Proposed ANB Multi Domain Solution

Proposed ANB multi domain
solution
Report
0
Contents
1. Introduction
1.1 Background of the organization
1.2 Scope of the project
2. Requirements and Constraints
2.1 Functional Requirements
User needs, LAN, WAN connectivity, Website needs
Any specialized needs
Specifications
3. Analysis
3.1 Minimum requirements
3.2 Accounts
3.3 Access to data/documents across the proposed network
3.4 Network Vulnerabilities
3.5 Threats to the network
3.6 Critical infrastructure
5. Design
4.1 Network design
4.2 Proposed Machine layout
4.3 Connecting of the network together
4.4 Data protection
4.4 Plan for deployment of workstations
4.5 DNS records
4.6 Plan for updates and patches
4.7 DFS replication
4.8 Data protection
4.9 Network security
4.10 Continuation in event of disaster
4.11 Intranet
4.12 Website
4.11 Testing check list
4.12 Performance standards and quality expectations
4.13 Threat model
4.14 Threat management Plan
4.15 Develop security policies
4.16 VLANs
5. Implementation
5.1 Installation plan
5.2 System maintenance
6. Maintenance
6.2 Disaster recovery
7. Sign off page
1
Harry McCourt ANB report
1. Introduction
1.1 Background of the organization
Scenario
Aussie Nuts and Bolts (ANB) is a leading distributor of stainless steel nuts and bolts. We
operate from Welshpool in Western Australia. We have grown significantly in the last two
years and now wish to open another site in Adelaide and Melbourne John Jones, the
companys new IT manager, recently replaced the companys infrastructure at Welshpool and
we now have a streamlined Server environment.
1.2 Scope of the project
To set up a network and give recommendations on equipment to use in replacement for the
out of date equipment that is currently being used at Aussie Nuts and Bolts (ANB) . Training
may need to be planned for the staff to learn how to use the programs and how to operate the
programs to pass this knowledge on to their clients.
What this project includes

-Installation of devices
-Testing of the devices
-Creating accounts for employees
-We will purchase the electronic devices
-Migration of data
-We will monitor the System for 2 weeks after installation; we can make an agreement to
monitor/fix up issues outside of this time for a monthly fee.
-We will find a solution to rewiring the buildings cabling
What this project doesnt include

-We will not alter the building
-We will not provide internet we can recommend an internet provider
-We will not provide a merchant bank account for sales
-We will not provide the internet however we can recommend plans from internet service
providers that could be used for the business.
2
Allowing users to continue working efficiently in intermittently connected or disconnected

scenarios by enabling uninterrupted access to user and configuration data under these
conditions.
-Delivering a consistent computing environment to users from any computer when their
desktop or laptop computer is unavailable or in scenarios where users are not assigned a
specific computer.
-Minimize data loss by enabling centralized backup of user data and configuration files by the
organization.
-Eliminate the need to manually configure user settings, install applications, or transfer user
files to provide users access to their computing environments on any computer.
Design a solution where users dont have an assigned computer but log on to any available
computer in a pool of computers. This helps reduce hardware and administration costs.
Easing the IT task of implementing centralized backup of user files while satisfying need for
these ANB states that is imperative that all new technology is sustainable and scalable. Allow
for data to be shared at the various sites and to allow for redundancy
We wish to have a system that is resilient and will not fail on a single point of failure.
Allowing users to continue working efficiently in intermittently connected or disconnected
scenarios by enabling uninterrupted access to user and configuration data under these
conditions.
We will monitor the System for 2 weeks after installation; we can make an agreement to
monitor/fix up issues outside of this time for a monthly fee. What this project doesnt include
We will not alter the building We will not provide internet we can recommend an internet
provider
Due to ANBs great success in recent years ANB is looking to expand to a multi domain Ault
and child tree. These sites include Perth, Adelaide and Melbourne the expansion will include
an additional site at London and Singapore.
Some of the issues that need to be addressed are;

-Autotomized server update schedules
-Security of the network internal and external
-Transportation of data
-Shared access to files across all locations on networks
-DHCP implementation
-Audits on files
-Scalable network
-Server optimisation
-Server availability
There will need to be software installed on the Server to scan for viruses, optimise
performance, updating schedule will need to be set up so that the updates are done on the
3
server and then the updates are then branched out to its client computers so there will need to
be access to the internet so that the server can receive its updates. The updates can be set up
outside of staff hours and done autonomously requiring less administration costs and wont
affect the workers working at Aussie Nuts and Bolts (ANB).
Its going to be important to connect to the server from more than the one location this will
make the server more accessible from Aussie Nuts and Bolts (ANB). The computers will
need to be able to log in on any computer and have access to the network, have access to the
internet, emails and complete other functions that are a requirement for the works to complete
their job.
2.2 Non-functional Requirements
Aussie Nuts and Bolts (ANB) has limited amount of resources which limits of what can be
purchased as well as the amount of time that can be spent on upgrading the current hardware
the creating a system to store data and train the people in how to access and use a computer
as efficiently as possible. Aussie Nuts and Bolts (ANB) is currently working in the location
and to the migration of information will need to be ready by this deadline. The users
operating the new systems will need to be taught and this will take some time to master the
software supplied. Some of the issues that need to be addressed are; file replication of the
servers at multiple locations. Improved experience for the mobile work force
Disaster recovery data availability and plan Improved stability and availability Enforce health
policy Delegate control Back-ups Efficient use of bandwidth plan will need to be come with
to ensure the sharing of the data between the servers is acceptable due to the replication of the
files these files will need bandwidth A solution will need to be come up with to resolve the
issues in relation with additional security measures. Measures will need to cover files for
managerial files financial department and the design department to ensure the security of the
designs that are being manufactured.
There will need to be a virtual connection to the server so that it can be accessible off-site so
that the server can be fixed by a third party that isnt working at Aussie Nuts and Bolts
(ANB) if Aussie Nuts and Bolts (ANB) contracts someone else to maintain the network they
will be able to access the server easily and make the changes that are needed.
Budget
The budget is limited to 1,500,000 dollars for the new servers and for equipment upgrade in
and the cost of additional servers and networking devices at each of the 5 locations. The
timeline for this project is 4 months at each location months which is when the clients want to
start operation the upgraded network.
4
The internal and external users within the network will have to log into the hypervisor which
is being hosted on the IIS server this server will be located at each site Perth Melbourne,
Perth and Adelaide which will require a log in external users will require a access licence.
The users within ANB will share the resources located within the ANB network
The bare mental servers will have access to both the external and internal network that is
created for the client computers that is used to set group policies for the computers within the
network used to enforce rules within the network. The bare metal servers will have two NIC
network interface cards.
This will give access to the servers for the network administrator the other machines that the
server is hosting will be on a different network and will not be able to see this machine to
ensure that the server is secure from the employees with in the network.
5
3. Analysis
3.1 Minimum requirements
The computers supplied will need to have the minimum requirements to run windows 7 and
be able to access Microsoft word, SQL and other essential things that are required for an
organisation/business to run effectively. Active Directory is a service that is developed by
windows to create usernames and passwords for accessing the computer system and the
Windows domain networks. The equipment needs to be name brand with a minimum of a 3
year warranty to ensure that Aussie Nuts and Bolts (ABN) are able to be supplied with
replacements in the event of equipment breaking down.
A mirror server will be set up there will need to be a group policy set up to send the data to
the second server to minimise down time. In the event of the server crashing the spare server
will be used to control the traffic of the network this will make the company less affected by
shut downs. The people maintaining the network, doing the back-ups can fix up the problem
when its been noticed the alternative is to stop production and functioning as a business as
the information required for the business to run is on the server.
Applications and programs will need to be installed on the server to monitor the health of the
server and to manage the server and to make sure that the server is doing what its designed to
do as effectively as it can.
3.2 Accounts
Accounts (log in and email accounts) will need to be created for the staff members that work
at Aussie Nuts and Bolts (ABN), shares for General, Drawings, Management and User
documentation will need to be created as well as restrictions being made on who can access
the information located in the shares security settings will need to be made. Templates will
need to be added to the server so that office staff can easily access the templates.
6
3.3 Access to data/documents across the proposed network
Files/data/software can be shared across the network through being in being members of
global groups which gain access to different domains in the network forest the groups of
which can be members of domain local groups which can read files at each location.
The files will be shared to all authenticated users on the network the access to the files will be
controlled through the security pane located on the properties of the file itself. Groups who
need permissions will gain access to the file located on the server.
3.4 Network Vulnerabilities
Networks have much vulnerability to the outside world some of these include:
-Missing patches/updates
-Weak passwords
-Poorly configured routers
-Mobile devices
-USB flash devices
Many of these threats can be addressed through the use of group policy and reducing the
access of the users on the network and enforcing passwords are changed regularly. Passwords
of users should be updated regularly this can be set through group policy with mixed
characters, with an expiry within a certain period of time to ensure that passwords are
regularly being changed so that in makes these authorized accounts are less likely to be
7
accessed. This is paired with auditing of specific network files and encryption. These can be
enforced through the use of group policy.
3.5 Threats to the network
There are numerous threats facing ANB can be categorized one of two these are external and
internal threats these threats include:
DDoS
DDos attacks happen when masses amounts of devices collectively work together in flooding
websites/routers with requests for access these computers can be zombies waiting for the
command to be given by an individual that may want to deny services to others.
Virus/malware attacks
With todays every expanding knowledge of technology and innovation there are many tools
available to use to improve productivity in a workplace or in the everyday internet users
home. With these leaps in technology has created unexpected consequences for the everyday
user or business.
Malicious software can be delivered in many different ways from a simple USB, through
email which people are deceived into clicking on a link that is purposely deceitful in the
attempt of getting the computer user to run the executable software/code that can have
disastrous effects on a network.
One of the technological advancements is wireless access to the internet this requires a log in
username and a password can be set to clamp down on access to the network from
unauthorized users of the network. People can use their own devices to take advantage of the
wireless network and can be used to connect to the network; this is harder to enforce
security/policies.
Wireless frequencies as much as this can be a significant advantage in accessing information

around the workplace of sharing information and accessing of files this information needs to
be secured. This information can be accessed through accessed through different frequencies
the main issue with this is simply having an insecure password that can be easily guessed
through a password that lacks complexity
See below for available frequencies that can be connected through to electronic devices.
8
The main factors that affect wireless signal strength.
-Local environment/Physical objects/obstructions
-Wireless Network Interference
-Signal Sharing
-Distance between devices.
-Network usage
-Poorly set up antennas
-Spectrum channel limitations
-Wireless signal restrictions
Internal threats
Unauthorized publishing of confidential information
ANB faces issues of information being accessed by someone who is unauthorized to use it for
potential financial gain/sharing information with third party such as a competitor or insider
trading. This can be addressed through adding compartmentalization within the business to
limit access on a strictly need to know basis giving people enough information privileges
required to do their job nothing more.
Acts of sabotage
USB, floppy disk and other means of external drives can be used to deliver viruss to the
computers or servers on the network to gain access to the network.
Not much can be done in addressing the fact potentially hundreds of staff within the multiple
locations within the ANB network will need to access the internet to do their job. Education
can be offered to staff within the business to create awareness of threats to the network these
include phishing paired with firewalls, virus scanners and group policy. Restrictions can be
created giving people permissions only enough to do their jobs no more the advantage to this
is it limits the amount of power anyone person has on the network.
9
3.6 Critical infrastructure
In the ANB network there and many things can be considered critical infrastructure these
include:
Critical infrastructure Inside threat measures Outside threat measures Functions Threats
Domain controller Kerberos/Encryption Virus scanners, UTM, Used to store -DDoS

