Project Charter and Management Plan Project Client Organization: Globex Corporation Contact: @globex.com.au System Name Globex Network Date of Charter 18/09/2016 Document Status Final Document Reference ITC306_Final_Documentation Version Number Version 4 Prepared by Virtucon Pty Ltd Team Members Niroshan Senarath - 11587960 Arjoman Chatterji - 11588294 Don Heenkenda Mudalige - 11555787 Kusuminda Arangalla - 11607346   1. Change History All changes to the Project Charter must be recorded in the Change History, and a new version of the charter must be approved by the client. Date Description of Change Reason for Change Author of Change Version No. 15/08/2016 Initial draft N/A Version 1 28/8/2016 Requirement Specification Updating the feasibility report from the initial draft Version 2 19/9/2016 Detailed Project PMP Added network designs, detailed PMP Version 3 12/10/16 Cost approximation Address the cost required for the project Version 4 Table of Contents 1. CHANGE HISTORY 2 TABLE OF CONTENTS 3 2. PART 1 - PROJECT CHARTER 4 2.1. PURPOSE OF THE CHARTER 4 2.2. PURPOSE OF THE PROJECT 4 2.3. PROJECT STAFF 4 2.4. BUSINESS OBJECTIVES OF THE PROJECT 7 2.5. SCOPE OF THE PROJECT 9 2.6. PROJECT MILESTONES AND DELIVERABLES 11 2.7. CLIENT RESOURCES 12 2.8. PROJECT TEAM RESOURCES 12 2.9. TECHNICAL ENVIRONMENT 14 3. PART 2 - PROJECT MANAGEMENT PLAN (A BRIEF VERSION) 15 3.1. RISK MANAGEMENT 15 3.2. ASSUMPTIONS 15 3.3. DEPENDENCIES 15 3.4. CONSTRAINTS 16 3.5. RISK ASSESSMENT 16 3.6. RISK RATING 16 3.7. RISK MITIGATION 16 3.8. SCHEDULE AND BUDGET 18 3.9. SCHEDULE( MICROSOFT PROJECT SOFTWARE COMPULSORY) 18 3.10. MONITORING & CONTROLLING MECHANISMS 19 4. REFERENCES 19 2. PART 1 - Project Charter 2.1. Purpose of the Charter Virtucon Pty Ltd documents and tracks the necessary information which is required by stakeholders to make decisions for the progression of this project. 2.2. Purpose of the Project The purpose of this project is to design and build a new corporate network for Globex. The Globex Network system is no longer in a position to securely cope with the number of users. The corporation is in need of a network upgrade where a secure VPN in a full mesh topology and a HTTPS connection over the internet will be implemented. The purpose of this project is to address the need for a reliable network structure by designing and building a new corporate network for Globex. The clients of the company will be able to access services securely and with ease. 2.3. Project Staff Albury Staff Mark Baker Accounts Max Brody Accounts Brad Hallen Administration John Bechdel Administration Mike Bordin Administration Paul Raven Administration Al Jourgensen Director Duane Buford HR John Monte HR Joe Blogs IT Manager Billy Gould IT Aaron Rossi IT Carla Suarez Navarro Marketing Casey Orr Marketing Chris Connelly Marketing Flavia Pennetta Sales Howie Beno Sales Jello Biafra Sales Louis Svitek Sales Lucie Safarova Sales Michael Balch Sales Mike Scaccia Parts Nivek Ogre Parts Paul Barker Parts Rey Washam Parts Roddy Bottum Services Sin Quirin Services Tommy Victor Services Tony Campos Services Zlatko Hukic Solution Consultant Griffith Staff Belinda Bencic Accounts Shay Jones Accounts Shuai Peng Accounts Anders Colsefni Administration Craig Jones Administration Dominika Cibulkova Administration Sid Wilson Administration Corey Taylor Director Joey Jordison Director Jelena Jankovic HR Shawn Crahan HR Casey Dellacqua IT Chris Fehn IT Brandon Darner Marketing Marty Sorenson Marketing Samantha Stosur Marketing Alize Cornet Sales Coco Vandeweghe Program Manager Donnie Steele Sales Garbine Muguruza Sales Greg Welts Sales Jim Root Technician John Davis Technician Josh Brainard Parts Madison Keys Parts Mick Thomson Parts Paul Gray Services Robert Roberts Services Stephen George Technician Svetlana Kuznetsova Technician Barbora Zahlavova Strycova Solution Consultant   Wagga Wagga staff Caroline Garcia Accounts Duane Denison Accounts Jeordie White Administration Maynard James Keenan Director Mike Patton Director Danny Lohner HR Elina Svitolina HR Angelique Kerber IT Trevor Dunn IT Billy Howerdel Marketing Danny Carey Marketing James Iha Marketing Justin Chancellor Marketing Adam Jones Sales Camila Giorgi Sales Irina-Camelia Begu Sales Jeff Friedl Sales John Stanier Sales Jon Hudson Sales Josh Freese Sales Karolina Pliskova Sales Matt McJunkins Sales Paz Lenchantin Solution Consultant Sabine Lisicki Solution Consultant Sara Errani Solution Consultant Tim Alexander Sales Troy Van Leeuwen Services Varvara Lepchenko Services Zarina Diyas Services   2.4. Business Objectives of the Project To be considered successful, the proposed project must achieve the following goals for the client: BUSINESS GOAL EVIDENCE OF GOAL ACHIEVED 1. A corporate network designed primarily to fulfil the users’ needs while meeting the organizational requirements of Globex. The network user is able to access his/her account, request for services offered by the company, receive approval that the requested services have been approved and scheduled, receive reminders for scheduled services and conduct video conferences with company officials. The company employees on the other hand are able to deliver services to clients through the network and view schedules assigned to them. The mechanical technicians are able to access the machinery data to help them detect possible mechanical problems on time. The company’s three local servers must support failover and NFS share for cloud based backups. The company’s clients are able to access services through other servers when there is a server failure. Cloud storage is accessible to registered users and is secure. 2. A user-friendly and efficient desktop software program. Users are able to access and use the secure desktop program for data file transfer effortlessly. Users with basic computing skills are in a position to use the system with little or no training at all. The program is able to send and retrieve data from the cloud storage securely. The system is able to log network errors and save them for troubleshooting purposes. 3. The upgraded network structure will be faster, more dependable, and support all the solutions that Globex Corporation provides. The corporation has the ability to provide solutions and support to their workers and clients through their Farm Equipment and Precision Farming products without any network failure or errors. For fuel efficiency, it will be possible to schedule routes for machinery and relay them over the network to the drivers. Drivers of different machinery are in a position to communicate one on one, with the farmers and company personnel. Finally, the vehicles are able to access the cloud storage and store the machine functionality as detected by the sensors. 