Assessment Task 2: Project Portfolio

Elements

1. Plan and design a complex network to meet business requirements

2. Design and implement a security strategy
3. Install and configure a complex network to meet business requirements
4. Provide integrated network services across a complex network
5. Plan, design and implement voice and video business communications system
6. Manage and support a complex network
7. Test network functionality and obtain sign-off
1. Plan and design a complex network to meet business requirements

 A computer network is an essential element of modern business, and it's increasingly

indispensable in the home, too.

 A network lets your computer connect to the Web so that you can check e-mail,
update a website, or teleconference.

 It also lets you communicate locally with other computers on the same
local network.

 Creating a network is simple—all that's needed is to connect a computer to

a router with an Ethernet cable. A small office network cannot be setup
without a router.

 And for almost every network are likely to build these days, that means a combination
of wired and wireless connections.

 A wireless router can provide both.

 The router acts as a bridge between office network (local area network or LAN) and
the Internet (the wide area network or WAN), and also allows all computers connected
to it to share the connection.

 A router also typically acts as an office network’s DHCP server, enabling each device
that connect to have an individual and private IP address.

 Wireless routers also have embedded firewalls to protect a network from threats and
intrusion.

 Use WPA or WPA2 security for protecting your Wi-Fi network, and never leave the
router's administrator password at its default setting.
  Before setting up business network, assess the business needs as it will affect network

setup and equipment. A few questions to consider include:

o How many computers and peripherals need to connect to the network?

o What kinds of data and files are you storing and sharing?

o What applications will you be using?

o Will employees need/want to access the network from remote

locations or using mobile devices?

1.1 Review network design, business requirements and latest vendor

technical specifications for network components

This section explains about the basic concept of network designs and the business
requirements.

 Network planning and design is an iterative process , encompassing topological

design, network-synthesis, and network-realization.

 Network planning and design is aimed at ensuring that a new

telecommunications network or service meets the needs of the subscriber
and operator.

 Network designers ensure that our communications networks can adjust

and scale to the demands for new services.

 To support our network-based economy, designers must work to create networks that
are available nearly 100 percent of the time. Information network security must be
designed to automatically fend off unexpected security incidents.
 Using hierarchical network design principles and an organized design methodology,
designers create networks that are both manageable and supportable.
 Computers and information networks are critical to the success of businesses, both
large and small.
 They connect people, support applications and services, and provide access to the
 resources that keep the businesses running.
 To meet the daily requirements of businesses, networks themselves are becoming
quite complex.
 Today, the Internet-based economy often demands around-the-clock customer service.
 This means that business networks must be available nearly 100 percent of the time.
 They must be smart enough to automatically protect against unexpected security
incidents.
 These business networks must also be able to adjust to changing traffic loads to
maintain consistent application response times.
 It is no longer practical to construct networks by connecting many standalone
components without careful planning and design.

1.2 Research options available for providing the network functionality

required

This section discuss about the functional requirements of a network.

Network functions virtualization (NFV)

 Network functions virtualization (NFV) is the concept of replacing

dedicated network appliances — such as routers and firewalls — with
software running on commercial off-the-shelf (COTS) servers.

 Network functions virtualization is a network architecture concept that uses

the technologies of IT virtualization to virtualize entire classes of network
node functions into building blocks that may connect, or chain together, to
create communication services.

 The functional requirements include the use, environment, functions, and

recommended performance of such networks.

 It also defines the functional requirements for interfaces and protocols.

 Some of the he requirements are as below:

 LAN
 MAN
 Distinct Identity
 Technical and economic feasibility
1.3 Plan network implementation to provide network services and
resources to meet business requirements

This section discuss about the implementation of network in an organization.

 All networks, regardless of their size, have similar foundational requirements.

 Embark on a network design project identifying current and future business requirements
to ensure you plan the right technology as your business grows.
 One of the most critical choices is deciding if business should consolidate voice services
over the data network to minimize the cost of the network.
 Discuss about requirements clearly at the start of the project, need benefit on
both financial and technical planning.

The implementation of network in an organization.

 Plan a phased approach to implementation.

 Introduce the computer room core switches first, providing connectivity to the servers.
 Depending on the size of the company and business process needs, it might be
possible to immediately follow this activity on the same day by implementing
the new access layer switches.

The implementation of network in an organization.

 Schedule wide area connectivity following the introduction of the core switches
in the computer room, selecting a time that does not conflict with the access
layer installation.
 Coordinate wide area connectivity with the telecommunication vendor providing
this portion of the network service.

The implementation of network in an organization.

 Inform all employees of the scope of implementation for each phase, along with
dates and times.
 Implementation of new equipment generally means systems and data will not be available
at the time of the change.
 This gives employees the opportunity to plan their work around the
resulting downtime.
The implementation of network in an organization.

 Pre-configure network equipment and test it prior to implementation.

 Schedule the personnel and support needed from among IT department staff members and
any vendor staff that must support the implementation.
2. Design and implement a security strategy

 To be successful in today's global markets, organizations must develop and implement

effective network security strategies.
 Security is becoming increasingly important as the worldwide online community grows
and private organizations open their systems to business partners.
 A Security Strategy is a document prepared periodically which outlines the major security
concerns of a country or organisation and outlines plans to deal with them.
 Network security is protection of the access to files and directories in a computer network
against hacking, misuse and unauthorized changes to the system.
 An example of network security is an antivirus system.
 A network security policy, or NSP, is a generic document that outlines rules for computer
network access, determines how policies are enforced and lays out some of the basic
architecture of the company security/ network security environment.
 The document itself is usually several pages long and written by a committee.
 Turning off a network service on the router or firewall itself does not prevent it from
supporting a network where that protocol is employed.

