MIS 589 Week 3: Team Course Project - Project Milestone 2
Team# 5
Keller Graduate School Online Course
Submitted in Partial Fulfillment of the Course Requirements for Networking Concepts & Applica
...
MIS 589 Week 3: Team Course Project - Project Milestone 2
Team# 5
Keller Graduate School Online Course
Submitted in Partial Fulfillment of the Course Requirements for Networking Concepts & Applications.
Table of Contents
Milestone 0, Proposal Draft 0
Milestone 1, Proposal 0
Milestone 2, Network Requirements 1 0
Milestone 3, Network Requirement 2 3
Milestone 4, Network Requirements 3 0
Milestone 5, Network Security & Management 0
Bibliography 0
MIS589 week 3 Team5 Project
MIS 589 Project Milestone 2 Proposal Draft Virtual Private Network E-Commerce
Prepared By: Robert Maddox
Ronak Rao
Date: 05/18/2018 Approved By:
Summary of physical media and network design for the proposed service
The foundation network will sustain Virtual Private Network, this kind of network will use public network for secure usability. The other option, to use dedicated connections, Virtual Private Network will permit client workstation to utilize a special key exchange which demand authentication by the VPN. Authentication will end up with the protected network connection being constructed between the workstation and the access point of the company’s internal network. Any amount of data will pass through secret tunnel (Virtual Private Network), will be encrypted, this way provides additional tier of security. VPN uses VPN gateway routers which enable the network construct point, which has possibility to connects thousands local area networks. Usually this situation called router-to-router Virtual Private Network, GFI does connect using Routing and Remote Access Service called RRAS. Most of the time, the medium connect by Local Area Network is the Internet; so, the router will have to be set up with the address on the LAN that links to public IP address. The Virtual Private Network not really change the physical layer requirements, rather Fiber Optic should be used. The Data Link Layer make surety that most effective use of bandwidth for users and employees to approach the Virtual Private Network.
3
A. Physical media selection: summary
The summary shows that whatever occurs using a Modem, sole connection is to the Internet is possible. This diagram explain that what devices should be used to gain an Internet connection from more than one devices. The first diagram shows that how connection will be take place using Router and a Modem. And, second diagram shows when connecting a Router to an existing Router.
Figure 1: Single connection to the Internet.
Figure 2: Multiple connection to the Internet
A.1 Physical media consideration: Types of network and transmission distances
A Virtual Private Network creates a secure connection using public or, private networks owned by a service provider. These networks have a global reach and can access any place on the earth where there is an internet connection to be found. With the extensive range of
MIS589 week 3 Team5 Project
public and private internet connections, there is no limitation on transmission distances for VPNs. Security requirements are continuously developing in the business environment, continuing individual security methods for each access framework, individual access control lists do not build up well and grow the administration burden, making it prohibitively pricey. There might be a preferable substitute for securing organization approach; that is secure, easy to manage and cost-effective, whereas addressing operation and scalability
requirements. (Snatpedia, 2018).
A.2 Physical media consideration: cost
Many cost variables need to be well-thought-out when setting up a site-to-site VPN using internet protocol security. One of those factors will be what equipment you already own and whether the capacity of that equipment can be extended to cover the operational requirements that you are about to add to them. The number of tunnels you intend to create and the additional material that might be necessary for your startup can cause the cost of your business to quickly get out of hand if you're not paying attention to your budget (Snatpedia, 2018).
B. Medium access
Medium access control is also known as media access control (MAC) is the second layer of the data link layer of the seven-layer OSI model. MAC technology provides unique credentials and access control for computers on an internet protocol called a MAC address. The length of a MAC address is forty-eight bits in length and is written as an arrangement of 12 hexadecimal digits. Wireless networking, MAC technology is the radio control protocol on the wireless network adapter (Mitchell, 2016). The MAC sublayer delivers addressing
5
and channel access control devices that facilitate communication for several terminals or network nodes within a multiple access network that incorporates a shared medium (Vathare, 2016). The MAC block compresses higher level frames into frames suitable for the transmission medium by adding a sync word preamble and padding if necessary. The MAC also delivers a frame check sequence to identify transmission errors, following the frame check data is then sent onwards to the physical layer as soon as the appropriate channel
access method permits it (Mitchell, 2016).
C. Network design
Connecting your on-site network securely to a virtual network requires that you consider the requirements that you will need for your system. Consider the three ways of connecting to a VPN 1. Site-to-Site, 2. Point-to-Site and 3. ExpressRoute. The way you will link up will depend on a few reflections like:
• What type of output does your solution require?
• Will you communicate via the public internet via secure VPN, or will you use a private connection?
• Is there a public IP address that is available for you to use?
• Will you be using a VPN device and is it compatible?
• How large is your connection going to be, or would you be better off using a persistent connection?
• What type of VPN gateway will be necessary for the solution you create?
• What type of Gateway SKU should you use (McGuire, 2017)?