Routers passwords and to -Virus/malware
compare against attacks
File server Kerberos/Encryption Virus scanners, UTM, requests to access the -Acts of sabotage
Routers network, in addition -The human
to managing groups factor
Firewall/Software Kerberos/Encryption Virus scanners, UTM, on the network.
Routers
Server
The server will need to be put in a chilled room, to limit the chances of the server overheating
and causing damage. Id recommend putting an air-conditioning unit into the spare room,
might be worth putting some instruments into the room to measure the temperature and the
humidity this can be used to better regulate the conditions inside there server room. Putting a
lock on the door would be a good idea to limit access of the server this protects the hardware
from potentially being tampered with and limiting the access of the server to unauthorized
personnel.
Limiting access to Server room

The server rooms in the ANB network needs to be locked up to limit the access of the server
room, this should have strict access control methods potentially with security cards to keep
track of who has been in the server room this comes into use for auditing purposes. The
server room could potentially have cameras and security guards the security is limited only
by the budget of ANB.
Usage of rack servers are ideal because not only do they take up less space they are also
secure, they can be locked away in racks and bolted to the floor making the rack extremely
difficult to move.
Disable drives
USB, floppy disk and other means of external drives can be used to access company
information and can be disabled through group policy. Some organisations go as far as
inserting glue in the external drives to permanently prevent its use.
10
4. Design
4.1 Network design
The internal and external users within the network will have to log into the hypervisor which
is being hosted on the IIS server this server will be located at each site Perth Melbourne,
Perth and Adelaide which will require a log in external users will require a access licence.
The users within ANB will share the resources located within the ANB network The bare
mental servers will have access to both the external and internal network that is created for
the client computers that is used to set group policies for the computers within the network
used to enforce rules within the network. The bare metal servers will have two NIC network
interface cards. This will give access to the servers for the network administrator the other
machines that the server is hosting will be on a different network and will not be able to see
this machine to ensure that the server is secure from the employees with in the network. See
below for image of proposed domain solution.
11
4.2 Proposed Machine layout
Below is proposed machine layout for Perth

Location Physical machine Name of server VM machine Roles Comment
number
Perth 1 PER-BM-1 PER-VM-1 -Domain controller Primary DC

Hyper-V (Primary)
IP address -Active Directory
IP address 192.168.8.200 -DNS
192.168.1.250 -Windows backup
services
PER-VM-2 -Remote desktop

services
IP address -Windows backup
192.168.8.201 services
-WSUS
PER-VM-3 -SQL services

-DHCP
192.168.8.202 services
2 PER-BM-2 PER-VM-1 -Domain controller

Hyper-V (Secondary)
192.168.1.251
PER-VM-2 -Remote desktop
services
IP address -IIS
services
3 PER-BM-3 PER-VM-1 -Files and storage

Hyper-V services
IP address 192.168.8.205 services
192.168.1.252 -DFS
PER-BM-4 Hosting website

ANB Website
Hyper-V
4
IP address
IP address
192.168.8.206
192.168.1.253
12
Below is the IP reservation for devices within the network at the location of: Perth
Devices Start End
Workstation DHCP pool 192.168.6.1 192.168.8.200
Multifunction device 192.168.8.220 192.168.8.245
Below is the IP plans for the physical and virtual servers located in: Perth
Machine Network IP Subnet Network class
Gateway router 192.168.1.0/192.168.8.0 192.168.1.254/192.168.8.254 255.255.255.0 C
PER-BM-1 192.168.1.0 192.168.1.201 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.200 255.255.255.0 C
PER-VM-2 192.168.8.0 192.168.8.201 255.255.255.0 C
PER-VM-3 192.168.8.0 192.168.8.202 255.255.255.0 C
PER-BM-2 192.168.1.0 192.168.1.202 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.203 255.255.255.0 C
PER-VM-2 192.168.8.0 192.168.8.204 255.255.255.0 C
PER-VM-3 192.168.8.0 192.168.8.205 255.255.255.0 C
PER-BM-3 192.168.1.0 192.168.1.203 255.255.255.0 C
PER-VM-1 192.168.8.0 192.168.8.206 255.255.255.0 C
PER-BM-4 192.168.1.0 192.168.1.204 255.255.255.0 C
Hosting Website 192.168.8.0 192.168.8.252/192.168.100.252 255.255.255.0 C
13
See image below for network topology at location: Perth
14
See below for tables on proposed disk partitioning for Perth
DC-1
PER-BM-1 Reserved Storage
Operating systems on the server and programs to be saved here 150GB
Company data 250GB
User storage 500GB
DC-2
PER -BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
PER-BM-3 Reserved Storage
Company data 250GB
User storage 6x 1T drives 6T
15
Below is proposed machine layout for Melbourne

number
MEL 1 MEL-BM-1 MEL -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
MEL -VM-2 -Remote desktop

services
192.168.10.201 services
-WSUS
MEL -VM-3 -SQL services

-DHCP
192.168.10.202 services
2 MEL -BM-2 MEL-VM-1 -Domain controller

Hyper-V (Secondary)
192.168.100.251
services
IP address -IIS
services
3 MEL-BM-3 MEL -VM-1 -Files and storage

Hyper-V services
192.168.100.252 -DFS
16
Below is the IP plans for DHCP pool and network device located in: Melbourne
Devices Start End
Below is the IP plans for the physical and virtual servers located in: Melbourne
Gateway router 192.168.100.0/192.168.10.0 192.168.100.254/192.168.10.254 255.255.255.0 C
MEL-BM-1 192.168.100.0 192.168.100.201 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.200 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.201 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.202 255.255.255.0 C
MEL -BM-2 192.168.100.0 192.168.100.202 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.203 255.255.255.0 C
MEL -VM-2 192.168.10.0 192.168.10.204 255.255.255.0 C
MEL -VM-3 192.168.10.0 192.168.10.205 255.255.255.0 C
MEL -BM-3 192.168.100.0 192.168.100.203 255.255.255.0 C
MEL -VM-1 192.168.10.0 192.168.10.206 255.255.255.0 C
17
See image below for network topology at location: Melbourne
18
See below for tables on proposed disk partitioning for Melbourne
DC-1
MEL-BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
Company data 250GB
User storage 500GB
File server
Company data 250GB
19
Below is proposed machine layout for Adelaide

number
Adelaide 1 ADE-BM-1 ADE -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services

services
192.168.12.201 services
-WSUS
ADE -VM-3 -SQL services
-DHCP
192.168.12.202 services
2 ADE -BM-2 ADE -VM-1 -Domain controller

Hyper-V (Secondary)
services
ADE -VM-2 -Remote desktop

services
IP address -IIS
services
3 ADE -BM-3 ADE -VM-1 -Files and storage

Hyper-V services
192.168.150.252 -DFS
20
Below is the IP plans for DHCP pool and network device located in Adelaide
Devices Start End
Below is the IP plans for the physical and virtual servers located in: Adelaide
Gateway router 192.168. 192.168. 255.255.255.0 C

150.0/192.168.12.0 150.254/192.168.12.254
ADE-BM-1 192.168.150.0 192.168.150.201 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.200 255.255.255.0 C
ADE -VM-2 192.168.12.0 192.168.12.201 255.255.255.0 C
ADE -VM-3 192.168.12.0 192.168.12.202 255.255.255.0 C
ADE -BM-2 192.168.150.0 192.168.150.202 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.203 255.255.255.0 C
ADE -VM-2 192.168.12.0 192.168.12.204 255.255.255.0 C
ADE -VM-3 192.168.12.0 192.168.12.205 255.255.255.0 C
ADE -BM-3 192.168.150.0 192.168.150.203 255.255.255.0 C
ADE -VM-1 192.168.12.0 192.168.12.206 255.255.255.0 C
21
See image below for network topology at location: Adelaide
22
See below for tables on proposed disk partitioning for Adelaide
DC-1
ADE -BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
ADE-BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
ADE-BM-3 Reserved Storage
Company data 250GB
23
Below is proposed machine layout for London

number
London 1 LON-BM-1 LON -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services

services
IP address -WSUS
services
LON -VM-3 -SQL services

-DHCP
192.168.14.202 services
2 LON -BM-2 LON -VM-1 -Domain controller

Hyper-V (Secondary)
services
LON -VM-2 -Remote desktop

services
IP address -IIS
services
3 LON-BM-3 LON -VM-1 -Files and storage

Hyper-V services
192.168.200.252 -DFS
24
Below is the IP plans for DHCP pool and network device located in London
Devices Start End
Below is the IP plans for the physical and virtual servers located in: London
Gateway router 192.168. 192.168. 255.255.255.0 C