2.1 Analyse requirements for internal and external security

This section discuss about setting up internal and external network security in an
organization.
 Internal and external security is another view of protecting the data and the
communications in the system.
 Internal security is the means by which the system protects its own data and internal
communications, and external security is the means by which the system protects external
communications.
 External Threat - Computer Definition. A threat originating outside a company,
government agency, or institution.
 An internal threat is one originating inside the organization—typically by an employee or
“insider.”
 Internal Threat - A threat originating inside a company, government agency, or institution,
and typically an exploit by a disgruntled employee denied promotion or informed of
employment termination.
Building a secure network
 Plan for network security: address all security requirements and issues in selecting
network and server and deployment including the management policy, technical training
and outsourcing requirements and address security.
 Design physical and environmental security: e.g. put critical assets such as network
communication lines, servers, switches, firewalls and file servers in server room or a
secured area.
 Use private IP addressing scheme for internal networks: to prevent internal network from
access by external network.
 Design network security model by zoning i.e. segregation of network according to
security requirements.
 Configure firewalls and network routers.
 Configure servers.
 Filter virus and malicious code
 Manage accounts and access privileges
 2.2 Design security strategy to meet requirements
This section discuss about how to build a network design based on the strategies and
requirements.
 Network Security strategy involves analysing the consequences of risks.

 Network assets can include network hosts (including the hosts' operating systems,
applications, and data), internetworking devices (such as routers and switches), and
network data that traverses the network.
 Developing security strategies that can protect all parts of a complicated network while
having a limited effect on ease of use and performance is one of the most important and
difficult tasks related to network design.
 Security design is challenged by the complexity and porous nature of modern networks
that include public servers for electronic commerce, extranet connections for business
partners, and remote-access services for users reaching the network from home, customer
sites, hotel rooms, Internet cafes, and so on.
 To help you handle the difficulties inherent in designing network security for complex
networks.
Factors consider in designing the network
 The user should get the best response time and throughput.

 Minimizing response time entails shortening delays between transmission and receipt of
data; this is especially important for interactive sessions between user applications.
 Throughput means transmitting the maximum amount of data per unit of time.
 The data should be transmitted within the network along the least - cost path, as long as
other factors, such as reliability, are not compromised.
 The least-cost path is generally the shortest channel between devices with the fewest
intermediate components.
 Low priority data can be transmitted over relatively inexpensive telephone lines; high
priority data can be transmitted over expensive high speed satellite channels.
 Reliability should be maximized to assure proper receipt of all data.

 Network reliability includes the ability not only to deliver error -free data, but also to
recover from errors or lost data.

 The network's diagnostic system should be able to locate component problems and
perhaps even isolate the faulty component from the network.
2.3 Implement security strategy

This section discuss about the implementation of the security strategy.

A Security Strategy

 A Security Strategy is a document prepared periodically which outlines the

major security concerns of a country or organisation and outlines plans to deal
with them.
 Reliability, maintainability, and availability (RAM) are three system attributes that are of
great interest to systems engineers, logisticians, and users.
 Collectively, they affect both the utility and the life-cycle costs of a product or system.
 Following a structured set of steps when developing and implementing network security
will help you address the varied concerns that play a part in security design.
 Many security strategies have been developed in a haphazard way and have failed to
actually secure assets and to meet a customer's primary goals for security.
Steps help to effectively plan and execute a security strategy:
1. Identify network assets.
2. Analyze security risks.
3. Analyze security requirements and tradeoffs.
4. Develop a security plan.
5. Define a security policy.
6. Develop procedures for applying security policies.
7. Develop a technical implementation strategy.
8. Achieve buy-in from users, managers, and technical staff.
9. Train users, managers, and technical staff.
10. Implement the technical strategy and security procedures.
11. Test the security and update it if any problems are found.

2.4 Undertake ongoing monitoring of the viability and reliability of

network security, through testing and use of technical tools
This section discuss about maintaining the network security.

 A key issue in network security management is how to define a formal security Policy.
 A good policy specification should be easy to get right and relatively stable, even in a
 dynamically hanging network.
 Much work has been done in 0020 Automating network security management.
 The architecture of a network includes hardware, software, information link controls,
standards, topologies, and protocols.
 A protocol relates to how computers communicate and transfer information.
 There must be security controls for each component within the architecture to assure
reliable and correct data exchanges.
 Otherwise the integrity of the system may be compromised.
 Managing computer and network security is easier than it may seem, especially when we
establish a process of Management Security Forum duties.

Management Security Forum duties

 Provide ongoing management support to the security process.
 Serve as an alternative channel for discussion of security issues.
 Develop security objectives, strategies, and policies.
 Discuss status of security initiatives.
 Obtain and review security briefings from the Information System Security Officer.
 Review security incident reports and resolutions.
 Formulate risk management thresholds and assurance requirements.
 Yearly review and approval of the Information Security Policy

2.5 Continually monitor internal and external network access for security
breaches
This section discuss about the effect and monitoring of internal and external threats.
 The biggest threat to data is internal and external sources that want to steal that data.
 The right security is the only way to defend it, and your data is one of your biggest assets.
 You might get away with poor security and monitoring for a while, but poor defences can
lead to devastating results.
 Most companies don’t even realize that internal threats are the biggest concern for
security.
 Insider threats are a growing trend in the security industry, because they are the hardest to
identify and usually last the longest.
 It takes months before the business determines that an insider is the root cause of a data
leak.
 Even with internal threats dominating the cyber security industry, organization must
monitor and defend against external threats.
 External threats can also be coupled with internal threats.
 For instance, a social engineering hacker could get an internal user to provide sensitive
credential information.
 The hacker then uses this information to gain external access to the internal network.
 Phishing and malware sites are external threats, but the hacker needs the employee to
open the website and provide details about his credentials.
 One of the most common external threats that don’t require any type of social engineering
is a distributed denial of service (DDoS).
 These threats can lead to damaging results from server downtime.
 DDoS can also happen from within the organization, but since it’s much easier to track the
attacker, it’s not as common as data theft internally.
 The right router and monitoring service helps prevent a successful DDoS attack.
 Auditing and monitoring are the solutions for files and data that contain sensitive
information.
3. Install and configure a complex network to meet business requirements

 A complex network is a graph (network) with non-trivial topological features- features

that do not occur in simple networks such as lattices or random graphs but often occur in
graphs modelling of real systems.
 The study of complex networks is a young and active area of scientific research.