4. A corporate network will enable farmers and employees to use their computers or personal devices, with ability to read and create files in the Globex Precision Farmingformat, to access or exchange data. The farmers can access data from the cloud, conduct video conferencing with farm experts, locate nearest fleets and receive important updates and alerts. During server failures, the farmers are redirected to other servers so that they can still access services with little or no interruption. The company has access to machine functionality, position and data, which is collected through sensors.   2.5. Scope of the Project This project focuses on upgrading the Globex network structure. The project team upon completion of the network upgrade will deliver following items to the client. In Scope Includes System Functions The new network system designed will allow saving and retrieving of data from a central cloud storage. With the new system, the customers of Globex will be able to communicate with company’s consultants, request onsite visits and access precision farming data. The company’s employees, on the other hand, will be able to communicate with each other and with their clients, manage fleet position and analyse the vehicle health. The system developed will protect the integrity of data by saving it in cloud and only allowing those users with access rights to view the data. Additionally, the system will eradicate the use of portable storage devices, such as USB, for file transfer. All networks will be secured by configuring them to interconnect through VPN in a full mesh topology corporate network and establishing a direct HTTPS connection to the cloud server for the intranet. Training A short training session will be offered to the Farm Equipment Sales Team and the Parts and Service representatives since they have been trained on the latest technologies. The training offered will ensure that they easily adapt to the new network system. Clients will be invited to attend seminars and given user manuals that will guide them to flexibly use the new system. The company’s employees will oversee the training given to clients. Device configuration Server machines running windows Server 2012 R2 server OS will be configured to store and retrieve data to/from Linux Server located within Amazon Web Services. The configuration files of all network devices and configuration parameters of the different applications provided on CD, and technical documentation for the person who will maintain the system. Virtual LAN is implemented on devices within offices so as to suit different departments. IP addresses are assigned to differentiate different machines.   The project will not provide: Out of Scope Includes System support and enhancements Once the students demonstrate the final network system, system support, resolution, enhancement and maintenance will be terminated therefore the Globex, who is the ITC306 client, will have to look for a means of providing technical support and maintaining the network system. 2.6. Project Milestones and Deliverables Project Milestone Deliverable Expected Date Project Startup Charter and Management Plan 1/8/2016 Solution Requirements Specification of Requirements (use cases or similar) Test Strategy Updated Project Plan 11/8/2016 Solution Design Fully worked out architecture and detail of design Test Plan in detail 26/08/2016 Prototype Basic component of solution 23/09/2016 Iteration Additional functionality Test Cases 26/09/2016 Iteration Test results 27/09/2016 Iteration Test results Final Release Solution plus all documentation, on CD 1/10/2016 Project Completion Individual evaluation reports 3/10/2016   2.7. Client Resources Role Name Availability 1. Client Manager Niroshan Senarath 1 hour per month for progress reporting. 2. User Representative Arjoman Chatterji Approximately 1 hours per week to help refine requirements, develop test plans and provide acceptance testing. Availability for phone calls.24 hour response to emails, if possible. 2.8. Project Team Resources Role Name/s Timeframe/s 1. Project Manager Arjoman Chatterji Start: 11/8/2016 The project manager is tasked with supervising and editing the documents and meeting deadlines to meet the goals of Globex End Date: 14/10/2016 2. Requirements Engineer Niroshan Senarath Start: 11/8/2016 The requirements engineer is tasked with managing the requirement specifications detailed by globex. End: 14/10/2016 3. Designer Kusuminda Arangalla Start: 11/8/2016 The network designer is tasked with the redesign of the Globex network. The network designer works together with the network engineer and test engineer to provide a solution to Globex. End: 14/10/2016 4. Network Engineer Niroshan Senarath Start: 11/8/2016 The network engineer is tasked with providing a working environment for the tasked solution. The network engineer works together with the network designer to provide a working solution to Globex. End: 14/10/2016 5. Test Engineer Don Heenkenda Mudalige Start: 11/8/2016 The test engineer is tasked with testing the network to ensure there are no faults with the proposed system. The test engineer works together with the network engineer and network designer to to meet the goals of Globex. End: 14/10/2016 6. Technical Writer Arjoman Chatterji Start: 11/8/2016 The technical writer is responsible for explaining in detail the work covered by the rest of the team members. The duty of the technical writer is to emphasize the duties performed and the goals met by the team. End: 14/10/2016 7. Hardware/Network Consultant Don Heenkenda Mudalige Start: 11/8/2016 The Hardware/Network consultant is tasked with the overview of the hardware and network environment and to provide an appropriate solution to Globex. 2.9. Technical Environment The technical environment of this assignment is detailed below. Part 9 of the network design document will highlight the logical design. Part 9.2 of the network design document will highlight the topological environment of the new proposed network. 