150.0/192.168.14.0 150.254/192.168.14.254
LON-BM-1 192.168.150.0 192.168.150.201 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.200 255.255.255.0 C
LON -VM-2 192.168.14.0 192.168.14.201 255.255.255.0 C
LON -VM-3 192.168.14.0 192.168.14.202 255.255.255.0 C
LON -BM-2 192.168.150.0 192.168.150.202 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.203 255.255.255.0 C
LON -VM-2 192.168.14.0 192.168.14.204 255.255.255.0 C
LON -VM-3 192.168.14.0 192.168.14.205 255.255.255.0 C
LON -BM-3 192.168.150.0 192.168.150.203 255.255.255.0 C
LON -VM-1 192.168.14.0 192.168.14.206 255.255.255.0 C
25
See image below for network topology at location: London
26
See below for tables on proposed disk partitioning for London
DC-2
LON -BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
LON-BM-2 Reserved Storage
Company data 250GB
User storage 500GB
File server
LON-BM-3 Reserved Storage
Company data 250GB
27
Below is proposed machine layout for Singapore

number
Singapore 1 SIN-BM-1 SIN -VM-1 -Domain controller Primary DC

Hyper-V (Primary)
services
SIN -VM-2 -Remote desktop

services
IP address -WSUS
192.168.16.201
SIN -VM-3 -SQL services
-DHCP
192.168.16.202 services
2 SIN -BM-2 SIN -VM-1 -Domain controller

Hyper-V (Secondary)
192.168.251.251
SIN -VM-2 -Remote desktop
services
IP address -IIS
services
3 SIN -BM-3 SIN -VM-1 -Files and storage

Hyper-V services
192.168.252.252 -WSUS
-DFS
28
Below is the IP plans for DHCP pool and network device located in Singapore
Devices Start End
Below is the IP plans for the physical and virtual servers located in: Singapore
Gateway router 192.168. 192.168. 255.255.255.0 C

250.0/192.168.16.0 150.254/192.168.16.254
LON-BM-1 192.168.250.0 192.168.250.201 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.200 255.255.255.0 C
LON -VM-2 192.168.16.0 192.168.16.201 255.255.255.0 C
LON -VM-3 192.168.16.0 192.168.16.202 255.255.255.0 C
LON -BM-2 192.168.250.0 192.168.250.202 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.203 255.255.255.0 C
LON -VM-2 192.168.16.0 192.168.16.204 255.255.255.0 C
LON -VM-3 192.168.16.0 192.168.16.205 255.255.255.0 C
LON -BM-3 192.168.250.0 192.168.250.203 255.255.255.0 C
LON -VM-1 192.168.16.0 192.168.16.206 255.255.255.0 C
29
See image below for network topology at location: Singapore
30
See below for tables on proposed disk partitioning for Singapore
DC-1
SIN-BM-1 Reserved Storage
Company data 250GB
User storage 500GB
DC-2
Company data 250GB
User storage 500GB
File server
Company data 250GB
31
4.3 Connecting of the network together
At each location there will be multiple domain controllers in the event of an outage for
maximum uptime the servers will be connected through a WAN, LAN and VPN connection.
WAN connection requires a specific plan through an internet service provider and the use of
a virtual private network. Rules will need to be put in place to limit access to the servers on
the routers.
There will be connections made between

EU and ASIA arms of ANB made
through virtual private network. UTMs
will be used to filter out potential threats
that may threaten the network in addition
to the image below there is a server based
in Perth being used to host the ANB
website, See below for details.
The network users at each location will have limited access to the network, the users will
need to log into the network through the intranet. Located on the intranet there will be
eligible programs that can be accessed on the network. The server will require multiple NICs
this will allow multiple connections to multiple networks ensuring security of the server and
assets in addition of offering a platform in which allows the sharing of information on the
network. In addition to the use of layer 3 switches enforcing VLANs within each location
will ensure the security and confidentiality of potentially sensitive/critical information that
may be related to business services.
See below for example
32
4.4 Plan for deployment of workstations
One of the computers from Perth will be captured acronis snap deploy can be used for the
rolling out the default image ISO. After the ISO is created it can be used through Windows
Deployment Services. PXE boot will be used to then distribute the updates to the client
computers.
4.5 DNS records
Computers in each department will be named by the first 3 letters of their names such, their
department and the number of the PC each computer will be numbered and given a unique
device number for remote desktop for support. The advantage of this is easier to keep track
of the computers/devices connected in the DNS managers snap in.
Below is an example of the DNS records seen by the DNS manager snap in
Location Department PC number DNS name
Perth I.T. 1 PER-PC-I.T.-1
Adelaide I.T. 1 ADE-PC-I.T -1
Melbourne I.T. 1 MEL-PC-I.T -1
London I.T. 1 LON-PC-I.T -1
Singapore I.T. 1 SIN-PC-I.T -1
Perth HR 1 PER-PC-HR-1
Adelaide HR 1 ADE-PC-HR-1
Melbourne HR 1 MEL-PC-HR-1
London HR 1 LON-PC-HR-1
Singapore HR 1 SIN-PC-HR-1
4.6 Plan for updates and patches
WSUS can be installed on the server the updates can be then checked to limit the effect of a
dud update to ensure that it doesnt have an effect on the server in this case it will then be
applied to sever and then mirrored to the additional servers the advantage of this is to
minimize the download of the business that can affect the migration of data and network
performance. Computers can be automatically updated this can be downloaded from the
Server at each location Perth, Melbourne, Adelaide and then shared with the work stations at
each location.
33
4.7 DFS replication
Name space plan: Corp-data
Location CEO Design Directors Finance HR I.T. Marketing Production Sales
Perth \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS- \\Corp-data\PE-FS-
ANB.local 1\CEO_Perth 1\Design_Perth 1\Directors_Perth 1\Finance_Perth 1\HR_Perth 1\I.T_Perth 1\Marketing_Perth 1\Production_Perth 1\Sales_Perth
Name space CEO_Perth Design_Perth Directors_Perth Finance_Perth HR_Perth I.T_Perth Marketing_Perth Production_Perth Sales_Perth
share
Melbourne \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-FS- \\Corp-data\MEL-
ANB.local 1\CEO_Melbourne 1\Design_Melbourne 1\Directors_Melbourne 1\Finance_Melbourne 1\HR_Melbourne 1\I.T_Melbourne 1\Marketing_Melbourne 1\Production_Melbourne FS-
1\Sales_Melbourne
Name space CEO_Melbourne Design_Melbourne Directors_Melbourne Finance_Melbourne HR_Melbourne I.T_Melbourne Marketing_Melbourne Production_Melbourne Sales_Melbourne
share
Adelaide \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-FS- \\Corp-data\ADE-
ANB.local 1\CEO_Adelaide 1\Design_Adelaide 1\Directors_Adelaide 1\Finance_Adelaide 1\HR_Adelaide 1\I.T_Adelaide 1\Marketing_Adelaide 1\Production_Adelaide FS-
1\Sales_Adelaide
Name space CEO_Adelaide Design_Adelaide Directors_Adelaide Finance_Adelaide HR_Adelaide I.T_Adelaide Marketing_Adelaide Production_Adelaide Sales_Adelaide
share
London \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-FS- \\Corp-data\LON-
UK.ANB.local 1\CEO_London 1\Design_London 1\Directors_London 1\Finance_London 1\HR_London 1\I.T_London 1\Marketing_London 1\Production_London FS-1\Sales_ London
Name space CEO_London Design_London Directors_London Finance_London HR_London I.T_London Marketing_London Production_London Sales_ London
share
Singapore \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS-1\ \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS- \\Corp-data\SIN-FS-
SIN.ANB.local 1\CEO_Singapore 1\Design_Singapore 1\Directors_Singapore Finance_Singapore 1\HR_Singapore 1\I.T_Singapore 1\Marketing_Singapore 1\Production_Singapore 1\Sales_Singapore
Name space CEO_Singapore Design_Singapore Directors_Singapore Finance_Singapore HR_Singapore I.T_Singapore Marketing_Singapore Production_Singapore Sales_Singapore
share
34
4.8 Data protection
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for
preservation in the event of a equipment failure, fire or other unforeseen catastrophes. Back-
ups can be executed in different ways depending on the goal and the disaster recovery plan.
Back-ups can be done remotely and automatically.
Protect back-ups
Backing up data is an essential part of network recovery but its important to remember that
these media devices storing the data/information can be stolen and used by an unauthorized
individual outside of the company. The media devices should have appropriate paperwork
attached which the personnel who last backed up to it along with the time of last back up.
Encryption should be used to secure the data/documentation paired being stored at multiple
locations under lock and key ensuring access in event of a crisis.
Back-up strategies
A. Automated back-ups
Back-ups can be set on an automated basis this is usually done when the network is done
usually at night or during a point in time in which the network usage is lower after a virus
scan has been completed. The advantages of this are it limits the input required by the
network administrator.
Disadvantages of back-ups being stored on the network is that if there was a hardware failure
the data on the network will be significantly harder to be accessed then the other back-up
alternatives.
B. Media back-ups
The storage of the sensitive data/backups should be stored off site where its less likely to get
damaged in case of a fire. Important to make sure the devices are kept away from the heat
and shouldnt be left in a damp environment where it could damage the disks. Once a month
the data should also be saved to the cloud to make save the data and give it another layer of
protection. There should be more than the one copy of backups which should be locked away
as the data may be sensitive and important to keep this safe.
Disadvantage of this is the device unless stored correctly or in a safe place can be accessed by
unauthorized users which can then be passed on to competition or can be used in cases of
insider trading.
C. Cloud
Cloud services can be purchased through providers, this gives an additional layer on
protection of the data. This data can be accessed by people at each location the log in
35
information for this would have be to recorded in the event that this information needs to be
accessed in the event of an emergency. The log in information will to be kept purely on a
need to know basis but needs to be simple enough for it not to effect its ease of access.
The disadvantage of cloud storage is, that it requires a significant amount of internet usage
that can potentially cripple the productivity within the business in the event of a disaster and
wanting to download and apply this to the network.
The ideal back-up plan would have a combination of one or more of these stored at strategic
locations.
Hardware failure
Hardware failureIs a serious issue within a business, through maintaining and looking after
the equipment it is important to have copies of the information on multiple devices such a
RAID server or a mirror server that gives a business greater up time and giving the network
administrator more time to fix the network. It is also recommended to have redundant links in
a network that can pick up traffic in the event of one leg going down which wont then stop
the production or the passing on of potential critical information, information that may need
to be relied on in real time.
4.9 Network security

