Professional Documents
Culture Documents
Vin Game
Vin Game
N MN HC : THIT K MNG
Gio vin hng dn Th.S Nguyn Hng Sn Nhm sinh vin thc hin 1. Trng nh Hong 2. Nguyn Th Thanh Minh 3. Nguyn Duy Cng 4. V Thanh Tho 5. L T Vit Thng
MC LC
Chng I : Kho st v phn tch cc rng buc yu cu Chng II : Phn tch cc mc tiu k thut Chng III : c tnh ha lu lng mng Chng IV : Thit k topo mng Chng V : Gn a ch v t tn Chng VI : Chn giao thc nh tuyn v chuyn mch Chng VII : Thit k an ninh cho h thng Chng VIII : Qun l mng Chng IX X : Thit k mng vt l cho campus network v enterprise network 47 44 37 33 26 22 14 11 3
B my t chc :
C tr s chnh t ti khu vc TPHCM, v 2 chi nhnh t ti H Ni v Nng. a) Chi nhnh ti TPHCM: Ban gim c gm: 1 Tng gim c:1 PC, 1 printer 2 Ph Tng gim c:2 PC, 1 printer
Cc phng ban gm: Phng giao dch khch hng:10 PC,1 printer Phng k ton: 15 PC, 1 printer Phng k thut:20 PC, 1 printer Phng hnh chnh: 15 PC, 1 printer
Cc phng ban gm: Phng giao dch khch hng:10 PC,1 printer Phng k ton: 15 PC, 1 printer Phng k thut:20 PC Phng hnh chnh: 15 PC, 1 printer Phng sale: 10 PC, 1 printer Phng pht trin cc dch v web: 20 PC, 1 printer Phng pht trin cc sn phm game: 20 PC, 1 printer Phng marketing: 10 PC, 1 printer Phng nhn s: 15 PC, 1 printer
c) Chi nhnh ti Nng : Ban gim c gm: 1 gim c chi nhnh min Trung:1 PC, 1 printer 2 ph gim c:2 PC, 1 printer
Cc phng ban gm: Phng giao dch khch hng:10 PC,1 printer Phng k ton: 10 PC, 1 printer
Th trng : ch yu phc v cho ngi dng trong nc , c th phc v thm mt s b phn ngi Vit Nam ang c tr ti nc ngoi. Sn phm : Zing News , Zing Chat , Zing Mail , Zing Me... Dch v : pht hnh cc game online ti th trng Vit Nam.
Cc u th cnh tranh : l cng ty dn u th trng v cung cp cc th loi game online ti Vit Nam.
3. Yu cu ca cng ty:
i vi nhn vin trong cng ty : Mi nhn vin s dng mt my tnh , cc nhn vin c th trao i thng tin c vi nhau trong tng phng ban v trong cng ty. Mi nhn vin s hu mt hp mail ring , c th gi mail ra bn ngoi v c th truy cp internet vi h thng cp quang tc cao. H thng File Server: qun l h s theo tng phng ban , cc nhn vin ch c th xa ti nguyn ca chnh mnh , c c ch backup khi phc d liu khi cn thit.
Lnh vc game:
Mi khch hng c th s hu nhiu account game khc nhau Thng tin v ti khon ca khch hng phi c lu tr file server m bo truy xut vi tc cao , trnh tnh trng qu ti trn cc server gy ra hin tng lag trong game m bo ti sn trong game cho tng ngi chi
Lnh vc web:
Vn hnh , bo tr , xy dng ni dung cho cc trang web : zing news ( tin tc x hi) , zing mp3 (website nghe nhc trc tuyn) , zing me (h thng mng x hi o)... phc v cho nhu cu ca ngi dng C h thng Mail Server (zing mail) cung cp cc hp mail min ph cho khch hng c nhu cu gi nhn mail v thip in t.
Cng ty c nhu cu kit ni cc mng LAN ca cng ty v kt ni vi my ca nhn vin ti nh h p ng nhu cu thc t t ra , to ra mt mng intranet thng nht. Cc ng kt ni WAN chnh cng ty d nh s s dng cc ng leased line thu t nh cung cp dch v VDC. H thng cp truyn dn cn phi c m bo v yu cu kt ni tc cao, kh nng d phng hn ch thp nht nhng s c xy ra trong qu trnh vn hnh. Yu cu cho mng l phi p ng cc nhu cu hin ti v phi c kh nng nng cp vi cc k thut mi trong tng lai. C th l n phi hot ng n nh , c th m rng theo s ln mnh ca cng ty , c ng truy cp internet , c chc nng qun l v bo mt.
M rng thm nhiu loi hnh kinh doanh c tim nng khc nh : internet, vin thng... Nng cao chuyn mn ngh nghip cho nhn vin, c chnh sch phc li cho nhn vin lu nm, to iu kin cho nhn vin mi thch nghi vi cng vic ca cng ty. Khng ngng nng cao cht lng dch v v thu li nhun cao, tng ngn sch np cho nh nc.
Microsoft Offlice User Apps Domain Controler DHCP Server DNS Server Mail Server Web Server File Server System Apps
System Apps System Apps System Apps System Apps System Apps
9. Checklist:
x x x x x x x x x
kho sot c th ngnh ngh ca cng ty Hiu c t chc ca cng ty Lm r cc mc tiu cng vic Hiu c phm vi ca d n thit k Nm k hoch v cc mc thi gian quan trng Nm c m hnh mng v hot ng ca h thng Nm vng cc kin thc v thit k topo mng Bit ngn sch cung cp cho d n Bit cc ng dng s chy trn mng
10
Pht trin thm cc dch v v web , forum , cc trang mua bn hng trc tuyn (123mua.com.vn).
