A proper network is one of the integral parts of organizations in the present world. Today, there are various ways in which networking can be achieved in companies. The traditional methods of networking that rely on devices such as routers and network switches cannot accommodate the ever-expanding needs of a network especially due to the increase in devices that need to be incorporated in a typical network. Again, networking nowadays needs to cater to the vendor-specific devices. Developments in networking have led to the inception of software-defined networking and internet-based networking. The current developments have enabled automation in networking. As a result, network monitoring and updating can be achieved with less manual input. This paper is a proposal for developing and maintaining a network for Crete Inc.
Policies and Guidelines
Policies and guidelines are essential for building a robust network system. For Crete Inc., not all users will be allowed to have access to all information. In the system configurations, employees will be contained within their organizational units by the use of group policies defined by the system administrator. This is to govern the activities users can do in a system. Again, for the system access, a Single-Sign-On methodology will be used whereby users will use passwords that are of more than 8 characters involving various types of characters. There will be a set time, typically one year, after which users will be required to set new passwords for them to have system access. In case an employee ceases to work for Crete Inc., the system administrator will have their login credentials removed from the system. For data security, employees will be required to undergo training to make them aware of best practices to prevent data breaches which may emanate from their end. In addition, users will not be allowed to make any attempts that can compromise network security.
Delegate your assignment to our experts and they will do the rest.
Crete’s system shall include monitoring mechanisms for detection, correction, and recording common security problems. Monitoring shall also be carried out automatically by server configurations. In addition, updates shall be carried out automatically in the system although individual users can also be tasked with maintaining their PCs up to date.
Implement a monitoring plan for critical servers and services. What servers and services should be monitored and why?
Monitoring a network/system is one of the key roles of administrators. Systems have to be monitored for the optimal operation to ensure that unplanned downtime does not occur. A meaningful monitoring strategy will cater to all the components in the network using the appropriate tools. There need server and network monitoring for complete monitoring operations in an organization. A comprehensive server monitoring plan would include the following tasks.
Server availability
Application and event logs
Disk, CPU, and memory
File systems and directory
Jobs, processes, NLMs, and services
Message screens and queues
Print jobs
Network interfaces
Performance counters and statistics
After installing the server and network and configuring them appropriately, the next step is usually to tune or optimize to ensure that the system performs optimally. Optimization should be done by first monitoring the current performance of the system and then trying to improve on it (Jaimeo, 2020).
All that impacts a system should be monitored. At Crete Inc., monitoring should be applied for the network components as listed below.
Microsoft Exchange email system, which runs on 4 physical servers.
20 SQL Servers
12 Oracle Database Servers
4 File and Print Servers
12 Web Servers
40 Application Servers (HR, finance, budget, inventory control, licensing, reporting, etc.)
Users
Printers
Disks
Applications
Desktop OS
Routers, switches, bridges, and hubs
Server OS
Utilities
While every component is monitored depending on its tasks, servers should be monitored to check on their memory availability, disk performance, network traffic, and processor performance. Monitoring can be done manually or automatically. While manual monitoring would involve the use of manual configurations, automatic monitoring would involve the application of software-defined networking (SDN) or intent-based networking (IBN) techniques. The monitoring operating systems can either be within the servers or outsourced from third parties. Monitoring is done for the purposes of ensuring optimal performance, network security, and smooth flow of transactions within the network (Conklin et al., 2016).
Plan for Updates
The Windows Server Update Services (WSUS) utility is inbuilt in windows servers and it is used for performing updates for products from windows (Jaimeo, 2020). A WSUS server can be used to deploy updates within an organization. This kind of server is called an upstream server and it should be able to connect with Microsoft so as to get updates. Depending on network configuration and security, the number of servers connecting directly to Microsoft can be determined. The first step in WSUS deployment is the evaluation of system architecture and requirements. This involves choosing the topology of the network and understanding the requirements. At Crete Inc., the scenario involves many servers for various purposes. It would be more prudent to connect one server to the internet which can download the updates. The updates can then be distributed to the other servers and machines using downstream servers. The next step would be to install the WSUS server role. The following procedure can be used.
Using an administrator account log on to the server to be used.
Click Add Roles and Features on the Server manager.
Click Next on the Before you begin window.
Confirm Role-based or feature-based installation. Click Next.
From a server pool, choose the location of the server on the server destination page and click next.
Select WSUS on the select server roles page. After WSUS opens, add the required features. Click next to add feature.
Retain the default features in the select features page and click next.
