thng chuyn mch ATM
vi cc b nh tuyn truyn thng.
chung em la chon cng ty in toan va truyn s liu VDC la nha cung cp MegaWan. Nhng li
ich ma VDC mang lai khi lp t dich vu VPN/VNN (MPLS)
Cng ngh tin tin

Cng ngh chuyn mch nhn a giao thc MPLS (Multi Protocol Label Switching) l cng ngh
mi nht ang c ng dng ti a s cc quc gia ln ( Nht, M, Singapore)
46
Chi ph u t hiu qu
Tn dng kh nng x l ca cc thit b trong mng core MPLS ca VDC. Gim cc chi ph
u t thit b t tin ti u khch hng.
p ng m hnh im a im, cho php kt ni mng ring vi ch 1 ng knh vt l

duy nht.
Chi ph s dng r hn ti 50% so vi cng ngh truyn thng.
Bo mt an ton
Bo mt tuyt i trn mng core MPLS ca VDC
Bo mt ti u trn knh Leased Line ring (local loop)
Kh nng m rng n gin
Khi c nhu cu thit lp thm chi nhnh hoc im giao dch, khch hng ch cn ng k
thm im kt ni vi VDC m khng cn bt c mt u t li g trn mng hin c.
Mi cu hnh kt ni u thc hin ti mng core MPLS ca VDC, thnh vin mng khng
cn bt k mt cu hnh no.
n gin ho qun tr IT
Vi qu trnh qun tr v thit lp VPN ti mng core MPLS ca VDC s gip n gin ho
ti a cng vic qun tr IT trong hot ng ca doanh nghip.
Nhn c nhiu h tr t nh cung cp.
Gim cc chi ph u t thit b t tin v phc tp

47
Tc cao, a ng dng v cam kt QoS
VPN MPLS cho php chuyn ti d liu ln vi tc Gbps qua h thng truyn dn cp
quang.
Khng ch l Data, VPN MPLS ti VDC c th trin khai y cc ng dng v thi gian
thc nh VoIP, Video Conferencing vi tr thp nht.
Cung cp cc kh nng cam kt tc v bng thng ti thiu (QoS)
tin cy ca h tng dch v v cng ngh
H tng mng truyn s liu c hu thun mnh m bi Tp on Bu chnh Vin thng

Vit Nam (VNPT):
Mng trc truyn s liu 3 x 7,5Gbps Bc-Trung-Nam.
H tng mng li MPLS thit lp bi h thng thit b ng b ca Cisco.
Mng kt ni n x 155Mbps khp 64 tnh, thnh.
Kt ni trc tip bng knh ring cp ngm.
Hn 1 Gbps kt ni NNI vi cc i tc quc t ln ti Hongkong, Singapore, Nht Bn, M.

Chi tit : http://vdc.com.vn/services/4/6/2/32/index.htm#view
Hin nay co rt nhiu cng ty cung cp kt ni MegaWan , tuy nhin chung em la chon VDC
con nhm muc ich m rng ra thi trng quc t.
y leased line khng la la chon hang u cua cng ty bi nhiu nguyn do sau :
48
Chi phi qua mc
Phn d liu nhay cam khi khach hang thanh toan bng the ngn hang : co s h tr
bao mt ti u t ngn hang cung cp dich vu.
D liu truyn i khng lin tuc : chu yu la d liu hang hoa, co th truyn theo
thi gian biu a lp sn.
c.
Tinh ph bin
Co cung cp kt ni internet
D phong khi kt ni Internet va WAN
Kt ni Internet : s dung dich vu kt ni internet khi lp t mang WAN cua VDC

