Building Corporate Data Networks A Case Study

Delivered at
Institution of Engineers, Sri Lanka - Saparagamuwa Provincial Center
31st March 2005

Objectives
At the end of this case study you will be able to
Transfer a business communication requirements into a
data network requirement
Describe the primary components that constitutes a data
network
Identify the basic elements of LAN, WAN and Security sub
systems
Prescribe a high level network structure for a generic
corporate data network

Acme Corporation
Acme Corporation is a multinational organization who has two of their
manufacturing plants in Sri Lanka. They produce automobile tires for
export and local market. The main factory and head office is located at
Kelaniya and another factory at BOI zone, Katunayake. They have a
warehouse at Peliyagoda and a raw material store at Thalawakale.
Acme Corp need to build a data network to deploy their new ERP
(Enterprise Resource Planning) application. The Katunayake factory and
Peliyagoda warehouse are to be connected online to the head office and the
raw material store is to be connected for batch processing via a dial up
facility.
In addition they need to have Internet connectivity, a local web site and
E-mail service for their staff. Staff from corporate head quarters (abroad)
and telecommuters in Sri Lanka need to gain access to Acme Corp network
for various activities. Data and network security are concerns of the
network administrator.

Acme Corporation (Contd)

Warehouse
(Peliyagoda)

Branch Factory
(BOI Zone - Katunayake)

Raw Material Stores

(Thalawakale)

Internet

Head Office / Main Factory

(Kelaniya)

Telecommuters
Mobile Users

Network Elements
User and server local connectivity at head office, branch, warehouse and store
Network switches and devices
Cabling infrastructure (copper/fiber)

Wide area interconnectivity

Routers
Links from a network service provider

Internet connectivity
Router
Internet connection from as Internet Service Provider (ISP)

Security
Firewall
Virtual Private Network (VPN) device

Telecommuting
Remote access server
Modems
Telephone lines

Wireless connectivity at head office

Wireless access point

Network address planning

Branch LAN
Branch Factory

Warehouse

10/100 Base-TX

10/100 Base-TX

Stores

10/100 Base-TX

Branch, Warehouse & Stores LAN Devices

10/100 Base-TX Autosense Ethernet Switch - 03 nos.
Copper (UTP) Cable plant at all 03 locations

Head Office LAN

Network Printer

Wireless
Access Point

Floor 3

ERP Server and other

shared Resources

Mobile Users

10/100 Base-TX
Floor 2

Optical Fibre
Uplinks
100 Base-FX

10/100 Base-TX
Floor 1

10/100 Base-TX

Head Office LAN (contd)

Head Office LAN Components
10/100 Base-TX Autosense Ethernet Switch 03 nos.
Optical fiber transceivers 4 nos.
Wireless Access Point 1 no.
Copper (UTP) / Fiber Cable plant

Wide Area Network

Branch Factory
Router
Head Office
DSU/CSU
Ethernet
Leased Line

Modem

DSU/CSU
Router

DSU/CSU
Warehouse
Router
Modem
Modem

PSTN

DSU/CSU
Ethernet

Modem

Ethernet
Stores
Router
Modem
Ethernet

10

Wide Area Network (contd)

WAN Components
Routers 4 nos.
DSU/CSUs 4 nos.
(Digital Service Units/Channel Service Units)

Modems (synchronous) 5 nos.

Leased Lines 2 nos.
Head Office Branch Factory
Head Office Warehouse

PSTN Links (Telephone lines) 5 nos.

Head Office 2 nos.

Branch Factory 1 no.
Warehouse 1 no.
Stores - 1 no.

11

WAN Connectivity Options

Leased Links / Clear Channel Circuits

Dead copper loops

Active copper loops
Microwave point-to-point links
Microwave point-to-multi point access system
PDH/SDH* transmission networks
Satellite links
Dark fiber loop
Free space optics (laser)

Public Switched Data Networks

Frame Relay
ATM

Public IP Backbone
Multi Protocol Label Switching (MPLS) IP backbone
VPN over Internet
Packet over SONET/SDH

* PDH Pleisiochronous Digital Hierarchy

SDH Synchronous Digital Hierarchy

12

WAN Data rates

Link speeds
DS0 - 64 kbps
128 / 256 / 512 / 1024 kbps
E1 2 Mbps
E3 34 Mbps
OC-3c / STM-1 155 Mbps
OC-12 / STM-4 622 Mbps
OC-48 / STM-16 2.488 Gbps
Gigabit Ethernet 1,000 Mbps
10 Gigabit Ethernet - 10 Gbps
Fiber Channel 2 Gbps

Uses OSI Layer 2 Framing

Protocols

13

Dial-up Services
Dial Backup
to recover from failed links

Dial on Demand
to provide on demand access and disconnect while idling

Bandwidth on Demand
to provide increased bandwidth during congestion

Options
PSTN Public Switched Telephone Network
ISDN Integrated Service Digital Network

14

Internet Connectivity
Unprotected Network

De-militarized Zone

Secure Network

Web Server and

Mail Server
Internet

VPN Gateway

ISP

ERP Server and other

shared Resources

DSU/CSU

Router

Firewall

10/100 Base-TX
Downlinks to
2nd and 1st Floors

To Router

15

Firewall Security Policy

Web Server and
Mail Server

Internet
VPN Gateway
ISP
Incoming Web, Mail
VPN connections

Web, Mail server

connections
ERP Server and other
shared Resources

Outgoing
Mail

DSU/CSU

Router

Firewall

Corporate users Internet Access

No access

Downlinks to
2 and 1st Floors
nd

To Router

16

Secure Access to ERP Server

IPSec Tunnel for secure communication

Client at Headquarters

Internet

Web Server and

Mail Server

Encrypted
Authenticated
Authorized
Accounted
. access only.

VPN Gateway

ISP

ERP Server and other

shared Resources

DSU/CSU

Router

Firewall

Downlinks to
2nd and 1st Floors

To Router

17

Internet and Security

Internet connetivity
Router 1 no.
DSU/CSU 1 no.
ISP connection 1 no.

Security
Firewall 1 no.
VPN Gateway device 1 no.

18

Remote Access Service

Remote Access Server
Home User

PSTN

Modem Pool
Ethernet (DMZ)

RAS Components
Remote Access Server 1 no.
Modems (Asynchronous) 4 nos.
PSTN (telephone) lines 4 nos.

Notebook
Computer

19

Complete Head Office Network

DSU/CSU

Router

Leased Line

DSU/CSU

Modem
Modem

Internet

ISP

PSTN

ERP Server and other

shared Resources

Web Server and

Mail Server

Modem Pool

VPN Gateway
Wireless
Access Point

Remote
Access
Server

DSU/CSU

Mobile Users

Router

Firewall

20

Bill of Material
Head Office

Branch

Warehouse

Store

Total

Ethernet Switch

Optical Transceivers

Router

DSU/CSU

Modem (Sync.)

Remote Access Server

Modem (Async.)

Firewall

VPN Gateway

Wireless AP

Cable Plant

5
5

21

Summary
Business requirement
Network requirement
Local area network
Wide area network
Internet connectivity
Firewall and VPN

22

Thank you