Xây dựng mạng LAN cho công ty TNHH công nghệ thực phẩm SK
32
THIẾT KẾ VÀ XÂY DỰNG MẠNG 1
-
Upload
machiato210 -
Category
Documents
-
view
54 -
download
14
Transcript of Xây dựng mạng LAN cho công ty TNHH công nghệ thực phẩm SK
THIT K V XY DNG MNG
THIT K V XY DNG MNG
MC LCI.Tng quan:41.Thng tin khch hng:42.Phm vi:43.Yu cu ca khch hng:54.Phn tch yu cu:5II.Phng n thit k:51.Thit k gii php:52.La chn thit b:53.La chn cng ngh:6III.Phn tch cc thit b k thut:71.Scalability (Kh nng m rng):72.Availability (Tnh sn sang s dng):73.Performance (Hiu sut):74.Security (An ton):75.Qun l c:86.Tin dng:87.Tnh thch ng :88.Chi ph hiu qu:8IV.c tnh ha lu lng mng:81.c tnh ha lung lu lng :82. c tnh ha traffic :9V.H thng mng ca cng ty:11VI.Gn a ch v t tn:14VII.Thit k an ninh cho h thng:161.Phn tch cc nguy c c th nh hng n h thng:162.K hoch an ninh cho cng ty:163.Chnh sch an ninh c th:163.1.Bo v cc thit b mng163.2.An ninh trn cc thit b mng173.3.Phn quyn ngi dng:183.4.An ninh ti nguyn d liu:183.5.Wireless Securiry:193.6.Bo mt trong VPN:19
THIT K MNG LAN CHO CNG TY TNHH CNG NGH THC PHM SK(Chi nhnh H Ni)
I. Tng quan:1. Thng tin khch hng: Cng ty TNHH Cng ngh Thc phm SK ang sn xut v kinh doanh cc sn phm ph gia v thc phm. Lnh vc: sn xut v kinh doanh thc phm. Th trng: cung cp cho cc ca hng bnh ngt, bnh m, qun coffeeti Vit Nam. Sn phm: Nguyn liu thc phm: b, magarine, du b thc vt, shortening, cacao, men v cc cht ph gia bnh m, chocolate ca cc nc B, Singapore, an Mch, Ho Lan. Sn xut cc loi chocolate du, sa, bc h, cacao, C ph CappuccinoCng ty ang mun xy dng h thng mng ni b m hnh domain S ca tr s giao dch:2. Phm vi:Thit k mng cho 2 tng ca mt ta nh l cng ty Cng Ty TNHH Cng ngh Thc Phm SK chi nhnh H Ni c 8 phng c phn b nh sau: Phng 1: Ban gim c gm: 1 Gim c:: 01 Laptop + 01 PC 2 Ph gim c:: 02 laptop + 02PC Quy l tn: 02PC Phng 2: Phng giao dch khch hng:5 PC,1 printer Phng 3: Phng k ton: 5 PC, 1 printer Phng 4: Phng IT:2PC + 1 server Phng 5: Phng hnh chnh: 5 PC, 1 printermu Phng 6: Phng marketing: 5 PC, 1 printer Phng 7: Phng nhn s : 3 PC, 1 printer Phng 8: pht trin sn phm: 5 PC+ 1 printer Ngoi ra cng ty c nhu cu trang b 2 my photo c kh nng in n in nhng ti liu ln3. Yu cu ca khch hng: Mi nhn vin trong cng ty c mt my tnh ring. Tt c cc nhn vin trong cng ty u c s dng Internet. Tt c cc my tnh u lin lc c vi nhau trong tng phng ban v ton cng ty. Tng bng thng yu cu cho c mt phng chc nng l 5MB/s (xp x 40Mbs). ng truyn phi hp l v m bo c bng thng theo yu cu. Chi ph thi cng lp t hp l, c th chp nhn c nhng vn s dng cng ngh tt nht. m bo thm m: i dy gn p, tin li. Mng phi c kh nng m rng v nng cp vi k thut mi trong tng lai.