(VPN/VNN) d phong .
D phong VPN khi VPN/VNN bi h : co h tr sn bi thit bi cua cng ty .
2. H Thng Firewall:
49
H thng Firewall gateway s kim sot lung d liu i qua bao gm: Truy cp t ngoi
Internet vo vng dch v trc tuyn, ngi dng mng LAN truy cp Internet qua ng
LeasedLine, ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng
dng v c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp
l, nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong mng vo
cc vng servers.
Thit b an ninh tch hp Crossbeam C6
50
Vi kinh nghim trin khai ca cng ty Misoft, kt hp vi s pht trin ca cng ngh, chng
ti xut h thng Firewall s l s kt hp gia Firewall VPN1- UTM ca hng Check
Point chy trn phn cng chuyn dng ca hng Crossbeam System. Check Point Firewall
VPN1-UTM hi cc yu t bo v mng bao gm cc tnh nng Firewall, AntiVirus, IPS v
VPN server ch trong mt sn phm. Check Point Firewall c ci trn mt cp thit b an
ninh tch hp chuyn dng ca hng Crossbeam System chy clustering ch HA (High
availability) m bo tnh sn sng cao v hiu nng hot ng ca ton mng.
(http://www.pcworld.com.vn/articles/quan-ly/tu-van/2007/04/1190428/an-toan-thong-tin-chocong-ty-chung-khoan/ tham khao ngay 20/04/2011)
Trong m hnh bo mt, vng my ch c s d liu v my ch ng dng l quan trng
nht trong hot ng trao i thng tin ca cng ty. Nu mt trong cc my ch ny b tn
cng hoc c s c, hot ng kinh doanh ca cc cng ty s b nh hng trc tip. Do vy
bn cnh h thng Firewall bo v h tng network ca cng ty, nht thit cn trang b b sung
h thng phng chng xm nhp (IPS) bo v ring cho vng cc Server ng dng ny.
Khc vi Network Firewall, h thng IPS s pht hin v ngn chn cc xm nhp tng ng
dng, can thip trc tip vo cc protocols, cc traffice m h thng Firewall khng pht hin
c. H thng IPS c t trong vng mng LAN, do vy h thng phi m bo c tc
x l khng lm nghn lung thng tin c trao i vi mt cao ti y.
51
Vi mc quan trng nh trn, chng ti xut trin khai thit b phng chng xm
nhp Proventia Network IPS chuyn dng ca hng Internet Security Systems ISS. Thit b
ny cho php ngn chn trc cc cuc tn cng cha bit cng nh cc cuc tn cng bit
nh DoS, trojan, peer to peer download, backdoor, malicious http v file nh km e-mail m
khng nh hng n hot ng ca mng. c bit, thit b Proventia Network IPS c kh
nng phn tch v nhn dng cc giao thc c s dng trong VoIP nh SIP, MGCP, H.323,
H.225, H.245, Q.931, T.120 v SCCP xc nh cc cuc tn cng.
Thit b ny s c t trc vng Server farm bo v cho c vng, kim sot ton b cc
yu cu truy cp d liu c mc Network v mc ng dng trn cc Server. C s d liu v
cc mu tn cng (attacking Signatures) s lun c h thng update t Internet Security
Systems X-Force theo thi gian thc, m bo ngn chn ti a cc tn cng c th xy ra hin
nay. Proventia Network IPS c tnh nng Fail-open v h tr cu hnh dng Active/Active,
Active/Passive do vy m bo tnh sn sng cao ca ton mng.
Proventia Network IPS G400
52
Ngn chn tn cng ca Virus ti Gateway v trong cc vng mng.

Cc con ng m virus c th tn cng v bng pht vo mng ca cng ty chng khon
tng i a dng, xut pht t Internet, t ngi dng bn trong, bn ngoi mng v c bit
qua email. c mt h thng phng chng c hiu qu cao th cn phng v chng Virus va
Spyware ti c 4 lp mng: gateway, mailserver, server, PCs. H thng ny phi c qun l
tp trung, thng nht v lun lun c cp nht mu Virus va Spyware t nhng trung tm
phng chng Virus va Spyware ln trn th gii. Ngoi ra cn phi c mt chnh sch bo mt
chung v kt hp vi cc gii php bo mt khc phng chng Virus va Spyware hiu qu
hn.
Trend Micro Client/Server bo v mailserver, server v PC khi s ly nhim ca Virus
53
Gii php tng th c chng ti xut da trn cng ngh v sn phm phng chng
virus ca hng Trend Micro. Cc sn phm bao gm:
Trend Micro Client/Server/Messaging Suite for SMB
Trend Micro Internet Security
InterScan Gateway Security Appliance
i vi ngn chn v phng chng AntiVirus ti Internet Gateway, chng ti s dng thit
b chuyn dng InterScan Gateway Appliance (ISGA) ca hng Trend Micro. y l thit b
qut virus, spyware, phishing ti Internet Gateway trn cc lung: SMTP, POP3, HTTP, FTP
v c bit m bo c tc ti im Gateway m hu ht cc traffice trao i thng tin
gia mng trong v mng ngoi u phi i qua.
Thit b chuyn dng chng Virus

