IT INFRASTRUCTURE PROPOSAL
We have made a successful start in our new jeans store in the California. We were able to be strongly adapted to this western market. We now have a new office in California with a total of twenty employees. Ten of the employees would be using a desktop computer, and ten others would be using a laptop. Many of the employee’s tasks include creating advertisement content adapted to local trends and sales to large malls, inventory, accountant, sales, and operation management. As we have started our new remote office, we would need computers and IT services to operate. This proposal would be defining the current problem, equipment, time frame, barriers, risks, benefits, expenses, and the result of new IT infrastructure that is secure, reliable, and affordable for our west coast office.
Project Objective and Project Beneficiaries
The major problem that we have with our current environment is that we are asking employees to use their computer to connect to a network carrier modem directory, temporary. We are also using public cloud services for our business, which we believe is unacceptable. We would be carrying more security sensitive information shortly. We would need a hardware, software, and security upgrade in our west coast office. With the budget that we have on the west coast, it would be challenging for us to afford an IT infrastructure upgrade. We do have the rack to store the new IT infrastructure. An upgrade would be necessary and would be in a great need of help for the cost of the upgrade.
With the new IT infrastructure upgrade, it would benefit the west coast office in numerous ways and increase productivity and security of our valuable resource and technology. This project would provide a scalable and secure IT infrastructure. Through this project, the west coast office would be able to achieve each office user to have their company computer with our corporate level security. We would be having a fast and reliable network, with access to the network resources in the head quarter of our business in New York. With our new infrastructure, every office employees, managers, staff, our company, our current and future customers would benefit from this upgrade.
Project Deliverables
Desktop and Monitor
For the desktops for this office, we are getting a Dell OptiPlex 7040 with Intel Core i5-6500 Quad Core 3.2GHz processor. The desktop has an ATX form factor motherboard that fit in a small tower sized computer case. There are four DIMM Slots, with two DDR4 2133MHz 4GB memory installed, for the memory on the mother board, where two would be used with two RAM installed. Two SATA connection for 3.5 inches 500GB 7200rpm Hard Disk and the optical drive would be there with a storage connection. The primary power source for the mother board would be using the 20-pin P1 connector. The power supply would have a 15-pin SATA connection to the hard drive and optical drive. Desktop users would only use an RJ45 Ethernet port to connect to the internet. The desktop would come with the power cable, keyboard, and mouse. We would need to purchase the monitors separately. Desktop users would use a LED-backlit LCD 24 inch Dell E2417H model monitor, with 1920 x 1080 resolution. The display cable would come with the cable along with the power cable. This combination of desktop and laptop would be an optimal, productive, and well-supported system within its price point. Perfect for our operation here on the west coast.
Laptop
Laptop users would be users that would go out for sales or out of the office occasionally. For laptops users, we would like them to use light and easy to carry computers for their daily work task. The laptop would have touch capable screen and multi-mode hinge capability that would bring ease to presentation and brainstorming. We would be ordering them a Dell Inspirion 13 inch screen 7000 Series laptop computer. The specification of the laptop would be 8GB of RAM and Intel Core i5 CPU. Laptop users would be using the wireless network interface card (NIC) to connect to the internet.
Servers
For this project, we would need two servers. One for a file server and one for a domain controller for this office. We would be selecting the Dell PowerEdge R430 Rack Server for with Intel® Xeon® processor E5-2600 v4 two processor socket, 32GB DDR4 DIMM (12 DIMM slots), one 128GB SSD, three 1TB SAS HDD for each server.
Internet Carrier
We would order internet circuits from two different internet carriers, which would be ATT business and Comcast business circuits. I have ordered a 25Mbps/25Mpbs network fiber circuit from both carriers. We would retrieve the WAN IP Addresses provided as static IP WAN Global IP Addresses. We would update the headquarter for the static IP Address for reference.
Firewall
The firewall would be the key to our IT infrastructure. The firewall would be taking care of our security policy, network access list, routing, VLAN, secure connection with headquarter resources, and DHCP server. We have selected FortiGate 60D for our firewall, which we would need two for high availability. We have selected FortiGate 60D also for being able to conduct a high availability WAN connection from two internet connection. We are expecting to create a scalable logical and physical level high availability redundancy in our core of our network. Another important task the firewall would performing would be the secure VPN connection with our head quarter office. The IPSec VPN tunnel would connect our office with the New York Office to share resources. IPSec tunnel would able be a important tunnel to be used for the west coast office’s Domain controller to replicate with headquarter domain controller.
