Once the network is installed and functioning correctly, ABC Networks will provide some basic training on how to use Cisco Connection Online and the CiscoConnect application within CiscoWorks. These tools will let Jones work closely with Cisco or a Cisco partner to keep the network functioning at maximum performance.
Both Ethernet switches and Fast Ethernet will immediately and dramatically improve the performance. The Ethernet switches in the design presented here provide a dedicated 10-Mbps connection per port to a single user or 10BaseT hub. In contrast, Fast Ethernet shares ten times the bandwidth (100 Mbps) among all attached users.
|
|
|
|
|
|
| WordPerfect word processing | IPX | 170 | 1 | 7 a.m. to 6 p.m. |
| CD-ROM server | IPX | 15 | 3 | 7 a.m. to 6 p.m. |
| Fax server | IPX | 30 faxes/day | 3 |
Section 3: Design Solution
Cisco's Private Internet Exchange (PIX) Firewall provides full firewall protection by completely concealing the internal network from the outside world.
This firewall, which offers a variety of LAN connectivity options, resides between the corporate network and the Internet access router. The PIX Firewall offers strong connection-oriented security using a protection scheme based on the adaptive security algorithm (ASA) to ensure the utmost in security. No other firewall provides this level of protection. Its patent-pending Cut-Through Proxy feature dramatically improves performance over traditional proxy servers, and simple installation and minimal maintenance lower the cost of ownership. With the PIX Firewall, you can start with a base of 32 simultaneous connections and scale up to over 16,000 as your business grows.
Network-Layer Addressing and Naming Model
To support the remote PCs dialing in via ISDN/asynchronous to the local office’s network, we recommend using static routes for the remote nodes dialing in to the network.
Software Features Provisioned for the Network
For foolproof network security, the three-part firewall system locates the company's Web/FTP server behind the first tier. To access this tier, users come through a router that provides initial security. Beyond this first tier is Cisco's PIX Firewall series, which represents the second-tier security perimeter. In case there is a breach of security on the exposed segment, the PIX Firewall series acts as a strong security barrier to prevent outside users from gaining access to Jones’s private network. Coupling Cisco's PIX Firewall series with Cisco routers running Cisco IOS software will provide Jones with a powerful security solution that will allow it to sell its research papers without fear of exposure of internal documents and files. It forces hackers to penetrate multiple lines of defense.
CiscoWorks for Windows is recommended as the network management tool set. Once installed the network will be very static and should not require much in the way of reconfiguration. The primary need will be to monitor the health of the devices and links. CiscoWorks provides RMON and Health Monitor to monitor all the routers closely and reconfigure them if necessary.
Cisco’s solutions designed for small- to medium-sized businesses help you maximize your business potential and cost-effectively meet your expanding networking requirements. These solutions leverage Cisco’s vast networking experience, innovative technologies, outstanding service, and high-quality products; and they help organizations make the transition from today’s shared 10BaseT networks to high-performance networks required by organizations such as Jones, Jones, & Jones that extend beyond the main office to multiple offices, mobile users, and telecommuters, and to the Internet. These solutions give network managers the tools they need to build networks that are scalable, flexible, and powerful enough to handle the challenges of today’s business environment.
Cisco products include a wide range of high-performance LAN products such as 100BaseT hubs and Ethernet switches, routers, dial access servers, and network management software solutions. All of these products are based on the Cisco IOS technologies -- an integrated suite of network services that provides the native intelligence for more than 1 million installed Cisco units, and comprise an integral part of the products of many global partners. All Cisco products provide quality, reliability, network security, and interoperability based on industry standards.
Headquartered in San Jose, California, Cisco employs more than 9000 people in over 125 worldwide locations. The company’s stock is traded over the counter on the Nasdaq National Market under the symbol "CSCO."
Success in the network industry demands imagination, sound management, dependability, and most of all, the ability to integrate diverse technologies into a single resource, provided by ABC Networks.
The past decade has seen an unprecedented proliferation of computing equipment in the workplace. In most businesses the objective of a successful network is to enable computers in different physical locations to exchange programs, business data, information, and messages in the most economical fashion while satisfying certain performance, reliability, availability, and expandability requirements, thus the need for workgroup and network computing was introduced. Although workgroup computing began with the integration of desktop computers into a network, network computing involves the integration of LAN and WAN technologies to provide enterprise-wide connectivity.