Characterization of complex networks:

 Diameter, clustering coefficient, degree distribution.
 Betweenness centrality: number of short paths going through a vertex.
 Communities: can one identify cliques within the network?
 Correlations between degree and other quantities.
 Local motifs: What is the structure of the building blocks of complex networks?
 Motifs: Subgraphs that have a significantly higher density in the observed network than in
the randomizations of the same.
 Assortativity: do highly-connected nodes preferentially connect to other highly-connected
nodes?

3.1 Check and install cabling and associated components according to

industry standards

This section discuss about the cabling standards in an organization.

Structured Cabling
 The term Structured Cabling describes a standardised way of connecting wires, allowing
computers and electronics to communicate and network.
 Structured Cabling is a type of infrastructure that supports the performance of an
organisations network.
 It acts like the glue that connects all the computers, phones and devices together.
 A properly designed and installed Structured Cabling system provides a cabling
infrastructure that delivers predictable performance as well as the flexibility to
accommodate changes, maximise system availability, future proof your business, and
provides the capability to embrace IoT (Internet of Things).
 Normal cabling is defined as point to point, where a cable is run directly to and from
devices that need connectivity.
 In a structured cabling system, a series of patch panels and trunks are used to create a
structure that enables devices to be connected, moved or removed without the need to pull
in new cables each time a change occurs.

The figure explain network cabling copper and optical options

 Physical infrastructure (Layer 1) is a critical piece of customer infrastructure.

 Changing technologies or adopting a new generation of existing technology can be
limited by what environments users have today.
3.2 Install and configure servers, routers, switches or other devices to
provide internet protocol (IP) addressing and routing
This section discuss about the role of server and routers in IP addressing.
IP address
 An IP address is a numeric identifier for a computer.
 IP addressing schemes vary according to how your network is configured, but they're
 normally assigned based on a particular network segment.
 IPv6 addresses and IPv4 addresses are very different.
 The "TCP/IP" section is the one that allows IP addressing to be configured.
 Enter in the given IP address, Subnet Mask, Router, & DNS Server addresses as
prescribed by your LSP or network administrator, then "Apply Now".
 OSI model standardizes the communication between network protocols.
 OSI divides the communication into 7 layers, each one having its protocols.
 Physical layer are responsible for hardware communication on the lowest level.
 Data link layer is responsible for the transmission of data between two devices in one
network.
 A switch is a device which builds up the network and which all our machines are
connected to via ports.
 Both switches and bridges (and also hubs, read about them yourself) help to connect
multiple devices together into one network.
 There are also routers which connect networks, network layer, IP-addresses are used
instead of MAC-addresses.
 CIDR is a method for allocating IP addresses for different kinds of networks.
 ARP is a mechanism which associates a MAC-address with its IP-address.
 Dynamic Host Configuration Protocol (DHCP), a protocol used for setting different
configuration, including IP-addresses, automatically.
 The first thing to do while configuring DHCP on a router is exclude any important
addresses like servers, access points and the router itself.
 Next we will set up the DHCP pool and a number of variables.
 Having specified the IP addressing range the DNS server and the default gateway given
out to clients.
 Providing the router setup is correct, this will allow clients to access the Internet.

3.3 Install and configure servers, routers, switches or other devices to

provide name resolution
This section discuss about how to resolve the IP address using protocols and servers, routers etc.

 The DNS protocol is used to resolve FQDN (Fully Qualified Domain Names) to IP
 addresses around the world.
 This allows us to successfully find and connect to Internet websites and services no matter
where they are.
 In many cases, where a local DNS server is not available, we are forced to either use our
ISP's DNS servers or some public DNS server, however, this can sometimes prove
troublesome.
 Today, small low-end routers have the ability to integrate DNS functionality.
 Example network, to enable the DNS Service so workstations can properly resolve
Internet domains but also local network names.

 First step is to enable the DNS service and domain lookup on the router.
 Next configure the router with a public name-server, this will force the router to perform
recursive DNS lookups.
 Next configure your DNS server with the host names of your local network.
 Then try to ping 'wayne' directly from your router's CLI prompt, you should receive an
answer.
 At this point, you can configure your workstations to use your router's IP address as the
primary DNS server.
 3.3 Install and configure servers, routers, switches or other devices to
provide network services
This section discuss about how to routers and servers influence network services in an
organization.

 In computer networking, a network service is an application running at the network

application layer and above, that provides data storage, manipulation, presentation,
communication or other capability which is often implemented using a client-server or
peer-to-peer architecture based on application layer network protocols.
 Each service is usually provided by a server component running on one or more
computers (often a dedicated server computer offering multiple services) and accessed via
a network by client components running on other devices.
 Examples are the Domain Name System (DNS) which translates domain names to Internet
protocol (IP) addresses and the Dynamic Host Configuration Protocol (DHCP) to assign
networking configuration information to network hosts.
 Authentication servers identify and authenticate users, provide user account profiles, and
may log usage statistics.
 Routers and switches are the building blocks for all business communications from data to
voice and video to wireless access.
 They can improve a company's bottom line by enabling your company to increase
productivity, cut business costs, and improve security and customer service.

 Using routing and switching technologies allows your staff, even those located in different
locations, to have equal access to all your business applications, information and tools.

3.5 Install and configure remote access services

This section discuss about the remote access services.

