Virtual Private Network real time scenario implementation for Sun Infosys Ltd' EE249 Network Project - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Virtual Private Network real time scenario implementation for Sun Infosys Ltd' EE249 Network Project

Description:

has a business of not only computer hardware but software and CCTV systems as well. ... In addition, it is susceptible to IP spoofing. ... – PowerPoint PPT presentation

Number of Views:231
Avg rating:3.0/5.0
Slides: 31
Provided by: homepage4
Category:

less

Transcript and Presenter's Notes

Title: Virtual Private Network real time scenario implementation for Sun Infosys Ltd' EE249 Network Project


1
Virtual Private Network real time scenario
implementation for Sun Infosys Ltd. EE249
Network Project Preparation Rashid Yunus
Khan ID 03020935 Email rak147_at_londonmet.ac.u
k Supervisor Prof Algirdas Pakstas Supervisor
Email a.pakstas_at_londonmet.ac.uk Computing,
Communications Technology and Mathematics London
Metropolitan University166-220 Holloway
RoadLondonN7 8DB
2
  • Content
  • 1)   Abstract
  • 2)   Introduction Motivation Background
  • 3)   Project Aims Objectives
  • 4)   Work done by others
  • 5)   Possible Methods of Achieving the Objectives
  • 6)   Literature Search
  • 7)   Project Plan Charts
  • 8)   Conclusions
  • 9)   List of References

3
  • Abstract
  • This project will provide an introduction,
    research, theory, analysis, solutions real time
    implementation and study of Virtual Private
    Networking for Sun Infosys Ltd. It also will
    provide a structure of content of this document.
    It will consist of various concepts, theories and
    main terminology to understand and implement a
    Virtual Private Network. 
  • Chapter 2 (Introduction) Chapter 3 (Project Aims
    Objectives) will show the aims and objectives
    of the project.
  • Chapter 4 (Work done by others)
  • Chapter 5 (Possible Methods of Achieving the
    Objectives)
  • In Chapter 6 7 (Literature Search, Project Plan
    Charts)
  • In Chapter 8 (Conclusions)
  • In Chapter 9 ( List of References)

4
  • 2. Introduction
  •  
  • This documentation is a project proposal by
    myself, a final year undergraduate student in BSc
    Hons. in Computer Networking. The chosen topic
    for this project is real time Virtual Private
    Networking implementation for Sun InfoSys Ltd.
  •  
  • The motivation behind this project for me is not
    only to enhance my knowledge of a complex but
    very rewarding and currently hot technology of
    Virtual Private Networking for an existing
    company called Sun InfoSys Ltd. but to actually
    implement this project in that company. This can
    bear fruit for me in the form of possible future
    job prospect in this company.
  •  
  • Also In this project, I will also be developing
    an online website covering this report that will
    be available with this documentation and will
    publish the web address within the conclusion of
    this report.
  •  
  • Previously I actually have worked for several
    years as a Network Engineer in Pakistan for
    several companies and actually have designed,
    implemented and trouble-shooted complex networks.
  •  
  • I have also worked as a web developer and
    developed several websites for clients in
    Pakistan. Clearly I have great interest in the
    field of Networking and this is the sole reason
    for me taking up this degree to further my
    knowledge and career within this field.