Switch
Cisco Catalyst 2960 series switch would be the switch that we would be using. We would be using this switch as a layer two switch. A layer two switch would be primary carrying VLAN network moved through trunk connection from the firewall.
Wireless Access Points
We would be ordering two Cisco WAP371 Wireless-AC/N Dual Radio Access Points for the laptop users, which would be using their wireless NIC for internet connection. They would be mounted on the ceiling, patched across the server room, to the network switch. The SSID for the would be “JEANS_OFFICE” and for security purposes, the SSID would not be broadcasted. The security for the SSID would be using WPA2 Enterprise, which would be authenticating with the Active Directory server in the local network. Since there would be no POE switch, we would need a two POE power injector to light up the wireless access points.
Printer
The network printer that we would be implementing our new IT infrastructure would be the HP LaserJet Pro M477fdw Wireless Color Laser Printer. It has the capability of the copier, scanner, fax, and wireless printer. I wouldn’t be enabling the wireless of the printer but be using the Ethernet connection for stable connection and would setup scan to email for scanned documents. We have selected the LaserJet printer since it is commonly said that “when it comes to printing black and white text pages, laser printing is unbeatable.” (Simpson, PC World) More efficient printing and scanning can avoid hassle with employees that have to all share this one printer. This printer would the perfect printer for its current price point.
Cables and Other
For the cables, would need to prepare RJ45 Straight through Cat 6 cable for cable connection inside the server room and patch cables and the cubical to desktop cable connections, Cat 5e can be used for cost effective options. Since we would be ordering a mass amount, there might be some defected. We might use some in the future so we would be ordering thirty-one feet RJ45 Straight through Cat 6 cables, twenty three-feet RJ45 Straight through Cat 6 cables, ten five-feet RJ45 Straight through Cat 6 cables, and forty seven-feet RJ45 Straight through Cat 5e cable. We would be ordering a total of one hundred network cables.
Operating System and Software
Both the desktop and also laptop users would be using a Dell OEM Microsoft 10 Professional install with the 64-bit version. It is crucial to make the right operating system selection since there are regulations such are only Windows 10 Pro supports computers creating or joining a domain. With Windows 10 Home version operating system (Casserly, M. 2017) to create scalable IT operation and security standard, there would be a need to setup a domain for the company and manage IT infrastructure that way. In a domain, there are multiple benefits such as excellent management through group policy, authentication, name resolution, and much more with Microsoft latest features.
The servers would be using a different type of operating system specialized for servers, which would be the Microsoft Windows Server 2016 64 bit version operating system. Both servers would be having this operating system however one of the servers would have a domain controller and active directory server installed, which this feature is included in this Microsoft Windows Server 2016 operating system. The other server would be acting as a file server, which would be another feature that the Microsoft Windows Server 2016 feature has.
Network Design
In this IT infrastructure, the firewall would be performing the most important role in the network design. In the physical level, there would be two FortiGate 60D firewalls, which one would be configured for high availability. One of the firewalls would be acting as a primary active firewall, and one firewall would be acting as a secondary standby router. If the main router fails, the standby router becomes. The diagram above shows two physical firewalls connected with the connection (5). 
This connection allows the firewall to create a high availability cluster and share configuration changes. They both share the same configuration. This is a redundancy made for active-passive mode, meaning one firewall would be actively in use, where the other firewall would be standing by for the active firewall to fail. As soon as a failure is detected on the active firewall, standby firewall would be activated to take on the traffic to forward to the internet. This shows redundancy on a physical level. The FortiGate firewall would be load balancing two internet circuit and would act as a default gateway to the internet for this offices’ local area network (LAN). Through this fail tolerant and reliable network connection in both logical and physical high availability, there would be very small chance that the users would ever experience any down time in the network connection.
We would also like to manage all the routing, access list, and VLAN network on the firewall. There is two LAN network, which is for general office users and a server network, separated from each other through VLAN. In the office network, there would be the ten desktop and ten laptops for the office users, which would have access to the internet and limited access to the server network. In the server network, there would be two servers on that network, hosting a domain controller server and a file server. Users in the server network would be able to access certain services from the server network such as SMB, CIFS, and domain services. The office user network traffic would be primarily be routed the ATT internet connection. The server network traffic would be routed to the Comcast internet. In the LAN, DHCP server would be running on the firewall for IP Address. The office user network would be the only network that would be having DHCP enabled. The server network would be assigned an IP Address statically. In the DHCP, devices would be given an IP Address, network subnet range, IP default gateway, and DNS information for domain name lookup.