4. Phn tch yu cu: Cu trc ta nh: p ng ng theo thng tin cung cp ca khch hng. Hin trng cng ty: L cng ty va v nh, ang m rng quy m v kh nng ti chnh c hn. V th cn s dng nhng bin php ph hp, thun li cho vic m rng, nng cp sau ny.II. Phng n thit k:1. Thit k gii php:Thit k logic v thit k vt l: Cng ty cn xy dng 1 h thng mng theo m hnh domain qun l tp trung to iu kin thun li cho vic qun tr h thng mng.2. La chn thit b: Hin trng: My tnh server: Cha c. My tnh trm: Cha c. Router: Cha c. Switch: Cha c. Dy mng: Cha c. Dy cp mng: Cha c. Mt bng trin khai: Tt c 2 tng trong cng ty u cha c trin khai mng. C th t do la chn v tr t phn cng.3. La chn cng ngh: Cng ngh s dng: Tn dng ti a cng ngh ph bin ca Microsoft kt hp thm cc dch v h tr khc. Tng bng thng yu cu cho c mt tng lien lc ni b l 8MB/s nn ta s s dng chun mng cc b 802.3-Ethernet s dng giao thc TCP/IP truyn ti v chia s d liu trn mt ng truyn chung. C tc truyn ti d liu l 100Mbs. T m hnh Logic c phn tch trn th ta chn chun vt l ca Ethernet l 100Base-T c s hnh mng d thit k l xng sng. u im: Tc nhanh. D dng thm mt thit b vo trong h thng. Qun l v kim sot mng tp trung. Nu xy ra s c li mt my tnh s khng nh hng n c h thng. Nhc im: Nu thit b u ni trung tm b hng, c th dn n gin on ton b h thng. Chi ph dy mng v thit b trung gian tn km hn.
Chi tit v cng ngh s dng: S dng Windows 7 ci t v qun l tt c cc dch v quan trng trong cng ty v Windows server 2008 proffesional cho my ch. Fike Server: Lu tr, chia s, qun l d liu tp trung. Domain Cotroller: DNS, DHCP server: Qun l h thng cc i tng, phn gii tn, cp pht IP ng cho ton b vng mng LAN. Web, FTP, Printer server: Qun l Web, FTP v my in mng. RIS, WSUS: Trin khai h iu hnh, cp nhaut cc bn v li cho h thng. RRAS, Antivirus: Lm chc nng Router (LAN-Routing, VPN, NAT), qun l vic qut virus cho cc antivirus client trn my nhn vin v cp nht cc bn dit virus mi t Internet.
III. Phn tch cc thit b k thut:1. Scalability (Kh nng m rng): Cc server m bo tc truy xut vi trng ti cao. C cu ca cng ty c kh nng m rng trong vng 5 nm ti.2. Availability (Tnh sn sang s dng): C server d phng backup d liu khi gp s c. i vi nhn vin trong cng ty m bo truy xut vi tc ti a : 24h/1 ngy; 7 ngy/1 tun.3. Performance (Hiu sut): Bng thng: p ng tt cc ng dng ca h thng v user. Utilization: 90%. Thng lng c ch : gim hao ph trn ng truyn. Tnh chnh xc: 99%. Hiu sut: 90%. Delay: 100ms. Jitter: 5ms. BER: 10-5.4. Security (An ton):
Nhn din c cc thit b cn phi c bo v nh : DHCP Server, DNS Server, H thng Mail Server , cc server lu tr thng tin ti khon ca khch hng v nhn vin trong cng ty... Xy dng cc h thng pht hin xm nhp,cc h thng firewall chng li s truy cp tri php t bn ngoi, m bo cc thng tin tuyt mt ca cng ty trc s tn cng ca hacker.
5. Qun l c:
B phn k thut c kh nng qun l , gim st hot ng ca mng cng nh ca tng user , c th d on trc cc s c c th xy ra cho h thng mng trong tng lai. Thng k ti nguyn mng ang c s dng trong h thng , nhiu hay t , c lng ph hay thiu ht ch no hay khng c bin php x l thch hp.
6. Tin dng:
Nhn vin trong cng ty c th d dng s dng cc ti nguyn hin c , trao i thng tin nhanh chng vi cc phng ban khc v bn ngoi. Khch hng d dng ng k account .
7. Tnh thch ng :
Mng c thit k thch ng vi cc thay i v cng ngh mi. Thit k linh hot thch nghi vi cc thay i v traffic v nhu cu v cht lng dch v.
8. Chi ph hiu qu: Chn cc thit b d cu hnh v s dng. C ti liu hng dn s dng chi tit. p ng c yu cu ca nhn vin v khch hng vi mt chi ph ti chnh cho php.