3. PART 2 - Project Management Plan (a brief version) 3.1. Risk Management 3.2. Assumptions • This project and its plans and estimates assume the following expectations will be met: • Globex concerned with developing a corporate network that is secure, reliable and user centered. • Each project team member is able to complete their task within the time and budget scope allocated. • Both the planning and tracking of the project will be done at activity level by way of established approximations. The length of time will be determined using availability of assets needed by the project. • The Project Manager will ascertain that all project activities are clearly understood and scheduled accordingly. • The project manager has a responsibility of ensuring that the progress being achieved is in accordance to the financial and time scope and that all obstacles of progress are controlled by recommending mitigation options to the project sponsors. • Development of a corporate network will improve data transfers, allow failover and enhance data backup. 3.3. Dependencies The project relies on the following external entities/events: 1. Three servers are each located in the three company locations. The servers run windows Server 2012 R2 and are used by the system for the following configurations: Active Directory, Group Policy, NTFS Permissions, File Server, DHCP configuration, DNS configuration, and Backup. Apart from these functions, the server in Wagga Wagga specifically has Hyper-V and acts as a Terminal Server, while the one in Albury is an Exchange Server and finally the server in Griffith acts as a SharePoint. 2. The system depends on Linux Server located within Amazon Web Services for Linux, Apache, MySQL, PHP, Backups, Open VPN, DNS, SNMP, NTP, VOIP, Web Conferencing, and NFS. 3. Globex Company for funding and requirements specification. 4. The project team to develop different components that will be combined into one corporate network systems. 3.4. Constraints The constraints within which the project will operate are as follows: 1. Time allocated for the project design is 14 weeks. The project must be completed within this time frame. 2. Budget allocated to this project must be enough for the development of the network system. The total amount spent on the project must be close to the estimated budget. 3. The design of this network system is limited to a predefined scope. Scope determines the work to be done and ascertains that the determined work is done. 4. This corporate network relies on a group of four project team members that will share and perform different tasks for the project. 3.5. Risk Assessment 3.6. Risk Rating Id Possible Unwelcome Event Likelihood (L) 1, 2, 3 Severity (S) 1,2,3 Ranking L * S 1 Cyber Attacks 5 8 40 2 Computer Viruses 9 7 54 3 Unauthorised Data Access 3 4 12 4 Information Disclosure 4 5 20 5 Loss of Data 3 8 24 6 System Failure 6 10 60   3.7. Risk Mitigation Id Event Risk mitigation or contingency 1 Cyber Attacks Implementing a stronger authentication protocol 2 Computer Viruses Use an Antivirus software, block access to irrelevant sites. Control and monitor all downloads. 3 Unauthorised Data Access Use permissions to grant access of sensitive data to appropriate individuals. Employ multi-level authentication and user verification systems. 4 Information Disclosure Globex should train company employees and clients on the importance of data integrity and confidentiality. 5 Loss of Data Set up data backup options and prevent deletion of data by unauthorised users. Globex can also emply backup Software as a Service (SaaS) to automate the backup process and store the data in a remote location. 6 System Failure Configure network servers to support failover so that when one server is down users can still access services from the other two servers. 3.8. Schedule and Budget 3.9. Schedule( Microsoft Project software compulsory)   3.10. Monitoring & Controlling Mechanisms The project manager will monitor progress of the project. The team will meet with the Lecturer weekly or as agreed. The team will meet regularly with the client, weekly, or as agreed. All project managers will meet together fortnightly, with the subject co-ordinator. A weekly status/progress report will be provided by the project manager, based on information supplied by individual team members. Configuration management techniques will be used to control the documents and other deliverables of the project – all versions will be kept and baselined when milestones are reached. Change management will be used to record changes in any aspect of the project. Each document will carry a Change History. All team communication and deliverables will be stored on the Forum, but also backed up by the Project Manager.   4. Budget Analysis Product No. Of units Price Computer 90 $129,240 Cloud Server 1 $9,441 Per month VPN 90 $8.31 per user/per month 5. References EcolePolytechnique Montreal, 2004, Upedu web site, viewed 20 February 2006, .   Network Design Document Project Client Organization: Globex Corporation Contact: @globex.com.au System Name Globex Network Date of Charter 18/09/2016 Document Status Final Document Reference ITC306_Final_Documentation Version Number Version 4 Prepared by Virtucon Pty Ltd Team Members Niroshan Senarath - 11587960 Arjoman Chatterji - 11588294 Don Heenkenda Mudalige - 11555787 Kusuminda Arangalla - 11607346   6. Change History All changes to the Design Document must be recorded in the Change History. Date Description of Change Reason for Change Author of Change Version No. 15/08/2016 Initial draft N/A Version 1 28/8/2016 Requirement Specification Updating the feasibility report from the initial draft Version 2 19/9/2016 Detailed Project PMP Added network designs, detailed PMP Version 3 12/10/16 Implementation final documentation Address the implementation information Version 4 7. Table of Contents 5. CHANGE HISTORY 21 6. TABLE OF CONTENTS 22 7. EXECUTIVE SUMMARY 24 7.1. SECURITY 24 7.2. NETWORK PERFORMANCE 25 7.3. AVAILABILITY 25 7.4. USABILITY 25 8. PROJECT GOALS 26 LOGICAL DESIGN 27 8.1. LOGICAL NETWORK DIAGRAM 27 8.2. ADDRESSING AND NAMING STRUCTURE 28 GRIFFITH NETWORK 28 ALBURY NETWORK 29 WAGGA WAGGA 30 8.3. ROUTING AND SWITCHING PROTOCOLS 31 Albury 31 Wagga Wagga 32 Griffith 33 8.4. SECURITY 34 Packet –filtering firewalls 35 Application/Proxy Firewall: 35 8.5. VIRTUAL LANS 38 Wagga Wagga 38 Albury 38 Griffith 38 9. PHYSICAL DESIGN 39 9.1. NETWORK TOPOLOGY 39 MESH TOPOLOGY 39 9.2. LAN TECHNOLOGIES 40 9.3. WAN TECHNOLOGIES 40 Complete WAN Diagram 41 9.4. PHYSICAL NETWORK DIAGRAM 42 Albury Physical Network Diagram 42 Griffith Physical Network Diagram 43 Wagga Wagga Physical Network Diagram 44 9.5. MINIMAL SERVER AND PC REQUIREMENTS 45 Wagga Wagga Office Network 45 Albury Office Network 45 Griffith Office Network 45 VOIP Cloud Network 45 Web conference Cloud Network 46 Cloud Storage Network 46 