The switch beneath the firewall would be connected to the firewall. As the firewall would be trunking the office VLAN and the server VLAN to the switch. The switch would be just acting as a layer two switch, receiving the VLAN trunk and separate access port connection per VLAN. There would be two access points in the office network. The access points would provide laptop wireless network access to the user network.
Finally, there would be a need for a site to site IPSec VPN tunnel between this California office and the head quarter New York office network. By having a VPN tunnel, according to the access list, each office network would be able to communicate with each other over a tunnel that traffic are securely encrypted. The IPSec VPN would be using the primary circuit, Comcast circuit. from the California office to the New York office firewall. We would allow New York office to access the server network for taking backups and active directory replication between the domain controllers between California and New York.
Security Measures
We would be using the FortiGate 60D firewall to filter any unwanted traffic and security policies for network access. We are going to add the security bundle license for our firewall, which includes web filtering feature as well, which would be enabled in the office network. The web filtering feature allows the firewall to block users from accessing certain categories of the website. We would also able to monitor any network intrusion through enabling the alerts for any access violation or malicious activities. “A more appropriate response is to immediately and surgically contain the initial infection vector, before propagation can occur, preventing an outbreak in the first place” (Morville, 2006). Through strict access list policy and web filtering for user connection, we would be able to prevent unwanted intruders from accessing our company resource and avoid security risk from happening before hand.
For all the laptops and desktops we would be getting, Windows 10 Professional operating system would be installed and be joined to the company domain. The company domain name for our New York office would be ‘jeansandjeans.com’ and our west coast office received a child domain called ‘cali.jeansandjeans.com.’ There would be a domain security that would be applied to all company computers. The computers that would be in a domain would refer to a group policy, that would dictate the configuration of each domain joined computer or by the user. User computers would be centrally managed by the Group Policy on the domain server for settings such as password expiration and password complexity. (Andrews, 2014, p. 880). For the windows login, we would set the 90 days end and password complexity policy in place for every user account. The Active Directory server would be located in the server network. User computers in the office network can access the server network to access the active directory server to authenticate to gain access to company resources.
For local user computer level security, we would be installing an antivirus software that is called Symantec Endpoint Protection Small Business Cloud. We would be purchasing twenty user licenses. There would not be a need to have an anti-virus manager server on-premise, and we can also update security definition without being in the office network. The users would be able to update security patches from the internet at anytime and anywhere. Also from the Symantec Cloud Web Portal, we would also able to collect security logs and manage local computer security policy.
Lastly, another device that would be on the network that can be a vulnerability would be the network LaserJet printer. Most of the time printers are ignored or left away as a security concern. Although recent studies show how vulnerable modern day network printers can be. Because of the evolving features with printers, such as scan to file or scan to email, an attacker could find passwords for LDAP, POP3, SMTP, outbound HTTP proxy, FTP, SMB, and WebDAV as well as the IPsec pre-shared keys from the printer (Kovacs, 2017). Printers are local area network device that has a critical vulnerability that must be reconsidered. For the printer setup, we would create a user account in our active directory just for authentification with the network printer and disable HTTP and FTP, which are unsecured protocols to be used in daily operation.
Security policies
Security policies must be a well-planned overall security solution for the company. One of the most important security policy is to always educate employees regarding security. Security awareness not only explains how to respond to security events and security violation, through training. Employees would also be familiarized with the organization’s security policy, communicate standards, procedures, and baselines that apply to the employee’s job facilitate employee ownership and recognition of security responsibilities. (LabSim Online Labs, 2012, Chapter 12.1.3) Even with the high level of security measures are being set in the IT infrastructure, many of the security breaches would be occurring from the user computers or users themselves. Some of which would include clicking on a malicious email and opening email attachments in the spam mailbox. We would like the users to practice and make the security measures a habit in their daily operation.
Encryption and Authentication
There might be a possibility that the physical computer of users would be stolen. The thief would also be able to steal the data inside an unprotected computer. We would like to have all computers to have BitLocker hard drive encryption option enabled on the system and other file directory storage volume on the computer. Windows 10 Professional operating system would be coming with the BitLocker feature for hard drive encryption. Without the decryption key, anyone that steal the company computer would not be able to read any data.