- Pht hnh thm cc sn phm v game , thc y pht trin th trng gameonline ti Vit Nam. Cho ra i sn phm game Vit u tin mang tn Thun Thin Kim . Ngoi ra khng ngng to ra cc sn phm game mini (online) trong Zing Play. - nh hng tr thnh cng ty dn u Vit Nam v game , web, internet , telecom (Zing Phone) vi quy m gn 1000 nhn vin ti 3 min Bc , Trung , Nam.
11
2. Availability:
C server d phng backup d liu khi gp s c.
- i vi nhn vin trong cng ty m bo truy xut vi tc ti a : 24h/1 ngy; 7 ngy/1 tun. - i vi khch hng: Bo tr cc server vo cc khong thi gian nht nh trong ngy nng cp , sa cha .Ngoi thi gian bo tr tt c ngi dng u c th truy xut vi tc cao.
3. Performance:
Bng thng: p ng tt cc ng dng ca h thng v user. Utilization: 90% Thng lng c ch : gim hao ph trn ng truyn. Tnh chnh xc: 99% Hiu sut: 90% Delay: 100ms Jitter: 5ms BER: 10-5
12
4. Security:
- Nhn din c cc thit b cn phi c bo v nh : DHCP Server, DNS Server, H thng Mail Server , cc server lu tr thng tin ti khon ca khch hng v nhn vin trong cng ty... Xy dng cc h thng pht hin xm nhp, cc h thng firewall chng li s truy cp tri php t bn ngoi, m bo cc thng tin tuyt mt ca cng ty trc s tn cng ca hacker.
5. Qun l c:
B phn k thut c kh nng qun l , gim st hot ng ca mng cng nh ca tng user , c th d on trc cc s c c th xy ra cho h thng mng trong tng lai. - Thng k ti nguyn mng ang c s dng trong h thng , nhiu hay t , c lng ph hay thiu ht ch no hay khng c bin php x l thch hp.
6. Tin dng:
- Nhn vin trong cng ty c th d dng s dng cc ti nguyn hin c , trao i thng tin nhanh chng vi cc phng ban khc v bn ngoi. - Khch hng d dng ng k account s dng cc dch v ca cng ty nh chi game , lt web , gi mail ...
7. Tnh thch ng :
Mng c thit k thch ng vi cc thay i v cng ngh mi.
- Thit k linh hot thch nghi vi cc thay i v traffic v nhu cu v cht lng dch v.
13
9. Checklist: x x x x x x x x x
Ghi ch v d kin m rng tho lun v mi e da an ninh mng v cc nhu cu bo v xem xt v nhu cu qun l c Ghi li yu cu utilization Ghi li yu cu throughput tho lun vi ch u t v dng kch thc frame ln ti a hiu sut tho lun v nh i gia hiu sut v tr khi thay i kch thc frame cp nht bng cc ng dng Ghi li mc kh dng theo yu cu hay MTBF,MTTR
14
V tr
Cc ng dng s dng
Tng gim c
User
Ph tng gim c Mail,Web,File,Office,Database,My Remote access Gim c ti chi Mail,Web,File,Office,Database,My nhnh min Bc Remote access v min Trung 2 ph gim c Mail,Web,File,Office,Database,My ti chi nhnh Remote access min Bc v min Trung Phng giao dch Mail,Web,File,Office,My in khch hng Phng k ton Phng k thut Mail,Web,File,Office,My in Mail,Web,File,Office, Domain
User
in,
User
in,
User
User Admin
10 20
Controler, DHCP Server,DNS Server,Mail Server,Web Server,File Server,Administrative Tool,Remote Access,Database Server User 10 Phng hnh chnh Mail,Web,File,Office,My in
15
Phng pht trin Mail,Web,File,Office,My in,Cc ng cc dch v web dng phc v cho lp trnh web nh : PHP,MySQL,Photoshop,Flash,3D,Java Phng pht trin Mail,Web,File,Office,My in, Cc ng cc sn phm dng phc v cho pht trin game: game J2EE,C#,3D Phng marketing Mail,Web,File,Office,My in
User
20
User
10
Tn kho d V tr liu
Khu vc 1 Min Bc
Cc ng dng
DHCP Server,DNS Server,Mail User,Admin Server,Web Server,File Server,Database Server DHCP Server,DNS Server,Mail User,Admin Server,Web Server,File Server,Database Server DHCP Server,DNS Server,Mail User,Admin Server,Web Server,File Server,Database Server
Khu vc 2
Min Trung
Khu vc 3
Min Nam
16
User/Admin Server User/Admin Server User/Admin Server User/Admin Server User/Admin Server
Database Client/Server FTP Remote Terminal /host PPP Access traffic flow
Tng lu lng : 80008400Kb Lng nhu cu bng thng trn tng ngdng : WEB S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi
MAIL
S user Tn sut phin Khang thi gian trung bnh ca user 150 200/ngy,6000/thng 5/24
17
FILE
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 150 100/ngy,3000/thng 5/24 50
DATABASE
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 150 2000/ngy,60000/thng 10/24 150
REMOTE ACCESS S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi
50 100/ngy,3000/thng 5/24 20
Cng ng Kho Nhu cu bng thng ngi dng d liu xp x cho ng dng (server, host)
18
Database Client/Server FTP Remote Terminal /host PPP Access traffic flow
Tng lu lng : 650006000Kb Lng nhu cu bng thng trn tng ngdng : WEB S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi
MAIL
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 130 200/ngy,6000/thng 5/24 100
FILE
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 130 100/ngy,3000/thng 5/24 50
19
REMOTE ACCESS S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi
40 100/ngy,3000/thng 5/24 20
User/Admin Server User/Admin Server User/Admin Server User/Admin Server User/Admin Server
Database Client/Server FTP Remote Terminal /host PPP Access traffic flow
Tng lu lng : 350003500Kb Lng nhu cu bng thng trn tng ngdng :
20
90 200/ngy,6000/thng 10/24 80
MAIL
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 90 200/ngy,6000/thng 5/24 90
FILE
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 90 100/ngy,3000/thng 5/24 50
DATABASE
S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi 90 1000/ngy,60000/thng 10/24 90
REMOTE ACCESS S user Tn sut phin Khang thi gian trung bnh ca user S user ng thi
30 50/ngy,3000/thng 5/24 20
21
nhn bit cc ngun lu lng v kho d liu , ghi li cc lung lu lng gia chng
x x x x x x
phn loi lung lu lng cho mi ng dng c lng bng thng cho mi ng dng c lng bng thng yu cu cho mi giao thc nh tuyn c tnh ha lu lng mng theo ng lc hc ca lu lng phn loi theo cc nhu cu QoS cho mi ng dng nu bt cc thch thc lin quan n ci t end to end QoS
22
23
24
Lp Access Layer:
Cc thit b trong lp ny thng c gi l switch truy cp
Thc hin chia Vlan cho cc phng ban, gip mng c tnh linh hot cao hn, tng tnh bo mt cho cng ty, tit kim bng thng ca h thng.
25
Trin khai cng ngh MPSL h tr cc chi nhnh v vn phng nh d dng truy cp vo mng internetwork Trin khai Spanning Tree Protocol (STP) gip h thng mng n nh v hot ng khng b lp
Lp Distribution
Thc hin nh tuyn gia cc Vlan chia trn. Cho php Load Balancing v Load Sharing Kim sot c lu lng mng.
Kim sot truy xut ti nguyn m bo an ninh cho h thng mng v ti nguyn cng ty. Cung cp cc kt ni bn trong ca gia lp Access v lp Core
Lp Core Layer
y chng ta s dng mt switch backbone c tc cao v c kh nng d phng cao Cung cp cc kt ni ca tt c cc thit b lp Distribution
CHNG V: GN A CH V T TN
26
Da vo thnh phn cc PC hin c chng 1 ca cng ty,ta nhn thy s lng PC nhiu nht ca 1 phng ban l 20 PC. Vi mi phng ban l 1 Vlan,ta c cc a ch IP cho mi phng ban c th l:
27
Bng tm tt a ch
Phng ban IP 192.168.1.239 Network Default mask gateway 255.255. 192.168. 255.0 1.1 255.255. 192.168. 255.0 1.1 Prefered DNS 192.168. 1.254 192.168. 1.254 192.168. 1.254 Alternate DNS 192.168.1. 253 192.168.1. 253 192.168.1. 253 Domain Giamdoc
Gim c
Ph giam c
192.168.1.237, 192.168.1.238
Phogiamdoc
Phng giao 192.168.1.226 255.255. 192.168. dch khch -> 255.0 1.1 hng 192.168.1.236 Phng ton k 192.168.1.194 -> 192.168.1.209 192.168.1.162 -> 192.168.1.182 255.255. 192.168. 255.0 1.1
Giaodichkhach hang
192.168. 1.254
192.168.1. 253
Ketoan
Phng thut
192.168. 1.254
192.168.1. 253
Kithuat
Phng chnh
hnh
192.168.1.130 255.255. 192.168. -> 255.0 1.1 192.168.1.145 192.168.1.98 255.255. 192.168. -> 255.0 1.1
192.168. 1.254
192.168.1. 253
Hanhchanh
Phng sale
192.168. 1.254
192.168.1. 253
Sale
28
Develop_web
192.168. 1.254
192.168.1. 253
Develop_game
192.168. 1.254
192.168.1. 253
Marketing
29
Bng tm tt a ch
Phng ban IP 192.168.2.164 Network mask 255.255. 255.0 255.255. 255.0 Default gateway Prefered DNS Alternate DNS Domain Giamdoc
Gim c
192.168.2 192.168.2. 192.168. .1 254 2.253 192.168.2 192.168.2. 192.168. .1 254 2.253 192.168.2 192.168.2. 192.168. .1 254 2.253
Ph gim c
192.168.2.162, 192.168.2.163
Phogiamdoc
Phng giao 192.168.2.226 255.255. dch khch -> 255.0 hng 192.168.1.236 Phng k ton 192.168.2.34 -> 192.168.2.49 192.168.2.66 -> 192.168.1.86 192.168.2.98 192.168.2.113 192.168.2.2 255.255. 255.255. 255.0 255.255. 255.0
Giaodichkhachang
