Technical Proposal for Digital Imaging Center
Total Page:16
File Type:pdf, Size:1020Kb
2020 TECHNICAL PROPOSAL FOR DIGITAL IMAGING CENTER BAIS3995 NETWORK MANAGEMENT CAPSTONE GABRIEL KWAN, GBOLAHAN AIYETORO, DHRUV PATEL, JITTAWAT WARAMMANUSAI PREAMBLE This document contains the technical proposal presented to DIC for its IT infrastructure. It will involve recommendations and general information from VLAB consulting on hardware, services, service configuration, security policies, and networking with the goal of scalable, secure and highly available IT infrastructure across multiple sites. Should the proposal be chosen, this technical document can server as basis for continued administration and expansion for IT infrastructure for DIC. i | P a g e GK, GA, DP & AW TABLE OF CONTENTS PREAMBLE .................................................................................................................... i TABLE OF FIGURES.................................................................................................... x LIST OF TABLES ....................................................................................................... xiii 1 CLIENT / SERVER INFRASTRUCTURE ............................................................ 1 1.1 SERVER HARDWARE SOLUTION ................................................................ 1 1.1.1 DELL POWEREDGE R7525 ..................................................................... 1 1.1.2 DELL POWEREDGE R6515 ..................................................................... 4 1.1.3 DELL EMC SC7020 ................................................................................... 6 1.2 SERVER HYPERVISOR SOLUTION: VSPHERE SUITE ............................. 8 1.3 SERVER OS SOLUTION: WINDOWS SERVER 2019 AND UBUNTU SERVER 18.04 LTS ................................................................................................. 17 1.4 SERVICE CONFIGURATION ....................................................................... 19 1.4.1 AD SITES AND SERVICES DESIGN .................................................... 19 1.4.2 DNS........................................................................................................... 21 1.4.3 DHCP ........................................................................................................ 22 1.4.4 DFS / FILE REPLICATION SOLUTION ............................................... 25 1.4.5 NETWORK PRINTING SERVICES ....................................................... 27 ii | P a g e GK, GA, DP & AW 1.4.6 CERTIFICATE AUTHORITY ................................................................. 29 1.4.7 RADIUS AUTHENTICATION ................................................................ 29 1.5 AD USER AND GROUP CREATION STRATEGY ....................................... 30 1.6 ACTIVE DIRECTORY GROUP POLICY OBJECTS DESIGN AND STRATEGY .............................................................................................................. 33 1.6.1 SOFTWARE DEPLOYMENT GPO ......................................................... 33 1.7 CLIENT SOLUTIONS .................................................................................... 36 1.7.1 OPERATING SYSTEM: WINDOWS 10 ENTERPRISE AND UBUNTU 18.04 LTS .............................................................................................................. 36 1.7.2 THIN CLIENT: WYSE 5070 CELERONS .............................................. 37 1.7.3 LAPTOPS/DESKTOPS: DELL OPTIPLEX 5070 AND DELL VOSTRO 3490 37 1.7.4 MOBILE DEVICES AND MDM: IPHONE AND AIRWATCH .............. 38 1.7.5 REMOTE DESKTOP ACCESS: REMOTE DESKTOP, ANYDESK AND SSH 39 1.7.6 OFFICE PRODUCTIVITY SUITE/SOFTWARE .................................... 40 1.8 BACKUP SOLUTION .................................................................................... 40 1.9 PATCH MANAGEMENT STRATEGY .......................................................... 41 2 NETWORK INFRASTRUCTURE ....................................................................... 41 2.1 NETWORK DESIGN ...................................................................................... 41 iii | P a g e GK, GA, DP & AW 2.1.1 EDGE NETWORK LAYER ...................................................................... 42 2.1.2 CORE NETWORK LAYER ...................................................................... 43 2.1.3 DISTRIBUTION NETWORK LAYER .................................................... 44 2.1.4 COLLAPSED CORE LAYER ................................................................... 45 2.1.5 NETWORK VIRTUALIZATION ............................................................. 46 2.2 NETWORK DESIGN SPECIFICATIONS ON SITE BASIS ........................ 47 2.3 INFRASTRUCTURE ADDRESSING SCHEME AND IP MANAGEMENT SOLUTION ............................................................................................................... 