Planning/Designing a small business network.
Request For Proposal Details
Company Name: there4 travel
A new travel agency that will be based in Christchurch airport & have a branch in Nelson + it must account for possible new locations in the future.
Proposal: IT services will be based at the Christchurch Head Office, and operate a server based, centrally managed solution to the Head Office & the Nelson branch.
Company Staff
- Christchurch HQ: 1 x CEO/Manager Christchurch
7 total 1 x Assistant Manager Christchurch
5 x Travel Agents Christchurch - Nelson Branch: 1 x Manager Nelson
4 total 1 x Assistant Manager Nelson
2 x Travel Agents Nelson - Additional Staff: 2x Mobile Travel Agents
System Requirements Planning
- Internet access (HTTP, HTTPS, DNS, DHCP, virtual switch? virtual router? Do we have access to a publicly routable IP through NAT/PAT ?
- Email (SMTP, IMAP4, POP3)
- DRP (Backup plans, separate cloud storage)
- IPv6 implementation plan (Dual Stack, NAT)
- Cloud Services for corporate purposes.
Network/Assessment Requirements
- Server functionality with active directory (or equivalent) We have chosen FreeIPA
- Mail server
- Web server
- File Server (potentially Samba)
- Print Server
- Antivirus server software
- Resilient Active Directory
- Desktop implementation (uses for example primary AD to authenticate)
- Resilient DNS (Currently using OpenDNS with port forwarding from LAN requests to the router).
- DHCP failover
- Active Directory Sites and Services
- Network monitoring software
- Two or more router configurations connecting HQ to/from Nelson Branch
- Implement a firewall solution on all exposed routers to protect from intrusion
- Demonstrate a successful desktop implementation that
a) Uses AD (or equivalent) for authentication
b) Has access to email
c) Browser access to HQ website and Internet
d) Home drive mapped
e) Client antivirus (Endpoint security) - Backup recover plan
Optional
17. Relevant cloud-based services integrated into the test system network.
18. IPv6 and IPv4 dual stack implementation.
Our Network Setup
Server Functionality: We have implemented a FreeIPA server which is a Linux equivalent of Active Directory. Other linux client machines can then be set up to log into accounts set up by the freeIPA server through LDAP.
Firewall/Router config: pfSense. We have created 2 different VM’s, each running their own pfSense to connect the WAN interface to the LAN interface. These will be used for the Christchurch office, and the Nelson branch.
In each of the LAN environments, we have a FreeIPA server running on Fedora, we can then connect devices to this server to use LDAP to log into accounts that we can set permissions for, this provides authentication, authorization and accounting.
User requirements:
Security Groups:
- Management: Highest security level, access to all files, router, dhcp, and dns config, admin controls etc.
- Assistant Management: Access to relevant files and controls, decided by management, may have access to some config settings.
- Travel Agents: Access to relevant general files needed for day to day work, customer data entry, shared files between branches but separated by folders or some structure.
- Mobile Travel Agents: Mobile devices, access to relevant general files, shared files.
Customer Requirements:
- Make Bookings
- Do we need a website ? maybe just to display a contact page with email ?
Does the business have or need a website for things like bookings ? or is that all done on site ?
System Requirements: (Fulfills the needs of the users)
- Shared drives (File sharing) / Database
- Individual drives (File storage)
- Secure email
- Phone/VoIP services
- Printing services
- Web access
- Secure access between HQ and Nelson (VPN, RDP, VNC, SSH)
- Secure devices (endpoint security)
- Secure Network (DNS, network monitoring, firewall)
- Active Directory or equivalent / server/client functionality.
Moving forward we are looking at implementing a more managable DNS option.