10. REFERENCES 47 10.1. APPENDIX 1 (PROJECT MEETING AGENDA) 48 Appendix 2 (Meeting Minutes) 54   8. Executive Summary This report was tasked with researching, examining, planning and designing of a new cyberspace environment for the Globex Corporation. Globex is a cyberspace delivering agricultural services to farmers, and is located in the Riverina Region of NSW and has three locations, Albury, Griffith and Wagga Wagga. The Globex Network system is no longer in a position to securely cope with the number of users. The corporation is in need of a network upgrade where a secure VPN in a full mesh topology and a HTTPS connection over the internet will be implemented. The purpose of this project is to address the need for a reliable network structure by designing and building a new corporate network for Globex. The clients of the company will be able to access services securely and with ease. The research draws attention to the benefits a new network structure will pose to the entire corporation. The proposed network design was fuelled by the need for a reliable and secure network structure to support the ever growing number of people depending on Globex Corporation’s agricultural services. The proposed network, in comparison to the old network structure, is outstandingly efficient and user-friendly. Below are some of the major strengths of the proposed network design and how the strengths meet the user requirements. 8.1. Security Implementing a server dedicated for Intrusion Prevention System, Logging / SNMP server, and Disaster Recovery / Backup solution will improve security. Prevention of potential intruders is one step towards securing the system. Use of accounts and authentication measures will also increase security by ensuring data integrity and confidentiality is preserved and sensitive data is assessed by those with appropriate rights. Finally, implementing firewalls will protect interior systems from external threats. Firewalls can also work against to the denial of access (DOS) attacks. Globex utilizes modern and robust security and safety systems which are available to the business sector. Areas, equipment, and encompassing ranges are completely secured utilizing CCTV cameras and multi alert frameworks. The use of firewalls, secure VPN in a full mesh topology and HTTPS connection over the internet will greatly improve the network security. Additionally, having user accounts will ensure data integrity and confidentiality is maintained. With the proposed network design (5.1), users will be able to access services securely. Since the new network design hosts many applications and allow access from different devices used by the company’s employees and clients, sufficient bandwidth and security must be established. Additionally, access policies must be implemented so as to filter out intruding devices and users that may affect the network performance. Finally, detecting IP addresses of logged in devices will help catch devices accessing the network from suspicious locations.   8.2. Network Performance This projects aims to meet this goal by upgrading the old network structure by designing and building a new corporate network which includes three servers at (Wagga Wagga, Griffith, Albury) location, which includes a SharePoint server for optimal network performance. Access to stored data will also be improved by implementing a cloud based solution. Additionally, allowing each site to obtain resources from other branches of the company sites will improve performance and minimize network failure. Therefore we are able to improve better network performance by providing faster, wider, safer and a more convenient network performance between the all branches.The project also introduced asharing platform system according to requirements which provides a distributed network system. As most access businesses take place in regional locations, the traffic is considerably decreased on the data sharing platform. Network congestion will be reduced since there are three servers which will be available for use. With higher network speeds, users will also enjoy reliable video conferences and fast downloads. 8.3. Availability Our primary goal is increasing availability of the Globex network to 24/7which will be realized through the implementation of interconnected domains all accessing a single cloud based storage, 3 Microsoft 2012 R2 servers for load bearing capabilities, and network redundancy structure. For example, user in a specific location can still access services and features even if the server is down without considering their geographical location. This is achieved by implementation of redundant links between servers, so that users can temporarily rely on another server when one fails. The proposed network supports server failover since it has other servers that can be usedwhen one server is down. Failover is defined as the practice of moving to a backup system when the system in use experiences a system-wide failure, (Failover, n.d.). With failover in place, users will be able to enjoy consistent access services offered by the company. 8.4. Usability The application software or the user interface used by the users must be both easy to learn and use. Employing a graphical user interface for users to interact with the network system will drastically improve the usability of the new network system. Globex helps customers (agriculturists) upgrade their general technique for cultivating operations. Through their Farm Equipment and Precision Farming items, farmers can view all the continuous of positions of the vehicles, give cautions, give the present status. The desktop application is used by users for video conferencing, downloading and reading files, and scheduling machinery is user friendly. In this proposed project, the desktop application is designed with a graphical user interface (GUI) that ensures that users easily learn how to use the application. 