IV. c tnh ha lu lng mng:1. c tnh ha lung lu lng :Tn cng ngS lng ngi dngV trCc ng dng s dung
User1Tng gim cMail,Web,File,Office,Database,My in,Remote access
User2Ph tng gim cMail,Web,File,Office,Database,My in, Remote access
User5Phng giao dch khch hngMail,Web,File,Office,My in
User5Phng k tonMail,Web,File,Office,My in
Admin3Phng ITMail,Web,File,Office, DomainControler, DHCP Server,DNS Server,Mail Server,Web Server,File Server,Administrative Tool,Remote Access,Database Server
User5Phng hnh chnhMail,Web,File,Office,My in
User15Phng nhn sMail,Web,File,Office,My in
User15Phng marketingMail,Web,File,Office,My in
2. c tnh ha traffic :Tn ng dngLoi lung lu lngGiao thc c dng bi ng dngCng ng ngi dngKho d liu (server, host)Nhu cu bng thng xp x cho ng dng
MailClient/ServerSMTPUser/AdminServer1400Kb/ngy
FileClient/ServerFTPUser/AdminServer200000000Kb/ngy
DatabaseClient/ServerFTPUser/AdminServer400000000Kb/ngy
Remote AccessTerminal /host traffic flowPPPUser/AdminServer20000000Kb/ngy
Tng lu lng : 80008400Kb
Lng nhu cu bng thng trn tng ng dng :WEB
S user35
Tn sut phin500/ngy,15000/thng
Khang thi gian trung bnh ca user10/24
S user ng thi100
S user35
Tn sut phin200/ngy,6000/thng
Khang thi gian trung bnh ca user5/24
S user ng thi100
FILE
S user35
Tn sut phin100/ngy,3000/thng
Khang thi gian trung bnh ca user5/24
S user ng thi30
DATABASE
S user35
Tn sut phin2000/ngy,60000/thng
Khang thi gian trung bnh ca user10/24
S user ng thi30
REMOTE ACCESS
S user50
Tn sut phin100/ngy,3000/thng
Khang thi gian trung bnh ca user5/24
S user ng thi20
V. H thng mng ca cng ty: c thit k theo m hnh 3 lp nh sau: Lp Core Layer. Lp Distribution. Lp Access.M hnh logic c thit k nh sau:Tng 1:
Tng 2:
Thit k chi tit cho tng lp nh sau: Lp Access Layer: Cc thit b trong lp ny thng c gi l switch truy cp. Thc hin chia Vlan cho cc phng ban, gip mng c tnh linh hot cao hn, tng tnh bo mt cho cng ty, tit kim bng thng ca h thng. Trin khai cng ngh MPSL h tr cc chi nhnh v vn phng nh d dng truy cp vo mng internetwork. Trin khai Spanning Tree Protocol (STP) gip h thng mng n nh v hot ng khng b lp. Lp Distribution Thc hin nh tuyn gia cc Vlan chia trn. Cho php Load Balancing v Load Sharing. Kim sot c lu lng mng. Kim sot truy xut ti nguyn m bo an ninh cho h thng mng v ti nguyn cng ty. Cung cp cc kt ni bn trong ca gia lp Access v lp Core. Lp Core Layer y chng ta s dng mt switch backbone c tc cao v c kh nng d phng cao. Cung cp cc kt ni ca tt c cc thit b lp Distribution.M hnh vt l v la chon thit b:Tng 1:
La Chn Thit B:
thit btn ring thit bs lngn githnh tin
My PCPC SunPAC Leader SLI316405W359430000 330,050,000
My in laser en trngMY IN LASER SAMSUNG ML-216151390000 6,950,000
My Ch My ch IBM X3300M4 7382B2A Tower 4U134990000 34,990,000
My in muEPSON STYLUS CX550012136000 2,136,000
switch 16 cngSwitch 16 cng DLINK DES 10161599000 599,000
switch 8 cngswitch 8 cng Cisco6590000 3,540,000
switch 4 cngswitch D-Link DES-1005A4139000 556,000
u bm mng120500 60,000
dy mngAMP-333311250000 1,250,000
My photoToshiba E450214000000 28,000,000
b nh tuyn WiFiLINKSYS WRT300N11250000 1,250,000
RouterCisco 2620XM133000000 33,000,000
tng tin 442,381,000
Gn a ch v t tn: Ban gim c gm: Vlan 1:1 Gim c:1 PC 192.168.1.239 trong dy a ch 192.168.1.236/27 Vlan 2:2 Ph gim c:2 PC 192.168.1.237,192.168.1.238 trong dy a ch 192.168.1.236/27 Cc phng ban gm: Vlan 3: Phng giao dch khch hng:5 PC + 1 Printer: 192.168.1.226 -> 192.168.1.231 trong dy a ch 192.168.1.224/27. Vlan 4: Phng k ton: 5 PC + 1 Printer: 192.168.1.194 -> 192.168.1.199 trong dy a ch 192.168.1.192/27. Vlan 5: Phng IT: 2 PC: 192.168.1.162 -> 192.168.1.164 trong dy a ch 192.168.1.160/27. Vlan 6: Phng hnh chnh: 5 PC + 1 Printer: 192.168.1.130 -> 192.168.1.145 trong dy a ch 192.168.1.128/27. Vlan 7: Phng sale: 20 PC 192.168.1.98 -> 192.168.1.108 trong dy a ch 192.168.1.96/27. Vlan 9:Phng pht trin cc sn phm : 20 PC 192.168.1.34->192.168.1.39 trong dy a ch 192.168.1.32/27. Vlan 10:Phng marketing: 20PC 192.168.1.2 -> 192.168.1.7 trong dy a ch 192.168.1.0/27. Cc server c gn IP c nh: DHCP server : 10.0.0.1Comment by HUNG: Khc di IP so vi mng lan my ch lm g th? DNS server : 10.0.0.2 File server : 10.0.0.3 Mail server : 10.0.0.4 Web server : 10.0.0.5Comment by HUNG: Cc bn nh dung 1 server hay 6 server? Database server : 10.0.0.6