Remote access services (RAS)

 A remote access services (RAS) is any combination of hardware and software to enable
the remote access tools or information that typically reside on a network of IT devices.
 A remote access service connects a client to a host computer, known as a remote access
server.
 The most common approach to this service is remote control of a computer by using
 another device which needs internet or any other network connection.
The connection steps:
 User dials into a PC at the office.
 Then the office PC logs into a file server where the needed information is stored.
 The remote PC takes control of the office PC's monitor and keyboard, allowing the remote
user to view and manipulate information, execute commands, and exchange files.
 A remote access server (RAS) is a type of server that provides a suite of services to
remotely connected users over a network or the Internet.
 It operates as a remote gateway or central server that connects remote users with an
organization's internal local area network (LAN).
 A RAS is deployed within an organization and directly connected with the organization’s
internal network and systems.
 Once connected with a RAS, a user can access his or her data, desktop, application, print
and/or other supported services.

3.6 Install and configure devices to provide data management services

This section discuss about data management services.
Network Data Management Protocol
 Network Data Management Protocol, is a protocol meant to transport data between
networks attached storage (NAS) devices and backup devices.
 This removes the need for transporting the data through the backup server itself, thus
enhancing speed and removing load from the backup server.
 It was originally invented by the NetApp and Intelliguard, acquired by Legato and then
EMC Corporation.
 Currently, the Storage Networking Industry Association (SNIA) oversees the development
of the protocol.
 It has been a decade since the first version of the Network Data Management Protocol
(NDMP) was launched as an effort to solve the problems posed by the backup and
recovery of network file servers.
 The standard was developed to address the fact that network file servers are not able to
use the storage device drivers designed for general-purpose computers.
 They are specialized appliances that connect to a network and are optimized to perform a
single set of tasks.
4. Provide integrated network services across a complex network
 In the context of network theory, a complex network is a graph (network) with non-trivial
topological features—features that do not occur in simple networks such as lattices or
random graphs but often occur in graphs modelling of real systems.

 The study of complex networks is a young and active area of scientific research.

 Complex networks has been expanded to networks of networks.

 If those networks are interdependent, they become significantly more vulnerable to

random failures and targeted attacks and exhibit cascading failures and first-order
percolation transitions..

 As networks grow in complexity, moreover, true centralized oversight continues to be

elusive.

 Organizations operating in international markets must keep pace with rapid changes in
local market costs, capabilities and regulations.

 The cost of changing a local carrier may be a major consideration due to the potential
disruption of day-to-day operations.

 In computer networking, a network service is an application running at the network

application layer and above, that provides data storage, manipulation, presentation,
communication or other capability which is often implemented using a client-server or
peer-to-peer architecture based on application layer network protocols.

 Examples are the Domain Name System (DNS) which translates domain names to Internet
protocol (IP) addresses and the Dynamic Host Configuration Protocol (DHCP) to assign
networking configuration information to network hosts.

 Authentication servers identify and authenticate users, provide user account profiles, and
may log usage statistics.
4.1Integrate multiple network services across network

This section discuss about network services over a network.

 In computer networking, a network service is an application running at the network
application layer and above, that provides data storage, manipulation, presentation,
communication or other capability which is often implemented using a client-server or
peer-to-peer architecture based on application layer network.

The network service includes the below services:

 Directory services
 e-Mail
 File sharing
 Instant messaging
 Online game
 Printing
 File server
 Voice over IP
 Video on demand
 Video telephony
 World Wide Web
 Simple Network Management Protocol
 Time service
 Wireless sensor network

 Many Internet Protocol-based services are associated with a particular well- known port
number which is standardized by the Internet technical governance.
 Different services use different packet transmission techniques.
 In general, packets that must get through in the correct order, without loss, use TCP,
whereas real time services where later packets are more important than older packets use
UDP.
4.2Analyse and resolve interoperability issues

This section discuss about interoperability in an organization.

Interoperability
 Interoperability is a characteristic of a product or system, whose interfaces are completely
understood, to work with other products or systems, at present or future, in either
implementation or access, without any restrictions.
 Network Interoperability is the continuous ability to send and receive data among the
interconnected networks, providing the quality level expected by the end user without any
negative impact to the sending and receiving networks.
 Interoperability is the property that allows for the unrestricted sharing of resources
between different systems.
 This can refer to the ability to share data between different components or machines, both
via software and hardware, or it can be defined as the exchange of information and
resources between different computers through local area networks (LANs) or wide area
networks (WANs).
 Broadly speaking, interoperability is the ability of two or more components or systems to
exchange information and to use the information that has been exchanged.
 Network interoperability becomes indispensable in order to achieve end-to- end
connectivity.
 The more diverse networks exist, the greater becomes the need to ensure that they can
interoperate in order to make end-to-end communication possible.
 There exist a host of reasons why implementing network interoperability successfully is
considered difficult.
 Fundamental to all those problems is the correct balance between the telecom operator’s
liabilities and benefits associated with these activities.
 From the cost perspective, designing the network architecture for interoperability implies
the willingness to accept complex set of benefits and associated liabilities.
Telecom operators are acutely sensitive to five major liabilities:
 Increased cost of acquisition associated with the addition of interoperable
network/application modes.
 Added cost and complexity of adding features to achieve all network compatibility.

 Increased time for acquiring a new system (time to accept interoperability features and
perform proper testing required to certify interoperability).
 Increased complexity and cost associated with the management of the configuration of
interfaces.
 Increased power and decreased speed to accommodate modes providing backward
compatibility.
 Network interoperability being the ability of two networks to communicate can be
achieved in two ways: either by having the two networks confirm to a common protocol
standard or by defining a standard interface to which all networks need to adhere, or by
providing a gateway that translates between the two protocols.

4.3 Optimise performance

This section discuss about the performance of network in an organization.