Malware/virus scanners
As part of a package to some virus/scanners Administrators can be emailed in real time when
threats appear such as suspicious activity to give the Administrator time as much possible to
breach the potential security breach. The server would download updates for the anti-virus
and other essential software needed for the operation of a business/organization such as the
ANB on which the computers that it had control over would then be sent the software updates
and then installed rather than each computer doing it individually. By doing this it limits the
chances of mistakes its all automatic. This is set up along with while the server is being set
up to get it beyond the period of purchasing the network to make sure the server and network
doesnt just break down as the system has stopped being worked on.
36
Types of firewalls
What is a firewall?
A firewall is a network device that can be both software and hardware that is used to monitor
in and out going traffic and decides what traffic to allow or deny depending n pre-set rules
within the device.
In a networking environment there are many types of firewalls these firewalls include
Types of firewalls Description
Application/Proxy firewalls Proxy service is a method in which information on the internet is retrieved by the firewall and sen to
the desired location and vice versa.
Stateless/Packet filtering Stateless this is achieved through the filtering of traffic using set filters others that are not wanted or
required are discarded. Allowing access from certain ports denying access from others.
Stateful filtering Looks inside every packet more expensive option, more thorough option
Hardware firewalls These devices are built for the primary reason for the protection of a network these devices are called
UTM (Universal Threat Management) devices they have great granularity and can do many things
simultaneously they range in cost from hundreds to tens of thousands.
Software These Firewalls are included in routers and on your computer these Firewalls are less powerful and can
do significantly much less than a UTM (Universal Threat Management) device.
Intrusion detection alarm

Some antivirus systems such as Trends business solution can send out emails to inform the
systems administrator in the event data is being transferred, or any suspicious activity that
may being done on the network. This gives the administrator notification in real time so the
Administrator has more time to deal with a potential internal or external threat to ANBs
system.
Encryption
Encryption can be used to secure data prevent the information being stolen its impossible to
make a plan that is completely bullet proof but trying find a balance between the security of
intellectual data without hindering the use of the computers ability for ease of use. Windows
provides an encryption feature this will give you a key which can be then exported to a server
a virtual server which can be turned off to avoid the keys from being stolen.
Encryption can be used to secure data on USBs and on laptops the certificates can be
exported to a server that stores the keys to the encryption for a later date and shut down to
limit the access to these keys. The designs the financial documents and managerial
documents. To encrypt whole drives can seriously affect the use of the performance of the
device.
Kerberos encryption
Creates and certificate that is used to authenticate the client/server can be transferred and
installed by user, users with certificate can gain access to the documentation Kerberos has
disadvantages however ideally should be paired with other encryption methods.
37
These disadvantages include:
-Ability to be intercepted
-Not time stamped
-Requires only one certificate of authentication.
IPsec encryption
Encrypts the data/packets in transit within the network and outside the network for secure
communications. IPsec tunnel mode transport adds additional encryption to the packet this is
done within the router without the encryption key on the router on the other side it will not be
able read the packets being received. When being sent back the packet will receive an
additional layer of encryption.
This provides an automated solution for

-Authentication
-Integrity
-Confidentially
4.10 Continuation in event of disaster
RAID
RAID stands for Redundant Array for Inexpensive Disk, in general a RAID-enabled systems
used multiple hard disks to improve the performance of the server to increase the level of
redundancy and tolerance for a machine. The data that is being processed is being shared on
all disks so in the event of a disk being damaged the system will self-heal, the other disks will
take up the slack created from the hard drive that is down. The advantage of this is it gives
the network administrator more time to fix a potential broken or corrupt hard drive and
increases the availability of the server that is essential in ANBs ability to function.
Hyper-v replica
Hyper-v replica can be set-up in the event a machine going down this runs off a shared file on
the network in the event of an outage or the computer is brought down the additional
computer will pick up from where the other computer left off. This maximizes up-time of the
network and minimizes the cost of productivity in the workplace.
Back-up power supply/UPS

In the event of an outage in the area in which ANB is operating in a power generator can be
brought online at the site. The non-essential parts of the operation such as marketing will be
temporarily brought offline to preserve power to the location. Back-up will be done during
this time in an attempt to limit the loss of data prior to this period in time.
Hardware failure
Is a serious issue within a business, through maintaining and looking after the equipment it is
38
important to have copies of the information on multiple devices such a RAID server or a
mirror server that gives a business greater up time and giving the network administrator more
time to fix the network. It is also recommended to have redundant links in a network that can
pick up traffic in the event of one leg going down which wont then stop the production or the
passing on of potential critical information, information that may need to be relied on in real
time.
4.11 Intranet
Intranet will be hosted at each location Perth, Adelaide, Melbourne, London and Singapore
this will be located on bare metal server number two virtual machine number two at each
location. With fail over clustering enabled at each location this will allow the constant uptime
of the Intranet in the event of a server is brought down for maintenance or outage it will be
replace by an alternative server at the closest location. A forward lookup zone will need to be
created in the DNS manager to covert the web-address to an I.P. address. Reserve look-up
can be configured to look up the users connecting to the network.
4.12 Website
ANBs website is located in Perth on Bare metal server number four, this server is dedicated
for the use of hosted the server. The server will have two different NICs to connect to the
outside world in addition to its UTM, firewall and router. This will give users around the
world access to ANBs website with the addition of switches and VLANs this creates a one
way access to the hosting server by the network administrator. The reason for this is in the
event someone tries to hack into the network the hacker is stuck in the hosting server creating
a container in which the user is unable to penetrate further into the network the server will be
locked on the VLAN 99 this is the VLAN set for administration of the network.
39
Below is an image that displays the demilitarization zone
40
4.13 Testing check list
See below for checklist

location: Perth
Phase Device Virtual machine number Install the following Progression

Complete/Incomplete
Server PER-BM-1 0 -Windows server 2012r2
installation -Install Hyper-V
- Anti-virus software
1 -Promote to domain controller
-Active directory
-Sites and services
-DNS
2 -Remote desktop
3 -Windows back-up services
-SQL services
-DHCP
PER -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-Windows back-up
PER -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
1 -Files and storage services
-Remote desktop services
-Windows backup services
Configuration settings Commands
DNS Ipconfig /flushdns
Ping Ping
Route Tracert
Display ARP Cache ARP A
Delete ARP Cache ARP D *
IP Ipconfig /all
Group policy Gupdate force
41
Complete/Incomplete
Server PER -BM-1 0 -WSUS
Configuration -Anti-virus scheduling
1 -Create look-up zones for
DNS
-Sites and services
-Create a back-up schedule
-Anti-virus scheduling
2 -Create a back-up schedule
-WSUS
-Create DHCP pool
PER -BM-2 0 -Anti-virus scheduling

-Intranet fail over clustering
PER -BM-3 0 -Create a back-up schedule

1 -DFS (Distributed file server)
-DFS replication
-File server roles
-WDS (PXE) boot
Phase Device Item Progression

Complete/Incomplete
Testing Cat6 Cables
PER -I.T-1 Ping
PER -BM-1,2,3
PER -BM-3 -PXE boot images

-Check DNS for devices
42
Phase Device Install the following Progression
Complete/Incomplete
Administration PER-BM-3 -PXE boot image
-Encryption of documentation
-Account creation
-Server monitoring software
-Permissions
-Group policy
PER-Mob-1 -Mass roll out of windows operating system
-Software
-Take an image of device
PER-Tab-1 Mass roll out of windows operating system
-Software
43
Location: Adelaide

Complete/Incomplete
Server ADE-BM-1 0 -Windows server 2012r2
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-SQL services
-DHCP
ADE -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-Windows back-up
ADE -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
Ping ping
Route tracert
Display ARP Cache ARP -A
IP Ipconfig /all
44
Complete/Incomplete
Server ADE -BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-Create DHCP pool
ADE -BM-2 0 -Anti-virus scheduling

ADE -BM-3 0 -Create a back-up schedule

-DFS (Distributed file server)
-DFS replication
-File server roles
-WDS (PXE) boot

Complete/Incomplete
Testing Cat6 Cables
ADE -I.T-1 Ping
ADE-BM-1,2,3
ADE-BM-3 -PXE boot images

45
Complete/Incomplete
Administration ADE-BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
ADE-Mob-1 -Mass roll out of windows operating system
-Software
ADE-Tab-1 Mass roll out of windows operating system
-Software
46
Location: Melbourne

Complete/Incomplete
Server MEL-BM-1 0 -Windows server 2012r2
-Active directory
-DNS
2 -Remote desktop
-SQL services
-DHCP
MEL -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
2 -Remote desktop
-Windows back-up
MEL-BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
Ping ping
Route tracert
IP Ipconfig /all
47
Complete/Incomplete
Server MEL-BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-Create DHCP pool
MEL -BM-2 0 -Anti-virus scheduling

MEL-BM-3 0 -Create a back-up schedule

-DFS replication
-File server roles
-WDS (PXE) boot

Complete/Incomplete
Testing Cat6 Cables
MEL -I.T-1 Ping
MEL -BM-1,2,3
MEL -BM-3 -PXE boot images

48
Complete/Incomplete
Administration MEL-BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
MEL-Mob-1 -Mass roll out of windows operating system
-Software
MEL-Tab-1 Mass roll out of windows operating system
-Software
49
Location: London

Complete/Incomplete
Server LON-BM-1 0 -Windows server 2012r2
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-SQL services
-DHCP
LON -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-Windows back-up
LON -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
Ping ping
Route tracert
IP Ipconfig /all
50
Complete/Incomplete
Server LON -BM-1 0 -Anti-virus scheduling
Configuration
DNS
-Sites and services
-WSUS
-Create DHCP pool
LON -BM-2 0 -Create a back-up schedule
LON -BM-3 0 -Create a back-up schedule

-DFS replication
-File server roles
-WDS (PXE) boot

Complete/Incomplete
Testing Cat6 Cables
LON -I.T-1 Ping
LON -BM-1,2,3
LON -BM-3 -PXE boot images

51
Complete/Incomplete
Administration LON-BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
LON-Mob-1 -Mass roll out of windows operating system
-Software
LON-Tab-1 Mass roll out of windows operating system
-Software
52
Location: Singapore

