I agree with bobkberg, this does seem more like a school exercise than real world. There are too many variables in your equation for anyone using this Q&A to solve adequately. Yes your ‘company’ needs to hire a firm that will be on-site to talk to managment to see exactly what is needed. The most important is budget. How much is you company willing to spend? I hope it’s a substantial amount for all you are asking.

This is the real commercial problem. Well, the reason I ask this problem is I salute and respect all of you as I believe all of you are as good as network solution company out there, or even better!!

Lets me rephrase the entire problem again.

Company expand so fast that the IT infrastructure is not fast enough to cater high volume of traffic; the initial design is not scalable. The number of new branch offices setup caused the company pay a high price in the leased line communication.
Salesman and management staffs dial into company networks via 56K modem to access the database server and update the sale order. All the branch offices access the internet via HQ and download email via the external POP3 email server.
Plan to revamp their IT infrastructure and reduce the leased line access cost. Here are some of the feedbacks consolidated from the various country managers and local salesman.
1) The email downloading and sending is very slow. They receive a lot of spam email this caused their individual mailbox quota use up very fast.
2) The sales and marketing departments need to access the internet to search for latest news and market trends. But the internet speed is very slow. These people are irritated by spywares and popup often.
3) The File transfer and Database access is very slow even in the local area networks.

I decided to put the real network cum equipment diagram of my current company as I believe this will at least give INSIGHT in solving the problem.

Please visit the website http://www.hgym.photosite.com
for the diagrams which are network diagram and equipment diagram.

Now I plan to improve the IT infrastructure to cater for future expansion up to 10 countries. SAP will be implement to automate the overall company operation. Also expect 3rd party to access their server to submit and view sale order.

I also plan to redesign the network so that it is high available, scalable and secure.

Any suggestion and opinion? What is your comment after looking at my network and its insfrastructure (from the diagrams on http://www.hgym.photosite.com )

My email is hunkgym@yahoo.com Of course you can reply here, preferable :>

Thanks again for your opinion!! Thank You!!

After only finishing a BSC in network environemtn and design, this certianly sticks out as a typical project.

I suggest you get reading and learning about the key factors required, and actually attempt to solve this project by using your own knowledge and technical experience.

This way you’ll gain a tighhter grasp of basics such as infrastructure, routing etc, and importantly, requirements versus budget.

If this is commercial… I would be onto a Networking Analysis and Services company to cater for your needs.

Ok – I’d still recommend that you get a professional networking company in there quickly. But here are some guidelines to get you out of this mess in the future.

1) Get a gigabit backbone with manageable switches and routers.

2)Make sure ALL of your infrastructure is manageable, and preferably from the same vendor. The Gigabit Ethernet standard is not quite universally implemented across all vendors.

3) Invest in network taps for key portions (backbone and major routes) so that you can observe problems “live” with a sniffer.

4) Get MRTG (google it) going to quickly see what and where your traffic is going. There are also commercial management packages (NetLatency comes to mind) that mimic MRTG, but with better features, but MRTG is free and a good place to start.

5) Statseeker is also good – they’re out of Australia.

6) Contract with an external spam blocking company such as Postini (there are others, but I’ve used Postini in several places and I’m generally happy with them)

7) MAJOR POINT – get into your network and find out why and where the blockages are! Uses taps, hubs, SPAN ports, and a sniffer. Likely trouble points are:
- Mismatched line speed and duplex settings
- Poor Routing (I noted you are using RIP) – OSPF is much more flexible and works on almost every vendor’s equipment.
- Look into some of the commercial enterprise anti-spyware and anti-virus packages. These allows you to set updates and scanning policies globally so as not to depend on individuals to do the job. It will also cut down your traffic load.

I hope you understand why I haven’t submitted any network design. This is NOT a project to tackle remotely with only the information provided. Based on your description and the diagrams there is clearly more going on “under the covers” than most of us can figure out remotely. You need someone capable ON SITE to figure out the problems, the patterns, and then act accordingly. The suggestions that I’ve made will allow you to mitigate some of your problems, and carried forward into your new network will allow you to manage other problems as they arise.

If you have this troublesome a network, you may well need to hire someone whose expertise is networks. Many times and places the server admin is assumed by management to be perfectly capable of also running the network. In simple cases this is often true, but in complex cases, it requires actual TIME spent to manage things.

One other point I’ve observed – especially with WAN links – but overall is: Check the physical integrity of ALL connections. I can’t count the number of times a T-1 line was flaky because of loose connections. And the phone company was unable to locate them because that’s not what they do for the most part.

Good Luck,

Bob

p.s. If you’re wondering why no one is proposing to do this job for you, there’s a strict policy against commercial soliciting on this web site.

As usual, I agree with Bob. Get your local area net in order first. His recommendations are good.

For the spam problem, if you don’t have much expertise I suggest a barracuda antispam appliance. We are very happy with ours and it takes minimal administration.

For spyware and viruses, there are gateway appliances and resident software for each workstation. You need to evaluate this in light of how your systems are used. I tend to lean toward resident software.

Once your main net is stable then you can look at how you really want to connect to the remote sites. All of those leased lines are slow and expensive. I would look at replacing them with local internet connections and VPNs to connect the sites.

Bob is right about bringing in an expert. You need to be aware of the connectivity and security implications of any change you make. If you don’t have a good handle on the causes of the current problems with your network, you really don’t know what needs to be changed.

Where I currently work the network, security, and active directory were all badly broken when I came. I didn’t jump into everything.
First I built firewalls and a DMZ. Concurrent with this was implementing reliable backups.
Then we worked out the problems in active directory and fixed most of the network configuration issues.
Now we are preparing to fix the internal network architecture and upgrade our internet bandwidth.
When the network is where I want it, my focus will shift to better monitoring so we can discover the problems before the customer base.
It has taken two years to reach this point. Part of the reason is working in a government institution. Things would have gone much faster in my Intel job. Even so, if I had tried to fix everything at once, we would have run out of money immediately and the entire department would have been overwhelmed. Also, I would have broken some things without realizing it. Instead, the improvements have been gradual. Now I often get comments amounting to: “The network works much better than it did a year ago. What did you do?”.

If you can’t afford the time to do gradual improvements like I did, then bring in an expert. Otherwise, you will be in even hotter water than the current situation.
rt

Very good advice so far about the LAN. I have one suggestion for yuor WAN issues. It sounds as if your remote offices are growing. We had the same type of problem. After checking pricing, services provided and reliability, we went with an SBC managed MPLS cloud. It has cut our WAN costs almost in half. Plus, it’s someone else’s problem to keep it up. I think our SLA is 99.99%. You can still use MRTG to see utilization and the amount of data. It can be scaled as your needs change with no effort on your part, and minor costs for the changes.

Hire Me.