 New standards and devices are making networks go faster than ever.
 Learn the best ways to take advantage of them, saving your company time and money.
 SearchNetworking.com expert Carrie Higbie shares her top ten ways to optimize
network performance.

Carrie Higbie’s top ten ways to optimize network performance:

1 Bandwidth bandits – Find 'em, slay 'em

2 Building in resiliency - If you build a monster, it will be a monster
3 Pay attention to applications - Application sizes double every 18 months
4 Examine utilization - Forget averages – watch peak periods
5 Performance optimization - Tricks of the trade
6 Trends - Know your bandwidth needs
7 Predict the future - Application changes, speed changes, hardware upgrades
8 Know your security challenges - Hackers, spyware and malware
 9 Revisit and revise - Quarterly health checks a must
10 Evaluate products - What are the extras in a top-of-the-line system?

4.4 Rectify security conflicts arising from integrating services

This section discuss about the network attacks and conflict.

 Network security policies are essential elements in Internet security devices that
provide traffic filtering, integrity, confidentiality, and authentication.
 Network security perimeter devices such as firewalls, IPSec, and IDS/IPS devices
operate based on locally configured policies.
 Networks are subject to attacks from malicious sources.
 Attacks can be from two categories: "Passive" when a network intruder intercepts data
traveling through the network, and "Active" in which an intruder initiates commands
to disrupt the network's normal operation or to conduct reconnaissance and lateral
movement to find and gain access to assets available via the network.
5. Plan, design and implement voice and video business communications
system
 Voice Communications System (VCS) Voice Communication System is a state-of-art
solution for ATC communication.
 Based on voice-over-ip technology, it allows effective interconnection of multiple
communication system including UHF and VHF radios, telephones, and intercoms.

The key features of Voice Communications:

1. VoIP.
2. Colour touch-screen Cpntrol Panel.
3. Set of audio accessories and PTTs.
4. Easiest way to upgrade your current system or add a failback equipment.
5. Modularity & scalability & robustness.
6. Easy to integrate with other equipment.
7. Multiple GUIs library to select from.
8. Failproof & zero maintenance.
9. Intuitive configurator.
10. Compatible with common as well as VoIP radios.
11. Compatible with radios network and remote radios control.
12. Compatible with PBX interfaces.
13. Outputs for recording & replay equipment.
14. Special support for usage in simulators: GUI replicas library, communications in the
background, library of VCS configurations.

 Simple data network infrastructure instead of dedicated cabling and wiring.

 COTS hardware instead of fragile, expensive and difficult to get electronics.
 Fully digital chain from the operator to the transceiver and vice versa.
 Monitoring and data sharing in the country-wide network.
 Instantaneous back-up with control transfer to an adjacent location.
 5.1 Install software and configure and test voice over internet protocol
(VoIP) and videoconferencing services

This section discuss about Voice over IP.

Voice over Internet Protocol
 Voice over Internet Protocol (also voice over IP, VoIP or IP telephony) is a
methodology and group of technologies for the delivery of voice communications and
multimedia sessions over Internet Protocol (IP) networks, such as the Internet.
 Voice over IP has been implemented in various ways using both proprietary protocols
and protocols based on open standards.
 These protocols can be used by a VoIP phone, special-purpose software, a mobile
application or integrated into a web page. VoIP protocols include SIP , MGCP ,
RTP,RTCP, Skype protocol etc.
VoIP phone is necessary to connect to a VoIP service provider.This can be implemented in
several ways:
o Dedicated VoIP phones connect directly to the IP network using technologies
such as wired Ethernet or Wi-Fi.
o These are typically designed in the style of traditional digital business
telephones.
o An analog telephone adapter connects to the network and implements the
electronics and firmware to operate a conventional analog telephone attached
through a modular phone jack.
o Some residential Internet gateways and cablemodems have this function built
in.
o Softphone application software installed on a networked computer that is
equipped with a microphone and speaker, or headset.
o The application typically presents a dial pad and display field to the user to
operate the application by mouse clicks or keyboard input.
 Because of the bandwidth efficiency and low costs that VoIP technology can provide,
businesses are migrating from traditional copper-wire telephone systems to VoIP
systems to reduce their monthly phone costs.
 VoIP allows both voice and data communications to be run over a single network,
which can significantly reduce infrastructure costs.
  VoIP devices have simple, intuitive user interfaces, so users can often make simple
system configuration changes.
 Dual-mode phones enable users to continue their conversations as they move between
an outside cellular service and an internal Wi-Fi network, so that it is no longer
necessary to carry both a desktop phone and a cell phone.
 Maintenance becomes simpler as there are fewer devices to oversee.
 Communication on the IP network is perceived as less reliable in contrast to the
circuit-switched public telephone network because it does not provide a network-
based mechanism to ensure that data packets are not lost, and are delivered in
sequential order.
 By default, network routers handle traffic on a first-come, first-served basis.
 Network routers on high volume traffic links may introduce latency that exceeds
permissible thresholds for VoIP.

5.2 Incorporate the use of a communications server to provide real-

time multimedia communications

This section discuss about the communication servers.

 Communications servers are open, standards-based computing systems that operate as

a carrier-grade common platform for a wide range of communications applications
and allow equipment providers to add value at many levels of the system architecture.
 Based on industry-managed standards such as Advanced CA, MicroTCA, Carrier
Grade Linux and Service Availability Forum specifications, communications servers
are the foundational platform upon which equipment providers build network
infrastructure elements for deployments such as IP Multimedia Subsystem (IMS),
IPTV and wireless broadband (e.g. WiMAX).
 Support for communications servers as a category of server is developing rapidly
throughout the communications industry.
 Standards bodies, industry associations, vendor alliance programs, hardware and
software manufacturers, communications server vendors and users are all part of an
increasingly robust communications server ecosystem.
 Regardless of their specific, differentiated features, communications servers have the
following attributes: open, flexible, carrier-grade, and communications-focused.
5.3 Select common voice and videoconferencing codecs according to
standards and practices
This section discuss about the video codecs and protocols.

