of 27
8/8/2019 Active Directory Trainers PPT Mod 10
1/27
Design of Physical Network
2006 IIHT Limited
Module Design of Physical Network
Overview
In this module we will study the concepts of Routing and Networking where
concepts of routers and network topologies, registering domain name,
internet connectivity and issues regarding segmentation of internet and
intranet are discussed. Also there is a considerable amount of discussionon IP addressing schemes, DHCP, location of routers and perimeter
network.
Lessons covered in the module
1. Routing and Networking
2. Subnetting the Organization
3. Routing and Remote Access Infrastructure Design
4. Availability of Remote Access Infrastructure
8/8/2019 Active Directory Trainers PPT Mod 10
2/27
Design of Physical Network
2006 IIHT Limited
Lesson 1 Routing and Networking
Introduction
In this chapter we are going to discuss the designing of a network topology,
including routing, router placement, Internet connectivity, addressing and
subnetting, and firewall considerations.
Topics covered in this lesson
Networking and Routing
Internet Connectivity
Registration of Domain Name
Segmentation of Internet from the Intranet
Network Topology Definitions
8/8/2019 Active Directory Trainers PPT Mod 10
3/27
Design of Physical Network
2006 IIHT Limited
Topic 1 - Networking and Routing
The very first thing that needs to be considered for building any reliable andscalable network is assessing and designing a network that can supportcontemporary and any future requirements i.e. scalability factor must betaken into account.One important thing that needs to be ensured is you have a supportedprivate internal IP addressing scheme and a registered external IP
addressing scheme for your network.Other factor that needs to be considered is how to properly segment theinternal and external network.Consideration need to be taken for the placement of the router and security.
8/8/2019 Active Directory Trainers PPT Mod 10
4/27
8/8/2019 Active Directory Trainers PPT Mod 10
5/27
Design of Physical Network
2006 IIHT Limited
Topic 3 - Registration of Domain Name
Every organization that is willing to conduct business over the Internet has
to have a domain name.
To acquire an appropriate domain name, you need to deal with companies
that specialize in registering these for you. The first thing you need to do is
choose a domain name.
This will not be easy, because most organizations want a .com and mostof these are taken.
You will also need to research the chosen domain name to avoid any
trademark conflicts. After choosing the domain name get it registered.
It is also useful to have a registered domain name for internal use with
Active Directory.
Maintaining a registered name internally helps to resolve any conflicts in thefuture.
A good solution is to select an internal domain name with a suffix that is not
a Top Level Domain or any of the country-specific domains.
8/8/2019 Active Directory Trainers PPT Mod 10
6/27
Design of Physical Network
2006 IIHT Limited
Topic 4 - Segmentation of Internet from
the Intranet
Mostly two different yet similar methods of separating the intranet from theInternet are used by organizations.Routers are used as both a stand-alone method and in conjunction with afirewall. Some routers have built-in firewall features to help alleviate havingmultiple pieces of equipment.
Depending on how much work will be required of the router, it might makesense to have a separate firewall to offload the work from the router.An intranet is an internal Web environment that serves an organizationspersonnel, and is generally not accessible to the public.An extranet is means of selectively extending an organizations intranet toindividuals and organizations through the Internet who are not physicallyconnected to the organizations network.
Routers will help to route IP traffic in and out of the intranet and Internet.Firewalls are mostly used to filter what IP traffic can pass from the Internetto the intranet.Proxy servers and authentication servers are used for filtering andmonitoring what IP traffic flows from the intranet to the Internet
8/8/2019 Active Directory Trainers PPT Mod 10
7/27
Design of Physical Network
2006 IIHT Limited
Topic 5 - Network Topology Definitions
There are three basic physical topologies viz. bus, ring, and star and havesame components.
Bus Topology - In this topology all nodes are connected together by a
single bus and use an open-ended cable in which all network devices are
connected. Both ends of this cable must be terminated. Generally, this
topology is best suited for small networks because it does not require theuse of a switch or hub.
Ring Topology - In this topology every node has exactly two branches
connected to it. Ring topology uses a cable that is connected to all network
devices in a ring formation so there is no termination because there are no
open ends.
Star Topology - In this topology peripheral nodes are connected to a centralnode, which rebroadcasts all transmissions received from any peripheral
node to all peripheral nodes on the network, including the originating node.
