Solved

Ip networking scheme

Posted on 2014-09-30
2
325 Views
Last Modified: 2014-10-01
I have a project to do and i have no idea where or how to start. I only want to know how to start and where to go.

 "You are being hired on at an IT solution firm, and your first task as network administrator is to design
the IP scheme for the network. The specifics that are given are:
 375 computers (looking to expand and add additional 150 computers)
 Client Machines running Windows XP and Windows 7
 Servers Running Server 2003, 2008, and Server 2012
 3 Office locations – Houston (Home Office), Chicago, and New York
 Current Servers:
o 3 Domain Controllers
o 5 File Servers
o 2 Web servers
o 3 Exchange Servers
o 1 Certificate Server
 WAN links between Houston and New York are strong, link between Houston and Chicago are
unreliable
o WAN links:
 Houston 40Mbps
 Chicago 15Mbps
 New York 25Mbps
 Company wants to limit the number public IP addresses to save money from ISP
Given this information, design the network scheme to include all following information:
 IP version (4 or 6)
 DHCP or Static IP Scheme
o If DHCP is used:
 Lease Time
 Size of DHCP Pool
 Pool IP Address Range
 IP addresses
 DNS address
 Default Gateway
 Whether Using WINS or LLMNR
 Subnet Mask or IP Prefix
 Computer Naming Scheme
 Where all servers are located (which offices)"
0
Comment
Question by:Woop Swag
2 Comments
 
LVL 10

Accepted Solution

by:
Ganesh Kumar A earned 500 total points
ID: 40353798
You can either create internal IP addressing scheme any of the following subnet.
Create network ip scheme for each address.
10.4.1.x, 10.4.2.x, 10.4.3.x with /24 or
192.168.1.x 192.168.2.x, 192.168.3.x with /24 subnet. Incase if you have additional requirement expand it to 192.168.4.x and so on...

You will need public IP only for Exchange server but if you have LB for CAS and HT server you need dedicatedly two IP, mbx server doesn't need any public ip, To setup VPN connectivity between offices you need one ip each site, web server one IP. Note; Do not mix with Exchange IP, let it be dedicated.

Addl Domain controllers on each site, PDC must be in houston and exchange server and web server as well. I recommend to have one addl. DC in houston.

File server on each site but you can do DFS for replicating between site so that secondary copy gets stored on different site. I assume each site would be having one file server.

Web server would be on the houston site.

 IP version (4 or 6) 192.168.1.x/24, 192.168.2.x/24, 192.168.3.x/24, ....
 DHCP or Static IP Scheme : 254 IP you will get in /24 for servers you need to exclude some of the IP from DHCP. Other sites would have 254 IP for DHCP pool
o If DHCP is used:
 Lease Time : Give 2 hours or 4 hours lease if lot of mobile users are rolling inside office.
 Size of DHCP Pool : 200 IP in houston and 54 IP shall be excluded for the servers, printers and other shared resources.
 Pool IP Address Range : 192.168.1.x, 192.168.2.x, 192.168.3.x and so on...
 IP addresses :
 DNS address : Your active directory server must be the primary DNS on each site. If houston AD is 192.168.1.5 then the client on houston would be having 192.168.1.55 mask 255.255.255.0
 Default Gateway : Your router IP, you must be having some option to specify the internal DHCP server.
 Whether Using WINS or LLMNR : Use WINS as well.
 Subnet Mask or IP Prefix : 255.255.255.0
 Computer Naming Scheme : depends on your organization. If your organization name is Avaya Life Insurance (ALI) at houston, it would be OrgName-Location-Department-01 (ensure all char must be two letters)
 Where all servers are located (which offices)" : It can be in houston, but one additional DC, fileserver must be on other two sites for logon authentication and file & print server for local use.

Summary is :
IP Usage :
Houston office uses : Exchange server - 2 public IP, Web server - 1 IP, For VPN link - 1 IP, Gateway IP - 1 IP.
Chicago and Newyork will have one IP each for dedicated VPN routing.

Private IP for internal use will be much different from the public IP scheme which you can setup in each office router under LAN segment. (Wan segment is pointed with public IP)

Apart from these i would suggest you to make environment secured by following.

a) Antispam gw for exchange server on houston site (barracuda antispam firewall, trend micro antispam gateway, ironport....)
b) public SSL certificate for Webserver
c) UCC certificate for exchange server
d) firewall to block unwanted traffic except for the application requirement.
e) Have opensource or paid network monitoring solution like nagios, zenoss core, opennms, zabbix so on...
f) Server OS hardening and client OS hardening
g) Proper antivirus server and antivirus for all workstations/laptops
0
 

Author Closing Comment

by:Woop Swag
ID: 40356031
Thank you that was a lot of help!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now