Bng tm tt a chPhng banIPNetwork maskDefault gatewayPrefered DNSAlternate DNSDomain
Gim c192.168.1.239255.255.255.0192.168.1.1192.168.1.254192.168.1.253Giamdoc
Ph giam c192.168.1.237,192.168.1.238255.255.255.0192.168.1.1192.168.1.254192.168.1.253Phogiamdoc
Phng giao dch khch hng192.168.1.226 -> 192.168.1.231255.255.255.0192.168.1.1192.168.1.254192.168.1.253Giaodichkhachhang
Phng k ton192.168.1.194 ->192.168.1.199255.255.255.0192.168.1.1192.168.1.254192.168.1.253Ketoan
Phng IT192.168.1.162 -> 192.168.1.164255.255.255.0192.168.1.1192.168.1.254192.168.1.253Kithuat
Phng hnh chnh192.168.1.130 -> 192.168.1.135255.255.255.0192.168.1.1192.168.1.254192.168.1.253Hanhchanh
Phng pht trin cc sn phm 192.168.1.34->192.168.1.39255.255.255.0192.168.1.1192.168.1.254192.168.1.253Develop_product
Phng marketing192.168.1.2 ->192.168.1.7255.255.255.0192.168.1.1192.168.1.254192.168.1.253Marketing
VI. Thit k an ninh cho h thng:Trc tin, chng ta cn xc nh cc loi ti nguyn cn c bo v trong h thng ca chng ta l: An ninh cho cc thit b mng: router, switch, cc server An ninh ti nguyn ca h thng mng gm: d liu quan trng ca cng ty, ti khon ca cc nhn vin cng ty cng nh ca khch hng1. Phn tch cc nguy c c th nh hng n h thng: K trm t nhp vo cng ty n cp cc thit b mng. H thng in khng an ton c th gy h hng cc thit b. C s d liu b hacker tn cng v ly trm cc ti liu mt. D liu ca cng ty b chnh nhn vin trong cng ty n cp. S truy cp ca cc nhn vin cha thm quyn. Bo mt wireless cha an ton. H thng b virus tn cng.2. K hoch an ninh cho cng ty: Bm m cng ty c bo v an ton, trnh tnh trng trm cp. Thit k h thng in an ton, khng gy nh hng n cc thit b. Trang b i ng nhn vin an ninh mng kp thi i ph vi cc trng hp b tn cng t bn ngoi. Trang b cc phn mm Firewall v Security c tnh an ton cao. Bo mt cho cc thit b khng dy. Quy nh quyn hn ca tng nhn vin c th trong vic truy cp ti nguyn.3. Chnh sch an ninh c th:3.1. Bo v cc thit b mng Tng cng cc nhn vin bo v thc hin lm vic theo ca, thi lm vic tch cc khng l l. Xy dng mt phng ring cha cc server: Mail, DHCP c bo v nghim ngt, t ti phng k thut, admin v i ng k thut c trch nhim mi c s dng. Xy dng h thng my pht in cng sut ln hot ng mi khi mt in. vi cc server hay cc thit b quan trng th cn trang b b lu in IPS ring.. To 1 i ng k thut vin c trnh t i hc tr ln sa cha v thay th cc thit b hng v cc li xy ra.3.2. An ninh trn cc thit b mngCisco Security Agent: bo m an ninh trn my serverCisco Security Agent CSAbao gm mt cng qun l/iu khin (Management Console) t ngay trn my ch Windows 2000 v cc phn h (agents) c trin khai ti cc Host ni c cc d liu quan trng nh database servers, work stations. Cc agent ny dng giao thc HTTP v Secure Sockets Layer-SSL (128 bit SSL) cho cc giao tip qun l v cho s trao i thng tin gia cc agent v cng qun l/iu khin.CSA c ci ngay trn h iu hnh v n c th can thip v thm nh nhng lnh gi phn mm c lm trong h iu hnh v ht nhn h thng (kernel). Ni chung, CSA thc hin vic gim st xm nhp real-time (thi gian thc), pht hin, ngn cn nhng hnh ng ph hoi bng vic phn tch nhng s kin mc kernel, thng tin log ca h thng, v nhng hnh ng mng trn server, c s d liu tn cng .CSA l phn mm bo v trn server do s c ci trn nhng my server no cn c bo v. Nhng my server no c d liu mt hoc c cha thng tin nhy cm cn c bo mt th nn c ci CSA phng chng v pht hin xm nhp.