9. Project Goals Any client who subscribes to a service provided by a company expects them be reliable and be able to securely access the service. Beard (2013), writes that outstanding client service and high customer satisfaction is achieved by knowing the expectations of the client. Knowing the goals of the project and how to set them so as to fulfill the customer expectations is a milestone towards satisfying your customers by meeting their expectations. Globex is aware of the needs of both its employees and clients for new services like cloud storage and video conferencing and has proposed a network upgrade that will avail the services. The main aim of the upgrade is to provide better and more accurate solutions to the rising number of clients. The existing network structure has already implemented the following solutions: • Cloud based web server: Used to host a secure Intranet and as a platform for NFS share for cloud based backups. • VoIP cloud network: Used to replace the old telephony system by transmitting telephone calls over the internet in form of voice data packets using IP. • Web conference cloud network: Platform used to host open meetings or web conferencing which allows two or more devices to simultaneously share specific apps, computer screens, or web-centered content. • Storage cloud network: used for Network File Systems (NFS) which is a distributed file system that allows access to files over the network. • Farm Equipment Fleet Positions and Alerts: A system using GPS to track the position and state of farm equipment and to send such alerts as curfew alerts to the fleet. • Data File Transfer: Allows transfer of Globex Precision Farming data files to and from cloud storage hence reducing the need for a portable hardware storage device. • Farm Equipment Fleet Health: Is a system used to access the mechanical state of each equipment for example, fuel level, oil pressure and battery voltage level. • Vehicle to Vehicle Data Exchange: A communication system used to share information among vehicles in the same fields so as to avoid such cases as overlapping while planting. • Soil Information: Is a soil mapping technology that uses sensors to access soil info and topographic data. Logical Design 9.1. Logical Network Diagram The figure below shows the network distribution among all the sites that is to be implemented in the Globex network. The figure above shows the basic network structure that is to be implemented across all sites for Globex. The diagram shows physical hosts which are connected to a Virtual interface monitor (VIM). The VIM is a virtual monitor that analyses the physical host and their stress levels and balances the load between all the physical hosts which will increase the reliability of the services. As Globex wants the company to adapt to a cloud based solution, virtualisation would be an ideal solution. Virtualizing these servers will maximize the physical resources of these servers which will be able to reduce desktop loads more efficiently. Virtualizing the servers will also provide better reliability of essential services. These virtualized servers are connected to Virtual private network (VPN) routers. Accessing information through a VPN network greatly improves the security. Virtualizing these servers will also add an extra layer of security, while being easier to manage for the IT staff. Separating and isolating the servers to one physical host will ease task handling and maintenance of the physical host, servers and network. 9.2. Addressing and Naming Structure Griffith Network Subnet Name Needed Size Allocated Size Address Mask Dec Mask Assignable Range Broadcast Administration 4 6 10.0.1.0 /29 255.255.255.248 10.0.1.1 - 10.0.1.6 10.0.1.7 Sales 4 6 10.0.1.8 /29 255.255.255.248 10.0.1.9 - 10.0.1.14 10.0.1.15 Technician 4 6 10.0.1.16 /29 255.255.255.248 10.0.1.17 - 10.0.1.22 10.0.1.23 Accounts 3 6 10.0.1.24 /29 255.255.255.248 10.0.1.25 - 10.0.1.30 10.0.1.31 Marketing 3 6 10.0.1.32 /29 255.255.255.248 10.0.1.33 - 10.0.1.38 10.0.1.39 Part 3 6 10.0.1.40 /29 255.255.255.248 10.0.1.41 - 10.0.1.46 10.0.1.47 Director 2 2 10.0.1.48 /30 255.255.255.252 10.0.1.49 - 10.0.1.50 10.0.1.51 HR 2 2 10.0.1.52 /30 255.255.255.252 10.0.1.53 - 10.0.1.54 10.0.1.55 IT 2 2 10.0.1.56 /30 255.255.255.252 10.0.1.57 - 10.0.1.58 10.0.1.59 Service 2 2 10.0.1.60 /30 255.255.255.252 10.0.1.61 - 10.0.1.62 10.0.1.63 Program manager 1 2 10.0.1.64 /30 255.255.255.252 10.0.1.65 - 10.0.1.66 10.0.1.67 Solution 1 2 10.0.1.68 /30 255.255.255.252 10.0.1.69 - 10.0.1.70 10.0.1.71   Albury Network Subnet Name Needed Size Allocated Size Address Mask Dec Mask Assignable Range Broadcast Sales 6 6 192.168.1.0 /29 255.255.255.248 192.168.1.1 - 192.168.1.6 192.168.1.7 Administration 4 6 192.168.1.8 /29 255.255.255.248 192.168.1.9 - 192.168.1.14 192.168.1.15 Part 4 6 192.168.1.16 /29 255.255.255.248 192.168.1.17 - 192.168.1.22 192.168.1.23 Service 4 6 192.168.1.24 /29 255.255.255.248 192.168.1.25 - 192.168.1.30 192.168.1.31 Marketing 3 6 192.168.1.32 /29 255.255.255.248 192.168.1.33 - 192.168.1.38 192.168.1.39 Accounts 2 2 192.168.1.40 /30 255.255.255.252 192.168.1.41 - 192.168.1.42 192.168.1.43 HR 2 2 192.168.1.44 /30 255.255.255.252 192.168.1.45 - 192.168.1.46 192.168.1.47 IT 2 2 192.168.1.48 /30 255.255.255.252 192.168.1.49 - 192.168.1.50 192.168.1.51 Director 1 2 192.168.1.52 /30 255.255.255.252 192.168.1.53 - 192.168.1.54 192.168.1.55 IT manager 1 2 192.168.1.56 /30 255.255.255.252 192.168.1.57 - 192.168.1.58 192.168.1.59 Solution 1 2 192.168.1.60 /30 255.255.255.252 192.168.1.61 - 192.168.1.62 192.168.1.63 Wagga Wagga Subnet Name Needed Size Allocated Size Address Mask Dec Mask Assignable Range Broadcast Sales 10 14 192.168.2.0 /28 255.255.255.240 192.168.2.1 - 192.168.2.14 192.168.2.15 Marketing 4 6 192.168.2.16 /29 255.255.255.248 192.168.2.17 - 192.168.2.22 192.168.2.23 Service 3 6 192.168.2.24 /29 255.255.255.248 192.168.2.25 - 192.168.2.30 192.168.2.31 Solution 3 6 192.168.2.32 /29 255.255.255.248 192.168.2.33 - 192.168.2.38 192.168.2.39 Accounts 2 2 192.168.2.40 /30 255.255.255.252 192.168.2.41 - 192.168.2.42 192.168.2.43 Director 2 2 192.168.2.44 /30 255.255.255.252 192.168.2.45 - 192.168.2.46 192.168.2.47 HR 2 2 192.168.2.48 /30 255.255.255.252 192.168.2.49 - 192.168.2.50 192.168.2.51 IT 2 2 192.168.2.52 /30 255.255.255.252 192.168.2.53 - 192.168.2.54 192.168.2.55 Administration 1 2 192.168.2.56 /30 255.255.255.252 192.168.2.57 - 192.168.2.58 192.168.2.59 9.3. Routing and Switching Protocols Albury Following diagram describes the Albury LAN. Albury network is being allocated with 30 desktop computers, 2 printers, 4 switches, firewall and a server. There is two routers configured to keeps that network traffic from affecting the other router. The routers are assigned with default static routes. This allows ease of routing table maintenance in the network. Albury network contains 8 VLAN’s for the main departments. VLAN provides a better security and reduce the need to have routers deployed on a network to contain broadcast traffic. A firewall is implemented to secure the network.   