ti Internet Gateway(IGSA)
54
Cc web site thng tin v cc sn phm bo mt c xut trong gii php tng th v
an ton thng tin cho cc cng ty chng khon:
Cc sn phm ca h thng Firewall/VPN
Firewall cho h tng mng
Check Point:
www.checkpoint.com
Crossbeam System
www.crossbeamsystems.com
Firewall cho ng dng
Netcontinuum:
www.netcontiuum.com
Cc sn phm ca h thng phng chng xm nhp (IPS)
Internet Security Systems: www.iss.net
Cc sn phm ca h thng phng chng Virus
55
Trend Micro:
www.trendmicro.com
3. H Thng d phong:
3.a. D phng trong ni b ta nh, chi nhnh
Xy dng h thng mng theo m hnh phn cp
H3.3- xy dng m hnh mng phn cp

H thng Core Switch gm 2 swich core , c kt ni theo m hnh phn cp sau :
56
H3.4- m hnh h thng phn cp .

M hnh phn cp to kh nng d phng, khi 1 switch core (sw x l nhiu nht h
thng) khng hot ng th switch bn s chy , m bo cho h thng hot ng
24/24.
57
3.b D phng kt ni gia cc chi nhnh

H thng Check Point Firewall VPN1-UTM t ti tr s chnh ca cng ty chng khon
bn cnh chc nng kim sot cc lung thng tin ra vo mng cn l h thng VPN Server cho
cc kt ni theo c 2 m hnh Client to Site v Site to Site.
Vi m hnh kt ni VPN Site to Site, ti mi chi nhnh hoc i l s s dng thit b
Firewall VPN chuyn dng loi nh VPN1-Edge ca hng Check Point. Thit b ny c y
tnh nng Firewall v thit lp knh kt ni Site to Site qua ng Leaseline hoc ADSL. Vi m
hnh ny, h thng VPN Server ti Headquater s t ng xc thc gia 2 u thit b v kim tra
tnh an ton trc khi cho php thit lp knh kt ni.
Thit b bo mt VPN-1 UTM Edge bo v kt ni gia cng ty

Chng khon vi chi nhnh, i l v vn phng
58
Check Point VPN1-Edge khi thit lp VPN tunnel s s dng cc cng ngh m ho sau
(AES) 128-256 bit
Triple DES 56-168 bit
SSL Secure Sockets Layer

M hnh Client to Site p dng cho cc nhn vin ca cng ty lm vic ti cc TTGDCK
thit lp knh kt ni qua Internet, dial-up v h tr xc thc ngi dng bng nhiu phng thc
nh Certificate, Token, Smartcard trc khi cho php kt ni. Ti cc my ca nhn vin s ci
phn mm thit lp kt ni VPN client ca Check Point.
4. H Thng VoIP:
H3.5 Tng quan m hnh mng Voip

59
S trin khi h thng Voip cho tng ta .

Ta trung tm
H3.6 M hnh trin khai VoiP ta trung tm
60
Chi nhnh 1
H3.7 M hnh trin khai VoiP CN1

Chi nhnh 2
61
H3.8 M hnh trin khai VoiP CN2
Li ch khi trin khi h thng Voip trn :
Gi ni b min ph vi cc chi nhnh vi nhau.
Gi quc t gi r hn so vi mc gi bnh thng.
Kt ni my Fax gia cc chi nhnh vi nhau thng qua h thng mng IP.
C kh nng s dng c my in thoi thng thng, in thoi IP c dy v khng dy.
M rng mng d dng.
An ton bo mt.
Cht lng n nh.
Gi thnh hp l.
m bo tnh thm m.
5. Dch v web v email :