Click Next on the WSUS page.
Retain the default selections on the Select Role Services page. Click Next.
Type a valid location for the updates on the Content location selection page and click Next to open the Web Server Role (IIS) page.
Click Next, review and retain the default roles. Then click Next again.
Review the installation selections and then install them.
After installing WSUS, click Launch Post-Installation tasks. Close the page after a successful configuration.
Restart the server when prompted to do so (Jaimeo, 2020).
Server Update
After installing the WSUS, the next step is to configure it appropriately. First, the network connections need configuration. This is done using the Network Configuration Wizard. The configuration, in this case, will include specifying where the server will get the updates from. In this particular case of Crete Inc., the updates will be retrieved from Microsoft. Therefore, one server will be allowed to connect to the internet and then the updates channeled to the other servers. The WSUS has to be configured to work together with the intrusion detection and prevention systems (IDS and IPS). The WSUS server uses port 443 for HTTPS protocol while obtaining updates from Microsoft. To update the rest of the servers, the administrator has to configure ports 8531 (for HTTPS) and 8350 (for HTTP) to allow for upstream and downstream synchronization of servers (Jaimeo, 2020).
Desktop Update
The configurations used in configuring WSUS servers should also be applied to client PCs. Also, the configurations applied to firewalls and IDS and IPS should be applied to the PCs to allow for inbound traffic especially on the ports. Computers in a computer group usually contact the WSUS server for updates within 24 hours. A reporting configuration can be used to track whether updates have been made on the computers or not.
Software Update
The WSUS is also essential for software updates synchronization. For Windows Server 2012, software update is supported by WSUS 6.2 and 6.3 versions. During WSUS installation, the setting, “Store updates locally” should be enabled. It causes the WSUS license terms associated with software updates to be downloaded and stored in the local drive during synchronization (Jaimeo, 2020). The number of software updates should be limited to 1000 in a deployment whether when using automatic deployment rules (ADR) or when performing it manually.
Clustering and Network Load Balancing
Clustering Plan
Clustering is the integration of two or more computers or servers in such a manner that they act as one entity (Conklin et al., 2016). Clustering is essential for parallel processing operations. It makes it easy to add new CPUs into a system by adding new computers to the network. Failover clustering involves physical or virtual servers that are integrated to provide service continuously. If one server (node) fails or is put under maintenance, the others still continue to provide service to clients without downtime. Windows uses Microsoft Failover Cluster Manager Software for clustering. Crete Inc. has several servers that can be clustered together. Clustering can be done on the 4 Microsoft Exchange physical servers, 20 SQL Servers, 12 Oracle Database Servers, 4 File and Print Servers, 12 Web Servers, and the 40 Application Servers. This will help in availing services when required and overcoming downtime issues. The architecture will involve developing different clusters for different departments. Users are not allowed to access every information in every department. Such scenarios will be governed by the application of policies.
Creating a failover cluster can be done by following the procedure below. The failover cluster is created from the nodes (Computers) in the network. It can be applied for the 40 application servers.
Launch the failover cluster manager from windows administrative tools.
Click Create Cluster and then click Next.
Select the server names that you want to create a cluster with.
Click Add
Click Next and validate by clicking Yes. Click Next
Click Next to open the testing window. Run all tests. Click Next.
Check the test results and fix any errors.
Enter a cluster name for the cluster in the cluster name window.
Provide an IP address for the cluster and click Next.
Check the Add all eligible storage to the cluster. Click Next.
After reading the summary, click Finish.
Load Balancing Web Servers
Load balancers help to manage information flow between endpoint devices and servers. They decide which servers can be used to handle certain traffic. Load balancers are critical in preventing overloads and also keeping a check on the health of servers (Conklin et al., 2016). A typical load balancer for the Crete Inc. would involve SDN configurations to promote automation and also having double firewalls with a core switch. For security purposes, when one firewall malfunctions, the other may serve the purpose between the web servers and users. Configurations should be different for the servers, load balancers and devices in the network. A floating IP address will be required in the configurations so that the load balancer uses it to assign the active devices to allows for traffic flow and prevent overloads.
Virtualization
The virtualization process would involve first assessing the organization’s workload capacity and utilization. This involves checking on the utilization trends and statistics of the various services and, devices, and server requirements such as the CPU, Memory, and applications. Then, the next step would involve planning to understand the most used resources in the system. Such analyses would be used to determine the workloads that can be shared on physical platforms without many constraints. The virtualization process would be involved by the implementation of the design in the figure below.