192.168.2 192.168.2. 192.168. .1 254 2.253 192.168.2 192.168.2. 192.168. .1 254 2.253 192.168.2 192.168.2. 192.168. .1 254 2.253
Ketoan
Phng k thut
Kithuat
hnh
Hanhchanh
Marketing&Sales
30
31
Bng tm tt a ch
Phng ban IP 192.168.3.239 Network Default mask gateway 255.255. 192.168. 255.0 3.1 255.255. 192.168. 255.0 3.1 Prefered DNS 192.168. 3.254 192.168. 3.254 192.168. 3.254 Alternat e DNS 192.168. 3.253 192.168. 3.253 192.168. 3.253 Domain Giamdoc
Gim c
Ph giam c
192.168.3.237, 192.168.3.238
Phogiamdoc
Phng giao 192.168.3.226 255.255. 192.168. dch khch -> 255.0 3.1 hng 192.168.3.236 Phng ton k 192.168.3.194 -> 192.168.3.209 192.168.3.162 -> 192.168.3.182 255.255. 192.168. 255.0 3.1
Giaodichkhach ang
192.168. 3.254
192.168. 3.253
Ketoan
Phng thut
192.168. 3.254
192.168. 3.253
Kithuat
Phng chnh
hnh
192.168.3.130 255.255. 192.168. -> 255.0 3.1 192.168.3.145 192.168.3.98 255.255. 192.168. -> 255.0 3.1
192.168. 3.254
192.168. 3.253
Hanhchanh
Phng sale
192.168. 3.254
192.168. 3.253
Sale
32
Develop_web
192.168. 3.254
192.168. 3.253
Develop_game
192.168. 3.254
192.168. 3.253
Marketing
33
cp cung cp cc cng truy cp cho my tnh mng c tc thp hn nn cn c cng 10/100 Mbps. H thng switch phn phi theo cu hnh chun s bao gm 5 switch c cu hnh mnh p ng c yu cu chuyn mch d liu tc cao v tp trung lu lng n t cc access switch. Cu hnh 5 switch phn phi cho php mng li c d phng cao (d phng nng 1:1) tuy nhin trong trng hp quy m mng ban u khng ln v chi ph hn ch vn c th trin khai mng vi mt mng switch phn phi p ng c yu cu hot ng. H thng cc switch truy cp cung cp cc my tnh ng kt ni vo mng d liu. Do phn ln cc giao tip mng cho cc my tnh u cui cng nh server hin ti c bng thng 10/100 Mbps nn cc switch truy cp cng s dng cng ngh 10/100 base TX Fast Ethernet v p ng mc tiu cung cp s lng cng truy cp ln cho php m rng s lng ngi truy cp vo mng. Cc ng kt ni gia switch truy cp v switch phn phi c gi l cung cp kt ni ln (up-link). S dng transparnet bridging vi thut ton rapid spanning tree (RSTP) cho php tc hi t nhanh. Kt ni cc switch h tr VLAN bng IEEE 802.1Q
RIPv1
Distance vector
Interior
Classful
Hop count
15 hop
34
RIPv2
Distance vector
Interior
Classless
Hop count
15 hop
IGRP
Distance vector
Interior
Classful
Bandwidth, 255 hop Nhanh (dung Khng delay, (mc nh triggered reliability, l 100) updates v load poison reverse)
EIGRP Adva
nced Distance vector
Interior
Classless
Bandwidth, 1000s ca Rt nhanh C delay, routers (dng thut reliability, ton DUAL) load
OSPF
Classless
BGP
Path vector
Exterior
Classless
Ph thuc 1000s ca Nhanh gi tr routers ng i v cc yu t cu hnh khc Cu hnh Hng trm Nhanh gi tr router trn ng mi khu i, vc tr,chi ph v li
IS-IS
Classless
35
CC MC TIU KHC
Khng qu tn bng thng C th chy trn cc router gi r D dng cu hnh v qun l
x x x x x
8 8 8
7 8 6
7 8 6
- Chn OSPF lm nh tuyn lp 3 v n chy c trn nhiu router ca cc hng khc nhau , hi t nhanh , h tr load balancing v kh n gin cu hnh v bo tr. OSPF gii quyt c cc vn sau: Tc hi t. H tr VLSM (Variable Length Subnet Mask). Kch c mng Chn ng Nhm cc thnh vin. Trong mt h thng mng ln, RIP phi mt t nht vi pht mi c th hi t c v mi router ch trao i bng nh tuyn
36
vi cc router lng ging kt ni trc tip vi mnh m thi. Cn i vi OSPF sau khi hi t vo lc khi ng, khi c thay i th vic hi t s rt nhanh v ch c thng tin v s thay i c pht ra cho mi router trong vng. OSPF c h tr VLSM nn n c xem l mt giao thc nh tuyn khng theo lp a ch. RIPv1 khng h tr VLSM, nhng RIPv2 th c. V tt c nhng l do trn vic chn la giao thc nh tuyn OSPF cho m hnh mng ca cng ty VINAGAME l hon ton hp l.
37
Tng cng cc nhn vin bo v ln 10 ngi, thc hin lm vic theo ca, thi lm vic tch cc khng l l.
38
Xy dng mt phng ring cha cc server: Web Server, Mail, DHCP c bo v nghim ngoc, t ti phng k thut, admin v i ng k thut c trch nhim mi c s dng Xy dng 3 h thng my pht in cng sut ln 3 campus H Ni, H Ch Minh, Nng hot ng mi khi mt in. vi cc server hay cc thit b quan trng th cn trang b b lu in IPS ring. To 1 i ng k thut vin gm 20 ngi c trnh t i hc tr ln sa cha v thay th cc thit b hng v cc li xy ra.
3.2.