The life cycle of a network system consists of three primary phases: Analysis and Requirements Definition, Design and Implementation, and Operations.
The Cisco products selected will provide Jones with the highest-performance, quality products available. Cisco is the worldwide leader in networking. Cisco routers are the basis for over 80 percent of the Internet infrastructure, and Cisco supplies 60 percent of the access solutions used by companies to provide connectivity for remote users and connectivity to the Internet. Additionally, Cisco, the inventor of switched Ethernet and Fast Ethernet -- today’s most popular high-performance LAN technologies -- leads the way in providing affordable, high-performance LAN solutions. These technologies, when implemented at Jones, will provide the stable investment Jones needs to be able to provide the needed improvements in employee and partner performance without the threat of an immediate upgrade or replacement.
The Catalyst 5000 series switches are the industry's most powerful switching solutions in the wiring closet, data center, or backbone. The series features an ATM-ready platform offering users high-speed trunking technologies and media-rate performance with a broad variety of interface modules.
The Catalyst 5000 series offers a clear migration path to Gigabit Ethernet through modular uplinks to meet scalability needs in the future. These features can be added while retaining all existing card investments.
Cisco 1603 Router
The Cisco 1600 series of Internet/intranet access routers combines all the benefits of multiprotocol routing and transparent bridging with unmatched performance, configuration flexibility, affordability, and integrated security and management. Providing cost-effective LAN-to-WAN connectivity, the Cisco 1600 series extends the reach of network services to local and remote sites, and provides access to business resources on the Web.
The Cisco 1603 series router features a built-in single Ethernet port (10BaseT/AUI) and an ISDN BRI S/T port, and includes an extra WAN slot for handling growth and WAN technologies of the future. Available optional WAN cards include serial synchronous/asynchronous, ISDN BRI S/T, and ISDN BRI U (with NT1).
Cisco 3620 Router
The Cisco 3620 modular access router offers unmatched price/performance for connecting remote office LANs to centralized network resources at medium-sized companies. Fully supported by Cisco IOS software, the router offers dial up connectivity, LAN-to-LAN routing, data and access security, and access to emerging technologies and multimedia features. Configurable to precise needs, the Cisco 3620 router features two network module slots that accept your choice of mixed-media (Ethernet and Token Ring) network modules and WAN interface cards supporting asynchronous/synchronous serial and ISDN primary rate and basic rate connections, for true, integrated LAN and WAN connectivity within a single platform.
Cisco 3640 Router
The Cisco 3640 modular access router offers unmatched price/performance for connecting remote office LANs to centralized network resources at medium-sized companies. Fully supported by Cisco IOS software, the router offers dial up connectivity, LAN-to-LAN routing, data and access security, and access to emerging technologies and multimedia features. Configurable to your precise needs, the Cisco 3640 router features four network module slots that accept your choice of mixed-media (Ethernet and Token Ring) network modules and WAN interface cards supporting asynchronous/synchronous serial and ISDN primary rate and basic rate connections, for true, integrated LAN and WAN connectivity within a single platform.
PIX 32 Firewall
The Cisco PIX Firewall brings dramatic new simplicity and unrivaled security to corporate networks. Typically configurable in five minutes or less, the PIX Firewall can thoroughly conceal your internal network from the outside world -- providing full firewall security protection. And unlike typical CPU-intensive proxy servers that perform extensive processing on each data packet, the PIX Firewall uses a non-UNIX, secure, real-time, embedded system. This setup allows the PIX Firewall to deliver outstanding performance of more than 16,000 simultaneous connections, a number dramatically greater than UNIX-based firewalls.
The heart of the PIX Firewall high performance is a protection scheme based on the adaptive security algorithm (ASA), which effectively hides client addresses from hackers so that they never have access to these addresses. The statefull connection-oriented ASA approach to security builds session flows based on source and destination addresses, TCP sequence numbers (which are randomized), port numbers, and additional TCP flags. This information is stored in a table, and all inbound packets are compared against entries in the table. Access is permitted through Cisco's PIX Firewall only if an appropriate connection exists to validate passage. This setup gives your organization transparent access for internal users and authorized external users, while protecting your intranet network from unauthorized access.
Cisco's PIX Firewall further gains this dramatic performance advantage through a new feature called Cut-Through Proxy. Whereas UNIX-based proxy servers are an ideal platform and can provide user authentication and maintain "state" (information about a packet's origin and destination) to offer good security, their performance suffers because they process all packets at Layer 7 of the OSI model. The PIX Firewall's Cut-Through Proxy, however, challenges a user initially at the application layer, like a proxy server. But once the user is authenticated against an industry-standard database based on the Terminal Access Controller Access Control System (TACACS)+ or Remote Access Dial-In User Service (RADIUS) and policy is checked, the PIX Firewall shifts the session flow and all traffic thereafter flows directly and quickly between the two parties, while maintaining session state. This cut-through capability allows the PIX Firewall to perform dramatically faster than proxy servers. The PIX 32 supports 32 concurrent sessions.
Innovative companies have turned to World Wide Web servers as an alternative
channel to reach new customers and a vehicle for online customer service,
as well as for transacting everyday business. The more successful companies
are now seeking ways to continue providing excellent and timely service
to a customer and prospect base that is increasing exponentially.
In providing this Internet connectivity, a company faces the challenge
of keeping pace with the demands and costs of integrating multiple systems
and tools from different vendors. This complexity is increasing continuously
with the rapid growth in new technology and products, prompting small-
to medium-sized businesses to seek highly integrated, end-to-end solutions.
At the same time, these solutions must also ensure that the security of the company's data and applications is not compromised. The chosen product or products must allow the business to control who accesses its information resources as well as the network path over which it flows.
Cisco Solutions for Internet Access
According to the Yankee Group market research firm, approximately 80 percent of the Internet backbone is run on Cisco routers. Cisco now brings this leadership to bear on solutions for small- to medium-sized businesses to meet their Internet access needs. All of Cisco's access routers incorporate the industry-leading Cisco IOS software. Cisco IOS software offers a rich variety of security features such as access lists to keep out unwanted traffic, and the comprehensive authentication and authorization Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) that allow only authorized users into the network. Event logging and audit trails, data encryption, virtual private networking functions, and NAT provide additional network security. NAT allows a privately addressed network to access public registered networks such as the Internet without requiring a registered subnet address. This feature eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets. NAT features conserve address space by requiring only a single IP address.
All of Cisco's routers can be used for connectivity to the Internet. Two series of access routers that feature a dual LAN architecture for additional firewall capabilities are highlighted here, as well as a cost-effective access router for multiple offices.
The Cisco 1600 series represents an inexpensive, easy-to-use, multiprotocol router ideal for Internet access. This series of access routers offers a flexible choice of built-in LAN and WAN ports and supports an extra WAN card to accommodate multiple WAN connections. The Cisco 1600 series also supports the Cisco ClickStartTM interface, a Web browser application that makes the routers easy to install, configure, and manage.
In addition to the comprehensive list of security features mentioned, the Cisco IOS software supports robust multiprotocol routing, as well as features to reduce WAN connection costs and provide enhanced support for multimedia. Data compression and multiple traffic prioritization techniques ensure that critical data is accommodated, while features such as protocol spoofing, snapshot routing, NSLP route aggregation, dial-on-demand routing (DDR), and bandwidth-on-demand (BOD) ensure that dial-up costs are minimized. Support for a variety of protocols such as Internet Group Management Protocol (IGMP) and Resource Reservation Protocol (RSVP), to name two, makes the Cisco routers ideally suited to meet the demanding needs of exciting new audio and video services.
To increase productivity and stay competitive, companies require cost-effective interoffice connectivity solutions that combine applications availability with fast and timely access to business information, low cost of ownership to control wide-area connection and ongoing management costs, and scalability to protect investments and allow for expansion.
Cisco Solutions for the Central Site
Cisco offers a range of central site products ideal for connecting to your multiple offices. The Cisco 3600 series routers offer network administrators modular, flexible solutions that will meet changing needs as the company grows while preserving investment. In addition, these routers support extensive features to increase WAN security and reduce WAN costs.
The Cisco 3600 series routers also offer a modular solution for dial up connectivity over asynchronous, synchronous, and ISDN lines at an industry-leading price-for-performance value. The Cisco 3620 and 3640 routers allow small- to medium-sized businesses to increase dial up density and take advantage of current and emerging wide-area services and internetworking technologies. The Cisco 3640 router has four network module slots, while the Cisco 3620 router is equipped with two -- each slot accepts a variety of mixed-media and WAN network modules. The Cisco 3600 series is also a member of the NetBeyond System. NetBeyond is an extended network system of modular, stackable LAN and WAN products that increase network performance, connect mobile users and multiple offices, and deliver secure access to the Internet. NetBeyond is an ideal networking foundation for small- to medium-sized businesses and multiple offices of larger enterprises.
All of the Cisco router products incorporate the industry-leading Cisco IOS software. Cisco IOS supports robust multiprotocol routing, as well as features to ensure WAN security, reduce WAN connection costs, and provide enhanced support for multimedia. Comprehensive authentication and authorization such as PAP and CHAP allow only approved traffic into the network. Event logging and audit trails, encryption, virtual private networking functions, and Network Address Translation (NAT) provide additional network security. Data compression and multiple traffic prioritization techniques ensure that critical data is accommodated, while features such as protocol spoofing, snapshot routing, NSLP route aggregation, dial-on-demand routing (DDR) and bandwidth-on-demand ensure that dial up costs are minimized. Support for a variety of protocols such as Internet Group Management Protocol (IGMP) and Resource Reservation Protocol (RSVP), to name two, makes the Cisco routers ideally suited to meet the demanding needs of exciting new audio and video services.
Cisco Solutions for Multiple Offices
Cisco also offers a wide range of router products perfect for the branch office. These branch office routers support the same comprehensive set of Cisco IOS features that are available with the central site routers.
For branch offices, the Cisco 1600 series represents an inexpensive, easy-to-use, multiprotocol router. This series of routers offer a flexible choice of built-in LAN and WAN ports and supports an extra WAN card to accommodate multiple WAN connections. The Cisco 1600 series also supports the Cisco ClickStart interface, a Web browser application that makes the routers easy to install, configure, and manage.
Mobile Computing
To be successful, small- to medium-sized businesses require more flexible remote-access solutions. These businesses must find new strategies for increasing the amount of time their mobile sales representatives can spend with customers. They must provide remote access to e-mail and other network resources to key employees who travel or telecommute. They must ensure that representatives can access the most up-to-date pricing, product, and inventory information in order to dramatically improve customer service. They must also quickly collect time-sensitive data from field personnel to more efficiently manage their resources and services.
This changing world of network access requires a new class of remote-access equipment. Products must be powerful enough to handle today's needs and flexible enough to grow and adapt to tomorrow's requirements -- while protecting a company's investment in equipment and training. They must integrate dial-up connectivity with traditional, remote LAN-to-LAN access. Solutions must also ensure security, data privacy, and availability as users connect from any location, including multiple offices, home offices and hotel rooms. And they must support the higher levels of performance required for new applications such as Internet commerce, intranet communications, and multimedia.
Cisco Solutions for Telecommuting and Mobile Users
The CiscoRemote product is a scalable and comprehensive solution for remote-access client software. Both CiscoRemote Plus and CiscoRemote Lite extend the benefits of the Cisco IOS software to the mobile user's desktop and together with Cisco access servers provide a complete, remote-access solution.
CiscoRemote Lite provides basic remote-node connectivity to the corporate network and is shipped with a Cisco access server at no charge. It includes an installer, a dialer, modem discovery, TCP/IP virtual device driver (VxD) stack, and Point-to-Point Protocol (PPP)/Serial Line Internet Protocol (SLIP) over IP or IPX.
CiscoRemote Plus V2.0 is a complete set of applications for remote computing
in one package for the PC Windows environment. This single product links
PCs with other computing resources within a network or across the Internet.
CiscoRemote Plus V2.0 also provides the industry's first remote-node accelerator
for dramatically improving performance over ISDN or asynchronous modems.
Click on the Back button in your browser to review material in Section 8 of Module 2. If you are finished with that section, click here to go on to Module 3.