Complete/Incomplete
Server SIN-BM-1 0 -Windows server 2012r2
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-SQL services
-DHCP
SIN -BM-2 0 -Windows server 2012r2
-Install Hyper-V
-Active directory
-Sites and services
-DNS
2 -Remote desktop
-Windows back-up
SIN -BM-3 0 -Windows server 2012r2
-Install Hyper-V
-IIS
Ping ping
Route tracert
IP Ipconfig /all
53
Complete/Incomplete
Server SIN -BM-1 0 -WSUS
DNS
-Sites and services
-WSUS
-Create DHCP pool
SIN -BM-2 0 -Anti-virus scheduling

SIN -BM-3 0 -Create a back-up schedule

-DFS replication
-File server roles
-WDS (PXE) boot

Complete/Incomplete
Testing Cat6 Cables
SIN -I.T-1 Ping
SIN -BM-1,2,3
SIN -BM-3 -PXE boot images
54
Complete/Incomplete
Administration SIN -BM-3 -PXE boot image
-Account creation
-Permissions
-Group policy
SIN -Mob-1 -Mass roll out of windows operating system
-Software
SIN -Tab-1 Mass roll out of windows operating system
-Software
55
4.12 Performance standards and quality expectations
Performance of the network can be done in many ways there are many tools and programs on
the market for monitoring certain things on the network counters can be added to the program
performance monitor to performance usage of the resources. This can be used to maximize
the usage of the resources. Popular counters are CPU usage, errors per second, Idle time of
the physical disk.
Software/tools for monitoring performance

-Microsoft network monitor 3.4
-Resource monitor
-Task manager
-Event viewer
-Wireshark
Network baseline is used to measure and rate the performance of a network. To have a
baseline the server needs to go undergo testing and reporting of physical connectivity,
network utilization, protocol usage, peak network usage and averages throughput of the
networks usage.
Once this information is collected this can be used to help identify problems with speed,
accessibility and vulnerabilities within the network. With this information future needs and
upgrades will be highlighted to assist in ensuring that the system is working at peak
performance.
Performance should be regularly reviewed on an ongoing basis reports created to ensure that
the network is working as designed. The network can be continuously tweaked to ensure that
the system is getting the most out of the physical machines this creates a benchmark cycle.
See below for a performance check list to get the most out of ANBs network
Performance Checklist Completion
Increase computer and device performance

-Upgrade devices
-Change to a more appropriate routing protocol
Increase Circuit Capacity

-Analyze message traffic and upgrade to faster circuits where needed
-Check error rates
Reduce Network Demand

-Change user behavior
-Analyse network needs of all systems
-move data closer to users
56
4.13 Threat model
A network needs to be able to withstand potential threats external and internally below is an
image that highlights some of the possible threats can be expected to be seen.
57
4.14 Threat management Plan
Due to budget and time constraints all threats are not able to be address but limiting as much
as possible the threats that ANB faces. See below for some threats that are likely to appear in
a production environment and may have critical effects on ANB and how it operates.
Risks Controls Comments
DDoS UTM Creating additional
Phishing emails Education offered to staff Not much can be done technically other
then inform the users of the networks of
what to look for and threats to the network.
Keylogging/Trojans UTM/firewalls/Switches Creating additional granularity maximizing
the likelihood of countering the threat.
Back-doors Firewall Will restrict access unless access is given as
a rule inside router.
Theft/ unauthorised sharing of information Encryption/Auditing Computers/devices without the encryption
certificate installed will not have access to
the document if encrypted with Kerberos.
Auditing can be used to track the access of
certain files located on the network.
Network outage Backup supply of power/UPS
uninterruptable power supply/surge
protectors
58
4.15 Develop security policies
Group policies
Group policies can be used to limit the access of individual in groups within the domain to
create limitations of the access of resources within the network. These limits can be limiting
the use of USBs within the network and the loss of use of the control panel to members
within that groups Organizational unit. Departments will be given privileges to reset the
passwords or unfreeze accounts the users will need to go to an allocated member of staff with
in this department to seek help and if more assistance needed that person will get in contact
with the networks administrator.
Group policies can be used to ensure that the passwords are changed regularly and lock-out
policy this can be donthrough organization units. These can be changed to restrict access to
parts of the computer such as control panel.
Auditing policy
Why audit files in a network?
Auditing of a network is done in an attempt to analyze and gather information about a
network. Audit logs can be created on limited files with specific importance such as finance,
management departments.
Network audits are done for:

-Security
-Implementation of control
-Availability
-Management
-Performance
A member in the ANBs I.T. department will be given the responsibility of being in charge of
the auditing on a rotating basis. It isnt enough to set up Auditing it must also be checked on
an ongoing basis to ensure that the resources being supplied by the company ANB is being
used as per plan.
Auditing can be used in scenarios listed below:

-Account management
-Directory service access
-Object access
-Policy change
-Privilege use
-Process tracking
-Account log-on events
-System events
The security log records when users perform certain actions, this enables administrators the
ability of monitoring of the network. This can be used through event viewer this tool can be
used to monitor the login to the server as well as the users accessing certain files. This leaves
a trail of who accessed what file when and in the event of a malware attack it is documented
when and where.
59
In the event of a user miss using his or her privileges the users privileges can be revoked or
account being frozen pending an investigation into the user of concern. The administrator
would simply have to go back through the logs and read who accessed which file in the event
Hardware auditing
Software such as (Spiceworks) can be used to do audits of devices this ensures that each
device has the right licences allocated to that device, these licences are not being used on
multiple devices simultaneously using the plans/paperwork is a good way to keep track of the
components and software within each device.
60
See table below for proposed auditing files
Departments Goal of securing /auditing Folder path if applicable Domain
ALL -Unsuccessful log in attempts -ANB.local

and successful -UK.ANB.local
-ASIA.ANB.local
I.T. -Login attempts to servers \\Corp-data\PER-FS-1\Finance\Backups -ANB.local

-Backup of data \\Corp-data\MEL-FS-1\Finance\Backup -UK.ANB.local
-Licence numbers for \\Corp-data\ADE-FS-1\Finance\Backups -ASIA.ANB.local
software/computers \\Corp-data\LON-FS-1\Finance\Backups
\\Corp-data\SIN-FS-1\Finance\Backups
\\Corp-data\PER-FS-1\Finance\Software
\\Corp-data\MEL-FS-1\Finance\Software
\\Corp-data\ADE-FS-1\Finance\Software
\\Corp-data\LON-FS-1\Finance\Software
\\Corp-data\SIN-FS-1\Finance\Software
Administration -Archives \\Corp-data\PER-FS-1\Finance\Archives -ANB.local

\\Corp-data\MEL-FS-1\Finance\Archives -UK.ANB.local
\\Corp-data\ADE-FS-1\Finance\Archives -ASIA.ANB.local
\\Corp-data\LON-FS-1\Finance\Archives
\\Corp-data\SIN-FS-1\Finance\Archives
Finance -Annual report \\Corp-data\PER-FS-1\Finance\Annual_report -ANB.local
\\Corp-data\MEL-FS-1\Finance\Annual_report -UK.ANB.local
\\Corp-data\ADE-FS-1\Finance\Annual_report -ASIA.ANB.local
\\Corp-data\LON-FS-1\Finance\Annual_report
\\Corp-data\SIN-FS-1\Finance\Annual_report
HR -Access to employee \\Corp-data\PER-FS-1\HR \database -ANB.local
databases \\Corp-data\MEL-FS-1\HR\database -UK.ANB.local
\\Corp-data\ADE-FS-1\HR\database -ASIA.ANB.local
\\Corp-data\LON-FS-1\HR\database
\\Corp-data\SIN-FS-1\HR\database
-Drawings file \\Corp-data\PER-FS-1\Design\drawings -ANB.local
Design -Prototypes \\Corp-data\MEL-FS-1\Design\drawings -UK.ANB.local
\\Corp-data\ADE-FS-1\Design\drawings -ASIA.ANB.local
\\Corp-data\LON-FS-1\Design\drawings
\\Corp-data\SIN-FS-1\ Design\drawings
Production -Drawings file \\Corp-data\PER-FS-1\Production\drawings -ANB.local
-Machinery output \\Corp-data\MEL-FS-1\Production\drawings -UK.ANB.local
-Inventory \\Corp-data\ADE-FS-1\ Production\drawings - ASIA.ANB.local
\\Corp-data\LON-FS-1\ Production\drawings -ANB.local
\\Corp-data\SIN-FS-1\Production\drawings -UK.ANB.local
\\Corp-data\PER-FS-1\Production\Machinery_output - ASIA.ANB.local
\\Corp-data\MEL-FS-1\Production\Machinery_output -ANB.local
\\Corp-data\ADE-FS-1\Production\Machinery_output -UK.ANB.local
\\Corp-data\LON-FS-1\Production\Machinery_output -ASIA.ANB.local
\\Corp-data\SIN-FS-1\Production\Machinery_output
\\Corp-data\PER-FS-1\Production\Inventory
\\Corp-data\MEL-FS-1\Production\Inventory
\\Corp-data\ADE-FS-1\Production\Inventory
\\Corp-data\LON-FS-1\Production\Inventory
\\Corp-data\SIN-FS-1\Production\Inventory
61
4.16 VLANs
The best way to connect the computers together would be through LAN. LAN (Local Area
Network) is a computer network covering a small area for example a home, office, school or
a small group of buildings. LAN is best solution for a small organisation like this with a great
transfer rate reasonably cheap to set up, has less congestion because the network is spread
over a very small area. LAN has fewer transmission errors with association with sending and
receiving data the reason for this is the system is smaller limiting the chances of an error
appearing. The costs of maintaining LAN is relatively cheap this is the ideal solution for a
small organisation on a budget. Two Ethernet ports will need to be trunked to allow access
the transmission of traffic up and down the building.
The table below shows the VLAN numbers to specified areas of ANB, each department will
be given a specific VLAN there is room for additional departments move in ANB they will
be allocated a number that can be expanded and moved around the building to the specific
requirements of the client.
The switches will be 48 port switches these switches will have restrictions such as MAC
addresses that are able to connect to the switches without knowing the MAC address and that
specific computer the user will not be able to access the network. This creates additional layer
of security compartmentalization of the work so that the packets are unable to be intercepted
through programs inside the network.
62
Perth
Table below shows reserved VLANS for departments within ANB