Another security concern would be for the wireless security. For laptops, users would be connecting to the internet through the wireless NIC. The wifi radio that would only be 5Ghz. The wireless security that would be set would be the WPA2 Enterprise with RADIUS server authentication. We would be installing the RADIUS server on the domain controller server, which the wireless access point would come to authenticate. The SSID would not be broadcasted. We would pre-setup the wireless profile on each laptop users to automatically connect to the wireless network when it is in range. Even after users change the password, the laptops can log in to the wifi seamlessly through the use of Active Directory.
Data Disposal
Finally, there would be a need for a policy set for data disposal. Even clicking delete would not completely delete data on your hard drive. It is difficult to completely obliterate data. We would have the hard drive encrypted however to dispose of data, we would like to take a step further than just throwing out for trash. It is rather important to encrypt the hard drive and destroy it then. (Weise, 2015) An effective way to physically destroying a hard drive is by striking the hard drive with a hammer. Unwanted intruders picking around the garbage can for used hard drives would not only try to put the hard disk ever readable but would also need a key to unlock each hard disk.
Project Risks
There would be some risks involved in this IT infrastructure upgrade project. One of the biggest risks in this project would be this would rather be almost a full replacement than just a system upgrade. The new design would drastically change the current model of simple network connection with the carrier modem, to a small business scale enterprise IT infrastructure. Everything would be different and in every change of IT infrastructure, so users would have to adapt with the new IT operation. We would also be starting to hold more security sensitive information and would need to host and maintain our servers. There would be security concerns and responsibility that we must take for this new project.
Although we have this major risk of total change in the IT infrastructure and IT operation, the roll back process would not be a complicated process on a technical level. We would just have to pull out our old computer and enable our carrier wireless router to connect to the internet again and proceed with the same operation. The only risk that would be dropped down would be the purchases of all these IT equipment. However, if we can push our installation to our testing phases fast enough, we would be eligible for the thirty-day return policy period to get a total refund.
Also, we are proposing this new project create a secure environment for these servers, through strict access listing and data availability be a remote backup from New York. The server network that we have our important company resource is securely monitored and restricted from the outside world and the office network. The IT infrastructure that we propose would be fully scalable IT security.
Project Assumptions and Constraints
Through the project installation, we see possible assumptions and potential constraints. There are major assumptions we have in our current environment that are set and ready for the new infrastructure. In our current tenancy in our California office, we have our server room with a lock. Also, there is in-house cable already laid out in the office from the old tenant. We have confirmed that the in house cable are usable and also have a couple IT equipment with us that can give us a possible early kick off on this project. One of the critical equipment that we already have is the 45 Unit tall four post server rack and the patch panel already mounted on the rack for each desk connection and cabling in the ceiling for the wireless access point. Also inside the rack, we have a backup battery UPS for the power connection. The UPS we have is the APC Smart-UPS SMT1500RM2U 1440 VA 1000 W 6 Outlet UPS. This UPS would be rack mountable and would provide backup power and surge protection for our expensive hardware.
These factors of current environment we have significantly help make this project possible.
The constraint that we have is the budget we have in our California office. We are a new office started in the west coast. We have made a lot of expenses opening an office here and still making progress to generate major income. With our current IT infrastructure, we would not able to compete with opposing companies. To have an edge in this west coast, we would need cutting edge IT infrastructure with reliable and secure technology. Also with the problem, we have with security, we would need an upgrade as soon as possible no matter if we are a small remote office away from the head quarter. It wouldn’t matter whether you are running a small or huge company, as long as computers are connecting to the internet, security must be considered. (Raikow, 2007) Currently, we can say that there is the least existence of security in our office. The fast and proactive plan must be executed.
Project Expenses
Below would be the necessary equipment and the total cost for this project. For the internet contract with Comcast and ATT, we would arrange the internet our self, because of the monthly payment for the account would be needed to be charged to our west coast office account.