Wagga Wagga This is the Wagga Wagga network diagram which consist with connectivity of 29 pc's and two routers, one firewall, 4 switches ,2 printers,8 VLAN's for different departments. Using VLAN's for each department which comprises with better network management and maintains consistency. This site uses a static route configuration, which means a manually configured route used when routing from a network to a stub network.one firewall will be implemented to this network to prevent unauthorized access from third parties.   Griffith This Network contain 31 pcs and in this network we are using separate VLANs for each department. Therefore, we are using 10VLANs, and it’s remove traffic in the network.   9.4. Security Network security, according to an online publication, is the procedure of utilizing preventive measures, both physical and software, to protect network systems from intruders, misuse, damage, and modification, therefore producing a secure platform for hardware, software and people ware to perform permitted tasks within the network environment (Network Security Resources. n.d.). A network security structure is typically compromised of multiple components including network monitoring, security software which is in addition to multiple hardware appliances. The structure of a network relies on multiple levels of protection to ensure data integrity and safety. Data can be compromised in many ways. Some of the most common network security threats include:  Computer Viruses  Worms  Trojan horses  Hackers  Denial of service attacks (DoS)  Identity theft, Spyware  Data breach  Zero-day attacks. Globex must make sure that network administrators, network engineers or security engineers are in charge of implementing policies, installing software and hardware needed to secure the network and its resources that block potentially unauthorised users to access the network in each of their 3 sites. Networking professionals also have to ensure that employees within the company have adequate resources and network privilege to work. Firewalls Firewalls filter information to and from the computers as well as block access to unauthorized software and applications. They help ensure a networks availability and security of a company’s network by protecting against various types of network, application and cyber-attacks. This system has implemented firewalls in all the three site locations and also in the cloud. The firewall is implemented in server 1 and used to protect Albury, Wagga Wagga, Griffith and the Cloud storage system that is to be implemented. Some of the firewall protocols that are to be implemented are as follows: Packet –filtering firewalls: Packet fileting is accomplished by access control lists which are located on routers and switches and generally act very fast. The advantages of Packet-filtering firewalls is that it gives security to every device on the network, and comes inbuilt in all routers. Packet-filtering firewalls offers basic security to an unsecured network and are generally not feature rich, but offer a quick and easy security solution to deploy across many devices. Figure 1.1 Application/Proxy Firewall: This firewall acts on behalf of a client creating a buffer port to scan information that is passing through the ports. This additional layer of security makes it harder for hackers to access the network as they will have to compromise the firewall to get to the vulnerable application on the client computer. Application firewalls are also easily patchable in case of a threat which makes it secure.   Figure 1.2 Virtual Private Network (VPN) VPN is the use of a technology that produces an encrypted and secure network connection over a network that is considered less secure. VPN is used to provide security while accessing network systems when the underlying network structure is not in a position to deliver adequate security. VPN is often used to replace private networks while travelling since a private network costs more. Additionally, large organizations can inter-connect their branches using VPN. Users accessing a secured network over VPN often need to be authenticated before being granted right to access network services. Users are given usernames and passwords which will be used for identification before gaining access to the private network. A pin or captcha may also be provided to prove that the network accessor is a human and not a robot. The diagram above shows the basic VPN network structure that will be implemented to the Globex network.   9.5. Virtual LANs Wagga Wagga VLAN 10 – Account Department VLAN 20 – Marketing VLAN 30 - Consultant VLAN 40 – IT Department VLAN 50 – Sales VLAN 60 – Service VLAN 70 – Human Resources VLAN 80 – Server Albury VLAN 10 – Human resources VLAN 20 – Director VLAN 30 –Solution VLAN 40 –IT Department VLAN 50 –Services VLAN 60 – Marketing VLAN 70 – Administration VLAN 80 –Parts Griffith VLAN 10 – Accounting VLAN 20 – Admin VLAN 30 - Director VLAN 40 –HR VLAN 50 – IT VLAN 60 – Marketing VLAN 70 – Sales VLAN 80 –Technician VLAN 90-Service   10. Physical Design 10.1. Network Topology When we are configuring a network most difficult & most important part is the choosing a Topology, there are two ways of network Topology, physical topology & the logical (or signal) topology. In Physical Topology using Hard wares like switches and routers, cables and Pc’s Type of Topology’s: • POINT TO POINT • BUS TOPOLOGY • RING TOPOLOGY • MESH TOPOLOGY • STAR TOPOLOGY • TREE TOPOLOGY • FULLY CONNECTED MESH TOPOLOGY In our Network Design we hope to use Mesh Topology, all devices need to interconnected with each other and Mesh Topology has Two major Types, one is full mesh topology and second one is partial mesh topology. In mesh topology all workstations are directly connecting with each other. Therefore we will hope to use full mesh topology for our LAN Networks in Wagga Wagga, Griffith and Albury.   10.2. LAN technologies LAN is a network infrastructure which consists of end devices and users in a small geographic area. Basically this LAN is controlled by one administrative authority. In addition expensive hardware can be shared on LAN system, users can access the same files, a single internet connection can be shared among many users. On this project there are three LAN's such as Wagga Wagga ,Griffith, Albury are connected to each other .There's LAN specification on this LAN which are ; IEEE 802.2 (LLC) IEEE 802.3 (Ethernet) Token Ring /802.5 Token passing method will be used on this LAN system which consists of Token ring and FDDI; this method is passing messages between users in a network. Ethernet Cat 6 cables are use on each LAN system for the high performance speed and reliability. 