VLAN # Reserved uses
10 HR Management
15 Design departments
20 Administration
25 Information Services
30 Purchasing
35 Sales
40 Production
50 Production/Service Delivery
99 I.T./ Administrative
100 Testing
63
Below is a table with IPs for each switch located at each location
Switch number VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
Administrative
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Below is a table with reserved ports to VLAN
Administrative
1 back bone Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 25 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
2 Port 48 VLAN 40 Port 1 -8 VLAN 10 Port 8 -16 VLAN 15 Port 16 -24 VLAN 20 Port 24 -30 VLAN 25 Port 31 -38 VLAN 30 Port 39 -44 VLAN 35 Port 44 -47 VLAN 40
64
Melbourne VLAN table

10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
100 Testing
65
Switch VLAN 99 HR Management Design department Administration Purchasing Sales Production I.T./ Administrative
number Administrative
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13

Administrative
66
Adelaide VLAN table
Reserved uses
VLAN #
5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
100 Testing
67
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative
68
Singapore VLAN table
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
100 Testing
69
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative
70
London VLAN table
VLAN Reserved uses
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
100 Testing
71
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative
72
Singapore VLAN table
5
10 HR Management
20 Administration
30 Purchasing
35 Sales
40 Production
100 Testing
73
1 back bone 192.168.99.1 192.168.10.1 192.168.15.1 192.168.20.1 192.168.30.1 192.168.35.1 192.168.40.1 192.168.45.1
2 192.168.99.2 192.168.10.2 192.168.15.2 192.168.20.2 192.168.30.2 192.168.35.2 192.168.40.2 192.168.45.2
3 192.168.99.3 192.168.10.3 192.168.15.3 192.168.20.3 192.168.30.3 192.168.35.3 192.168.40.3 192.168.45.3
4 192.168.99.4 192.168.10.4 192.168.15.4 192.168.20.4 192.168.30.4 192.168.35.4 192.168.40.4 192.168.45.4
5 192.168.99.5 192.168.10.5 192.168.15.5 192.168.20.5 192.168.30.5 192.168.35.5 192.168.40.5 192.168.45.5
6 192.168.99.6 192.168.10.6 192.168.15.6 192.168.20.6 192.168.30.6 192.168.35.6 192.168.40.6 192.168.45.6
7 192.168.99.7 192.168.10.7 192.168.15.7 192.168.20.7 192.168.30.7 192.168.35.7 192.168.40.7 192.168.45.7
8 192.168.99.8 192.168.10.8 192.168.15.8 192.168.20.8 192.168.30.8 192.168.35.8 192.168.40.8 192.168.45.8
9 192.168.99.9 192.168.10.9 192.168.15.9 192.168.20.9 192.168.30.9 192.168.35.9 192.168.40.9 192.168.45.9
10 192.168.99.10 192.168.10.10 192.168.15.10 192.168.20.10 192.168.30.10 192.168.35.10 192.168.40.10 192.168.45.10
11 192.168.99.11 192.168.10.11 192.168.15.11 192.168.20.11 192.168.30.11 192.168.35.11 192.168.40.11 192.168.45.11
12 192.168.99.12 192.168.10.12 192.168.15.12 192.168.20.12 192.168.30.12 192.168.35.12 192.168.40.12 192.168.45.12
13 192.168.99.13 192.168.10.13 192.168.15.13 192.168.20.13 192.168.30.13 192.168.35.13 192.168.40.13 192.168.45.13
Administrative
74
5. Implementation
5.1 Installation plan
Phase 1
The installation will be done in 3 phases these phases include the Upgrading of the network
located at Perth/Welshpool
Updating the network from old equipment the current server includes windows server
2003R2
Location: Perth
Proposed start date: 02/01/2017
End date: 20/04/2017
Talk to customer about TO DO Duration in day(s)
Consult with customer 0.5
Research hardware/software 5
Create report 14
Makes changes where needed 7
Purchase equipment 31
Test equipment including cabling 14
Configure servers 7
Create shares, templates, accounts, migrate data 21
make changes where 7
needed
Sign off 1
Total 108
75
Phase 2
Inter-site
The phase two of the rolling out of the network will include adding additional locations these
locations will include Adelaide and Melbourne, the proposed network components will be
reused across the additional sites.
Location: Melbourne
End date: 06/08/2017
Research 5
hardware/software
Create report 14
Configure servers 7
needed
Sign off 1
Total 108
76
Location: Adelaide
End date: 21/11/2017
Research 5
hardware/software
Create report 14
Configure servers 7
needed
Sign off 1
Total 108
77
Phase 3
Multi-domain
In this third phase an additional two sites will be added to ABNs network.
Location: London
End date: 23/04/2018
Research 5
hardware/software
Create report 14
Configure servers 7
needed
Sign off 1
Total 108
78
Location: Singapore
End date: 08/08/2018
Research 5
hardware/software
Create report 14
Configure servers 7
needed
Sign off 1
Total 108
79
Below is a table with a few tests used to test the network
Comments
Phase 1
Testing After the purchasing of the electronic devices they are tested individually before being brought together
offsite
Connecting the network Combining of the devices/equipment together the creation of shares and permissions testing prior to
together installation then brought down
Final set-up Bringing everything onsite after the tests are ran and passed to ensure minimal hiccups in the installation of
the equipment
Tests to run Comments
Cabling Use cable tester to test for damage to the wire prior to installing
Test connection Ping NIC, domain, DNS

Trace route on routers
Wireshark Test the internal traffic
Test permissions After creating shares try to access shares without permissions
Below is a table with a few tests used to test the network
New cables will need to be tested before setting up the network to ensure they are working
making it easier than going back after everything is plugged in to find the issue.
The data and emails will need to be transferred onto the new email addresses that will be set
up for ANB, as well as the migration of data already on the server which will needed on the
new server this may take some time if not weeks if its done slowly the migration and the
phasing out of the older server and the eventual turning off of the old server can be done with
minimal effect on the workers working at ANB.
Programs will need to be installed on the client computers, there will need to be a data base
done to record all the computers softwares and which software key is on which computer.
The period that the licences end should also be recorded to make sure that you are not using a
product that is out of licence and violating the licencing agreement of using the software.
Environmental conditions are an important part of the Installation of equipment to make sure
the environment doesnt damage the expensive equipment and to protect the equipment from
dust and moisture. Another important part of the Installation plan is to ensure the safety of the
equipment once delivered and installed.
Use the network design plan with the equipment and start placing equipment in the places
where is plotted on the visual map. By using trolleys and correct manual handling technique
to minimise the chances of damaging the workers back.
80
The best time to install and set up the hardware/install updates is over the weekend or at a
time where the building is not being used. After purchasing the equipment the items will be
sent in the mail or purchased in a brick and mortar shop after being received the software will
be installed with its settings set up so it isnt being set up on the site. Tests will be run on the
new network to make sure the hardware is set up correctly and all the components of the
network work before moving it to the desire location. After driving to the site, inspecting the
site the items are moved around the location according to the physical diagram. The wires are
then plugged into the devices together and then connected to the switch then connected to the
router then to the internet.
The wires are strapped together to stop the wires from clumping up and the wires crossing
over each other and creating a mess. The wires would run through pipes in the wall so that
the wires arent being tripped over by people that pass by. After setting up the computer
network the servers settings should be checked so that the programs will automatically update
minimising the need for it to managed as much as if it wasnt already set up.
Start the migration of data slowly migrating the data and the setting up of the server so not to
affect the current network.
5.2 Backup plan
I would recommend backing up the data by using a portable hard drive these are very
portable devices and are very cheap. There should be at least 3-4 devices 2-3 copies of the
data of the. A portable hard drive is very portable and is also very cheap as well as being able
to hold a large amount of data.
Its important to have a security/back-up policy detailing of things of what to do in case of a

disaster and information needs to be recovered. After each full back up notes/descriptions are
made on form to be filled out by authorised personnel. The anti-virus software should be
updated as regular as possible
and scanned regularly each day scanning the areas most likely to be at risk. Partial virus
scans should be done at lunch every day in the areas that are most used there should be
scanned there should be a full scan every night when no one is using the server as this could
affect more people and making the server slower. There should also be a firewall located on
the server to not only protect the server from the outside risks of viruses but the risks that
pose from other people having access to internal computers.
A backup schedule will need to be made and the data should be backed up to more than the
one copy in the event of losing the device there are other places where the data is stored. The
data should be stored in a secure location as data can be really important for a business. The
devices should be kept in a well-ventilated room away from any electronic or magnetic
signals, away from excessive heat or humidity this will protect the device from damage.
There should also be copies offsite in case of an event of a fire.
Keep electrical devices such as computers, hard drives, servers out of direct sunlight. There
should be enough light so that there is enough light to use the computer without seeing a
reflection on the computer screen. The assets should be appropriately labelled with dates
times and have the appropriate documentation attached to it. The backup devices should be
used with always a backup available from the previous week in case of a server crash.
81
Electrical equipment should be absent from moisture as much as possible limiting the
chances of water getting into power boards and other electronic circuits. The whole computer
network shouldnt be based on the one circuit multiple circuit boards should be used limiting
the downtime and potential losses from computers not monitoring production.
Portable hard drives should be separated and stored away from high voltage items/
magnets/large tapes as these creates a magnetic field which can disrupt the data stored on the
devices which can result in the loss of data. Electrical equipment should have ventilation and
stored in a cool environment to stop the build-up of hazardous substances. I would also
recommend having a backup USB internet dongle/modem that can be used in the event that
the internet goes out this can be used to back up information a temporary fix until the internet
is put back in place.
Weekly full backup form
Sunday Monday Tuesday Wednesday Thursday Friday Saturday