5
  • 3. Project Aims Objectives
  • Sun Infosys Ltd. has a business of not only
    computer hardware but software and CCTV systems
    as well. Because of the varied systems there was
    a need for convergence and also availability so
    that the resources can be tapped and checked from
    virtually everywhere as the sales team and
    director is mostly mobile. This need coupled with
    the popularity of VPN systems gave me a chance to
    offer myself for this project and offer a
    solution to their problems. Sun Infosys Ltd.
    gladly accepted my offer.
  • The aims and objectives of this project is that
    to make proposals that will allow me to
    investigate the best method and solution of
    implementing a Virtual Private Network for Sun
    InfoSys Ltd. between its Head Office, Branch
    office and to provide connectivity to its
    Managing Director, Sales team various Installers
    and Site Engineers requiring access to various
    resources.
  •  
  • The sales team need to commute to various
    organizations to give presentations and also to
    convince potential clients, they frequently
    require on the move connections to resources such
    as sales figures, Sage, presentations, Technical
    Data and live demos and IP Based demonstrations
    if their digital CCTV systems.
  •  
  • The Support team and various installers and
    engineers require on the move access to technical
    resources, software, patches, and contact
    information from the company Sage and when
    visiting client locations varied anywhere in
    London currently.
  •  
  • After analyzing this companys needs and
    objectives I have genuinely come to think that
    Virtual Private Networking possibly might offer
    the solution this company so desperately needs.

6
  • key topics for research for Virtual Private
    Networking
  • 1.1                     What is VPN?
  • 1.2                     What Makes a VPN?
  • 1.3                     Types of VPN
  • 1.4                     Remote-Access VPN
  • 1.5                     Site-to-Site VPN
  • 1.6                     Extranet VPN
  • 1.7                     VPN Security
  • 1.8                     Firewalls
  • 1.9                     Encryption
  • 1.10                 IPSec
  • 1.11                 AAA Servers
  • 1.12                 VPN Technologies
  • 1.13                 VPN Concentrator
  • 1.14                 VPN-Optimized Router
  • 1.15                 Cisco Secure PIX Firewall
  • 1.16                 Tunnelling
  • 1.17                 Carrier protocol
  • 1.18                 Encapsulating protocol

7
  • Work Done By others
  • PPTP Point to Point Tunnelling Protocol
  • L2F Layer 2 Forwarding
  • L2TP Layer 2 Tunnelling Protocol
  • IPSec IP Security Protocol

8
  • Possible methods of achieving the Objectives
  •  
  • When I analyzed the problem I saw two problems
    instead of one! First convergence and second
    being remote availability. However these are two
    separate problems but they can actually be
    addressed by just one solution. Virtual Private
    Networking!
  • Virtual Private Networking offers scalability,
    remote availability and eventually offers
    convergence as well. How does VPN offer
    convergence? You might ask? Well lets take Sun
    Infosys Ltds Scenario. They have CCTV systems
    which are currently offline systems, PC hardware
    assembling and sales. By leveraging VPN the
    offline CCTV systems can be linked to the
    internet and intranet eventually and effectively
    making the CCTV systems ONLINE system, the PC
    assembling department has to go through various
    procedures such as hardware procurement, supplier
    chain management, stock, sales, dispatch,
    returns, technical support and marketing. All
    these aspects can be brought together via a
    single either online system or networked system
    in both cases VPN again is the answer bridging
    the gap.
  • 1. Hardware Based Solutions
  • For hardware based solutions, various tools and
    devices are available by a number of vendors,
    these include Cisco as the foremost mentioned,
    Sonicwall, Shiva etc. The list is endless. These
    are VPN enabled / pass through routers, VPN
    Concentrators, VPN Optimized Routers, VPN
    Firewalls etc.
  • 2. Software Based Solutions
  • For software based solutions there are numerous
    products in the market each catering to all the
    needs of any kind of scenario. The good side
    about software based solutions is that they are
    very much customizable and upgradeable,
    scaleable. The bad point is that they are prone
    to fallouts, attacks, viruses, and performance
    issues.
  • Software based solutions are best offered by the
    software giant Microsoft, Then Symantec, Check
    point software, Cisco and many others.
  • 3. Protocol Selection
  • When talking about protocol selection for a VPN
    implementation I have to take into account Sun
    InfoSys Ltds existing infrastructure, scale of
    the company, the costs and budget.
  •  
  • Keeping in view of the above factors Sun InfoSys
    is a small to medium sized organizarion and in my
    view the best protocol to go for would be IPSec,
    with IPSec to IPSec implementation, given its
    various qualities which is discussed and
    researched further in the proposal.
  •  
  • When talking about software based solutions a
    point to note is that they are all platform
    dependent. Hence they can incur overhead costs
    and expensive expertise to pay for installation
    and or management.