51 2.3.1 EDMONTON HEADQUARTER (HQ) ..................................................... 52 2.3.2 IQALUIT................................................................................................... 53 2.3.3 EDMONTON RESEARCH & INNOVATION FACILITY ...................... 54 2.3.4 RED DEER ............................................................................................... 54 2.3.5 SOUTH EDMONTON .............................................................................. 56 2.3.6 WEST EDMONTON ................................................................................ 57 2.4 FULLY MANAGED NETWORK SOLUTION .............................................. 58 2.5 QOS IMPLEMENTATION ............................................................................. 61 3 COMMUNICATIONS INFRASTRUCTURE ....................................................... 62 3.1 EMAIL SOLUTION ........................................................................................ 62 3.2 VOICE OVER IP SOLUTION ........................................................................ 63 iv | P a g e GK, GA, DP & AW 3.3 CONFERENCE CALLING/ IM PRESENCE SOLUTION ........................... 64 3.4 COLLABORATION SOLUTIONS ................................................................. 64 4 WEB SERVICE INFRASTRUCTURE ................................................................. 65 4.1 SECURE FTP ................................................................................................. 65 4.2 CLOUD INTEGRATION AND SECURED WWW ........................................ 66 4.3 DOMAIN REGISTERING PROCESS EXPLAINED/REGISTERED DOMAIN ................................................................................................................... 66 5 SECURITY STRATEGY ....................................................................................... 67 5.1 SECURITY AUDIT – PROCESSES AND RESULTS ................................... 67 5.2 INCIDENT RESPONSE ................................................................................. 68 5.2.1 OVERVIEW .............................................................................................. 68 5.2.2 PURPOSE ................................................................................................. 69 5.2.3 SCOPE ...................................................................................................... 69 5.2.4 POLICY .................................................................................................... 69 5.2.5 POLICY COMPLIANCE .......................................................................... 71 5.3 FIREWALL SOLUTION ................................................................................ 72 5.4 SITE-TO-SITE VIRTUAL PRIVATE NETWORK (VPN) ............................. 75 5.5 SECURED SD-WAN....................................................................................... 78 5.6 MULTI-FACTOR AUTHENTICATION ........................................................ 79 v | P a g e GK, GA, DP & AW 5.7 REMOTE ACCESS VPN ................................................................................ 80 5.8 INTRUSION DETECTION AND PREVENTION SYSTEM ........................ 82 5.9 THREAT INTELLIGENCE ............................................................................ 83 5.10 WEB, CONTENT AND DNS FILTERING ................................................ 84 5.11 SSL INSPECTION ...................................................................................... 84 5.12 NETWORK ANTIMALWARE (ANTIVURUS & ANTISPYWARE) .......... 85 5.13 MICROSEGMENTATION .......................................................................... 86 5.14 HOST-BASED SECURITY ......................................................................... 88 5.15 DEVICE HARDENING ............................................................................... 89 5.16 SECURITY INFORMATION AND EVENT MANAGEMENT .................. 89 5.17 DATA BACKUP STRATEGY ...................................................................... 90 5.18 IT SECURITY POLICIES ........................................................................... 92 5.18.1 PASSWORD PROTECTION POLICY .................................................... 92 5.18.2 HARDWARE DISPOSAL POLICY ......................................................... 96 5.18.3 ROUTER AND SWITCH SECURITY POLICY .................................... 100 6 WIRELESS INFRASTRUCTURE ..................................................................... 105 6.1 INTERNAL ................................................................................................... 106 6.2 EXTERNAL .................................................................................................