Cisco Secure Intrusion Detection System: bo m an ninh trn ton b network segment Cisco Secure Intrusion Detection System hay Cisco Secure IDS l mt thit b phn cng kim tra cc loi v ni dung ca cc packet trn mng. Vic s dng v truy cp tri php c th c thc mt trong hai cch: pht hin vic s dng sai bng cch tm nhng tn cng bit ch k n rt ging cch m mt phn mm dit virus d tm virus; pht hin s truy cp bt bnh thng bng cch tm nhng hnh ng bt bnh thng da trn profile ca user v hot ng ca ng dng. Cisco Secure IDS c li th l c th bo v c h thng trn ton b network segment. Kh nng ny ni chung gip vic trin khai Cisco Secure IDS d dng v chi ph va phi. Cisco Secure IDS pht hin vic s dng sai bng vic kim tra c phn d liu v phn header ca mt packet. Cc tn cng da trn ni dung xut pht t phn d liu v cc tn cng da trn phm vi (context) xut pht t phn header ca packet.
39
Cisco Security Agent: bo m an ninh trn my server Cisco Security Agent CSA bao gm mt cng qun l/iu khin (Management Console) t ngay trn my ch Windows 2000 v cc phn h (agents) c trin khai ti cc Host ni c cc d liu quan trng nh database servers, work stations. Cc agent ny dng giao thc HTTP v Secure Sockets Layer-SSL (128 bit SSL) cho cc giao tip qun l v cho s trao i thng tin gia cc agent v cng qun l/iu khin. CSA c ci ngay trn h iu hnh v n c th can thip v thm nh nhng lnh gi phn mm c lm trong h iu hnh v ht nhn h thng (kernel). Ni chung, CSA thc hin vic gim st xm nhp real-time (thi gian thc), pht hin, ngn cn nhng hnh ng ph hoi bng vic phn tch nhng s kin mc kernel, thng tin log ca h thng, v nhng hnh ng mng trn server,c s d liu tn cng CSA l phn mm bo v trn server do s c ci trn nhng my server no cn c bo v. Nhng my server no c d liu mt hoc c cha thng tin nhy cm cn c bo mt th nn c ci CSA phng chng v pht hin xm nhp.
CSA c th d tm nhng truy cp bt thng vo h thng theo thi gian thc (real-time). N kim tra vic xm nhp vo h thng thng qua chnh sch an
40
ninh c nh trc v nhng hnh ng bt thng i vi server, v n s ngn cn nhng hnh ng lm tn hi n server ng thi pht sinh email gi n ngi qun tr thng bo v nhng s kin lin quan ti security. Chng ti khuyn ngh trng nn u t h thng CSA cho cc my ch cha cc d liu quan trng. 3.3. Phn quyn ngi dng H thng server ca chng ta c ci t h iu hnh Window Server 2008. V vi vai tr ngi qun tr mng, chng ta cn phi c cc chnh sch c th quy nh quyn hn ca tng phng ban v ca tng nhn vin trong cng ty nh sau: y chng ta c 8 phng ban c chia thnh 8 group nh sau
41
Quy nh thm quyn c th cho tng phng ban cng nh gim c v cc ph gim c. Mi ti khon nhn vin nm trong Group phng ban nhn vin lm. Trong tng phng ban, c nhng chnh sch c th cho cc cp nhn vin. Gim c c truy cp tt c cc ti nguyn ca cng ty. Trng phng ca cc phng ban c truy cp cc ti nguyn ca phng ban mnh v cc phng ban lin quan vi phng mnh. Trng phng Pht Trin Game c truy cp ti nguyn phng K Thut, phng Pht Trin Web, phng MarketingCc nhn vin trong phng ch c truy cp ti nguyn ca phng mnh. Mi nhn vin trong cng ty u c cp ti khon ring truy cp vo ti nguyn h thng. Mt khu c quy nh bt buc trn 8 k t. S dng c ch xc thc vi mi ln truy cp V mi thng password truy cp s c bt buc thay i sang password mi. Quy nh chnh sch cho tng loi ti nguyn (Read Only, Read/Write, Full Control) trnh tnh trng mt d liu quan trng 3.4. An ninh ti nguyn d liu
i vi nhng d liu t bit quan trng, thc hin sao lu sang ng di ng v c lu gi trong phng ti liu mt. Ti liu mt th ch c gim c, ph gim c v cc trng phng c truy cp Xy dng h thng Firewall v Security m bo an ninh tt:Norton Security, MS Firewall
42
C h thng pht hin xm nhp IDS trn mi phng ban, quyn iu khin v kim sot do i ng k thut ca phng k thut m nhim. 3.5. Wireless Securiry
To cc Access Control List trn cc thit b Access Point, qun l vic truy cp vo cc thit b ny. y mi phng ban chng ta t 1 Access Point. Chng ta to mt Access Control List (ACL) trn cc thit b Access Point ca 8 phng ban. Mi nhn vin trong phng ban ch s dng Access Point ca phng . C th nh sau: t Access Point v tr trung tm trong cc phng ban. Phng gim c v ph gim c dng chung mt Access Point c t trc 2 phng ny. S dng WPA key. Khng cho nhn vin trong cng ty mang Access Point vo cng ty Gim sot cc truy cp ca cc ti khon khng thuc cng ty vo AC 3.6. Bo mt trong VPN
thit lp h thng truy cp t xa vo h thng mng ca cng ty, c th s dng mt router ring chuyn lm chc nng ny. Tuy vy, chng ta cng c th s dng Internet Router nh mt Remote Access router bng vic trang b thm cc module c modem gn sn. C th u t Cisco Router 2611XM lm 1 Remote Access router. Cisco Router 2611XM gm 1 slot network module h tr giao tip tch hp 16 Analog modem v 2 cng giao tip 10/100 Mbps kt ni vo mng LAN ni b. Ngoi ra Cisco Router 2611 cho php thc hin tnh nng VPN v Firewall thng qua phn mm h thng IOS bo v an ninh cho h thng mng ca cng ty.
