I. History:
Riordan Manufacturing, Inc. is an industry leader in the field of plastic injection molding. With state-of-the art design capabilities, they create innovative plastic designs that have earned international acclaim. Attention to detail, extreme precision and enthusiastic quality control are the hallmarks of Riordan Manufacturing. Connected via a Wide Area Network (WAN) it maintains facilities in Albany, Georgia, Pontiac, Michigan, and Hang Zhou,
China. The company’s research and development is done at the corporate headquarters in San Jose, Ca. Riordan’s major customers are automotive parts manufacturers, aircraft manufacturers, the Department of Defense, beverage makers and bottlers, and appliance manufacturers.
II. Assessment:
In order to stay competitive in a constantly changing business environment, Riordan needs to remain current with the latest technology, recent industry developments, and attend to the service requirements of its customers. According to Riordan’s CIO and other staff members, Riordan’s telecommunication and data networking systems necessitate upgrading to better support the company’s recent and future growth needs.
Team A began its investigation by gathering information about the existing network system. Based on the diagrams provided, we completed an inventory of the existing hardware and evaluated the security protocols for the wide area network (WAN) and local area network (LAN) connections in each location. The current networking model in place is a server-based (client/server) design. Each locality dedicates hardware (servers) for handling the application requests from the workstations. All locations support more than 10 users. (Greg, Tittel, & Johnson, 2004) In examining the networking schematics, we found that the diagrams and the logical designs were out dated; these were not consistent with the actual physical implementations. The current network consists of aging and outdated technology and devices; such as, hubs, Cat3 cabling, Windows 98 workstations and NT Servers. Two of the four facilities are not employing firewalls on the networks and two sites had firewalls placed in front of their routers. An additional drawback is that the bandwidth is limited between locations. Limited information was obtainable regarding the port, router configurations, and security software.
The current infrastructures implemented were designed with a unique approach. However, there are some basic resemblances between current designs in place at the San Jose and Hangzhou locations, only minor alterations are required for the specific needs of the individual locations. In addition, the network designs at the Albany and Pontiac locations also bare some similarities with one another. Even so, there appears to be a basic need for the local area networks (LAN) to mirror one another and standardize the network configurations within the WAN.
In further review of the San Jose and Hangzhou locations, it appears that these networks follow the Bus and Ring topology principals with two WAN connections. Each network patterned on a 100 base T Ethernet backbone with an edge router for data transmission to and from the other locations and external sources on a full T1 line. The number of users supported in each location is between 35 and 50 users, per site. The workstations connect to the network via 24 port Cisco 5950 switches running on 100 base T Ethernet lines. In addition, each location is running the following servers: basic Windows NT network/domain Network and Exchange servers, UNIX based ERP/MRP servers, and NAS file storage servers. However, there is only a single UPS (Uninterruptible power supply) backup device in each location to support the entire site in the event of power loss. Each location also contains a satellite connection that serves as a back up for these locations in the event that the primary T1 line is unavailable. The current network design extends to connect to a 1 GB Ethernet based backbone that supports 15 additional users running on an unknown MAC platform with its own Windows network server.
In reviewing the designs for the Pontiac and Albany locations these networks, appear to be modeled on the Star Bus topology principals with 1 WAN connection. Each network is daisy-chained to comprise the backbone. Ethernet cables connect multiple Nortel Baystack routing devices (Pontiac uses 10 Base T lines with hubs and Albany uses 100 Base T lines with switches). Each was using a single edge router for passing data between locations via a fractional T1 line. Missing security devices and inadequate routing protocols for communications protect the WAN from intrusion. There are no provisions for diverse traffic routing; overall network reliability is at risk. Another major concern is the lack of secure remote access or VPN (virtual private network) to aide with security for the network.
III. SCOPE:
The Purpose of this paper is to provide Riordan’s national and international manufacturing plants a common arrangement of system and plant security controls. It is the aim of Team A, to provide recommendations that apply equally across Riordan’s information network. The primary business objective is to enable seamless compatibly between all facilities. Our first initiative is to standardize network configurations, hardware components, and software applications. This will improve data integrity and availability throughout the entire organization. Encompassed within this plan is the deployment of security protocols and policies that will safeguard both the network and ensures accessibility for Riordan’s customers and employees.