CSA c th d tm nhng truy cp bt thng vo h thng theo thi gian thc (real-time). N kim tra vic xm nhp vo h thng thng qua chnh sch an ninh c nh trc v nhng hnh ng bt thng i vi server, v n s ngn cn nhng hnh ng lm tn hi n server ng thi pht sinh email gi n ngi qun tr thng bo v nhng s kin lin quan ti security.3.3. Phn quyn ngi dng:H thng server ca chng ta c ci t h iu hnh Window Server 2008 Proffesional. V vi vai tr ngi qun tr mng, chng ta cn phi c cc chnh sch c th quy nh quyn hn ca tng phng ban v ca tng nhn vin trong cng ty nh sau: Quy nh thm quyn c th cho tng phng ban cng nh gim c v cc ph gim c. Mi ti khon nhn vin nm trong Group phng ban nhn vin lm. Trong tng phng ban, c nhng chnh sch c th cho cc cp nhn vin. Gim c c truy cp tt c cc ti nguyn ca cng ty. Trng phng ca cc phng ban c truy cp cc ti nguyn ca phng ban mnh v cc phng ban lin quan vi phng mnh. Trng phng Pht Trin c truy cp ti nguyn phng K Thut, phng Pht Trin Web, phng MarketingCc nhn vin trong phng ch c truy cp ti nguyn ca phng mnh. Mi nhn vin trong cng ty u c cp ti khon ring truy cp vo ti nguyn h thng. Mt khu c quy nh bt buc trn 8 k t. S dng c ch xc thc vi mi ln truy cp V mi thng password truy cp s c bt buc thay i sang password mi. Quy nh chnh sch cho tng loi ti nguyn (Read Only, Read/Write, Full Control) trnh tnh trng mt d liu quan trng3.4. An ninh ti nguyn d liu: i vi nhng d liu t bit quan trng, thc hin sao lu sang ng di ng v c lu gi trong phng ti liu mt. Ti liu mt th ch c gim c, ph gim c v cc trng phng c truy cp Xy dng h thng Firewall v Security m bo an ninh tt:Norton Security, MS Firewall Xy dng h thng mail server vi phng thc bo mt HTTPs C h thng pht hin xm nhp IDS trn mi phng ban, quyn iu khin v kim sot do i ng k thut ca phng k thut m nhim.3.5. Wireless Securiry: To cc Access Control List trn cc thit b Access Point, qun l vic truy cp vo cc thit b ny. y mi phng ban chng ta t 1 Access Point. Chng ta to mt Access Control List (ACL) trn cc thit b Access Point ca 8 phng ban. Mi nhn vin trong phng ban ch s dng Access Point ca phng . C th nh sau: t Access Point v tr trung tm trong cc phng ban. Phng gim c v ph gim c dng chung mt Access Point c t trc 2 phng ny. S dng WPA key. Khng cho nhn vin trong cng ty mang Access Point vo cng ty Gim sot cc truy cp ca cc ti khon khng thuc cng ty vo AC3.6. Bo mt trong VPN: thit lp h thng truy cp t xa vo h thng mng ca cng ty, c th s dng mt router ring chuyn lm chc nng ny. Tuy vy, chng ta cng c th s dng Internet Router nh mt Remote Access router bng vic trang b thm cc module c modem gn sn. C th u t Cisco Router 2611XM lm 1 Remote Access router. Cisco Router 2611XM gm 1 slot network module h tr giao tip tch hp 16 Analog modem v 2 cng giao tip 10/100 Mbps kt ni vo mng LAN ni b. Ngoi ra Cisco Router 2611 cho php thc hin tnh nng VPN v Firewall thng qua phn mm h thng IOS bo v an ninh cho h thng mng ca cng ty.
20