43
44
Solution (LMS) l b gii php qun tr trong h sn phm qun tr mng CiscoWorks2000 ca Cisco. y l b cng c qun tr bng giao din Web cho vic cu hnh, qun l, theo di v pht hin li trn mng Campus. Phn mm s dng cho vic qun tr hng ngy cc dch v v kt ni trn mng. Nhng cng c ny bao gm hin th s , cu hnh thit b, phn tch ng dn lp 2/lp 3, theo di lu lng, tracking Campus Manager Campus Manager l mt b ng dng web c thit k cho vic qun tr hng ngy mng chuyn mch ca Cisco. Pht hin v hin th 1 cch thng minh cc mng lp 2 trn bn kt ni Cu hnh cc mng VLAN, mng LANE v cc dch v ATM Hin th trng thi v kt ni da trn cc thng tin ly t SNMP Nhn dng cu hnh lp 2
C cng c trace pht hin cc vn v kt ni gia cc thit b u cui cng nh cc thit b lp 2 v lp 3 T nh v ngi dng bng a ch MAC, a ch IP, tn ng nhp ca NT hay Netware hoc cc host Unix Content Flow Monitor Content Flow Monitor l ng dng theo di hiu sut mng cn bng ti trn mng. Cho php ngi qun tr mng tng hiu sut bng cch thm vo cc thnh phn cn bng ti nh LocalDirector Gim phc tp ca vic qun tr
Cung cp cc thng k hiu sut nh l tng s cc lung v cache entry, tng s kt ni v s lng gi n mi server
45
TrafficeDirectorr l ng dng theo di v pht hin li ca cc traffic trn mng c dng RMON. Cho php ngi qun tr sm pht hin cc vn v mng trc khi n xy ra. S dng vi Cisco SwitchProbe o hiu sut kt ni
Pht hin v gii quyt cc li cng nh cung cp s liu thng k, th v bo co theo thi gian thc C th thu thp d liu nu dng chung vi cc SwitchProbe ca Cisco
Resource Manager Essentials y l ng dng qun tr mnh trong h thng mng ln. Cung cp vic lu tr v qun tr cc thay i ca thit b Cng c cu hnh v qun l phn mm Phn tch mng v cc thng tin c ghi li
CiscoView L ng dng qun tr bng hin tr s cc thit b theo kiu ho. C th c c cc thng tin chi tit bt c ni no, lc no
Hin th ha cc thit b vi cc mu cho cc trng thi khc nhau Nh trn ta chn c cc cng c dng qun l.Tip n chn kin trc qun l: - Xy dng h thng cp dng truyn ti cc gi tin qun l- Out-in-band.Vic s dng Out-in-band nhm ko chim bng thng cho cng vic trong cng ty v lu lng ca qun l cng tng i ln.
46
- Lp cc node qun l ti cc thit b mng nh interface ca router,server.Theo di thng xuyn lu lng mng v cc bt thng c th xy ra trn cc thit b c cch khc phc kp thi. Thit lp h thng kim sot phn tn phng mng c s c bt ng,vn c th khc phc m ko lm nh hng n h thng mng - Trin khai 1 phng trung tm qun l,ci t chng trnh qun l cho NMS,cc agent cho cc thit b S dng giao thc qun l SNMP: Thit lp 5 i ng chuyn bit ring nhm qun l 5 loi khc nhau: Performance management Fault management Configution management Security management Accounting management
Tuyn nhng ngi c trnh H tr ln p ng c cng vic v bo m s hiu qu cho cng ty l v cng cn thit. - Sau khi h thng mng i vo hot ng tt thit lp cc thng s baseline do di ng trn lm ra phc v cho cng vic qun l.Cn lu tr v update thng xuyn.
47
V h thng cp ch yu phc v cho h thng mng my tnh nn ngoi nhng qui nh v tiu chun ring, vic thit k h thng cp cn ph thuc cht ch vo kin trc ca h thng mng my tnh, vo cch b tr cc thit b ca h thng mng my tnh. Chng ti xin gii thiu hai kin trc thit k cp tiu biu : H thng cp mng theo kiu tp trung
H thng cp ny phc v cho cch b tr thit b theo kiu tp trung ca h thng mng my tnh. Trong cch ny, tt c cc thit b mng nh switch, hub, repeater u lp t chung ti mt im thng gi l phng thit b. T y, cp c ni thng n cc thit b u cui nh cc workstation, my in m khng phi qua mt thit b trung gian no. Trong trng hp ny, h thng thng l mt loi cp duy nht m y s l loi cp xon UTP category 5. Thit b mng ti phng thit b c th l mt thit b duy nht hay nhiu thit b c kt ni chng (stack) hay kt ni lin tip (daisy-chain). H thng cp mng theo kiu phn tn
H thng cp theo kiu ny s dng cho kin trc mng phn tn. Trong kin trc ny, thit b mng khng nm tp trung ti mt im m phn tn ti nhiu v tr khc nhau. Thng thng l mi tng s c mt thit b mng ring v kt ni li vi nhau qua mt thit b mng trung tm. Nh vy, cc thit b u cui nh workstation, my in ch c kt ni vo cc thit b mng trung gian ti mi tng. T cc thit b ny mi kt ni n thit b mng trung tm. Trong trng hp ny, cp s c ct lm hai phn. Phn mt t cc trm u cui n phng thit b mi tng dng cp xon UTP category 5. Phn hai t phng ny n phng thit b trung tm vi hai la chn l cp quang v cp ng. Tuy nhin, cp quang s tt hn v thng c s dng. Kt ni gia cc thit b l theo kiu daisychain.
48
Chi tit
Bng ng, Bng ng, Bng ng, Thy tinh 2 c 4 cp dy 2 dy, ng 2 dy, ng si (loi 3,4,5) knh 5mm knh 10mm 185m 500m 1000m
Chiu di 100m on ti a S u ni ti 2 a trn mt on Chy 10Mbps c Chy 100Mbps Chng nhiu Bo mt tin cy c
30
100
c c
c c
c c
Tt Trung bnh Tt
Sau khi phn tch c tnh ca cc loi topo mng cp v u nhc im ca cc loi cp, p dng vo m hnh thc t ca cng ty chng ti thy rng : Do ton b h thng mng c b tr trong mt ta nh nn h thng cp truyn dn nn ch s dng cp ng xon UTP CT c b tr i ni cch chn tng 30cm t cc switch truy cp n cc v tr t my tinh.
49
T chc topo cp theo kiu phn tn : gm hai h thng cp chnh : h thng cp backbond kt ni cc switch truy cp n h thng switch trung tm v h thng cp UTP kt ni t cc packpanel ti cc u cui backbond n cc outlet.
2. Chn cng ngh LAN : Vi m hnh v quy m ca cng ty, chng ti thy rng cng ngh mng cc b
LAN s c dng l Ethernet/ Fast Ethernet tng ng vi tc 10/100 Mps.
3. Chn cng ngh WAN : S dng cng ngh T1 vi ng truyn ca nh cung cp dch v c th t tc 1,544Mbps. 4. Chn cng ngh Remote Access : Kt ni point-to-point (PPP) l cng ngh kt ni mng WAN c ng dng nhiu nht hin nay. Kt ni trc tip t mng ny n mng khc hoc t mng trong ti mng ca nh cung cp dch v. H tr kt ni mt user hay vn phng xa v trung tm dch v. C th s dng nhiu giao thc truyn tin khc nhau (IP,IPX,AppleTalk). T cc l do trn chng ti chn PPP l cng ngh remote access cho h thng mng trong cng ty. 5. Chn nh cung cp dch v:
Qua qu trnh tm hiu cn k chng ti quyt nh chn VDC l nh cung cp dch v internet cho h thng mng trong cng ty. VDC l n v trc thuc Tp on Bu chnh Vin thng Vit Nam (VNPT) vi s hot ng ca 4 n v 3 min: VDC1 v VDC Online (Min Bc), VDC2 (Min Nam), VDC3 (Min Trung). VDC c mt h thng h tng mng ln nht Vit Nam vi tng dung lng i quc t nm 2008 t 32Gbps, h thng mng li ph khp 63 tnh, thnh v hp tc vi hn 10 tp on a quc gia cung cp cc dch v trn ton th gii.
50
V sn phm - dch v, hin nay VDC ang a vo khai thc cc sn phm dch v chnh sau: - MegaVNN (ADSL) - VNN/Internet Leased Line - VNN/VPN-MPLS - Frame Relay - iFone-VNN - Telehosting (Dedicated, Colocation, VPS) - Webhosting - Mail SMD - Mail Offline - Gii php ng dng phn mm cho cc doanh nghip - Dch v trc tuyn - T vn gii php.
Cisco Systems L mt hng sn xut thit b CNTT gn nh chim th phn cao nht trn ton cu hin nay v c th phn kh ln ti Vit Nam (cung cp sn phm cho nhiu nh cung cp dch v ln ti Vit Nam nh VDC, Saigon Postel, cc Trung tm Cng ngh phn mm nh SaiGon Software Park
51
Cc sn phm c cung cp vi cht lng cao, kh nng hot ng n nh v tch hp nhiu loi cng ngh, dch v trn nn chung. Tp trung vo 02 thit b chnh l Multi Layer swicth v Router phn tch s nhn thy c cc im sau: Multi-Layer Swicth: khng ch h tr lp 3 m cn h tr cc dch v lp 4 v ln n lp 7 (Application Layer). Kh nng cung cp mt cng cao vi nhiu giao tip khc nh Ethernet 10/100/1000/10000 Mbps, ATM, Token Ring, Frame Relay, Serial.cho php tch hp cc dch v gia tng trn nn IP nh Voice over IP, Video over IP. Kh nng x l gi v chuyn mch ni ti cao (so snh vi Avaya v Nortel) High-End Router: Th phn kh cao ti Vit Nam (c bit l dng sn phm 7500). Cho php tch hp thm dch v nh Voice, Video vi cc cng ngh IP, FR, ATM truyn chung vi data trn nn chung ca thit b m khng yu cu u t thm nhiu cc thit b ri rc khc. Kh nng h tr ca nh sn xut: C vn phng ti VN v cc chnh sch tp trung vo vic h tr khch hng thng qua vic pht trin cc chng trnh hun luyn khch hng, tm kim cc Partner chuyn nghip h tr khch hng (thng qua vic cp chng ch chuyn nghip) v hin nay c cc Partner p ng y cc yu cu v chnh sch ca chnh nh sn xut trong vic h tr khch hng sau bn hng. Xc nh nh sn xut Da vo cc yu t c phn tch trn, chng ti quyt nh chn la cc dng sn phm ca Cisco trong vic t vn d n ny da trn cc yu t chnh nh sau: Kh nng x l ca thit b Kh nng ng b thit b trn ton h thng mng Kh nng qun tr thng nht v tp trung Kh nng h tr dch v v cng ngh trn thit b Kh nng tn ti ca thirt b trong cc iu kin thay i cng ngh- ng dng v kh nng tng thch, m rng ca thit b trong tng lai Kh nng h tr ca nh sn xut/cung cp sau bn hng.