A local network gateway is called a Local Network Site. In configuring a local network gateway, it is given a name, the public IP address of the on-premise VPN is specified along
MIS589 week 3 Team5 Project
with the address prefixes in the on-premises location. The destination address prefixes for network traffic are looked at, and the system looks up the configuration that is specified for the local network gateway to route the packets then accordingly. Choosing the right gateway for your topology is a serious decision. If you have selected the wrong gateway, then it will not operate correctly. The type of gateway chosen will stipulate how the gateway itself connects and is a mandatory configuration setting for the Resource Manager, deployment model (McGuire, 2017).
Each configuration will require a fixed VPN type. When combining two configurations, you must use a VPNB type that satisfies both connection requirements. policy-based VPNs encrypt and direct packets through IPsec tunnels based on the IPsec policies configured with the combinations of address prefixes between your on-premises network and an Azure Vnet. The policy (traffic selector) is commonly defined as an access list in the VPN device configuration. The value for a Policy Based VPN type is Policy Based. Using a Policy Based VPN has limits (McGuire, 2017).
1. Policy Based VPNs are exclusive to Basic gateway SKU. This type of VPN is incompatible with other gateway SKUs.
2. Only one tunnel can be used when using a Policy Based VPN.
3. Policy Based VPNs can are only used for S2S connections, and just in specific configurations. Many VPN Gateway configurations require a Route Based VPN.
Route Based VPNs use routes in the IP forwarding table to direct packets to their equivalent tunnel interfaces. The tunnel interfaces encrypt or decrypt the packets as they pass in and out of the tunnels. The policy (traffic selector) for Route Based VPNs are
7
configured as any-to-any (wildcard) the value for a Route Based VPN type is Route Based.
D. Network layer
Using OSI model layers, VPNs are divided into three main types Data Link Layer VPNs Network layer VPNs and Application layer VPNs. In the data link layer VPNs, there are two private networks connected on the Layer two of the OSI model; this layer uses protocols like Frame Relay, or, ATM. This type is usually expensive due to the requirement of dedicated layer two pathways that need to be created. Frame Relays and ATM protocols also characteristically do not provide encryption mechanisms. Data link network layers only allow traffic to be separated based on which Layer two connection it belongs to. If security is important to the user, then it will be critical to put in place some encryption device before using it (Chauhan, 2016).
Network Layer VPNs are created by using Layer 3 tunneling or, encryption, such as in IPsec tunneling and encryption protocol to create VPNs. Network Layers provide an area to perform encryption. The network layer is sufficiently low enough in the stack to deliver seamless connectivity to any application running on top of it but, is high enough to allow enough suitable granularity of the traffic that is required to be part of the VPN based on the wide-ranging IP addressing architecture in place. Some companies use network layer encryption as the primary mechanism for creating VPNs (Chauhan, 2016).
Application Layer VPNs work explicitly with specific applications. For example, SSL-based VPNs, SSL provides encryption between Web browsers and servers that run SSL. SSH is used as a mechanism for encrypted and secure login sessions for various network devices; SSH can additionally encrypt and create VPNs for other application layer
MIS589 week 3 Team5 Project
protocols like FTP and HTTP. While network layer and link layer VPNs provide seamless VPN connectivity for all applications after the basic VPN has been set up, application layer VPNs do not, a user must sometimes initiate an action to permit the end devices for creating the VPN for each of the various applications. As new services and corresponding applications are added support for the additional applications and services must be
developed as well (Chauhan, 2016).
Conclusion
Clients and employees can enjoy encrypted, secure and worldwide access through VPN dedicated connections; from wherever in the world where an internet link can be made.
However, many considerations have to be taken into account when starting a VPN from scratch or buying equipment to add VPN capabilities to existing infrastructure. There are no distance limits to VPNs as they provide the security essential for telecommuting and a remote VPN user can connect by way of an internet service provider. VPNs are built on the backbone of the publicly accessible infrastructure, of an internet service provider. The use of existing infrastructure eliminates long distance charges, but there are other deliberations to consider. Bandwidth must be considered when designing a VPN as well as compatibility of existing equipment with newly purchased equipment. The kind of gateway that will be used to establish a connection is also a consideration that must be solved as well as whether you will use a public or private internet connection (McGuire, 2017). A VPN can offer safe and secure communication and sharing of information, but the initial construction of the network will decide how much safety and security is provided to users of the network after its construction is finished.
9
Bibliography
McGuire, C. (2017, 07 27). Microsoft Azure. Retrieved from Planning and design for VPN Gateway: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-plan-design
Mitchell, B. (2016, October 19). Media Access Control (MAC). Retrieved from Lifewire: https://www.lifewire.com/media-access-control-mac-817973
Snatpedia. (2018, 05 19). Types of Computer Networks. Retrieved from Snatpedia: https://snatpedia.com/Types-of-network.html
Vathare, P. (2016, April 27). What are media access protocols. Retrieved from Quora: https://www.quora.com/What-are-media-access-protocols
[Show More]
.png)
.png)