10.3. WAN technologies WAN covers a large geographical area which consists two or three LAN's.WANs are used to connect a local network with other local networks, so users or computers in one location can communicate with users and computers in other locations. This WAN network is fully meshed network which are three LAN's such as Wagga Wagga, Griffith, Albury connected with each other. Everyone on the network can use the same data. Having a large network system / wide so as to reach and share information /files from remote access areas. Operational costs is expensive on WAN, In terms of WAN network settings is more difficult and complicated. By using a VPN Which gives confidentiality if information, integrity of data and good authentication of users. In addition, good firewall requires restricting third party users from outside network.   Complete WAN Diagram   10.4. Physical Network Diagram Albury Physical Network Diagram The above diagram presents the proposed network for the Albury office. There is only one server to be implemented on this network which contains resources such as AD/DNS/DHCP/File server for a number of attached VLAN's.VPN will be implemented for create a secure connection to another network over the Internet. Every workstation has 64-bit processor with 8GB ram and runs Window 10 as Operating system.   Griffith Physical Network Diagram The above diagram presents the proposed network for the Griffith office. There is only one server to be implemented on this network which contains resources such as AD/DNS/DHCP/File server for a number of attached VLAN's. VPN will be implemented for create a secure connection to another network over the Internet. Every workstation has 64-bit processor with 8GB ram and runs Window 10 as Operating system.   Wagga Wagga Physical Network Diagram The above diagram presents the proposed network for the Wagga Wagga office. There is only one server to be implemented on this network which contains resources such as AD/DNS/DHCP/File server for a number of attached VLAN's.VPN will be implemented for create a secure connection to another network over the Internet. Every workstation has 64-bit processor with 8GB ram and runs Window 10 as Operating system.   10.5. Minimal server and PC requirements Wagga Wagga Office Network Windows Server Environment - Hyper-V Server 2012 R2 (Active Directory / Group Policy / NTFS Permissions /File Server / DHCP configuration / DNS configuration / Backups +Terminal Server) Uses Local Terminal Server, Albury for Exchange Server, Griffith for Sharepoint and Cloud Servers for Intranet / NFS / VOIP / Web Conferencing System requirements: Dedicated hardware server/s that supports hardware virtualisation (suggest Core i5/4GB) Albury Office Network Windows Server Environment - Server 2012 R2 (Active Directory / Group Policy / NTFS Permissions /File Server / DHCP configuration / DNS configuration / Backups + Exchange Server) Uses Wagga Wagga Terminal Server, Local Exchange Server, Griffith for Sharepoint and Cloud Servers for Intranet / NFS / VOIP / Web Conferencing System requirements: All physical computers, hardware servers are required to have Core i5 processor with 8GB RAM Griffith Office Network Windows Server Environment - Server 2012 R2 (Active Directory / Group Policy / NTFS Permissions /File Server / DHCP configuration / DNS configuration / Backups + Sharepoint) Uses Wagga Terminal Server, Albury Exchange Server, Local Sharepoint Server and Cloud Servers for Intranet / NFS / VOIP / Web Conferencing System requirements: All physical computers, hardware servers are required to have Core i5 processor with 8GB RAM VOIP Cloud Network Linux Server located within Amazon Web Services with (Linux / Apache / MySQL / PHP / Backups / OpenVPN / DNS / SNMP / NTP + FreePBX (VOIP))   Web conference Cloud Network Linux Server located within Amazon Web Services with (Linux / Apache / MySQL / PHP / Backups / OpenVPN / DNS / SNMP / NTP + Open Meetings (Web Conferencing)) Cloud Storage Network Linux Server located within Amazon Web Services with (Linux / Apache / MySQL / PHP / Backups / OpenVPN / DNS / SNMP / NTP + NFS)  11. References Beard, R. (2013, October). The Complete Guide to Customer Expectations.Retrieved September 12, 2016, from http://blog.clientheartbeat.com/customer-expectations. Failover (n.d.).In ComputerHope.com.Retrieved September 10, 2016, from http://www.computerhope.com/jargon/f/failover.htm. Network Security Resources.(n.d.).Retrieved September 17, 2016, from https://www.sans.org/network-security. Rouse, M. (2008, January). Cyberspace.Retrieved September 10, 2016, from http://searchsoa.techtarget.com/definition/cyberspace. Blair, R., &Durai, A. (2009, May 21). Chapter 1: Types of Firewalls. http://core0.staticworld.net/images/idge/imported/article/nww/2009/05/01fig02-100277504-orig.jpg Blair, R., &Durai, A. (2009, May 21). Chapter 1: Types of Firewalls. http://core0.staticworld.net/images/idge/imported/article/nww/2009/05/01fig01-100277503-orig.jpg   11.1. Appendix 1 (Project meeting agenda) Agenda Team Name: _____Network Design Team_________ Date ____1/8/2016________ Time _____15:00__ Place __CSU Room #2.01, 2.02__ Meeting Purpose: Project Start Topic Person Responsible Time 1. Review agenda Arjoman Chatterji 2 min 2. Case Study Arjoman Chatterji 20 min 3. Fesibility Study Niroshan Senarath 20 min 4. Budget Allocation Don Heenkenda Mudalige 10 min 5. Resource Planning Kusuminda Arangalla 20 min 6. Summary Arjoman Chatterji 5 min 7. Meeting Evaluation Arjoman Chatterji 2 min   Agenda Team Name: _____Network Design Team_________ Date : 11/8/2016 Time : 15:00 Place: CSU Study Center Room #2.01, 2.02 Meeting Purpose: Planning and Design Topic Person Responsible Time 1. Review agenda Arjoman Chatterji 2 min 2. Project Scheduling Arjoman Chatterji 10 min 3. Project Plan Niroshan Senarath 10 min 4. Project Proposal Don Heenkenda Mudalige 10 min 5. Summary Kusuminda Arangalla 5 min 6. Meeting Evaluation Arjoman Chatterji 2 min   Agenda Team Name: _____Network Design Team_________ Date : 26/8/2016 Time : 15:00 Place: CSU Study Center Room #2.01, 2.02 Meeting Purpose: Design Topic Person Responsible Time 1. Review agenda Arjoman Chatterji 2 min 2. Initial Design Kusuminda Arangalla 20 min 3. Design Implementation Niroshan Senarath 20 min 4. Summary Don Heenkenda Mudalige 5 min 5. Meeting Evaluation Arjoman Chatterji 2 min   Agenda Team Name: _____Network Design Team_________ Date : 5/09/2016 Time : 15:00 Place: CSU Study Center Room #2.01, 2.02 Meeting Purpose: Programming Topic Person Responsible Time 1. Review agenda Arjoman Chatterji 2 min 2. System Programming Niroshan Senarath 20 min 3. Summary Arjoman Chatterji 5 min 4. Meeting Evaluation Arjoman Chatterji 2 min   Agenda Team Name: _____Network Design Team_________ Date : 19/09/2016 Time : 15:00 Place: CSU Study Center Room #2.01, 2.02 Meeting Purpose: Execution Topic Person Responsible Time 1. Review agenda Don Heenkenda Mudalige 2 min 2. Client Proposal Arjoman Chatterji 20 min 3. Documentation Arjoman Chatterji 20 min 4. Summary Kusuminda Arangalla 5 min 5. Meeting Evaluation Kusuminda Arangalla 2 min   Agenda Team Name: _____Network Design Team_________ Date : 06/10/2016 Time : 15:00 Place: CSU Study Center Room #2.01, 2.02 Meeting Purpose: Final Allocation and Payments Topic Person Responsible Time 1. Review agenda Arjoman Chatterji 2 min 2. Budget Allocation Arjoman Chatterji 20 min 3. Resource Allocation Niroshan Senarath 20 min 4. Summary Arjoman Chatterji 5 min 5. Meeting Evaluation Arjoman Chatterji 2 min   Appendix 2 (Meeting Minutes) Meeting Minutes Team Name: Network Design Team Date 1.08.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Case Study, Feasibility Study, Budget Allocation, Resource Planning Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Case Study Arjoman Chatterji 03/08/2016 Feasibility Study Niroshan Senarath 5/08/2016 Budget Allocation Don Heenkenda Mudalige 10/08/2016   Meeting Minutes Team Name: Network Design Team Date 11.08.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Project Scheduling, Project Plan, Project Proposal Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Project Scheduling Arjoman Chatterji 17/08/2016 Project Plan Niroshan Senarath 23/08/2016 Project Proposal Don Heenkenda Mudalige 25/08/2016   Meeting Minutes Team Name: Network Design Team Date 26.08.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Initial Design, Design Implementation Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Initial Design Arjoman Chatterji 31/08/2016 Design Implementation Niroshan Senarath 04/09/2016   Meeting Minutes Team Name: Network Design Team Date 05.09.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made System Programming, Network Execution Plan Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date System Programming Don Heenkenda Mudalige 09/09/2016 Network Execution Plan Kusuminda Arangalla 18/09/2016   Meeting Minutes Team Name: Network Design Team Date 19.09.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Client Proposal, Documentation and Execution Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Client Proposal Arjoman Chatterji 20/09/2016 Documentation and Execution Arjoman Chatterji 22/09/2016 Meeting Minutes Team Name: Network Design Team Date 23.09.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Functionality Test, Test Implementation, Risk Management Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Functionality Test Kusuminda Arangalla 27/09/2016 Test Implementation Don Heenkenda Mudalige 02/10/2016 Risk Management Arjoman Chatterji 05/10/2016   Meeting Minutes Team Name: Network Design Team Date 06.10.2016 Time 16:00 Members Present Arjoman Chatterji, Niroshan Senarath, Don Heenkenda Mudalige, Kusuminda Arangalla Decisions Made Budget Allocation, Resource Allocation Issues Log Resolved Issues __________________________________________________________________ New Issues __________________________________________________________________ Action Item Person Responsible Completion Date Budget Allocation Arjoman Chatterji 10/10/2016 Resource Allocation Niroshan Senarath 13/10/2016   Test Plan The purpose of this document is to allocate the test strategy as it relates to the implementation of Project Globex. Testing for this Network will include Network and application connectivity. Test Objective Plan Test Name Test ID Responsible Creation Date Description Expected Result Configuration Test CT-1 Niroshan 29/09/2016 Verifying the test functions on Software configuration TBA Kusuminda Verifying the test functions on Hardware configuration TBA Anjoman Checking the router configuration TBA Test Name Test ID Designer Creation Date Description Expected Result User Interface test UT-1 Anjoman 30/09/2016 Checking the configuration on user workstations TBA Kusuminda Checking cable connections on user workstations TBA Test Name Test ID Designer Creation Date Description Expected Result Failover and Recovery FR-1 Anjoman 02/10/2016 Backup servers and configuration test TBA Don Fire and theft protection plan check TBA Failover and backup plan TBA Test Name Test ID Designer Creation Date Description Expected Result Security and Access control ST-1 Kusuminda 10/10/2016 Checking access list on each devices TBA Don Antivirus software function level protection on all workstations TBA Niroshan Firewall configuration test TBA Test and configuration plan Following table listed the Test and configuration plan for devices in all offices. Branch Department Code Check Date Successful/ Unsuccessful Responsible Comments Albury Administration ALAD01 29/09/2016 TBA Niroshan Accounts ALAC01 29/09/2016 TBA Kusuminda Director ALDI01 29/09/2016 TBA Don HR ALHR01 31/09/2016 TBA Niroshan IT ALIT01 01/10/2016 TBA Kusuminda Marketing ALMK01 01/10/2016 TBA Arjoman Sales ALSL01 01/10/2016 TBA Don Parts ALPT01 01/10/2016 TBA Niroshan Services ALSA01 04/10/2016 TBA Don Solution Consultant ALSO01 04/10/2016 TBA Arjoman Switch AL-SW01 07/10/2016 TBA Don Router AL-RO01 07/10/2016 TBA Kusuminda WagaWaga Accounts WAAC01 30/10/2016 TBA Niroshan Administration WAAD01 30/10/2016 TBA Niroshan Director WADI01 30/10/2016 TBA Arjoman HR WAHR01 01/10/2016 TBA Don IT WAIT01 01/10/2016 TBA Arjoman Marketing WAMK01 03/10/2016 TBA Arjoman Sales WASL01 03/10/2016 TBA Kusuminda Solution Consultant WASO01 03/10/2016 TBA Don Services WASA01 08/10/2016 TBA Kusuminda Griffith Router WA-RO01 08/10/2016 TBA Don Switch WA-SW01 08/10/2016 TBA Niroshan Accounts GRAC01 28/09/2016 TBA Kusuminda Administration GRAD01 02/10/2016 TBA Kusuminda Director GRDI01 02/10/2016 TBA Don HR GRHR01 03/10/2016 TBA Arjoman IT GRIT01 03/10/2016 TBA Niroshan Marketing GRMK01 03/10/2016 TBA Niroshan Sales GRSL01 03/10/2016 TBA Don Program Manager GRPM01 05/10/2016 TBA Arjoman Technician GRTE01 05/10/2016 TBA Kusuminda Parts GRPT01 05/10/2016 TBA Niroshan Services GRSA01 05/10/2016 TBA Arjoman Solution Consultant GRSO01 07/10/2016 TBA Niroshan Router GR-RO01 07/10/2016 TBA Kusuminda Switch GR-SW01 07/10/2016 TBA Don   Test card Wagga Wagga Test card Albury Test card Griffith Test card