Xy dng vng DMZ cha cc my ch web v mail tch bit vi h thng mng ni b, h
thng firewall IPS bo v . Vic xy dng h thng web thng mi in t nhm qung b
cng ty, cung cp gi c cc mt hng , dch v trc tuyn vi khch hng.
6.
Dch v my chm cng vn tay
62
S dng thit b mi vi cng ngh tin thin ca hng Digital Person. H thng chm cng bng
du vn tay trn PC bao gm my c du vn tay kch c nh gn v chng trnh qun l thi
gian. Hai phn ny thay th chc nng my bm th hay cch ghi nhn gi ra-vo khc bt k l c
th mt cch hiu qu . Vi s lng 2 my / mi ta nh, m bo qut tt c nhn vin trong
vng 15 pht.
IV. Chi ph ton h thng :

Ta trung tm
63
H3.9 Chi ph tr s chnh
Chi nhnh1
64
H3.10 Chi ph CN1
65
Chi nhnh 2
H3.11 Chi ph cn 2
Chi ph lp t Internet v WAN

66
ng truyn cap quang

Gi cc dnh cho Doanh nghip
Gi cc
I.
i l Internet
v h kinh doanh c th
FTTH Office
Gi cc dnh cho
FTTH Pro
FTTH Pub
Ph lp t v ph s dng hng thng (VND)
Ph lp t mi
2.000.000
2.000.000
2.000.000
Ph hng thng
2.000.000
6.000.000
2.000.000
II.
Bng thng (Download = Upload)
Bng thng trong nc

32 Mbps
50 Mbps
34 Mbps
640 Kbps
1536 Kbps
640 Kbps
01 IP tnh min ph
01 IP tnh min ph
01 IP ng
04 IP tnh min ph
ti a
Bng thng quc t ti
thiu
IP WAN
IP tnh
III.
Cc khon ph khc (VND)
Mua thm 1 block IP tnh

500.000
(gm 4 IP tnh)
Chuyn i t tc
thp ln tc cao
Min ph
(ng/TB/ln)
Chuyn i t tc cao
xung
tc
thp
200.000
(ng/TB/ln)
Khi phc li dch v
67
Min ph
(ng/TB/ln)
Chuyn dch khc a ch
1.500.000
(ng/TB/ln)
Chuyn dch cng a ch
500.000
(ng/TB/ln)
(p dng t ngy 15/5/2010)
Gi thit b
Chng loi thit
Media
Modem Proware Modem TP Modem Draytek Modem Draytek
Converter
M-R460
Link TL-R460
- 2910
- 2950
Gi bn (VND)
550.000
250.000
500.000
2.800.000
11.500.000
Chi tit : http://www.vietteltelecom.vn/internet/ftth/2009/06/4262/
Chi phi lp t d tinh : 30.000.000 VND
Tng chi ph :
Ta trung tm
68
90 007 $
Chi nhnh 1
48 694 $
Chi nhnh 2
73 699 $
Internet v megawan :
Tng Cng
1 000 $
213 400 $
V. Tng kt
Vi m hnh thit k mng ny, nhm p ng y cc yu cu ca cng ty
ABC . Hn na, kh nng m rng ca h thng l rt ln. Nhng im mu cht
ca ti c th hin :
im mnh :
D n thit k mng ny p ng y yu cu ca cng ty ABC . c th hin qua cc chi tit
sau :
Bo mt cao
69
Sn sng cao
Thit k theo s phn cp d thay i, m rng, nng cp, bo tr .
H thng web, mail server truy cp t cng ty v internet
H thng qut vn tay v th ngn hng
H thng Voip tit kim chi ph v m rng cao
Ton b h thng s dng Patch panel v Outlet to thm m cho h thng mng v ta
nh
im yu nguyn nhn v so snh
Cn nhiu nhn vin quan tri v bao tri h thng.