IV. Recommendations:
Based on Team A’s evaluation, it was determined that the current network infrastructure is in desperate need of a complete overhaul. All four locations should mirror one another and the network configurations standardized. We have charted proposed logical designs (page 8) for the upgraded networks at each location to demonstrate the topology and identify the required components. This modeling process will assist management to better understand the possibilities of the new system. The following list is an overview of the recommended changes for the network upgrades:
Protocol Recommendations:
• TCP/IP – LAN Routing and transport protocol, which holds the entire network together.
• SNMP – Network management protocol for managing the network infrastructure.
• FTP – file transfer protocol for WAN/LAN wide file transfers.
• DNS – Domain naming system for network name resolution.
• MPLS/RSVP for routing protocols
TCP/IP is flexible enough for use in both LAN and WAN environments and it provides a rich set of services and utilities for the Windows platform. The usefulness of TCP/IP is broad, because of its routable, scalable and ability to build very large hierarchical networks. TCP/IP facilitates communications at different layers of the OSI model. Many of the protocols include TCP/IP and are standards based with worldwide acceptance. The disadvantage of using the TCP/IP configuration that TCP/IP is more complicated than NetBIOS or IPX/SPX. In comparison to NetBEUI, TCP/IP employs a larger header that encapsulates the data. This also slows down the transmission of the packet. FTP, SNMP, and DNS have all suffered historically from insecurity issues and compromises; however, these protocols have matured over the years and are available with encryption algorithms. Because of the existing TCP/IP infrastructure, it should be relatively simple to build upon the existing network. (Kozierok, 2005)
MPLS is a dynamic routing protocol the utilization of it will aide in switching the traffic flow during a power outage. MPLS is a tag switching protocol, Video IGMP joins are accommodated as well as the SIP traffic for Voice. MPLS also supports QOS, meaning priority routing is enabled for voice and video. By building an MPLS core network and enabling diverse services to traverse the core network, IT personnel are able to streamline the operations and administration of their network and enable effective utilization of the regional core network. This will support such emerging services as Layer 3/2 VPNs, VPLS and Point-to-Multipoint commercial service. (Juniper, ND) One of its known disadvantages is the interoperability between vendors on configuration parameters. This can interfere with link down status and halt traffic flow.
1. Topology:
The basic network design or topology in all locations need restructured to support the company’s plans for future growth. Currently Riordan Manufacturing employs a WAN topology commonly referred to as a Hub-and-Spoke configuration (Star topology). The Main office is the Hub of the network with the remote offices creating the Spokes of the network. Presently, each remote site is utilizing a fractional T-1 back to the main office. The only exception is a satellite link from the China office. Each location routes its internet traffic back to the main office for browsing connectivity.
Although the star topology is the most widely used topology in networks that contain more than just a few computers (Greg, Tittel, & Johnson, 2004), it lacks the amount of bandwidth needed for the company’s plans for efficiency. Also there are no provisions for diverse traffic routing which affects the reliability of the overall network. However utilizing the current topology will be cost effective and upgrading the digital circuits will cause minimal interruption within the current configuration. Our recommendation is to switch to a partial mesh topology. Our primary concern is the cost of satellite space and because additional equipment is very expensive and could place the company into discord. The China location does have an internet connection and accessing the main office via this link should activate when the satellite connection fails. Increasing the bandwidth over the satellite will improve their throughput for backups and database updates.
2. Hardware:
a. Switches:
China has two, 24-port switches that connects the inter office LAN to the rest of the network. A gateway switch connects and translates communication between the LAN to the satellite connection to the HQ.
The China network would benefit from replacing the three, 24-port hubs that connect the factory floor to the network with three, 24-port switches. Pontiac does not employ switches. This site is connected with hubs and patch panels. The Pontiac network could benefit from replacing the 4 hubs and 3 patch panels with four, 24-port switches for network segregation, and to alleviate network congestion and create Virtual LANs. Albany has three, 24-port switches and a patch panel. This network has enough switches to accommodate the network segregation to support creating VLANs. Corporate headquarters in San Jose has two, 24-port switches that connect the inter-office network. Two gateway switches connect and translate communications between the LAN and the Satellite and between the R&D LAN and the inter-office LAN. Corporate headquarters could benefit from replacing the 24-port hub with a 24-port switch.
