Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

Ip networking scheme

I have a project to do and i have no idea where or how to start. I only want to know how to start and where to go.

 "You are being hired on at an IT solution firm, and your first task as network administrator is to design
the IP scheme for the network. The specifics that are given are:
 375 computers (looking to expand and add additional 150 computers)
 Client Machines running Windows XP and Windows 7
 Servers Running Server 2003, 2008, and Server 2012
 3 Office locations – Houston (Home Office), Chicago, and New York
 Current Servers:
o 3 Domain Controllers
o 5 File Servers
o 2 Web servers
o 3 Exchange Servers
o 1 Certificate Server
 WAN links between Houston and New York are strong, link between Houston and Chicago are
unreliable
o WAN links:
 Houston 40Mbps
 Chicago 15Mbps
 New York 25Mbps
 Company wants to limit the number public IP addresses to save money from ISP
Given this information, design the network scheme to include all following information:
 IP version (4 or 6)
 DHCP or Static IP Scheme
o If DHCP is used:
 Lease Time
 Size of DHCP Pool
 Pool IP Address Range
 IP addresses
 DNS address
 Default Gateway
 Whether Using WINS or LLMNR
 Subnet Mask or IP Prefix
 Computer Naming Scheme
 Where all servers are located (which offices)"
0
Woop Swag
Asked:
Woop Swag
1 Solution
 
Ganesh Kumar ASr Infrastructure SpecialistCommented:
You can either create internal IP addressing scheme any of the following subnet.
Create network ip scheme for each address.
10.4.1.x, 10.4.2.x, 10.4.3.x with /24 or
192.168.1.x 192.168.2.x, 192.168.3.x with /24 subnet. Incase if you have additional requirement expand it to 192.168.4.x and so on...

You will need public IP only for Exchange server but if you have LB for CAS and HT server you need dedicatedly two IP, mbx server doesn't need any public ip, To setup VPN connectivity between offices you need one ip each site, web server one IP. Note; Do not mix with Exchange IP, let it be dedicated.

Addl Domain controllers on each site, PDC must be in houston and exchange server and web server as well. I recommend to have one addl. DC in houston.

File server on each site but you can do DFS for replicating between site so that secondary copy gets stored on different site. I assume each site would be having one file server.

Web server would be on the houston site.

 IP version (4 or 6) 192.168.1.x/24, 192.168.2.x/24, 192.168.3.x/24, ....
 DHCP or Static IP Scheme : 254 IP you will get in /24 for servers you need to exclude some of the IP from DHCP. Other sites would have 254 IP for DHCP pool
o If DHCP is used:
 Lease Time : Give 2 hours or 4 hours lease if lot of mobile users are rolling inside office.
 Size of DHCP Pool : 200 IP in houston and 54 IP shall be excluded for the servers, printers and other shared resources.
 Pool IP Address Range : 192.168.1.x, 192.168.2.x, 192.168.3.x and so on...
 IP addresses :
 DNS address : Your active directory server must be the primary DNS on each site. If houston AD is 192.168.1.5 then the client on houston would be having 192.168.1.55 mask 255.255.255.0
 Default Gateway : Your router IP, you must be having some option to specify the internal DHCP server.
 Whether Using WINS or LLMNR : Use WINS as well.
 Subnet Mask or IP Prefix : 255.255.255.0
 Computer Naming Scheme : depends on your organization. If your organization name is Avaya Life Insurance (ALI) at houston, it would be OrgName-Location-Department-01 (ensure all char must be two letters)
 Where all servers are located (which offices)" : It can be in houston, but one additional DC, fileserver must be on other two sites for logon authentication and file & print server for local use.

Summary is :
IP Usage :
Houston office uses : Exchange server - 2 public IP, Web server - 1 IP, For VPN link - 1 IP, Gateway IP - 1 IP.
Chicago and Newyork will have one IP each for dedicated VPN routing.

Private IP for internal use will be much different from the public IP scheme which you can setup in each office router under LAN segment. (Wan segment is pointed with public IP)

Apart from these i would suggest you to make environment secured by following.

a) Antispam gw for exchange server on houston site (barracuda antispam firewall, trend micro antispam gateway, ironport....)
b) public SSL certificate for Webserver
c) UCC certificate for exchange server
d) firewall to block unwanted traffic except for the application requirement.
e) Have opensource or paid network monitoring solution like nagios, zenoss core, opennms, zabbix so on...
f) Server OS hardening and client OS hardening
g) Proper antivirus server and antivirus for all workstations/laptops
0
 
Woop SwagAuthor Commented:
Thank you that was a lot of help!
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now