A codec
 A codec is either a hardware device or a software-based process that compresses and
decompresses large amounts of data used in voice over IP, video conferencing and
streaming media.
 A codec takes data in one form, encodes it into another form and decodes it at the
egress point in the communications session.
 There are two types of codecs used in communications.
 The first codec is typically hardware-based, and it performs analog-to-digital and
digital-to-analog conversion.
 A common example is a modem used for sending data traffic over analog voice
circuits.
 In this case, the term codec is an acronym for coder/decoder.
 The second type of codec is now more commonly used to describe the process of
encoding source voice and video captured by a microphone or video camera in digital
form for transmission to other participants in calls, video conferences, and streams or
broadcasts.
 In this example, the term codec stands for compression/decompression.
 A codec's primary job is data transformation and encapsulation for transmission across
a network.
 Voice and video codecs use a software algorithm running on a common processor or
in specialty hardware optimized for data encapsulation and decapsulation.
 Video conferencing standards and protocols are necessary to define common means
for video encapsulation and session management.
 Encapsulation standards define how video and audio are captured, converted to digital
format, transmitted between endpoints and decoded.
 Session Initiation Protocol (SIP) is widely supported for video session management,
though many older systems rely on H.323.
 Gateways and multipoint control unit (MCUs) can make SIP and H.323 work together.
 Encapsulation protocols vary in terms of vendor support and performance.
 Popular encapsulation standards include the International Telecommunication Union's
(ITU) H.264, as well as VP8 for video, ITU G.711/G.722/G.729 for voice, and ITU
H.239/T.120 for data, such as screen sharing or web conferencing.
 H.264 is widely supported by video conferencing vendors, while VP8 is widely used
in WebRTC-capable browsers, like Google Chrome and Mozilla Firefox.
6. Manage and support a complex network

 A complex network is a graph (network) with non-trivial topological features—

features that do not occur in simple networks such as lattices or random graphs but
often occur in graphs modelling of real systems.
 The study of complex networks is a young and active area of scientific research.

6.1 Identify and evaluate appropriate network management tools to assist

in the administration of the complex network

This section discuss about tools to manage complex network.

 With networks becoming even more complex over time, having a robust network
monitoring solution in place is crucial.
 OpManager offers comprehensive network monitoring capabilities that help you
monitor network performance, detect network faults in real time, troubleshoot errors,
and prevent downtime.
 Being a powerful network monitor, it supports multi-vendor IT environments and can
scale to fit your network, regardless of its size.
 Monitor your devices and network to gain complete visibility and control over your
entire network infrastructure.
 Monitor your devices and network to gain complete visibility and control over your
entire network infrastructure.

 Some of the open source tools for managing and troubleshooting networks:
o Nagios Core
o NIPAP
o Wireshrk
o Ntopng Community
o pfSense
o Cacti
 The biggest challenge with today's network management solutions, is to proactively
 identify faults before it impacts end-users.
 OpManager detects, isolates and troubleshoots faults, raises alarms to remediate faults
quickly.
OpManager, the integrated network management software allows to:
 Set multiple thresholds for performance metrics.
 Get proactively notified for threshold violations and faults through email and SMS.
 Process SNMP traps and syslogs and raise alerts.
 Automatically log alarms as tickets into a service desk software.

6.2 Select and install network management tools according to industry

and organisational standards
This section discuss about the role of network management tools in an organization.

 In today's complex network of routers, switches, and servers, it can seem like a
daunting task to manage all the devices on your network and make sure they're not
only up and running but also performing optimally.
 This is where the Simple Network Management Protocol (SNMP) can help.
 SNMP was introduced in 1988 to meet the growing need for a standard for managing
Internet Protocol (IP) devices.
 SNMP provides its users with a "simple" set of operations that allows these devices to
be managed remotely.
 The core of SNMP is a simple set of operations (and the information these operations
gather) that gives administrators the ability to change the state of some SNMP-based
device.
 SNMP usually is associated with managing routers, but it's important to understand
that it can be used to manage many types of devices.

Network management system (NMS)

 A network management system (NMS) is a set of hardware and/or software tools that
allow an IT professional to supervise the individual components of a network within a
larger network management framework.
Concerns which Network management system assist an organization network:
 Network device discovery - identifying what devices are present on a network.
 Network device monitoring - monitoring at the device level to determine the health of
network components and the extent to which their performance matches capacity
plans and intra-enterprise service-level agreements (SLAs).
 Network performance analysis -tracking performance indicators such as bandwidth
utilization, packet loss, latency, availability and uptime of routers, switches and other
Simple Network Management Protocol (SNMP) -enabled devices.
 Intelligent notifications - configurable alerts that will respond to specific network
scenarios by paging, emailing, calling or texting a network administrator.

6.3 Set and monitor alerts and logs

 This section discuss about the importance of maintaining network logs.

 Log management is the process for generating, transmitting, storing,
analysing, and disposing of computer security log data.
 Insufficient local logging, inconsistent remote logging, and logging to
servers that no longer exist.
 Network device logging is absolutely critical both when troubleshooting
and performing forensic analysis of network outages or security break-ins.

Steps to create and maintain logs:

 Make sure the local logging buffer is used effectively.
 Ensure the network device is logging to a remote server.
 Log the important stuff.

Make sure the local logging buffer is used effectively:

 When troubleshooting an issue, the first place network engineers will look is
on the local device itself.
 Different network devices handle their logging in different ways, all
depending on their underlying operating system.
 However the device in question performs local logging, the key is to make
sure that there's enough local buffer to be useful for initial troubleshooting.
 Ensure the network device is logging to a remote server:
 Ensure the network device is logging to a remote server, or even servers if
you
 have a redundant logging design.
 Also, make sure that all devices are logging to the same server(s).
 It's not uncommon for log server infrastructure to be replaced by the server
team; the network team isn't in the loop and doesn't realize there's an issue
until its missing log data that was shipped into the darkness.

