Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Electronics

(DOCX, Unknown)

advertisement 
Running Head: WAN DESIGN
1
WAN Design
Christopher Johnson
University of Advancing Technology
NTS415
Dr. Phil Polstra
November 30, 2012
WAN DESIGN
2
WAN Design
The following designs provides a scalable and secure WAN infrastructure for the NetSec
company. In order to achieve the most cost effective and reliable solutions a hybrid scheme
incorporating three of the most popular and widely available WAN technology was chosen.
MPLS IP VPN will be leveraged to connect the national offices to the resources at the Phoenix
headquarters. Service provider MPLS IP VPN will also be the main transport for international
connectivity. The need for reliability and speed are important were important factors in choosing
service provider MPLS ("Comparing bgp/mpls and ipsec vpn's," 2012). A static MPLS
deployment will support the number of remote sites needed and ensures that routing will be
optimized ("Mpls wan deployment guide," 2012). A dedicated MPLS IP VPN through an
international service provided will be the fastest and most dependable. DMVPN will provide a
failover connection to international sites and can be leveraged without adding any additional
equipment. Regional office sites will utilize metro Ethernet to connect to the WAN. It’s reduced
cost and high bandwidth make metro Ethernet the best choice ("Wan and vpn solutions: choosing
the best type for your organization," 2012). MPLS and metro Ethernet will also be best suited
for any future VoIP or video services that might be needed (Building a universal enterprise wan,
2011). Remote sites and telecommuters will be provided remote access via internet based IPsec
VPN and SSL VPN technology. A single network appliance at each remote site will provide
both of these services and can be integrated in parallel with the perimeter firewall at the Phoenix
headquarters.
WAN DESIGN
Regional office sites will employ WAN routers at their CE devices backed up by a
firewall and a core switch at each location. Sites with wireless connectivity will be managed at
headquarters via a global WLAN controller. Remote sites connecting via internet backbone
IPsec VPN will run a similar device to the man remote access VPN appliance at headquarters.
This device will include a perimeter firewall ("Internet edge design overview," 2012).
International locations will employ WAN enterprise level core routers at the internet edge and
leverage DMVPN via additional software. Internal resources such as email services and web
services will be firewalled and segregated into a DMZ area ("What services belong in a dmz?"
2012). Remote access to the DMZ area via the WAN will pass through WAN router except for
telecommuters and remote sites that utilize internet backbone. Internal domain controllers and
servers will be segregated behind an internal firewall. Provisions for remote site DHCP servers
will be taken into consideration when designing the DHCP Scope as well as any necessary
VLAN provisioning. The MPLS IP VPN and metro Ethernet services provide a great deal of
3
WAN DESIGN
flexibility to deal with legacy servers at regional offices. This design provides all the basic
functionality needed for NetSec to deploy a secure and reliable WAN infrastructure.
4
WAN DESIGN
5
References
Building a universal enterprise wan (Whitepapers) (High Performance and Secure Solutions for
Large-Scale Connectivity). Retrieved November 30, 2012, from Juniper Networks:
http://www.juniper.net/us/en/local/pdf/whitepapers/2000413-en.pdf
Comparing bgp/mpls and ipsec vpn's. (2012, December 1) (Reading Room). Retrieved
November 30, 2012, from SANS Institute:
http://www.sans.org/reading_room/whitepapers/vpns/comparing-bgp-mpls-ipsecvpns_756
Internet edge design overview. (2012, September 13) (Smart Business Architecture). Retrieved
November 30, 2012, from Cisco:
http://www.cisco.com/en/US/docs/solutions/SBA/August2012/Cisco_SBA_BN_Internet
EdgeDesignOverview-Aug2012.pdf
Mpls wan deployment guide. (2012, September 4). In Smart business architecture (Solutions).
Retrieved November 30, 2012, from Cisco:
http://www.cisco.com/en/US/docs/solutions/SBA/August2012/Cisco_SBA_BN_MPLSW
ANDeploymentGuide-Aug2012.pdf
Wan and vpn solutions: Choosing the best type for your organization. (2012, April 4)
(Whitepapers). Retrieved November 30, 2012, from xo.com:
http://www.xo.com/SiteCollectionDocuments/Whitepapers/WAN_and_VPN_Solutions.p
df
What services belong in a dmz? (2012) (Support). Retrieved November 30, 2012, from DMZ in a
WAN DESIGN
6
Box:
http://www.dmzinabox.com/support/faqs/showfaq.php?item=What%20services%20belon
g%20in%20a%20DMZ
Related documents
Table of Contents - Baton Rouge Community College
Table of Contents - Baton Rouge Community College
201193040347
201193040347
4896 Network Admin for US AFA Colorado Springs Summit
4896 Network Admin for US AFA Colorado Springs Summit
Networks - the Redhill Academy
Networks - the Redhill Academy
VLSM - Askgeoff.org.uk
VLSM - Askgeoff.org.uk
相片 - The Council of Hong Kong Professional Associations
相片 - The Council of Hong Kong Professional Associations
Peplink SpeedFusion
Peplink SpeedFusion
Computer Networks
Computer Networks
Cisco High-Speed WAN Interface Card serial adapter
Cisco High-Speed WAN Interface Card serial adapter
Next Generation Enterprise MPLS VPN-Based WAN Design and Implementation Guide
Next Generation Enterprise MPLS VPN-Based WAN Design and Implementation Guide
Download
advertisement