Nhm chng em mun a ra mt h thng mng tt nht , mt gii php an ninh cht
ch nht vi cc thit b thuc din cao cp nht c th, vn tin bc nhm khng
quan tm lm . V th khi tng kt li gi c ln ti 4 t 2 cho ton b h thng.
Gi c h thng cao v nhm s dng nhng thit b cao cp v c kh nng hot ng
rt tt. Ly dn chng h thng firewall : ti sao s dng h thng firewall checkpoint
vi gi thit b rt cao m khng s dng cc h thng firewall ca iptables hoc ISP?
Bi v check point c nhng tnh nng vt tri hn hn iptables.
70
So snh : check point v iptables

C hai u s dng "stateful packet filtering" firewall. Tuy nhin, iptables ch dng li
tng IP v to iu kin cc ng dng tch hp khc kim sot packets tng cao
hn xuyn qua "target" QUEUE ca netfilter. Trong khi , checkpoint bao c 7 tng
OSI v n c kh nng kim sot kh su vi ni dung packet ca tng application (v
d, n c th kim sot HTTP packets).
Iptables tht ra ch l "interface" pha user tng tc vi netfilter pha kernel.

Bi th, so snh kh nng ca checkpoint vi iptables th ng ra nn so snh pha
netfilter thay v so snh vi pha iptables.
Netfilter / iptables cc k gn nh v nhm pht trin n khng quan tm n vic

cung cp GUI iu khin. Ch c mt s nhm to nhng ci GUI (n gin v
phc tp) khc nhau gip iu chnh v kim sot rules cho d. Trong khi , GUI
ca Checkpoint cc k tinh xo (v nu khng c GUI th c l checkpoint s kh
dng). Checkpoint i hi ti nguyn kh nhiu v trn b c ch lm vic ca n kh
nng n.
Netfilter / iptables khng tch hp VPN m ch c nhng modules gip x l VPN qua
nhng giao thc thng thng to VPN (IPSEC AH/ESP, PPTP). Trong khi ,
Checkpoint c gii php VPN y v tch hp hon ton vi firewall; s dng nhiu
phng thc authentication khc nhau.
71
Li khuyn :
Nu cng ty chu u t trin khai h thng mng ny , tuy gi c hi cao, nhng b

li, h thng s hot ng lun n nh. D liu an ton vi h thng firewall check point ,
IPS. Mng hot ng thng sut vi m hnh thit k phn cp c d phng . V kh nng
m rn mng v sau cng d dng hn.
Tuy nhin, nu mun gim gi tin xung. Ta c th s dng h thng firewall ISA ca
Microsoft, gi thit b s gim ng k. V d: thit b Firewall check point VPN1- UTM
& Crossbeam Systems - C6 gi 5,250 USD (ly t
http://www.checkpoint.com/products/choice/platforms/crossbeamc6.html), cn 1 server
ISA ch tm 2000 USD .
VI. Ti liu tham kho

[1] Nguyn Nam Thun, L c Ho 2006, T hc thit k mng & xy dng mng my tnh ,
nxb Giao thng vn ti.
[2] Ip phone, www.ipphone-warehouse.com ,ngy 25/03/2011,
72
http://www.ipphone-warehouse.com/Grandstream-GXE5028-IP-PBX-VoIP-Phone-Systemp/grandstream-gxe5028-ip-pbx.htm
[3] Check Point, www.checkpoint.com ,ngy 25/03/2011,
www.checkpoint.com
[4] Wikipedia 2011, vi.wikipedia.org, ngy 1 thng 4 nm 2011, http://vi.wikipedia.org/wiki/M
%E1%BA%A1ng_ri%C3%AAng_%E1%BA%A3o
[5] Sieuthivienthong, sieuthivienthong.com, , ngy 1 thng 4 nm 2011,
http://www.sieuthivienthong.com/SWITCHCISCO/254/category.html
[6] T mng, tumang.us, ngy 1 thng 4 nm 2011,
http://www.tumang.us/vn/Tu-rack-27U-sau-1000-p1421-Tu-mang-27U-sau-1000mm-Cualuoi-n465
[7] Qun tr my ch, quantrimaychu.com, ngy 25 thng 3 nm 2011
http://quantrimaychu.com/showthread.php?t=3577&s=f9c7aa8c3cc69061d93fc1c891cefc43
73