In all the networks, replacing the hubs with switches will help to alleviate possible network congestion caused by the hubs rebroadcasting the signal to every device on the network. These changes will provide more bandwidth per channel to accommodate more VoIP phones and other expansion if needed in the future. In addition, the new switches will segregate the single larger networks into smaller Virtual LANs, which will further alleviate network traffic. A disadvantage to replacing the hubs with switches is that switches will cost a little more than hubs.
b. Security:
The corporate headquarters network in San Jose has 2 WAN connections. The first one is a T1 wired connection protected by an unknown firewall. The second connection is a satellite link to China with no security devices noted. The Albany, GA. network has 1 WAN connection to corporate headquarters. This connection is a fractional T1 with a 256k circuit for email and 1.5Mbps for burst. The WAN is not protected by any type of network security device or protocol. The Hanghzou, China network has two WAN connections. The first one is a T1 connection protected by an unknown firewall. The second connection is a satellite link to corporate headquarters in San Jose no security devices noted. The Pontiac, MI. network has 1 WAN connection to corporate headquarters. This connection is a fractional T1 with a 256k circuit for email and 1.5Mbps for burst.
To secure the network a firewall solution will be implemented at all four locations. The firewall, a Cisco 525 PIX, will reside between the Cisco routers and the primary Cisco switch on the T1, E1, and satellite connections. This will ensure that all possible entrances to the network are secured. The Cisco 525 PIX firewall incorporates “multi-vector attack protection services” for further protection, from many forms of attacks, such as, “denial-of-service (DoS) attacks, fragmented attacks, replay attacks, and malformed packet attacks.” It uses a variety of advanced protection features, such as, “TCP stream reassembly, traffic normalization, DNSGuard, FloodGuard, FragGuard, MailGuard, IPVerify, and TCP intercept and provides real-time alerts to administrators.” “Administrators can also easily create custom security policies using the flexible access control technologies provided by Cisco PIX Security Appliances, including network and service object groups, user and group-based policies, and more than 100 predefined applications and protocols.” “Cisco PIX 525 Security Appliance models have integrated hardware VPN acceleration, delivering highly scalable, high-performance VPN services. (Cisco, 2008)
To aide with network security, virtual private network VPN client software will be installed on all workstations and usage will be necessary to access resources located across the network. VPNs provide the highest level of security using advanced encryption and authentication protocols that protect data from unauthorized access. VPNs enable you to create secure, business-critical communication links over the Internet Give telecommuters and mobile workers secure access to your LAN. VPNs are also able to connect two computers over long distances yielding substantial savings over dedicated leased line options.
V. Diagrams
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
VI. Conclusion:
In conclusion, Team A analyzed each of the Local Area Networks of Riordan Manufacturing to develop a proposal to upgrade the Wide Area Network of Riordan Manufacturing. The proposed improvements would increase the bandwidth, which would facilitate improved data and voice communications among all of the plants, headquarters and their customers. In addition, to providing faster, more reliable telecommunications with increased throughput, the proposed upgrades will provide Riordan Manufacturing with new communication protocols that will improve security and encryption to facilitate Virtual Private Networks and other secure remote computing capabilities. Finally, the improved network would provide increased customer access for sales and support by providing more high speed and reliable access to the Riordan’s web site as well as providing high quality, reliable telephone connections.
References:
Kozierok, Charles (2005). The TCP/IP Guide, Retrieved March 15, 2008 From
https://www.tcpipguide.com/
Juniper (ND) Leveraging MPLS to Enable Deterministic Services in the Cable Core, Retrieved March 13, 2008, From: https://www.juniper.net/solutions/literature/white_papers/200228.pdf
Shinoda, Yoichi. (2002). The MPLS advantages. Retrieved March 16, 2007 From https://www.soi.wide.ad.jp/class/20010022/slides/02/47.html
Greg, T. Tittel, E. & Johnson, G. (2004) Guide to networking essentials [Electric version] Course Technology; Ch 2 – 14 pp 71-528; Retrieved from University of Phoenix eResource website, Aug. 26, 2007