Log the important stuff:

 Juniper firewalls don't log traffic flows by default.
 Cisco routers don't log SSH connection attempts by default.
 Not all platforms log routing adjacency changes consistently.

6.4 Capture and analyse network performance data

This section discuss about the analysis of network performance data.

 Network perfomcae can be analysed by any different tool.

 Whichever tool you use, it is important to understand the fundamentals of how
network performance metrics (such as latency, packet loss, or throughput) can be
calculated.
 This calculation can be performed manually with Wireshark or any other packet
analyzer or automated with the network performance management (NPM) solution.
 Wireshark is a useful tool to determine the cause of slow network connections.
 The major part of applications is running on TCP protocols.
 TCP offers a certain number of mechanisms that can be used to evaluate network
performance.

Different parameters to measure network performance:

 Network Latency Indicators.
 Packet Loss Indicators.
 Throughput Indicators.
Network Latency Indicators:
 This metric corresponds to the time interval between the SYN and the ACK in the
initial TCP session setup: a 3-way handshake composed of SYN, SYNACK and ACK
packets.
 The connection time is a good indicator of the network latency as these packets are
handled in priority by the system and by server clients.
 The impact of these system should normally be negligible.
 The acknowledgment mechanism can also help measure the round trip network
latency from your point of capture to either the client or the server.
 The round trip time is measured as the time interval between a packet containing
payload and its corresponding acknowledgment packet.

Packet Loss Indicators:

 This metric corresponds to the number of retransmitted packets compared to the
number of initial packets sent.
 This rate is clear indicator of packet loss.
 This metric corresponds to the time interval between the initial packet sent and the
first acknowledged retransmission.
 It is representative of the time lost due to the retransmission/packet loss in the transfer
of the data.

Throughput Indicators:
 This metric corresponds to the time required to transfer the request from the client to
the server or the response from the server to the client.
 This value has a strong impact on the overall response time experienced by each user.

6.5 Implement automated server updates

This section discuss about network server automation.

Network automation
 Network automation is a methodology in which software automatically configures,
provisions, manages and tests network devices.
  It is used by enterprises and service providers to improve efficiency and reduce human
error and operating expenses.
 Network automation tools support functions ranging from basic network mapping and
device discovery, to more complex workflows like network configuration management
and the provisioning of virtual network resources.
 Network automation also plays a key role in software-defined networking, network
virtualization and network orchestration, enabling automated provisioning of virtual
network tenants and functions, such as virtual load balancing.
 Automation can be employed in any type of network, including local area networks
(LANs), wide area network (WANs), data centre networks, cloud networks and
wireless networks.
 In short, any network resource controlled through the command-line interface (CLI)
or an application programming interface (API) can be automated.
 A network server is a computer system, which is used as the central repository of data
and various programs that are shared by users in a network.
 There are several categories of interfaces, platforms and protocols used to execute
script-driven or software-based network automation.
 The CLI is the most traditional vehicle for deploying network automation.
 Though freely available, time-tested and highly customizable, it requires proficiency
in CLI syntax.

6.5 Implement desktop management policies

This section discuss about the desktop management process.

 Desktop management is a comprehensive approach to managing all the computers

within an organization.
 Despite its name, desktop management includes overseeing laptops and other
computing devices as well as desktop computers.
 Desktop management is a component of systems management, which is the
administration of all components of an organization's information systems.
 Other components of systems management include network management and database
management.
 Most of the DMs are based on a standard framework called desktop management
 interface (DMI), which guides DM developers in managing and tracking components
in a desktop.
 Several DM tools and applications have already been released by various developers
and cloud service providers.
 Although the applications are varied, all of them serve the same end purpose.

Primary functions of desktop management:

 Fault Management: Manages troubleshooting, error logging and data recovery.
 Configuration Management: Handles the hardware and software compatibilities of the
system.
 Performance management: Monitors the performance of each and every application
that runs in your desktop.
 Security management for security issues.

6.6 Implement automated virus checking

This section discuss about the security threats and the protection taken for the same.

 Virus Protection and Management policy applies mainly to systems

administrators and technical support staff, but is also relevant to anyone else
who has a responsibility for preventing the introduction of viruses.
 Viruses cost businesses money, and the threat is not going to go away any
time soon.
 The interoperability between applications only makes it easier for virus
writers to release viruses that can spread quickly and quietly without the
user’s knowledge.
 Network Virus Protection and Malware Removal Support is critical for your
business or organization.
 Hence the best computer hackers never let you know they are on your
network or computers.
 Therefor you need comprehensive anti-virus threat and security management
to protect your data and assets.
 Because in today’s digital world, improper network security could give your
secretary the power to put your entire network environment at risk.
  Consequently this is why you need a competent IT support partner
experienced in the latest computer security strategies.
 This will insure that the business operations are adhering to a strict operating
protocol with our Managed Network Virus Protection and Malware Removal
support services.

Security Support Services Include:

 Managed Network Security Protection
 Virus & Malware Removal
 Monitored Protection
 Enterprise Class Security Partners

6.7 Use remote management tools

This section discuss about remote management tools.

 Remote management is one way through which people manage their websites easily
from their computer through a server supported on windows 7, windows vista or
windows XP.
 Today almost every device is connected to the internet.
 Some of the bet tools for remote managements is as below:
o TeamViewer
o Ammy admin
o ISL Light
o UltraVNC
o Remote Desktop

TeamViewer
 It is the best remote management tool available.
 It has established itself as a reliable service, giving home users opportunity to support
friends for free.
 Corporate licenses, while not free, are not expensives and promotions from time to
time, provide the additional discount.
 We can instruct a user to download a small program.
 Once its run user is presented with a code which is used by you to tap into the remote
support session.
 We can also install TeamViewer on multiple computers/servers and connect whenever
needed.