Here each device is connected centrally to a switch or hub. The star
topology is physically and logically the same. Each device is independently
connected to the media and does not have to concern itself on how the other
devices are connected.
8/8/2019 Active Directory Trainers PPT Mod 10
8/27
8/8/2019 Active Directory Trainers PPT Mod 10
9/27
Design of Physical Network
2006 IIHT Limited
Topic 1 - Segmenting the Organization
into Subnet
A subnet is just a way of taking a complete network and reducing it to
manageable and optimized chunks. Every organization wants to create a
network that will be both fast and secure.
Creating subnets will help the organization to achieve this goal by reducing
the size of the network and thus help to control network traffic.
At times an organization will require creating subnets to separate groups ofdevices from one another and also want to have each floor of your building
on a different subnet which is considered to be better way for creating
subnets.
8/8/2019 Active Directory Trainers PPT Mod 10
10/27
Design of Physical Network
2006 IIHT Limited
Topic 2 - IP Addressing and DHCP
The Dynamic Host Control Protocol (DHCP) is a message-based serviceand is used in Windows Server 2003 to provide automatic TCP/IPaddressing and management of the addresses.
Information that is required by a designer to create a strong DHCP designconsists of the three management features supported by DHCP and areScopes, Superscopes, & TCP/IP optionsNow we will discuss the DHCP server and the DHCP client. DHCP candistribute IP addresses from a scope of addresses, or it can always give adevice the same IP address.When the networks increase in size and complexity then the management
of IP addressing becomes increasingly important.DHCP is a client/server process which is used to assign and manage the IPaddresses.Windows Server 2003 can host the DHCP Server service to facilitate theassigning and managing of IP addresses.
8/8/2019 Active Directory Trainers PPT Mod 10
11/27
Design of Physical Network
2006 IIHT Limited
Topic 3 - Location of Routers
To control access and bandwidth it is important to place the Router
appropriately. For this you need to know where to place the routers and how
to calculate a subnet with enough available hosts to accommodate the
number of nodes in a particular location. It is important when designing a
network that you assess the current router placement or design a new
router placement that will provide a fast and stable network.
Performance
Redundancy
Scalability
Manageability
Cost
8/8/2019 Active Directory Trainers PPT Mod 10
12/27
Design of Physical Network
2006 IIHT Limited
Topic 4 - Perimeter Network
One of the important aspects of a network design is security and protecting
a network from the outside is difficult so it is necessary to design your
network with this protection in mind.
The Network perimeter consists of a combination of firewalls, routers, and
remote access equipments.
Router is the first line of defence against the Internet in any network.Using IP filtering to control data and also considering a firewall in your
design for security is a must.
A firewall is designed to handle network perimeter security and should
always be used in a network design.
A firewall inspects incoming and outgoing packets and compares them to a
set of rules to determine if they should be denied access, dropped, orpermitted to pass through to the connected network.
8/8/2019 Active Directory Trainers PPT Mod 10
13/27
Design of Physical Network
2006 IIHT Limited
Lesson 3 Routing and Remote Access
Infrastructure Design
Introduction
This chapter discusses the designing of Routing and Remote Access
Infrastructure.
Topics covered in this lesson
Design Requirements
Perimeter Requirements
Intranet and Extranet
Authentication Requirements of Intranet
Windows 2003 Server Authentication
RADIUS and RADIUS Policies
8/8/2019 Active Directory Trainers PPT Mod 10
14/27
Design of Physical Network
2006 IIHT Limited
Topic 1 - Design Requirements
The selection of hardware and software for remote access solution is
decided after it is clear that how your remote access solution will be used.
You need to collect the data to ensure you are designing a remote access
solution that will fit the needs of the current environment and also the future
requirements.
Because the organization supplies these users with home workstations thatwill connect back to the environment.
All this information is required to scale the server to meet the demand.
The other question that needs to be answered is, are there any partners of
the organization who will require access to the network environment as this
information will help to properly design the VPN and/or dial-up access to
allow partners to get to the necessary information.
8/8/2019 Active Directory Trainers PPT Mod 10
15/27
Design of Physical Network
2006 IIHT Limited
Topic 2 - Perimeter Requirements
Perimeter is the point at which all remote access will flows into the network
environment. All the clients or partners access your network through the
perimeter.
Windows Server 2003 is a good solution for implementing on the perimeter
to support the remote access solution and provide security for this solution
which can support dial-in access and VPN access by using Routing andRemote Access Server (RRAS).
Even it can provide TCP/IP filtering to help protect it from intruders that are
located at the perimeter of the network.
8/8/2019 Active Directory Trainers PPT Mod 10
16/27
Design of Physical Network
2006 IIHT Limited
Topic 3 - Intranet and Extranet
Extranet can be supported if you are using a secure remote access solution
and they who wish to connect to you are using methods for connecting to
your network that are compatible with your remote access solution.
The best solution is typically a site-to-site VPN. Windows Server 2003 can
provide this solution with the use of RRAS and dial-on-demand.
The site-to-site VPN works in the following manner when traffic that isdestined for your network from other network occurs, using the existing
Internet connection, a VPN connection is initiated from the other network
Windows Server 2003 RRAS and the VPN connection is established with
your Windows Server 2003 RRAS.
This takes place with the assistance of dial-on-demand and can occur in
either direction.
8/8/2019 Active Directory Trainers PPT Mod 10
17/27
Design of Physical Network
2006 IIHT Limited
Topic 4 - Authentication Requirements of
Intranet
After authentication is established only then secure remote access solution
can be supported. For supporting authentication, you will have requirements
on your intranet that will be accessed from the perimeter remote access
solutions. There are two choices for authentication:
Windows Authentication
Remote Authentication Dial-In User Service (RADIUS)
8/8/2019 Active Directory Trainers PPT Mod 10
18/27
Design of Physical Network
2006 IIHT Limited
Topic 5 - Windows 2003 Server
Authentication
Using the Windows Authentication will suffice if you are planning on one
RRAS server.
The Windows Server 2003 with RRAS, if it is a member server, will use
Active Directory for authentication.
But if it is a stand-alone server then it will use its internal user database.
8/8/2019 Active Directory Trainers PPT Mod 10
19/27
Design of Physical Network
2006 IIHT Limited
Topic 6 - RADIUS and RADIUS Policies
To incorporate more than one RRAS server Windows Server 2003 must be
configured to use RADIUS for authentication purposes. This access control
protocol i.e. RADIUS uses a challenge/response method for authentication.
Each Windows Server 2003 RRAS server acts as a RADIUS client and
each of these RADIUS clients authenticates via a top-level RADIUS server,
which itself can then authenticate to Active Directory.In intranet RRAS policies allow you to control connection security,
connection times, user and group access, etc. These policies are beneficial
for creating a secure RRAS environment.
Policies basically allow you to control how you want clients to connect to
your organizations network.
8/8/2019 Active Directory Trainers PPT Mod 10
20/27
Design of Physical Network
2006 IIHT Limited
Lesson 4 Availability of Remote Access
Infrastructure
Introduction
In this chapter we will discuss the concepts pertaining to availability of
remote access infrastructure and will discuss the topics like determining the
Sizing of Remote Access Infrastructure, Availability of Remote Access
Server, Placing the Components of RRAS Server and Scalability,
Availability and Failover of RRAS.
Topics covered in this module
Determining the Sizing of Remote Access Infrastructure
Availability of Remote Access Server
Placing the Components of RRAS Server Scalability, Availability and Failover of RRAS
8/8/2019 Active Directory Trainers PPT Mod 10
21/27
Design of Physical Network
2006 IIHT Limited
Topic 1 - Determining the Sizing of
Remote Access Infrastructure
We need to design a remote access solution so we have to determine howmuch of it we require. You need to know how many hosts will be using thenetwork.The same goes for remote access. Now we are going to determine whatand where we should place these solutions and also examine the level ofscalability and availability we need to design into the solution.The things you need to determine is how many users will need to connectremotely via VPN and/or dial-in apart from if any other remote accessclients like site-to-site are there.This can be called the starting point for sizing. Many network designs todaydo not want to use dial-in because of its cost and speed.And there is a better choice i.e. VPN as it does not require the provisioning
of additional analog or ISDN lines within the organization.
8/8/2019 Active Directory Trainers PPT Mod 10
22/27
Design of Physical Network
2006 IIHT Limited
Topic 2 - Availability of Remote Access
Server
Its important to provide a remote access solution for the scalability of a
network for the future. In Windows Server 2003, each server providing up to
1000 concurrent VPN connections, and the solution should be scalable.
Provide the scalability in the hardware for ensuring the server more
connections than are required. The key here is to provide the monitoring of
the servers system resources for maintaining this availability.Provide the means for failover for ensuring the availability. And the way is to
provide multiple remote access servers.
You can then either provide users with multiple remote access entries or
with a dial-in solution and a VPN solution.
Another consideration for remote access availability and failover is done by
providing dial-on demand for backing up routers.
8/8/2019 Active Directory Trainers PPT Mod 10
23/27
Design of Physical Network
2006 IIHT Limited
Topic 3 - Placing the Components of
RRAS Server
It is important that we place devices where they can function efficiently and
securely. Functionality and security is always a constant trade-off.
At times security measures can be ignored to provide clients with more
freedom to use the network.
Designing any system that has a security aspect associated with it is to get
the right balance between security and operation. While deploying aWindows Server 2003 server that is providing VPN access to the network, it
should be placed in a DMZ behind a firewall.
This is just to protect the server from attacks, and the DMZ will isolate the
inside network from that server in the event of security threat.
But if we are dealing with a Windows 2003 Server providing dial-in access
to the network then place this server inside the network perimeter.
8/8/2019 Active Directory Trainers PPT Mod 10
24/27
Design of Physical Network
2006 IIHT Limited
Topic 4 - Scalability, Availability and
Failover of RRAS
Scalability is an important issue in respect of providing a remote access
solution. Scalability is having in mind the future needs.
For this it is better to use Windows Server 2003 as each server is capable
of providing up to 1000 concurrent VPN connections.
You need to provide the scalability in the hardware to ensure that the server
can maintain more connections than are required.This availability is maintained by monitoring the servers system resources.
While installing RRAS on a server choice of creating a pool of IP address to
give to clients or to use DHCP for IP addressing is given and the better
option of the both is DHCP for IP addressing as it will allow you to manage
your organizations IP addressing in a better manner.
The RRAS server reserves 10 IP addresses from the DHCP server whenthe service starts and when these services are used up then another 10 IP
addresses are reserved.
8/8/2019 Active Directory Trainers PPT Mod 10
25/27
Design of Physical Network
2006 IIHT Limited
Conclusion
Summary of the Module
Internet connectivity provides a means of communication that is both cost
effective and expedient.
Every organization that is willing to conduct business over the Internet has
to have a domain name.To acquire an appropriate domain name, you need to deal with companies
that specialize in registering these for you.
Proxy servers are very beneficial in separating the intranet from the Internet.
There are three basic physical topologies viz. bus, ring, and star and have
same components.
A subnet is just a way of taking a complete network and reducing it tomanageable and optimized chunks.
The Dynamic Host Control Protocol (DHCP) is a message-based service
and is used in Windows Server 2003 to provide automatic TCP/IP
addressing and management of the addresses.
8/8/2019 Active Directory Trainers PPT Mod 10
26/27
Design of Physical Network
2006 IIHT Limited
Conclusion
Summary of the Module
NAT translates the private IP addresses to public IP addresses.
To control access and bandwidth it is important to place the Router
appropriately.
The selection of hardware and software for remote access solution isdecided after it is clear that how your remote access solution will be used.
Perimeter is the point at which all remote access will flows into the network
environment. All the clients or partners access your network through the
perimeter.
Extranet can be supported if you are using a secure remote access solution
and they who wish to connect to you are using methods for connecting toyour network that are compatible with your remote access solution.
8/8/2019 Active Directory Trainers PPT Mod 10
27/27
Design of Physical Network
2006 IIHT Limited
Conclusion
Summary of the Module
There are two choices for authentication: Windows Authentication and
Remote Authentication Dial-In User Service (RADIUS)
To incorporate more than one RRAS server Windows Server 2003 must be
configured to use RADIUS for authentication purposes.It is important that we place devices where they can function efficiently and
securely. Functionality and security is always a constant trade-off.
Scalability is an important issue in respect of providing a remote access
solution. Scalability is having in mind the future needs.