Design NEW network cum NEW IT infrastructure-2

5 pts.
Tags:
3Com
Access control
Application security
Availability
Avaya
backdoors
Bandwidth
Benchmarking
Biometrics
Browsers
Budgeting
Business/IT alignment
Cabling
Cisco
Compliance
configuration
CRM
Current threats
Database
Dell
DHCP
Digital certificates
Disaster Recovery
DNS
Encryption
Enterasys
Fault isolation
filtering
Firewalls
Forensics
Foundry
Hacking
Hardware
Hewlett-Packard
Hubs
human factors
Identity & Access Management
Incident response
Instant Messaging
Interoperability
Intrusion management
Juniper Networks
Lucent
Microsoft Exchange
Network applications management
Network management software
Network monitoring
Network security
Network testing
Networking
Networking services
Nortel
patching
PEN testing
Performance management
Ping
Platform Security
Policies
Protocol analysis
provisioning
Remote management
Risk management
Routers
Secure Coding
Security
Security Program Management
Security tokens
Servers
Single sign-on
Software
Spyware
SSL/TLS
Switches
TCP
Trojans
Vendors
Viruses
VPN
vulnerability management
Web security
Wireless
worms
Company expand so fast that the IT infrastructure is not fast enough to cater high volume of traffic; the initial design is not scalable. The number of new branch offices setup caused the company pay a high price in the leased line communication. Salesman and management staffs dial into company networks via 56K modem to access the database server and update the sale order. All the branch offices access the internet via HQ and download email via the external POP3 email server. Plan to revamp their IT infrastructure and reduce the leased line access cost. Here are some of the feedbacks consolidated from the various country managers and local salesman. 1) The email downloading and sending is very slow. They receive a lot of spam email this caused their individual mailbox quota use up very fast. 2) The sales and marketing departments need to access the internet to search for latest news and market trends. But the internet speed is very slow. These people are irritated by spywares and popup often. 3) The File transfer and Database access is very slow even in the local area networks. The logical diagram and equipment diagram are both located at http://www40.brinkster.com/hunkgym/NetworkLogicalDiagram.bmp http://www40.brinkster.com/hunkgym/NetworkEquipmentDiagram.bmp Requirements: ~ Please design a new IT infrastructure to cater for future expansion up to 10 countries. SAP will be implement to automate the overall company operation. Also expect 3rd party to access their server to submit and view sale order. ~ Please design and high available, scalable and secure network. My Email : hunkgym@yahoo.com Thanks for your suggestion. Thanks AGAIN!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Whatever Brinkster is rejected my attempts to access your diagrams.

Offhand, it would appear that you perhaps should consider a hosted CRM solution and a host email solution and exploit the Internet as your network fabric.

Although one cannot generalize across ten unnamed countries, there are usually plenty of >56 kbs access options, whether fized line or, increasingly, mobile.

The spyware, etc. matters can be addresed in part by adding security applications to the client devices and perhaps by changing user behavior. Also, for PC’s, VMware or other virtual machine options make it easier to set up “corporate” virtual machines on remote PCs.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ToneEzeeJ
    In answer to the Spam & Spyware I would suggest security Programs to be installed on the client machines such as Norton Internet Security. This program for example integrates into email clients such as MS Outlook and filters all emails that are suspected to be spam into a spam folder. The user can view each email in this folder and either: take of the spam flag or leave it, and empty the folder. It works well as their inbox is instantly de-clutter from spam but the must review the spam folder since some normal emails that are not spam will (in the beginning) also end up in the spam folder and need to be un-flag from being spam. This is how it learns. Pop-ups and malware are equally well handle by a security suite like Norton Internet Security. I would also suggest configuring Client machines to automatically run maintenance program so as to keep them operating at peek performance over extended periods of time users don't tend to get round to this until its a problem. Try and find faster remote connect solution than 56kb dial-up, if that?s what being used wireless hotspot could give secure internet connects at much faster speeds Mobile networks are offering higher dial-up speeds ISDN dialups can go much faster also, etc. Sorry but I?m not qualified to offer a network re-design but good luck and I hope these suggestions help. Tony.
    0 pointsBadges:
    report
  • Bigshybear
    put the antispam/antispyware at the mail server so that the user computers don't get it, and don't have to download it. I've used Mailfrontier for this EXTREMELY successfully.
    0 pointsBadges:
    report
  • Bigshybear
    put the antispam/antispyware at the mail server so that the user computers don't get it, and don't have to download it. I've used Mailfrontier for this EXTREMELY successfully.
    0 pointsBadges:
    report
  • Sagreed
    1st - I can't see the BMPs so I'm kind of shooting blind here. 2nd - I don't know what kind of budget you are working with so I'm also shooting blind there. Network Infrastructure and Security Consulting is what I do for a living so I speak from experience and the `solution? I am proposing is very scalable 1. Provide Internet connectivity at all sites. Local High Speed such as Cable or DSL. These connections will replace the existing the leased lines and are usually extremely reasonable when compared to a PT - PT connection. You may have to use a Dedicated ISP such as Qwest or AT&T and install multiplexed Internet T1s at the HQ to get the BW to support all of the Remote offices simultaneously. This will still be cheaper than using Dedicated PT ? PT. Maintain the Dialup (assuming a dedicated RRAS Server) as BU. a. Along with this I would install at least one RRAS server in each Remote Office configured to be the fail-over connection to the HQ during any outage of the local Internet connection. This `fail-over? can be configured to occur automatically and be set to allow only the connections between the HQ and Remote Offices to prevent their use as `dial in? points. 2. Get with a Firewall Vendor such as Cisco or Checkpoint and get devices for each site that will allow you to establish Secure Tunnels to and from the Remote sites and the Main HQ. a. Ensure the HQ device will support Remote user VPN so that the Salesman and management staffs can VPN in as needed to do their work. Note this will require a company policy that requires all remote PCs to be maintained with the latest patches, antivirus and anti-spam. Some of the VPN/Firewall devices can enforce policies on the remote VPN PCs to aid in maintaining this Security Policy. Using hotspots and rapidly spreading HSI connectivity in motels this will allow any traveling Salesman and management to gain home network access. b. These firewall devices will allow you multiple paths to the Internet therefore reducing the Internet traffic over the Secure Tunnels and providing backup paths for offices that `lose? their local Internet connection temporarily. As far as a solution for your email spam problem you are very limited without changing Email Hosting providers or installing some form of spam filtering on each desktop. I would start with your current Email Hosting provider and see if they have any spam filtering that can be added to the server they are leasing your company. If that fails I would start investigating a new Email Hosting provider or possibly moving your email server in-house where your will obviously have much more control over it. Internal email hosting is not as difficult or expensive as most Network Administrators let on. If you don?t need all the shred schedules or shared contact lists you could use several of the `free? Linux Mail Servers. There are a few that provide these such as Scalix Connect for Outlook. They aren?t `free? but a typically still cheaper than Exchange. If you were to move your email `in-house? I would add the installation of a Gateway security appliance such as the Symantec Gateway Security 5600 Series security appliances or the Panda GateDefender Performa. These provide ??maximum protection at the Internet gateway, blocking viruses, spam and undesirable content before they can even enter the enterprise.? (Cheap steal of words from Panda?s web site.) I have used both and they can have many benefits.
    0 pointsBadges:
    report
  • RobertKeller
    I am unable to view your diagram. Non the less, this is something you need to hire a professional for. Post the question here is not going to yield the answer you need. We use Brightmail to filter spam before it gets to the mail server. I would suggest something like that.
    0 pointsBadges:
    report
  • Rfergus28
    Hire Me.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following