Ammy admin
 Ammy Admin is known for ease of use, it works behind NAT, meaning that we can
connect to the computers which are connected to the internet and behind a firewall
easily.
 No special configuration required.
 A connection is encrypted and secure.
 In order to run it, it does not require installation. It also has built-in chat and file
manager so that you can communicate and transfer files easily.

ISL Light
 ISL Light does not provide a free version, but it has a 15 day trial instead.
 While we can use Ammy and Teamviewer to support friends for free, ISL Light is
orientated more towards enterprise clients.
 Looking at their website, you will quickly find that is used by the most elite
companies around the world.
 They also feature integrations with various services including AVG Business
Managed Workplace.

UltraVNC
 UltraVNC is an open source project.
 Like RealVNC is using a VNC protocol.
 It is actively developed and while UVNC does not have a cloud component,
developers have created a special version which can be used in the cloud available in
the downloads section.

Remote Desktop
 Remote Desktop is integrated into Microsoft Windows.
  We could find the icon in the programs, but many admins are used to run the program
via the search function, by typing mstsc.
 While Remote Desktop is great for connecting the servers and computers, it can be
improved with Remote Desktop Connection Managers.
7. Test network functionality and obtain sign-off
 Network performance refers to measures of service quality of a network as seen by the
customer.
 There are many different ways to measure the performance of a network, as each
network is different in nature and design.
 Performance can also be modelled and stimulated instead of measured; one example
of this is using state transition diagrams to model queuing performance or to use a
Network Stimulator.
 Once the network performance is analysed we need to obtain sign off from the
management.

7.1 Test network functionality and record results

This section discuss about the performance parameters of a network.

 The network functionality cab be analysed in many different ways, as each network is
different in nature and design.
The following measures are often considered important:
o Bandwidth
o Throughput
o Latency
o Jitter
o Error rate
Bandwidth
 Bandwidth commonly measured in bits/second is the maximum rate that information
can be transferred.
 The available channel bandwidth and achievable signal-to-noise ratio determine the
maximum possible throughput.
 It is not generally possible to send more data than dictated by the Shannon- Hartley
Theorem.
Throughput
 Throughput is the actual rate that information is transferred, is the number of messages
successfully delivered per unit time.
 Throughput is controlled by available bandwidth, as well as the available signal-to-
noise ratio and hardware limitations.
 Throughput for the purpose of this article will be understood to be measured from the
arrival of the first bit of data at the receiver, to decouple the concept of throughput
from the concept of latency.
Latency
 Latency the delay between the sender and the receiver decoding it, this is mainly a
function of the signals travel time, and processing time at any nodes the information
traverses
Jitter
 Jitter variation in packet delay at the receiver of the information.
Error rate
 Error rate the number of corrupted bits expressed as a percentage or fraction of the
total sent

7.2 Record results of network functionality test

This section discuss about the tools for testing and the method to record it.

 Network emulation is a technique for testing the performance of real applications over
a virtual network.
 This is different from network simulation where purely mathematical models of traffic,
network models, channels and protocols are applied.
 The aim is to assess performance, predict the impact of change, or otherwise optimize
technology decision-making.
 Network emulation is the act of introducing a device to a test network (typically in a
lab environment) that alters packet flow in such a way as to mimic the behaviour of a
production, or live, network — such as a LAN or WAN.
 This device may be either a general-purpose computer running software to perform the
network emulation or a dedicated emulation device which usually does link
emulation.
  Two open source network emulators are Common Open Research Emulator (CORE)
and Extendable Mobile Ad-hoc Network Emulator (EMANE).
 They both support operation as network black boxes, i.e. external machines/devices
can be hooked up to the emulated network with no knowledge of emulation.
 They also both support both wired and wireless network emulation with various
degrees of fidelity.
 CORE is more useful for quick network layouts and single machine emulation.
 EMANE is better suited for distributed high fidelity large scale network emulation.
 The above results should be documented and recorded.
 The document should contain:
o For Project: [project name]
o Function or Task: [name]
o Project Team:
o Core Team:
o Extended Team:
o Submitted for testing on: [date]
o Tested by: on: [date]
o Proof of Compliance:
o User Acceptance Checklist completed
o Test Results attached
o Outstanding issues with resolution plans attached

7.3 Complete network documentation according to organisational

standards
This section discuss about preparing the network documentation based on the organization
standards.
 Network documentation is extremely important, but there tends not to be a lot of
agreement on what that documentation should include.
 The short answer is that it should include everything that’s relevant—but what that
means varies between networks.
 For example, in a really small network with one switch and a firewall and perhaps a
single wireless access point, there isn’t much to document.
 It might be enough to put everything in a single diagram.
 But in a bigger network, we need to follow the general principle that somebody else
will need to support this thing one day.
 Network documentation is extremely important, but there tends not to be a lot of
agreement on what that documentation should include.
 The short answer is that it should include everything that’s relevant—but what that
means varies between networks.
 For example, in a really small network with one switch and a firewall and perhaps a
single wireless access point, there isn’t much to document.
 It might be enough to put everything in a single diagram.
 But in a bigger network, we need to follow the general principle that somebody else
will need to support this thing one day.
 Network documentation can provide valuable information to service providers as well
as providing backup in the event of a catastrophic network failure.
 There are a number of network documentation products available that can assist with
the documentation process, and Windows Vista also has mapping capabilities built in.
 Some of the more well-known network documentation applications include
SmartDraw ,QonDoc ,LAN ,Surveyor ,NetZoom ,ConceptDraw ,Microsoft Vision
2007.