Week 1
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
scheduled Incremental Incremental Incremental Full backup Incremental Incremental Incremental
Operator on
duty
Week 2
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty
Week 3
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty
Week 4
Jobs(s) 20:00 20:00 20:00 20:00 20:00 20:00 20:00
Operator on
duty
Weekly backups should be done to save the data done once a week once this is done the other
disks used during the week are reset for the next week. The Removable hard disks can be
plugged into any Management should be informed where required to make sure the data
needed for everyday running of the business is able to be accessed first in case of the server
shuts down or to minimize the effect of a crisis on a business.
There should be a schedule made for checking the computer every day when not being used
either before work or after work to completely scan the computer for viruses which take
because you want the antivirus scanner to go through the computer/server. You should also
set the antivirus system to update when there are available updates to make sure youre as
safe as you can possibly be by keeping your system as up to date as possible.
The storage of the sensitive data/backups should be stored off site where its less likely to get
damaged in case of a fire. Important to make sure the devices are kept away from the heat
and shouldnt be left in a damp environment where it could damage the disks. Once a month
82
the data should also be saved to the cloud to make save the data and give it another layer of
protection. There should be more than the one copy of backups which should be locked away
as the data may be sensitive and important to keep this safe.
Software should be monitored within a database to ensure that the business complies with the
conditions of use of the software provided. Databases should include which computer has
which software and licence number. The details of the software should be kept in this
database including the expiry and which computer has which licence making sure that the
software isnt installed more than the allocated amount. Reminders can be set to pop up when
a software licence key has been expired to remind the operator of business to renew or
replace the software used in that circumstance.
Once the server is set up with windows server update service (WSUS) which is a computer
program used to update the Microsoft computers regularly once new updates come available
to the public. The server will have a virus scanner to protect it from attackers from the outside
world who may wish to steal the data or just to damage the computer system itself.
The server would download updates for the anti-virus and other essential software needed for
the operation of a business/organisation such as the ANB on which the computers that it had
control over would then be sent the software updates and then installed rather than each
computer doing it individually. By doing this it limits the chances of mistakes its all
automatic. This is set up along with while the server is being set up to get it beyond the
period of purchasing the network to make sure the server and network doesnt just break
down as the system has stopped being worked on.
The best way to look after your assets is to do preventative maintenance and clean the
computers/parts components to stop the build-up of dust which can make the
computers/servers over heat its. I would recommend doing these activities to get the most out
of your devices/assets.
83
6.2 Disaster recovery
What is a risk?
A risk is the probability of an event and its consequences, risk management is the practice of
using processes/ methods/ tool in engineering solutions to these risks.
Risk management focuses on what can go wrong and implementing strategies that can deal
with the future risks that are possible or likely to happen during the life of the project roll-
out/production environment.
A risk management process involves

- Methodically identifying the risks attached to your business however they may appear, these
risks could appear in different in different scenarios such as OHS the moving of heavy
equipment such as servers and racks.
- Using a risk matrix assess the likelihood of an event happening
- Understanding which protocols to follow when responding to events occurring
- Putting contingency plans in place to deal with consequences of possible future events.
The result of a risk management scheme implemented

- Improvement of decision making planning and prioritisation
- Anticipation of potential risks to business
- Helps to highlight areas in high capital needs to be allocated to
- Greatly improves the probability of your business plan and budget will be delivered on time
84
Critical functions of ANB
ANB is a business that relies strongly on its computer network for sharing and accessing
information in real time, creating an environment that maximises the productivity of the
workers with in the company. By creating a peer to peer network there are limitations on
accessing of the information by the speed of the internet and the devices being used to send
and receive packets over the internet.
Some of critical functions in operation are:
Depatment Function
HR Management -Hiring
-Firing
-Awards & enterprise bargaining
-Pay rates and conditions
-Maintenance of employee records
Design departments Drawings/designs of the current parts in production along with the future prototypes of ANB.
Administration Clerical and record keeping tasks reception, filing and retrieval, mail
Information Services Maintenance of IT infrastructure and associated processes Acquisition of new equipment, backup of
data, maintenance of network, help desk, security measures in place for network.
Purchasing -Acquiring assets, the purchasing of additional servers, computers UTMs etc
-Disposing of assets such as aged computers
-Licence numbers for software/computers
-Practical asset management (in association with accounting)
-Buying goods/services required by the organisation to deliver its services or make its product/s
Sales -Supply of the product to the customer, banking information and potential confidential details.
Production -Marketing, designs and work related emails
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with
85
Critical data and software
ANB is a business that relies strongly on its computer network for sharing and accessing
information in real time, creating an environment that maximizes the productivity of the
workers with in the company. By creating a peer to peer network there are limitations on
accessing of the information by the speed of the internet and the devices being used to send
and receive packets over the internet.
Some of critical data and software in operation are:
Depatment Function
HR Management -Privacy obligations/government regulation
Design departments -Drawings/designs of the current parts in production along with the future prototypes of ANB.
-work related emails
Administration -Record keeping

-Work related emails
-Plans for expansion
Information Services -Backup of data

-Maintenance of network
-Security measures in place for network
-Keeping track of paper certificates of the internal components of devices on network
- Licence numbers for software/computers
-Schedules of backups and scans
-Encryption keys
Purchasing -Practical asset management (in association with accounting)

-Buying goods/services required by the organisation to deliver its services or make its product/s
-Delivery times and location of new parts/devices
Sales -Banking information

-Potential confidential details.
Production -Designs
Production/Service Delivery -Making ANB products and delivering the services the organisation is concerned with
-Delivery of units
What is a back-up?
A backup refers to copying of a physical or virtual file to a secondary device or site for
preservation in the event of a equipment failure, fire or other unforeseen catastrophes. Back-
ups can be executed in different ways depending on the goal and the disaster recovery plan.
Back-ups can be done remotely and automatically.
86
Natural Disasters
As we live in the real world the real world there are risks attached to operating a business, as
ANB is a business. The following tables show some of these risks and they include
Disasters/Threats Effects of disaster Solution
Natural disasters Fire Ventilated floors with good circulations that can
Risks/threats to the network/electronic devices pass the smoke/heat from the rooms in which the
such as the melting of the devices and the servers are located in. This is used to pass the
complete destruction of the building. Smoke can smoke to the exterior of the building and to
be a problem not only is it hazardous and lethal to maximize flow of air acts in a way to cool the
people it can damage electronic componence such servers in the addition of the usage of an air
as fittings and filters attached to the electronic conditioning unit.
devices.
Flood Floors raised to allow water from a leak or a flood
Risks/threats to the network/electronic devices to drain out of the server room
such as
From a large amount of rain falling in a short time,
overwhelming the storm water system, causing
inundation.
Earth quakes Ensure regular inspections and maintenance of
Risks/threats to the network/electronic devices buildings to ensure the structure of the building
such as buildings are destroyed, rendered unsafe or
partially damaged power is cut other services such
as telecommunications, water and gas are
disrupted
Electronic -Hackers can use different methods to disrupt or With the use of UTM (Universal threat
take a business to ransom these methods include; management) device along with a firewall/ router.
denial of services, Malicious code/viruses.
-Malicious code can be used to gain unauthorized Filtering options
access to a computer and access data or potential System protection alternative include
confidential information attached to the company. Stateless this is achieved through the filtering of
-Denial of service is a method in which ANBs traffic using set filters others that are not wanted
website can be brought down through the flooding or required are discarded. Allowing access from
of requests wanting to access the same page. This certain ports denying access from others.
can cause damage to servers and hard ware in
addition to affecting productivity of the workers Stateful filtering
within ANB. Looks inside every packet more expensive option,
more thorough option
Hardware failure Computers can fail at any time at ANB and can Uninterruptable power supply (UPS) / RAID/
have a significant effect on the productivity of MIRROR/ hyper-V replica/ fast replacement of
ANB to function its important that each parts/ Power generator
department at each location to be able to talk to
each other as the products are being produced at
multiple locations simultaneously.
Telecommunications and ANB need to have contingency plans in the event Uninterruptable power supply (UPS) / Power
Power Outages of power outages such as back-up power generator /VOIP phone
generators and uninterruptable power supply. The
effect for a business not prepared for an event like
this can put production to a halt and the loss of
serious money potentially lives of workers
working in the production line at ANB.
87
6.1 Risk Analysis
Rating for Likelihood and Seriousness for each risk
L Rated as Low E Rated as Extreme (Used for Seriousness only)
M Rated as Medium NA Not Assessed
H Rated as High
Grade: Combined effect of Likelihood/Seriousness
low medium high EXTREME
low N D C A
Likelihood
medium D C B A
high C B A A
Recommended actions for grades of risk
Grade Risk mitigation actions
A Mitigation actions to reduce the likelihood and seriousness to be identified and implemented as soon as the project commences.
B Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions implemented during project execution.
C Mitigation actions to reduce the likelihood and seriousness to be identified and costed for possible action if funds permit.
D To be noted - no action is needed unless grading increases over time.
N To be noted - no action is needed unless grading increases over time.
88
RID Description of Risk Impact on System Change Date of Review Risk Prevention Disaster Response Responsible person(s) Cost in Australian dollars Timeline for
references reference and in mitigation actions
Grade (combined
Likelihood and
Assessment of
Assessment of
Seriousness)
Seriousness
Likelihood
<R> Natural disaster: Flood From a large amount of Floors raised in server room and Every 3 months Before installation of In this scenario it is -I.T. Manager Loss of time :1 week Immediately after the
rain falling in a short keep electronic devices off the server ensure there is highly important to fact or when safe to do
time, overwhelming the ground where possible. drainage to the protect data from water In dollars:1000s so
storm water system, LOW MED MED outside world, keep as it could affect the
causing inundation. wires maintained network and its
devices.
R1 Electronic: This could have an affect Have complicated passwords, the use Every 6 months Regularly change Administrators should -I.T. Manager Loss of time : 1-2 hours Immediately after the
External/Internal attacks on ABNs ability and of firewalls and VLANs and virus passwords to the be emailed in the event -ANB I.T. employee fact or when safe to do
to ANBs network potentially can be used to scanners wireless, keep the of a breach, network In dollars:UNKNOWN so
access the network LOW C HIGH passwords secret. should be scanned and
threat can be addressed
R2 Power outage Without power the server Have alternative methods of Every 6 months UPS will ensure that If prevention strategies -I.T. Manager Loss of time :1-7 day(s) Immediately after the
and all other operations powering the network UPS/back-up the server is are followed the -ANB I.T. employee fact or when safe to do
stop instantly generator in place. constantly being network should still be In dollars:1000s so
supplied power. back- available for use
up will follow this
LOW A HIGH followed by back-up
power supply brought
online
R3 Hardware failure: Computers can fail at any Uninterruptable power supply (UPS) Every 3 months Ensure that there is The server/hardware -ANB I.T. employee Loss of time : 1-2 hours Immediately after the
Hard drive down time at ANB and can / RAID/ MIRROR/ hyper-V replica/ high availability will need to be fact or when safe to do
have a significant effect fast replacement of parts/ Power through network addressed this will In dollars:100s so
on the productivity of generator balancing and fail come at a cost but if the
ANB to function its over clustering are network is set up
important that each LOW C HIGH functioning and are correctly the outages
department at each enabled will be minimal. Switch
location to be able to talk out the hard drive with
to each other as the a spare.
products are being
produced at multiple
locations simultaneously.
R4 Telecommunications Telecommunications is Use a combination of methods of Every 12 months Telecommunication In the event of an -I.T. Manager Loss of time : 1-2 hours Immediately after the
outages an essential part of ANB communication through VOIP, methods and outage from a service -ANB I.T. employee fact or when safe to do
working in a cost Landlines and mobile phones alternatives should be provider the redundant In dollars:UNKNOWN so
effective and efficient LOW C HIGH through different providers in place before being communications
way. in operation. methods are brought
online.
89
RID Risk/ Declaring the Description of disaster response steps Resources Needed Date of Review Timeline for action(s)
Disaster item disaster
<P> Natural disaster: IT Manager/ ANB -Have a meeting with the team responsible for the network -Racks Every 3 months When possible to do so
Flood I.T. employee -Check UPs to ensure that power is being supplied to the network devices -Benches
-Ensure back-up has been taken place -Drainage system
-Power up back-up generator
- Turn off non-essential devices
R1 Electronic: IT Manager/ ANB -Isolate affected network if possible/ disconnect from network -Antivirus software Every 6 months When possible to do so
External/Internal I.T. employee -Run antivirus/malware software to eliminate the threat -Data backup solution
attacks to ANBs -Scan all systems to detect any further threats
-Identify where the threat came from
network
-Update/upgrade the relevant software
-Securely backup all data
R2 Power outage IT Manager/ ANB Identify what component is missing, and what function it serves -UPS Every 6 months When possible to do so
I.T. employee Research alternative sources to acquire components -Data back-up policy
Continue with any work that doesnt require that component -Power generator
Identify what caused the equipment no to arrive on schedule
R3 Hardware failure: IT Manager/ ANB -Identify the broken device on inspection -Bare metal server Every 3 months When possible to do so
Hard drive down I.T. employee -Find a spare piece of hardware to switch the old server out -Spare hard drive
R4 Telecommunications IT Manager/ ANB -Have a meeting with the team responsible for the network -VOIP phone Every 12 months When possible to do so
outages I.T. employee - Have a meeting with the team responsible for the network -VOIP directory for each
-Bring online the VOIP network locations
- Give out alternative directory -Mobile phone
90
PID Description of prevention method Resources Needed Timeline for action
<P> Specific software is needed to complete server configuration This software should have been delivered -Benches Immediately after the fact or when safe to do
earlier into development -Rack server so
P1 External attacks/Internal -Switches Immediately after the fact or when safe to do

-Routers so
-UTM
-Secure passwords
-Virus -scanner
P2 Power outage -UPS Immediately after the fact or when safe to do
-Pack-up so
-Power supply
P3 Back-up policy/Schedule -Hard drive Immediately after the fact or when safe to do
-Partioned drive so
-Paper work to match back-up
P4 Password Policy -Group policy Immediately after the fact or when safe to do
so
P5 Physical Protection -server rack Immediately after the fact or when safe to do
-Dedicated server room so
-Security measures (locks, etc.)
P6 Natural disaster: Flood Keep cabling protected and electronic devices off the floor -Drainage system within server room Immediately after the fact or when safe to do
-Isolate cabling from any water source if safe so
to do so
P7 Natural disaster: Fire this should be planned for and prevented against using fire protection and -Firefighting equipment Immediately after the fact or when safe to do
dedicated fire safe server room so
91
Requirements
Statutory requirements/ Commercial constraints
requirements relevant to the organization
For a business to function, ANB needs to comply with the set out legislation put into
law in the following jurisdiction which will be different depending on in which
state/jurisdiction he branch of ANB is operating in.
Legislation attached to ANB:

Occupational safety and health act 1984
Occupation safety and health regulations 1996
Work safe WA
Environmental protection legislation

Waste avoidance and resource recovery act
Waste Avoidance and Resource Recovery Regulations 2008
Waste Avoidance and Resource Recovery Levy Act 2007
Waste Avoidance and Resource Recovery Levy Regulations 2008
80
Disaster recovery sign off
This plan was reviewed on ___________ by ____________
Signed ___________________________________________
The next review date for this document is on ___________
81
7. Conclusions and recommendations
We used the business requirements and specifications to create a system network and a
maintenance plan. The system is installed and set up we believe that we have done everything
that was required in the original agreement. We are able to come past once a week for two
weeks to ensure the system is working as originally designed and to make sure theres no
errors and make sure things are going smoothly for the business.
The system that has been purchased will require the system to be maintained and updated. A
qualified person will be need to monitor the server from time to time to ensure its doing what
it was originally intended to do. We would be able to service the equipment if required for a
monthly fee for one call out a month any more then that call out will cost 50 dollars as a call
out fee and will be charged 50 dollars an hour until the issue is fixed. The system will need to
be serviced from time to time and this is a cheaper alternative then hiring someone who may
not know the system as well as the people that have created it. We can also provide services
to update the software installed on the computers and servicers.
After a period of 6 months when the people are used to using the network and error at this
point the users will give feedback to the managers on the good and the bad about the network.
The review will be used to make improvements to the current software if needed and plan to
fix the downfalls in the current system.
82
I _____________ agree that the services laid out in this plan in has been provided and I am
happy with the standard that the services that is being provided adequately covers all the
bases that is required for the visual impairment association. I agree that I accept the terms and
conditions laid out in the report
83
Appendix
Auditing of the log in/access of the

Active directory server
Automated back-up saved to a specified

location on the network
Images located on WDS include a image

taken from default device to be rolled out
on network via using sysprep in addition
to the updates.
84
Replication set up for all four locations
Perth, Adelaide and Melbourne name
space Organisationdata
DNS image includes the devices attached

to the server.
Kerabros encrypting the data, can access

the certificate to read the encrypted file
through "certmgr.msc exported to a
USB and added to a server dedicated to
encryption keys.
Control panel blocked through group

policy
85
Access to shares
Account security forced password

changed after certain amount of day
characters needed etc.
Resource monitor can be used to creator

counters looking for specific
Intersite transfer Perth, Melbourne,

Adelaide
86
Windows system update section which
can be set up manually or can be used to
look up updates which can then be
checked out before being rolled out on
the network
Quota through file resource manager
Trouble shooting applications:

Resource manager
Performance monitor
87

Proposed ANB Multi Domain Solution

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Proposed ANB Multi Domain Solution

Uploaded by

Copyright:

Available Formats

Proposed ANB multi domain

1.1 Background of the organization

1.2 Scope of the project

What this project includes

What this project doesnt include

Allowing users to continue working efficiently in intermittently connected or disconnected

2.1 Functional Requirements

Some of the issues that need to be addressed are;

2.2 Non-functional Requirements

3.1 Minimum requirements

3.4 Network Vulnerabilities

3.5 Threats to the network

Wireless frequencies as much as this can be a significant advantage in accessing information

Domain controller Kerberos/Encryption Virus scanners, UTM, Used to store -DDoS

Limiting access to Server room

4.1 Network design

Below is proposed machine layout for Perth

Perth 1 PER-BM-1 PER-VM-1 -Domain controller Primary DC

PER-VM-2 -Remote desktop

PER-VM-3 -SQL services

2 PER-BM-2 PER-VM-1 -Domain controller

3 PER-BM-3 PER-VM-1 -Files and storage

PER-BM-4 Hosting website

Devices Start End

Workstation DHCP pool 192.168.6.1 192.168.8.200

Multifunction device 192.168.8.220 192.168.8.245

Machine Network IP Subnet Network class

Gateway router 192.168.1.0/192.168.8.0 192.168.1.254/192.168.8.254 255.255.255.0 C

PER-BM-1 192.168.1.0 192.168.1.201 255.255.255.0 C

PER-VM-1 192.168.8.0 192.168.8.200 255.255.255.0 C

PER-VM-2 192.168.8.0 192.168.8.201 255.255.255.0 C

PER-VM-3 192.168.8.0 192.168.8.202 255.255.255.0 C

PER-BM-2 192.168.1.0 192.168.1.202 255.255.255.0 C

PER-VM-1 192.168.8.0 192.168.8.203 255.255.255.0 C

PER-VM-2 192.168.8.0 192.168.8.204 255.255.255.0 C

PER-VM-3 192.168.8.0 192.168.8.205 255.255.255.0 C

PER-BM-3 192.168.1.0 192.168.1.203 255.255.255.0 C

PER-VM-1 192.168.8.0 192.168.8.206 255.255.255.0 C

PER-BM-4 192.168.1.0 192.168.1.204 255.255.255.0 C

Hosting Website 192.168.8.0 192.168.8.252/192.168.100.252 255.255.255.0 C

Operating systems on the server and programs to be saved here 150GB

Company data 250GB

User storage 500GB

Operating systems on the server and programs to be saved here 150GB

Company data 250GB

User storage 500GB

Operating systems on the server and programs to be saved here 150GB

Company data 250GB

User storage 6x 1T drives 6T

Location Physical machine Name of server VM machine Roles Comment

MEL 1 MEL-BM-1 MEL -VM-1 -Domain controller Primary DC

MEL -VM-2 -Remote desktop

MEL -VM-3 -SQL services

2 MEL -BM-2 MEL-VM-1 -Domain controller

3 MEL-BM-3 MEL -VM-1 -Files and storage

Devices Start End

Workstation DHCP pool 192.168.8.1 192.168.10.200

Multifunction device 192.168.10.220 192.168.10.245

Gateway router 192.168.100.0/192.168.10.0 192.168.100.254/192.168.10.254 255.255.255.0 C

MEL-BM-1 192.168.100.0 192.168.100.201 255.255.255.0 C

MEL -VM-1 192.168.10.0 192.168.10.200 255.255.255.0 C

MEL -VM-2 192.168.10.0 192.168.10.201 255.255.255.0 C

MEL -VM-3 192.168.10.0 192.168.10.202 255.255.255.0 C