The inventory process would involve taking into account all software and hardware resources in the system. This involves all idle or utilized servers including running services, installed applications, memory size and speed, network type, and processor types besides other factors. Inventory also involves categorizing server resources, categorizing application resources, and allocation of resources. The VMware Capacity Planner tool can be applied to undertake various analyses such as server processor utilization and disk utilization. The other planning consideration is hardware maximization. Hardware maximization can be achieved by the application of server consolidation. Virtualization in the organization can be done by the use of SDN, IBN, and virtualized desktop techniques.
Desktop virtualization and VDI can be used within the organization for employees to easily log onto their devices in the system from a virtualized environment. Network Function Virtualization and monitoring are essential requirements for intent-based networking (IBN) (Beshley et al., 2019). Since the tools are available in most corporate networks, it is easy to adopt the IBN method. Virtualization helps in setting up virtual instances which highly helpful especially when there are many devices in a network. The devices could be using different protocols and possibly vendor-locked. Traditional networking would require administrators to set up configurations for each different device so that it could be used in the network. The Network Virtualized Functions can thus be used to create virtualized devices from the physical hardware to cater to such diversifications. One physical single device can be used to make provisions for numerous virtual devices in the virtual hardware. For instance, if an intent requires a device in a specific location, one device can be virtually created instead of physical deployment. In addition, integrated protocols can be applied in the virtual hardware to mitigate challenges arising from vendor-specific devices (Beshley et al., 2019).
Single-Sign-On (SSO) Plan
In an organization, an individual may be required into the system for several instances. SSO is used to reduce to eliminate this problem whereby users are allowed to use a single identification for them to log on to the system regardless of their organizational units ( Charalambous, et al., 2018) . SSO can be implemented by the incorporation of third-party software developers together with the Active Directory Federation Services (ADFS). For Crete Inc., the plan below can be implemented using the Security Assertion Markup Language 2.0 (SAML). A relying party trust such LiquidPlanner can be incorporated. The ADFS should have been first installed into the server through the server manager. Again, there should be a properly set Active Directory whereby all users have email address attributes. There should be a working SSL certificate for the ADFS ( Charalambous, et al., 2018) . The relying party trust should have been downloaded into the server before starting the procedure.
Log in to the AD FS Server.
Open the ADFS management console.
Select Relying party trusts.
Right-click and select Add Relying Party Trust
Select the relying party trust, e.g LiquidPlanner. Click Next.
Enter a display name of choice. Click Next
Leave the defaults and click Next
Enable Permit all users to access this relying party
Click Next after checking the overview displayed by the wizard.
Click Close to exit and open the Claim Rules editor.
After setting up the ADFS and the relying party, the next step would be to create plan rules
Click on Add Rule on the Claim Rules editor
Click Send LDAP Attributes as Claims rule and click Next
Use the Active Directory as the attributes store and select E-mail Addresses for the LDAP Attribute and the Outgoing Claim Type columns.
Click Finish to complete
Add another rule by clicking Add Rule. Select Transform an Incoming Claim.
For the Incoming Claim type, select the E-mail address.
Select Name ID for the Outgoing Claim Type
Select Email for the Outgoing Name ID Format
Click Okay to Complete.
The next step would be to configure the relying party to integrate with the SAML for effective SSO. With the above steps, the network will send the first-time login information to the users when they try to log in. After that, they will be prompted to set new sign-in credentials which they will continue using for the network.
Conclusion
When adopted, this proposal would provide Crete Inc. with a robust automated network system that can make the organization to be more productive. Its implementation will afford the company with easy processes monitoring, management, and security. Therefore, it is worth investing into.
References
Beshley, M., Pryslupskyi, A., Panchenko, O., & Beshley, H. (2019). SDN/Cloud solutions for intent-based networking. 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT) . https://doi.org/10.1109/aiact.2019.8847731
Charalambous, P., Karapetris, M., & Athanasopoulos, E. (2018). KAuth: A strong single sign-on service based on PKI. Proceedings of the 15th International Joint Conference on e-Business and Telecommunications . https://doi.org/10.5220/0006851906440649
Conklin, W. A., White, G., Cothren, C., Davis, R., & Williams, D. (2016). Principles of computer security (4th ed.). McGraw Hill Professional.
Jaimeo. (2020, March 26). Deploy Windows 10 updates using Windows Server update services (Windows 10) - Windows deployment . Technical documentation, API, and code examples | Microsoft Docs. https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus
