Running head: ASSIGNMENT 5 1

Assignment 5
Kris Trinidad
Kaplan University Online
IT 299 Associates Capstone in Information Technology
Professor David Lecomte
July 9, 2014









ASSIGNMENT 5 2


Part 1: Description of the Architecture
The Caterday Photographic Company Network will be designed around a virtual private
network running over a cellular wireless network. To start there will be 15 mobile workstations
to facilitate remote access, and one fixed workstation at the main office for customer service.
The number of remote stations is extremely flexible and can be added to or subtracted from
easily. There will be 4 hardware servers and a dedicated file server to provide such services as
network management and tracking, printing queue, email, database, web server, and internet
gateway. Backup will be handled by SpringOak services at an offsite location. The wireless
service will be provided by Verizon, and additional software will be sourced from Apple, Adobe,
Microsoft and others as needed. The remote work stations will access the internet through the
Caterday Photogrphic Company Proxy Server to keep them isolated to the virtual protected
network and to keep all network traffic visible for network intrusion detection, firewall control,
and secure access to the Company services.
Part 2: Design of the product including Components
The mobile workstations will be comprised of Apple MacBook Pro laptops with 15
screens, 2.3GHz quad-core Intel Core i7, Turbo Boost up to 3.5GHz, 16GB 1600MHz memory,
512GB PCIe-based flash storage configurable to 1 TB if needed, Intel Iris Pro Graphics, and a
NVIDIA GeForce GT 750M with 2GB GDDR5 memory for multiple HD monitor use. They will
be equipped with a Verizon 4G LTE USB Modem UML295 for cellular connection from
anywhere service is available. The installed operating system will be Apple OS X and they will
be configured to use only the virtual protected network and the company internet proxy server
over Verizon and not the internal wireless 802.11ac or Bluetooth unless needed at a future date.
ASSIGNMENT 5 3


Three of the servers will be Mac Pros with 3.5GHz 6-Core Intel Xeon E5 processors,
16GB 1866MHz DDR3 ECC memory, Dual AMD FirePro D500 with 3GB GDDR5 VRAM
each and 512GB PCIe-based flash storage upgradable to 1TB if needed. Each server will be
running Apple OS X Server. One of these mac Pro servers will be a dedicated file and database
server, and it will be connected to and manage a 12TB WD Sentinel DX4000 Small Business
Network File Storage Server, this NAS will be running Microsoft Server 2008 R2 or later. Even
though this server is a standalone system, for ease of operation, management, connectivity, and
security it will be connected to through one of the Mac Pro servers. Connecting to the Sentinel
this way will also optimize its backup to the SpringOak service. Another Mac Pro will manage
access to the internet from the VPN through a Squid proxy as well as host the web server and
primary firewall and network intrusion detection software. The third Mac Pro will provide all
other needed services such as email, printing, and print queue management. There will be two
types of printers available to the network. Three will be Epson Stylus Pro 3880 with 17 carriage
and two will be imagePROGRAF iPF8100 with 44 carriage. Each of the printers will be
connected via USB hub to the Mac Pro server controlling their print queues. If it should become
more advantages, the imagePROGRAF printers may be connected directly to the network
through the 8 port switch yet still controlled by the Mac Pro print server. The network
management console running the network tracking software and additional network intrusion
detection software will be an Apple iMac with 27-inch display, 3.4GHz quad-core Intel Core i5,
Turbo Boost up to 3.8GHz, 8GB (two 4GB) memory, 1TB hard drive and a NVIDIA GeForce
GTX 775M with 2GB video memory running OS X Server. Each of the 4 Apple servers will
have Verizon UML295 modems installed and be accessible over VPN. They will also be
connected with Ethernet through a NETGEAR 8 Port Gigabit Smart Switch and the wireless
ASSIGNMENT 5 4


modems will be bridged to the Ethernet at each server for monitoring purposes. The Smart
Switch will be configured to forward to the network management console. Lastly there will be an
additional iMac with the same hardware configuration as the network management console but
with only VPN access over Verizon similar to the remote stations. It will run Apple OS X and be
configured the same as the mobile workstations but will be used for customer service at the main
office.
Part 3: How the Components Work Together
The logical topography of the Caterday Photographic Company Network will appear
seamless. The virtual protected network will isolate the company equipment from the rest of the
internet through a proxy server, and the face of Caterday will be its web site as seen by its
clientele. The mobile workstations will be able to access, store and share whatever they need to
on the network as well as the Adobe Creative Cloud. Since network access will be controlled by
proxy and the local system firewall, intrusion detection and unauthorized internal accesses will
be easily monitored from the network management console. Network expansion and network
data tracking will be easily managed as well through the network management console. The
physical topography is also fairly simple. The servers are all connected via Ethernet with cellular
wireless connections bridged to allow security monitoring as well as higher speed transfers
between the servers themselves. This also allows a direct connection to each mobile workstati on
on the virtual protected network. The only time the proxy server is used is when a workstation
attempts to access a site outside the virtual protected network. Finally, backups are done directly
to SpringOak from each server as scheduled.


ASSIGNMENT 5 5


Part 4: Network Diagram