9
  • What is VPN?
  • A VPN is a generic term that describes any
    combination of technologies that can be used to
    secure a connection through an otherwise
    unsecured or untrusted network.
  •  
  • Cisco Definition
  • http//www.cisco.com/warp/public/779/largeent/desi
    gn/vpn.html
  •  
  • VPN is one of the most used words in networking
    today and has many different meanings.
  •  
  • The broadest definition of a VPN is 'any network
    built upon a public network and partitioned for
    use by individual customers'. This results in
    public frame relay, X.25, and ATM networks being
    considered as VPNs. These types of VPNs are
    generically referred to a Layer 2 VPNs. The
    emerging form of VPNs are networks constructed
    across shared IP backbones, referred to as 'IP
    VPNs'.
  • My Definition
  • Basically a VPN is a private network that uses a
    public network (usually the Internet) to connect
    remote sites or users together. Instead of using
    a dedicated, real-world connection such as leased
    line, a VPN uses "virtual" connections routed
    through the Internet from the company's private
    network to the remote site or employee.

10
  • What Makes a VPN?
  • A well-designed VPN can greatly benefit a
    company. For example, it can
  •  
  • Extend geographic connectivity
  • Improve security
  • Reduce operational costs versus traditional WAN
  • Reduce transit time and transportation costs for
    remote users
  • Improve productivity
  • Simplify network topology
  • Provide global networking opportunities
  • Provide telecommuter support
  • Provide broadband networking compatibility
  • Provide faster ROI (return on investment) than
    traditional WAN

11
  • A well-designed VPN should have the following
    features
  •  
  • It should incorporate
  •          Security
  •          Reliability
  •          Scalability
  •          Network management
  •          Policy management
  •  
  • Types of VPN
  •  
  • 1) Remote-Access VPN
  • 2) Site-to-Site VPN
  • 3) Extranet VPNs

12
  • Remote-Access VPN
  • Cisco Definition
  • http//www.cisco.com/warp/public/779/largeent/desi
    gn/remote_vpn.html
  • Remote Access VPNs provide remote access to a
    corporate Intranet or extranet over a shared
    infrastructure with the same policies as a
    private network. Access VPNs enable users to
    access corporate resources whenever, wherever,
    and however they require. Access VPNs encompass
    analog, dial, ISDN, digital subscriber line
    (DSL), mobile IP, and cable technologies to
    securely connect mobile users, telecommuters, or
    branch offices.
  •  
  • Remote-Access VPN
  • My Definition
  • Remote-access, also called a virtual private
    dial-up network (VPDN), is a user-to-LAN
    connection used by a company that has employees
    who need to connect to the private network from
    various remote locations. Normally, a company
    that wishes to set up a large remote-access VPN
    will outsource to an enterprise service provider
    (ESP). The ESP sets up a network access server
    (NAS) and provides the remote users with desktop
    client software for their computers. The
    telecommuters can then dial a Low Call or Free
    number (0800, 0500 etc) to reach the NAS and use
    their VPN client software to access the corporate
    network.

13
   
14
  • Site-to-Site VPN
  • Cisco Definition
  • http//www.cisco.com/warp/public/779/largeent/desi
    gn/intranet_vpn.html
  • Site-to-Site VPNs are an alternative WAN
    infrastructure that used to connect branch
    offices, home offices, or business partners'
    sites to all or portions of a company's network.
    VPNs do not inherently change private WAN
    requirements, such as support for multiple
    protocols, high reliability, and extensive
    scalability, but instead meet these requirements
    more cost-effectively and with greater
    flexibility.
  •  
  • A company can connect multiple fixed sites over a
    public network such as the Internet through the
    use of dedicated equipment and large-scale
    encryption. Site-to-site VPNs can be one of two
    types
  •  
  • Intranet-based - If a company has one or more
    remote locations that they wish to join in a
    single private network, they can create an
    intranet VPN to connect LAN to LAN.
  •  
  • Extranet-based - When a company has a close
    relationship with another company (for example, a
    partner, supplier or customer), they can build an
    extranet VPN that connects LAN to LAN, and that
    allows all of the various companies to work in a
    shared environment.