| ITEM | DESCRIPTION | QTY | UNIT | AMOUNT |
| A | Hardware Equipment | |||
| <Network> | ||||
| 1 | Forigate 60D |
2 |
$598.00 |
$1,196.00 |
| 2 | Cisco Catalyst 2960 |
1 |
$3,295.00 |
$3,295.00 |
| 3 | Cisco WAP371 |
2 |
$160.99 |
$321.98 |
| 4 | Power Injector |
2 |
$15.00 |
$30.00 |
| <Computer> | ||||
| 1 | Dell OptiPlex 7040 (Desktop Computers) |
10 |
$749.00 |
$7,490.00 |
| 2 | Dell PowerEdge R430 Rack Server |
2 |
$1,329.00 |
$2,658.00 |
| 3 | Dell Inspirion 13′ 7000 Series (Laptop Computers) |
10 |
$799.00 |
$7,990.00 |
| <Other> | ||||
| Dell E2214H 21.5″ LED Monitor |
10 |
$116.27 |
$1,162.70 |
|
| RJ45 Straight through cable |
100 |
$4.99 |
$499.00 |
|
| HP LaserJet Pro M477fdw Wireless Color Laser Printer |
1 |
$529.99 |
$529.99 |
|
| B | License and Warranty | |||
| <License> | ||||
| Fortigate FortiCare Security License Bundle |
2 |
$1,235.00 |
$2,470.00 |
|
| Symantec Endpoint Protection Small Business Cloud |
20 |
$54.18 |
$1,083.60 |
|
| <Warranty> | ||||
| Cisco SmartNet Extended Warranty |
2 |
$33.48 |
$66.96 |
|
| Dell Extended Hardware Warranty |
20 |
$150.00 |
$3,000.00 |
|
| C | Labor | |||
| 1 man x 27 days |
27 |
$35 per hour |
$945.00 |
|
| E | Project Management | |||
| – Meetings, Scheduling, and Documenting |
$1,000.00 |
|||
| Shipping and Handling |
$100.00 |
|||
| Taxable Total (Tax Rate: 9.00%) |
$31,793.23 |
|||
| Sales Tax |
$2,861.39 |
|||
| Non Taxable Total |
$1,945.00 |
|||
| Total |
$36,699.62 |
Time Factor
As soon as we receive permission to proceed with this project, we would like to start. This is an urgent matter for our west coast office, and we expect to compete in approximately twenty-seven business days.
| Task |
Time and Material |
| Order hardware |
Approximately by 10 days |
| Hardware Inventory |
1 man x 1 day labor |
| Configuration for Networking Devices |
1 man x 1 day labor |
| Configuration for Servers |
1 man x 1 day labor |
| Configuration for User Computers |
1 man x 10 day labor |
| Hardware Installation |
1 man x 3 day labor |
| Migration and Testing |
1 man x 1 day labor |
| Completion |
27 |
Conclusion
Through this proposal, we have defined the current problem, the necessary equipment, time frame, barriers, risks, benefits, expenses, and our idea of the new secure and reliable IT infrastructure for our west coast office. Considering the fact of us currently having a good and ready environment and the risk of continuing to ignore issues we have in our office, we believe that it is a must to proceed with this project. If we can finance the expenses for this project, we are looking at vast improvement in the west coast office. We would have a competitive edge against competitors and the head quarter office would be able to manage the remote office using the windows group policy for safe data access and user management easily. Security cannot be taken granted and is important to keep in watch for every network device. The IT infrastructure that we propose, we would be able to achieve a secure, easily manageable, reliable, and fault tolerated IT infrastructure with sustainable and scalable security user procedure for the future.
References
Andrews, J. (2014). A+ guide to managing and maintaining your PC, 8th edition. Boston, MA:
Course Technology.
Casserly, M. (2017) Windows 10 Home vs Windows 10 Pro vs Windows 10 S
Retrieved from
http://www.techadvisor.co.uk/feature/windows/windows-10-home-vs-windows-10-pro-vs-
windows-10-s-3618710.html
Kovacs, E. (2017) Printer Vulnerabilities Expose Organizations to Attacks. Retrieved from
http://www.securityweek.com/printer-vulnerabilities-expose-organizations-attacks
LabSim Online Labs. (2016). TestOut PC Pro [220-901 & 220-902]. Pleasant Grove, UT.
Morville, P., & Arbel, G. (2006). FACE-OFF: Is anomaly detection the best way to prevent virus
and worm attacks? Network World, 23(10), 38. Retrieved from
https://csuglobal.idm.oclc.org/login?url=https://search-proquest-
com.csuglobal.idm.oclc.org/docview/215977526?accountid=38569
Raikow, D. (2007). Take A crash course in security risks. VAR business, 23(16), 51. Retrieved
from
https://csuglobal.idm.oclc.org/login?url=http://search.proquest.com.csuglobal.idm.oclc.
org/docview/194172547?accountid=38569
Simpson, Cambelle: Laser vs. inkjet printers: which is better? PC World. Retrieved from
https://www.pcworld.idg.com.au/article/354659/laser_vs_inkjet_printers_which_better_.html
Weise, E. (2015). Destroying information on a hard drive isn’t easy. Retrieved from
https://www.usatoday.com/story/tech/2015/12/04/destroying-information-hard-drive-isnt-
easy/76785790/