52
T cc c im nu trn, c th s dng Switch Cisco Catalyst 2960 cho cc thit b switch truy cp v Switch Cisco Catalyst 3550 cho cc thit b switch trung tm ca hng Cisco.
b) Router :
mnh v hot ng n nh cung cp kt ni truy cp Internet thng sut gia ton b mng ca trng vi mng Internet. Mun nh vy thit b Router ny phi c tc chuyn mch cao v phi m bo c tnh d phng cn thit cho cc hot ng ca h thng. Router phi cho php s dng nhiu loi module giao tip khc nhau cung cp cc loi cng giao tip cho kt ni n nh cung cp dch v Internet, cng giao tip cho cc truy cp t xa qua modem. Router phi m bo c tnh m ca h thng, ngha l n phi lun sn sng v d dng trong vic nng cp m rng h thng trong tng lai.
H tr tnh nng thoi v cc giao tip ph hp thc hin chc nng ca mt voice gateway cho sau ny khi c nhu cu s dng Voice qua mng Internet. C th s dng thit b Router Cisco 3725 ca Cisco, Router ny thuc dng sn phm Cisco Router 3700 series c kin trc di dng modular. Cu hnh thit b Router Cisco 3725 router gm 2 cng 10/100 FE tch hp sn trn khung thit b, 2
53
c) Firewall:
Firewall ng mt vai tr kh quan trng. C rt nhiu loi Firewall khc nhau nh Firewall da trn phn mm cho cc h iu hnh Windows NT, Unix, Firewall da trn phn mm tch hp trn cc Router, Firewall da trn thit b phn cng V th vic chn la mt Firewall thch hp cho h thng bo m tnh an ninh, tin cy cao, kh nng d m rng trong tng lai cng cn phi c cn nhc sao cho hp l. Trong phn h ny chng ti xin ngh chn thit b phn cng CiscoSecure PIX FireWall 515E lm thit b an ninh cho h thng vi nhng l do nh sau: Trc ht l phi cp n tnh tng thch ca Firewall vi Router trong phn h Internet, mi mt loi hnh Firewall u c nhng yu cu khc nhau cho vic h tr cc router gateway, c th Firewall loi ny s h tr tt khi s dng router ny nhng i vi router khc th khng pht huy c ht cc tnh nng. Cho nn CiscoSecure PIX FireWall 515E s c chn lm vic chung vi Cisco router Cisco 3725. CiscoSecure PIX Firewall 515E l mt thit b phn cng c tch hp sn software bn trong v hot ng mt cch c lp khng ph thuc vo cc yu t v nn tng ng dng nh yu cu v cu hnh phn cng, mi trng ng dng (Windows NT, Unix) v th lm n gin ho h thng v qun tr thit b c d dng hn. D dng qun tr v phn cp mc an ninh cho h thng mng bn trong nh yu t s dng cc giao tip vt l (ports) ni n cc mng cp thp, cho php m rng thm cng giao tip vt l bt k lc no khi c nhu cu trong tng lai. Mt im na cng kh quan trng cn c cp n l kh nng m rng cao v mc u t thp. Vic dng CiscoSecure PIX FireWall 515E s an ton hn cc dng Firewall da trn cc h iu hnh hoc Firewall da trn cc phn mm tch hp trong router v khng ph thuc vo cc yu t v nn tng, khi cc ng dng nn tng hot ng khng tt cng khng lm gim mc an ninh ca Firewall v khng lm nh hng n h thng chung. Vic qun tr cng s n gin hn, khng i hi ngi qun tr phi c trnh chuyn mn cao mi c th iu hnh cng nh
54
x l khi c s c xy ra cho Firewall. Mt c tnh ni bt ca PIX 515E l h tr Stateful Failover. La chn cu hnh Stateful Failover bo m tnh sn sng cao v lm gim ti a cc hng hc ring l nh hng n hot ng ca h thng. Vi hai thit b PIX c cu hnh hon ton ging nhau chy song song, nu PIX chnh khng hot ng, quyn iu khin s c t ng chuyn sang PIX d phng.
55
S lng 7 150 10 9 8 3 1 1 1
n gi ($) 550 250 150 549 2199 2809 820 2599 1729 800 79758
CiscoSecure PIX Firewall 515E (Firewall) Cisco Router 2611XM (Remote Access) Cc chi ph pht sinh khi lp t h thng
Tng chi ph
Thit b
Server Workstation Printer
S lng 7 90 5
56
5 3 3 1 1 1
CiscoSecure PIX Firewall 515E (Firewall) Cisco Router 2611XM (Remote Access) Cc chi ph pht sinh khi lp t h thng
Tng chi ph
c) Chi nhnh ti H Ni :
Thit b
Server Workstation Printer Switch Cisco 2960 Switch Cisco 3550 Router Cisco 3725 Cisco Aironet (Access point) 1310
S lng 7 130 8 11 3 3 1
57
1 1
Tng chi ph