15
  •  
  •  
  •  

16
  • Extranet VPN
  •  
  • Cisco Definition
  • http//www.cisco.com/warp/public/779/largeent/desi
    gn/extranet_vpn.html
  • Extranet VPNs link customers, suppliers,
    partners, or communities of interest to a
    corporate Intranet over a shared infrastructure
    using dedicated connections. Businesses enjoy the
    same policies as a private network, including
    security, QoS, manageability, and reliability.
  • See reference section for resource detail.

17
  • VPN Security
  • A well-designed VPN uses several methods for
    keeping your connection and data secure
  • 1)       Firewalls
  • 2)       Encryption
  • 3)       IPSec
  • 4)       AAA Server

18
  • 1) Firewalls
  • (firwâl) (n.) A system designed to prevent
    unauthorized access to or from a private network.
    Firewalls can be implemented in both hardware and
    software, or a combination of both. Firewalls are
    frequently used to prevent unauthorized Internet
    users from accessing private networks connected
    to the Internet, especially intranets. All
    messages entering or leaving the intranet pass
    through the firewall, which examines each message
    and blocks those that do not meet the specified
    security criteria.
  •  
  • Packet filter Looks at each packet entering or
    leaving the network and accepts or rejects it
    based on user-defined rules. Packet filtering is
    fairly effective and transparent to users, but it
    is difficult to configure. In addition, it is
    susceptible to IP spoofing.
  •  
  • Application gateway Applies security mechanisms
    to specific applications, such as FTP and Telnet
    servers. This is very effective, but can impose
    performance degradation.
  •  
  • Circuit-level gateway Applies security
    mechanisms when a TCP or UDP connection is
    established. Once the connection has been made,
    packets can flow between the hosts without
    further checking.
  •  
  • Proxy server Intercepts all messages entering
    and leaving the network. The proxy server
    effectively hides the true network addresses.

19
  • 2) Encryption
  • Definition
  • Resource Webopedia
  • http//www.webopedia.com/TERM/e/encryption.html
  •  
  • The translation of data into a secret code.
    Encryption is the most effective way to achieve
    data security. To read an encrypted file, you
    must have access to a secret key or password that
    enables you to decrypt it. Unencrypted data is
    called plain text encrypted data is referred to
    as cipher text.
  •  
  • My Definition
  • Encryption is the process of taking all the data
    that one computer is sending to another and
    encoding it into a form that only the other
    computer will be able to decode. Most computer
    encryption systems belong in one of two
    categories
  •  
  • Symmetric-key encryption
  • Public-key encryption

20
  • In symmetric-key encryption, each computer has a
    secret key (code) that it can use to encrypt a
    packet of information before it is sent over the
    network to another computer. One should know that
    which computers will be talking to each other so
    the key can be installed on each computer.
    Symmetric-key encryption is essentially the same
    as a secret code that each of the two computers
    must know in order to decode the information. The
    code provides the key to decoding the message.
    This can be further understood by a simple
    example you create a coded message to send to a
    friend in which each letter is substituted with
    the letter that is two down from it in the
    alphabet. So "A" becomes "C," and "B" becomes
    "D". You have already told a trusted friend that
    the code is "Shift by 2". Your friend gets the
    message and decodes it. Anyone else who sees the
    message will see only nonsense.
  •  
  • Public-key encryption uses a combination of a
    private key and a public key. The private key is
    known only to our computer, while the public key
    is given by our computer to any computer that
    wants to communicate securely with it. To decode
    an encrypted message, a computer must use the
    public key, provided by the originating computer,
    and its own private key. A very popular
    public-key encryption utility is called Pretty
    Good Privacy (PGP), which allows to encrypt
    almost anything.

21
  • 3) IPSec
  • Definition
  • Short for IP Security, a set of protocols
    developed by the IETF to support secure exchange
    of packets at the IP layer. IPsec has been
    deployed widely to implement Virtual Private
    Networks (VPNs).
  • My Definition
  • Internet Protocol Security Protocol (IPSec)
    provides enhanced security features such as
    better encryption algorithms and more
    comprehensive authentication.
  • IPSec has two encryption modes tunnel and
    transport. Tunnel encrypts the header and the
    payload of each packet while transport only
    encrypts the payload. Only systems that are IPSec
    compliant can take advantage of this protocol.
    Also, all devices must use a common key and the
    firewalls of each network must have very similar
    security policies set up. IPSec can encrypt data
    between various devices, such as  
  •          Router to router
  •          Firewall to router
  •          PC to router
  •          PC to server

22
  • 4) AAA Servers
  • Definition
  • Resource Webopedia
  • http//www.webopedia.com/TERM/A/AAA.html
  •  
  • Short for authentication, authorization and
    accounting, a system in IP-based networking to
    control what computer resources users have access
    to and to keep track of the activity of users
    over a network.
  •  
  • My Definition
  • AAA (authentication, authorization and
    accounting) servers are used for more secure
    access in a remote-access VPN environment. When a
    request to establish a session comes in from a
    dial-up client, the request is proxied to the AAA
    server. AAA then checks the following
  •  
  •          Who you are (authentication)
  •          What you are allowed to do
    (authorization)
  •          What you actually do (accounting)

23
  • VPN Technologies
  • Depending on the type of VPN (remote-access or
    site-to-site), certain components will need to be
    put in place to build the VPN. These might
    include
  •  
  •          Desktop software client for each remote
    user
  •          Dedicated hardware such as a VPN
    concentrator or secure PIX firewall
  •          Dedicated VPN server for dial-up
    services
  •          NAS (network access server) used by
    service provider for remote-user VPN access
  •          VPN network and policy-management
    center
  •  
  • Because there is no widely accepted standard for
    implementing a VPN, many companies have developed
    turn-key solutions on their own.

24
  • VPN Concentrator
  • Incorporating the most advanced encryption and
    authentication techniques available, Cisco VPN
    concentrators are built specifically for creating
    a remote-access VPN. They provide high
    availability, high performance and scalability
    and include components, called scalable
    encryption processing (SEP) modules, which enable
    users to easily increase capacity and throughput.
    The concentrators are offered in models suitable
    for everything from small businesses with up to
    100 remote-access users to large organizations
    with up to 10,000 simultaneous remote users.
  •  
  • VPN-Optimized Router
  • Cisco's VPN-optimized routers provide
    scalability, routing, security and QoS (quality
    of service). Based on the Cisco IOS (Internet
    Operating System) software, there is a router
    suitable for every situation, from
    small-office/home-office (SOHO) access through
    central-site VPN aggregation, to large-scale
    enterprise needs.
  •  
  • Cisco Secure PIX Firewall
  • Cisco PIX Firewall is a really technology, the
    PIX (private Internet exchange) firewall combines
    dynamic network address translation, proxy
    server, packet filtration, firewall and VPN
    capabilities in a single piece of hardware.
  •  
  • Instead of using Cisco IOS, this device has a
    highly streamlined OS that trades the ability to
    handle a variety of protocols for extreme
    robustness and performance by focusing on IP.

25
  • Tunnelling
  • (tunl-ing) (n.) A technology that enables one
    network to send its data via another network's
    connections. Tunneling works by encapsulating a
    network protocol within packets carried by the
    second network. For example, Microsoft's PPTP
    technology enables organizations to use the
    Internet to transmit data across a VPN. It does
    this by embedding its own network protocol within
    the TCP/IP packets carried by the Internet.
  • My Definition
  • Most VPNs rely on tunneling to create a private
    network that reaches across the Internet.
    Essentially, tunneling is the process of placing
    an entire packet within another packet and
    sending it over a network. The protocol of the
    outer packet is understood by the network and
    both points, called tunnel interfaces, where the
    packet enters and exits the network.
  • Carrier protocol - The protocol used by the
    network that the information is traveling over
  • Encapsulating protocol - The protocol (GRE,
    IPSec, L2F, PPTP, L2TP) that is wrapped around
    the original data
  • Passenger protocol -The original data (IPX,
    NetBeui, IP) being carried
  • To explain and simplify the process of Tunneling
    I will give an example Its like having a Mobile
    phone delivered by Royal Mail. The Mobile Phone
    Company packs the Mobile Phone (passenger
    protocol) into a box (encapsulating protocol)
    which is then put on a Royal Mail delivery truck
    (carrier protocol) at the Mobile Phone Companys
    warehouse (entry tunnel interface). The truck
    (carrier protocol) travels over the Motorways
    (Internet) to customers home (exit tunnel
    interface) and delivers the Mobile Phone. The
    customer opens the box (encapsulating protocol)
    and removes the Mobile Phone (passenger
    protocol). Thats called Tunneling. Simple!

26
  • Tunneling has several nice uses for VPNs. For
    example, a packet that uses a protocol not
    supported on the Internet (such as NetBeui) can
    be placed inside an IP packet and sent safely
    over the Internet. Or a packet that uses a
    private (non-routable) IP address can be put
    inside a packet that uses a globally unique IP
    address to extend a private network over the
    Internet.
  •  
  • Tunneling Site-to-Site
  • In a site-to-site VPN, GRE (generic routing
    encapsulation) is normally the encapsulating
    protocol that provides the framework for how to
    package the passenger protocol for transport over
    the carrier protocol, which is typically
    IP-based. This includes information on what type
    of packet is being encapsulated and information
    about the connection between the client and
    server. Instead of GRE, IPSec in tunnel mode is
    sometimes used as the encapsulating protocol.
    IPSec works well on both remote-access and
    site-to-site VPNs. IPSec must be supported at
    both tunnel interfaces to use.
  •  
  • Tunnelling Remote-Access
  • In a remote-access VPN, tunneling normally takes
    place using PPP. Part of the TCP/IP stack, PPP is
    the carrier for other IP protocols when
    communicating over the network between the host
    computer and a remote system. Remote-access VPN
    tunneling relies on PPP.

27
  • Each of the protocols listed below were built
    using the basic structure of PPP and are used by
    remote-access VPNs.
  •  
  • L2F (Layer 2 Forwarding)
  • Often abbreviated as L2F, a tunneling protocol
    developed by Cisco Systems. L2F is similar to the
    PPTP protocol developed by Microsoft, enabling
    organizations to set up virtual private networks
    (VPNs) that use the Internet backbone to move
    packets.
  •  
  • Developed by Cisco, L2F will use any
    authentication scheme supported by PPP.
  •  
  • PPTP (Point-to-Point Tunneling Protocol)
  • Short for Point-to-Point Tunneling Protocol, a
    new technology for creating Virtual Private
    Networks (VPNs) , developed jointly by Microsoft
    Corporation, U.S. Robotics, and several remote
    access vendor companies, known collectively as
    the PPTP Forum. A VPN is a private network of
    computers that uses the public Internet to
    connect some nodes. Because the Internet is
    essentially an open network, the Point-to-Point
    Tunneling Protocol (PPTP) is used to ensure that
    messages transmitted from one VPN node to another
    are secure. With PPTP, users can dial in to their
    corporate network via the Internet.
  •  
  • PPTP was created by the PPTP Forum, a consortium
    which includes US Robotics, Microsoft, 3COM,
    Ascend and ECI Telematics. PPTP supports 40-bit
    and 128-bit encryption and will use any
    authentication scheme supported by PPP.
  •  
  • L2TP (Layer 2 Tunneling Protocol)
  • Short for Layer Two (2) Tunneling Protocol, an
    extension to the PPP protocol that enables ISPs
    to operate Virtual Private Networks (VPNs). L2TP
    merges the best features of two other tunneling
    protocols PPTP from Microsoft and L2F from Cisco
    Systems. Like PPTP, L2TP requires that the ISP's
    routers support the protocol.
  •  
  • L2TP is the product of a partnership between the
    members of the PPTP Forum, Cisco and the IETF
    (Internet Engineering Task Force). Combining
    features of both PPTP and L2F, L2TP also fully
    supports IPSec.
  •  
  • L2TP can be used as a tunneling protocol for
    site-to-site VPNs as well as remote-access VPNs.
    In fact, L2TP can create a tunnel between
  •          Client and router

28
  • What is MPLS?
  • MPLS stands for "Multiprotocol Label
    Switching".   In an MPLS network, incoming
    packets are assigned a "label" by a "label edge
    router (LER)".  Packets are forwarded along a
    "label switch path (LSP)" where each "label
    switch router (LSR)" makes forwarding decisions
    based solely on the contents of the label.  At
    each hop, the LSR strips off the existing label
    and applies a new label which tells the next hop
    how to forward the packet.
  •  
  • Label Switch Paths (LSPs) are established by
    network operators for a variety of purposes, such
    as to guarantee a certain level of performance,
    to route around network congestion, or to create
    IP tunnels for network-based virtual private
    networks.  In many ways, LSPs are no different
    than circuit-switched paths in ATM or Frame Relay
    networks, except that they are not dependent on a
    particular Layer 2 technology. 
  •  
  • An LSP can be established that crosses multiple
    Layer 2 transports such as ATM, Frame Relay or
    Ethernet.  Thus, one of the true promises of MPLS
    is the ability to create end-to-end circuits,
    with specific performance characteristics, across
    any type of transport medium, eliminating the
    need for overlay networks or Layer 2 only control
    mechanisms.

29
  • Project Plan and charts
  •  
  • 1)       Performance needs of the remote
    applications
  • 2)       IP Address Planning
  • 3)       ISP Evaluation
  • 4)       Planning Firewall Policy Changes (if VPN
    Server is behind firewall)
  • 5)       Remote VPN Implementation Issues
  • 6)       Remote Branch Office Considerations
  • 7)       Using Microsoft Networking with Remote
    VPN
  • 8)       ISP Evaluation
  • 9)       Integration into the Corporate Network
  • 10)   Performance Considerations
  • 11)   Project time frame
  • 12)   Beta testing
  • 13)   Final rollout
  • 14)   Project Windup

30
  • Conclusions
  •  
  • After meeting With Mr. Andy the managing
    director, with sales, support and technicians and
    visiting both head office and branch office,
    taking inventory of existing hardware, computer
    systems, software inventory, budget time frame
    required. I have come to conclude that not only
    will this company benefit enormously with a
    Virtual Private Network but also already have the
    infrastructure in place. They already have
    Windows Server 2003 installed and configured and
    really its just a matter of installing
    Microsofts ISA server 2004 and using it to its
    full potential. Of course they will require VPN
    pass through router upgrades, higher bandwidth to
    the VPN server, broadband infrastructure
    improvements, IP address schemes, VPN client
    software and Staff training. All of this can be
    easily achieved as the company staff is highly
    technical and the company already is a computer
    hardware vendor so hardware procurement should
    not be a major issue. I am sure I will be able to
    install and implement this project well before
    time.
Write a Comment
User Comments (0)
About PowerShow.com