Do An Thiet Ke Mang

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Do An Thiet Ke Mang

Uploaded by

Copyright:

Available Formats

Muc

bit m bo c tc ti im Gateway m hu ht cc traffice trao i thng tin gia mng

H1.2. M hinh mang sn co cua cng ty ABC

SAMSUNG E1920NX Wide

Switch Cisco WS-CE500-24TT

IBM System x3550M3 (7944 - A2A)

Chi nhnh 1 v chi nhnh 2 va c xy dng mi hon ton .

2. Cac yu cu v h thng mang:

H1.3. Cac yu cu cua h thng mang

H thng my ch mnh , hot ng 24/24, m bo yu cu truy cp t mi tr s

Thit k h thng mang

M hinh mang logic:

H2.1 M hnh logic ta nh chnh

M hinh mang toan nha bao gm:

H2.2. M hnh logic chi nhnh 1

M hinh mang bao gm:

Tp trung s lng ln nhn vin cua cng ty ABC

H2.3. M hnh logic chi nhnh 2

Ly do chon m hinh mang:

Vi m hinh mang trn se am bao c cac yu cu v tc x ly, an toan thng

Cc ta nh u c h thng my ch c s d liu ring,nhm gim ti cho my

Quy tip tn: 2PC 1 IP Phone

Phong thu ngn: 5 PC 2 Print 2 POS 1 IP Phone

Phong giao hang: 1 PC 1 IP Phone

Kho hang: 2 PC 2 IP Phone 2 Print

Bao hanh: 5 PC 5 IP Phone 2 Print

H2.7 S vt l Tr s chnh lu 1 phng server

Toa nha chinh - Tng 3:

Phong Giam c: 1 PC 1 IP Phone

Phong Pho Giam c: 1 PC 1 IP Phone

Phong Th Ky: 2 PC 2 IP Phone 2 Print

Phong Nghin Cu Thi Trng: 5 PC 2 IP Phone 2 Print

Phong Kinh Doanh: 6 PC 6 IP Phone 1 Print

Phong K Toan Tai Chinh: 5 PC 5 IP Phone 1 Print

Phong Nhn S: 5 PC 3 IP Phone 1 Print

Phong IT: 5 PC 1 IP Phone 1 Print

Phong Hop + Phong Nghi: 2 Acess point

Chi nhanh 1 din tich 600 m2 (30x20)

H2.7 S vt l Chi nhnh 1 lu 1

CN1 - Tng hm:

H2.8 S vt l chi nhnh 1 lu 2

Phong bao hanh: 4 PC 1 IP Phone

H2.9 S vt l chi nhnh 1 lu 3

Phong tip thi va hoch inh chin lc: 12 PC 12 IP Phone 2 Print

H2.10 S vt l chi nhnh 2 lu 1

B phn thu ngn gm 6 PC + 2 my in + 1 my qut th .

B phn giao hng gm 2 PC + 1 my tin

B phn kho-lu 1 gm 1 PC + 1 my tin.

Quy tip tn 1 PC.

Ngoi ra, cn ni ti 2 my qut vn tay v 2 my qut th

H 2.11 Thit b CN2-lu 1

H2.12 S vt l chi nhnh 2 lu 2

Thu Ngn : 6 ngi

Giao hng : 10 ngi

Qun kho : 5 ngi

Nhn vin t vn : 30 ngi

Chi tit thit k :

H2.13 Chi tit thit b CN2- lu 2

B phn thu ngn gm 6 PC + 2 my in + 2 my qut th.

Giao hng gm 2 pc v 1 my in.

B phn lp t-bo tr gm 20 PC v 2 my in.

Switch c ni ln switch trung tm bng port uplink 1000Mb/s.

H2.14 S vt l chi nhnh 2 lu 3