Design NEW network cum NEW IT infrastructure-2

5 pts.
Access control
Application security
Business/IT alignment
Current threats
Digital certificates
Disaster Recovery
Fault isolation
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Juniper Networks
Microsoft Exchange
Network applications management
Network management software
Network monitoring
Network security
Network testing
Networking services
PEN testing
Performance management
Platform Security
Protocol analysis
Remote management
Risk management
Secure Coding
Security Program Management
Security tokens
Single sign-on
vulnerability management
Web security
Company expand so fast that the IT infrastructure is not fast enough to cater high volume of traffic; the initial design is not scalable. The number of new branch offices setup caused the company pay a high price in the leased line communication. Salesman and management staffs dial into company networks via 56K modem to access the database server and update the sale order. All the branch offices access the internet via HQ and download email via the external POP3 email server. Plan to revamp their IT infrastructure and reduce the leased line access cost. Here are some of the feedbacks consolidated from the various country managers and local salesman. 1) The email downloading and sending is very slow. They receive a lot of spam email this caused their individual mailbox quota use up very fast. 2) The sales and marketing departments need to access the internet to search for latest news and market trends. But the internet speed is very slow. These people are irritated by spywares and popup often. 3) The File transfer and Database access is very slow even in the local area networks. The logical diagram and equipment diagram are both located at Requirements: ~ Please design a new IT infrastructure to cater for future expansion up to 10 countries. SAP will be implement to automate the overall company operation. Also expect 3rd party to access their server to submit and view sale order. ~ Please design and high available, scalable and secure network. My Email : Thanks for your suggestion. Thanks AGAIN!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

Whatever Brinkster is rejected my attempts to access your diagrams.

Offhand, it would appear that you perhaps should consider a hosted CRM solution and a host email solution and exploit the Internet as your network fabric.

Although one cannot generalize across ten unnamed countries, there are usually plenty of >56 kbs access options, whether fized line or, increasingly, mobile.

The spyware, etc. matters can be addresed in part by adding security applications to the client devices and perhaps by changing user behavior. Also, for PC’s, VMware or other virtual machine options make it easier to set up “corporate” virtual machines on remote PCs.

Discuss This Question: 6  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToneEzeeJ
    In answer to the Spam & Spyware I would suggest security Programs to be installed on the client machines such as Norton Internet Security. This program for example integrates into email clients such as MS Outlook and filters all emails that are suspected to be spam into a spam folder. The user can view each email in this folder and either: take of the spam flag or leave it, and empty the folder. It works well as their inbox is instantly de-clutter from spam but the must review the spam folder since some normal emails that are not spam will (in the beginning) also end up in the spam folder and need to be un-flag from being spam. This is how it learns. Pop-ups and malware are equally well handle by a security suite like Norton Internet Security. I would also suggest configuring Client machines to automatically run maintenance program so as to keep them operating at peek performance over extended periods of time users don't tend to get round to this until its a problem. Try and find faster remote connect solution than 56kb dial-up, if that?s what being used wireless hotspot could give secure internet connects at much faster speeds Mobile networks are offering higher dial-up speeds ISDN dialups can go much faster also, etc. Sorry but I?m not qualified to offer a network re-design but good luck and I hope these suggestions help. Tony.
    0 pointsBadges:
  • Bigshybear
    put the antispam/antispyware at the mail server so that the user computers don't get it, and don't have to download it. I've used Mailfrontier for this EXTREMELY successfully.
    0 pointsBadges:
  • Bigshybear
    put the antispam/antispyware at the mail server so that the user computers don't get it, and don't have to download it. I've used Mailfrontier for this EXTREMELY successfully.
    0 pointsBadges:
  • Sagreed
    1st - I can't see the BMPs so I'm kind of shooting blind here. 2nd - I don't know what kind of budget you are working with so I'm also shooting blind there. Network Infrastructure and Security Consulting is what I do for a living so I speak from experience and the `solution? I am proposing is very scalable 1. Provide Internet connectivity at all sites. Local High Speed such as Cable or DSL. These connections will replace the existing the leased lines and are usually extremely reasonable when compared to a PT - PT connection. You may have to use a Dedicated ISP such as Qwest or AT&T and install multiplexed Internet T1s at the HQ to get the BW to support all of the Remote offices simultaneously. This will still be cheaper than using Dedicated PT ? PT. Maintain the Dialup (assuming a dedicated RRAS Server) as BU. a. Along with this I would install at least one RRAS server in each Remote Office configured to be the fail-over connection to the HQ during any outage of the local Internet connection. This `fail-over? can be configured to occur automatically and be set to allow only the connections between the HQ and Remote Offices to prevent their use as `dial in? points. 2. Get with a Firewall Vendor such as Cisco or Checkpoint and get devices for each site that will allow you to establish Secure Tunnels to and from the Remote sites and the Main HQ. a. Ensure the HQ device will support Remote user VPN so that the Salesman and management staffs can VPN in as needed to do their work. Note this will require a company policy that requires all remote PCs to be maintained with the latest patches, antivirus and anti-spam. Some of the VPN/Firewall devices can enforce policies on the remote VPN PCs to aid in maintaining this Security Policy. Using hotspots and rapidly spreading HSI connectivity in motels this will allow any traveling Salesman and management to gain home network access. b. These firewall devices will allow you multiple paths to the Internet therefore reducing the Internet traffic over the Secure Tunnels and providing backup paths for offices that `lose? their local Internet connection temporarily. As far as a solution for your email spam problem you are very limited without changing Email Hosting providers or installing some form of spam filtering on each desktop. I would start with your current Email Hosting provider and see if they have any spam filtering that can be added to the server they are leasing your company. If that fails I would start investigating a new Email Hosting provider or possibly moving your email server in-house where your will obviously have much more control over it. Internal email hosting is not as difficult or expensive as most Network Administrators let on. If you don?t need all the shred schedules or shared contact lists you could use several of the `free? Linux Mail Servers. There are a few that provide these such as Scalix Connect for Outlook. They aren?t `free? but a typically still cheaper than Exchange. If you were to move your email `in-house? I would add the installation of a Gateway security appliance such as the Symantec Gateway Security 5600 Series security appliances or the Panda GateDefender Performa. These provide ??maximum protection at the Internet gateway, blocking viruses, spam and undesirable content before they can even enter the enterprise.? (Cheap steal of words from Panda?s web site.) I have used both and they can have many benefits.
    0 pointsBadges:
  • RobertKeller
    I am unable to view your diagram. Non the less, this is something you need to hire a professional for. Post the question here is not going to yield the answer you need. We use Brightmail to filter spam before it gets to the mail server. I would suggest something like that.
    0 pointsBadges:
  • Rfergus28
    Hire Me.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: