You are on page 1of 24

THIT K V XY DNG MNG

THIT K V XY DNG MNG


MC LC
I. Tng quan:..........................................................................................................4
1. Thng tin khch hng: ....................................................................................4
2. Phm vi: ...........................................................................................................4
3. Yu cu ca khch hng: ................................................................................5
4. Phn tch yu cu: ...........................................................................................5
II.

Phng n thit k: ........................................................................................5

1. Thit k gii php: ...........................................................................................5


2. La chn thit b: ............................................................................................6
3. La chn cng ngh:.......................................................................................6
III. Phn tch cc thit b k thut: ......................................................................7
1. Scalability (Kh nng m rng): ....................................................................7
2. Availability (Tnh sn sang s dng): ............................................................7
3. Performance (Hiu sut): ...............................................................................7
4. Security (An ton): ..........................................................................................8
5. Qun l c: ...................................................................................................9
6. Tin dng: ........................................................................................................9
7. Tnh thch ng : ...............................................................................................9
8. Chi ph hiu qu: .............................................................................................9
IV. c tnh ha lu lng mng: .......................................................................9
1. c tnh ha lung lu lng : ......................................................................9
2.

c tnh ha traffic : ...................................................................................10

V. H thng mng ca cng ty: ...........................................................................13


VI. Gn a ch v t tn: .................................................................................17
VII. Thit k an ninh cho h thng: ....................................................................20
1. Phn tch cc nguy c c th nh hng n h thng: .............................20
2. K hoch an ninh cho cng ty: .....................................................................20
2

THIT K V XY DNG MNG


3. Chnh sch an ninh c th:...........................................................................21
3.1. Bo v cc thit b mng .........................................................................21
3.2. An ninh trn cc thit b mng ...............................................................21
3.3. Phn quyn ngi dng: ........................................................................22
3.4. An ninh ti nguyn d liu: ....................................................................23
3.5. Wireless Securiry:....................................................................................23
3.6. Bo mt trong VPN: ................................................................................24

THIT K V XY DNG MNG

THIT K MNG LAN CHO CNG TY TNHH CNG NGH


THC PHM SK
(Chi nhnh H Ni)
I.

Tng quan:
1. Thng tin khch hng:

Cng ty TNHH Cng ngh Thc phm SK ang sn xut v kinh


doanh cc sn phm ph gia v thc phm.
Lnh vc: sn xut v kinh doanh thc phm.
Th trng: cung cp cho cc ca hng bnh ngt, bnh m,
qun coffeeti Vit Nam.
Sn phm:
- Nguyn liu thc phm: b, magarine, du b thc vt,
shortening, cacao, men v cc cht ph gia bnh m,
chocolate ca cc nc B, Singapore, an Mch, Ho Lan.
- Sn xut cc loi chocolate du, sa, bc h, cacao, C ph
Cappuccino

Cng ty ang mun xy dng h thng mng ni b m hnh domain S


ca tr s giao dch:
2. Phm vi:
Thit k mng cho 2 tng ca mt ta nh l cng ty Cng Ty TNHH
Cng ngh Thc Phm SK chi nhnh H Ni c 8 phng c phn
b nh sau:
Phng 1: Ban gim c gm:
1 Gim c:: 01 Laptop + 01 PC
2 Ph gim c:: 02 laptop + 02PC
Quy l tn: 02PC
Phng 2: Phng giao dch khch hng:5 PC,1 printer
Phng 3: Phng k ton: 5 PC, 1 printer
Phng 4: Phng IT:2PC + 1 server
Phng 5: Phng hnh chnh: 5 PC, 1 printermu
4

THIT K V XY DNG MNG


Phng 6: Phng marketing: 5 PC, 1 printer
Phng 7: Phng nhn s : 3 PC, 1 printer
Phng 8: pht trin sn phm: 5 PC+ 1 printer
Ngoi ra cng ty c nhu cu trang b 2 my photo c kh nng
in n in nhng ti liu ln
3. Yu cu ca khch hng:
Mi nhn vin trong cng ty c mt my tnh ring.
Tt c cc nhn vin trong cng ty u c s dng Internet.
Tt c cc my tnh u lin lc c vi nhau trong tng
phng ban v ton cng ty.
Tng bng thng yu cu cho c mt phng chc nng l
5MB/s (xp x 40Mbs).
ng truyn phi hp l v m bo c bng thng theo
yu cu.
Chi ph thi cng lp t hp l, c th chp nhn c nhng
vn s dng cng ngh tt nht.
m bo thm m: i dy gn p, tin li.
Mng phi c kh nng m rng v nng cp vi k thut mi
trong tng lai.

II.

4. Phn tch yu cu:


Cu trc ta nh: p ng ng theo thng tin cung cp ca
khch hng.
Hin trng cng ty: L cng ty va v nh, ang m rng quy
m v kh nng ti chnh c hn. V th cn s dng nhng
bin php ph hp, thun li cho vic m rng, nng cp sau
ny.
Phng n thit k:
1. Thit k gii php:
Thit k logic v thit k vt l:
- Cng ty cn xy dng 1 h thng mng theo m hnh
domain qun l tp trung to iu kin thun li cho vic
qun tr h thng mng.
5

THIT K V XY DNG MNG


2. La chn thit b:
Hin trng:
- My tnh server: Cha c.
- My tnh trm: Cha c.
- Router: Cha c.
- Switch: Cha c.
- Dy mng: Cha c.
- Dy cp mng: Cha c.
Mt bng trin khai:
- Tt c 2 tng trong cng ty u cha c trin khai mng.
- C th t do la chn v tr t phn cng.
3. La chn cng ngh:
Cng ngh s dng:
- Tn dng ti a cng ngh ph bin ca Microsoft kt hp
thm cc dch v h tr khc.
- Tng bng thng yu cu cho c mt tng lien lc ni b l
8MB/s nn ta s s dng chun mng cc b 802.3-Ethernet
s dng giao thc TCP/IP truyn ti v chia s d liu
trn mt ng truyn chung.
- C tc truyn ti d liu l 100Mbs.
- T m hnh Logic c phn tch trn th ta chn chun
vt l ca Ethernet l 100Base-T c s hnh mng d
thit k l xng sng.
u im:
- Tc nhanh.
- D dng thm mt thit b vo trong h thng.
- Qun l v kim sot mng tp trung.
- Nu xy ra s c li mt my tnh s khng nh hng
n c h thng.
Nhc im:
- Nu thit b u ni trung tm b hng, c th dn n gin
on ton b h thng.
- Chi ph dy mng v thit b trung gian tn km hn.

THIT K V XY DNG MNG


Chi tit v cng ngh s dng:
- S dng Windows 7 ci t v qun l tt c cc dch v
quan trng trong cng ty v Windows server 2008
proffesional cho my ch.
- Fike Server: Lu tr, chia s, qun l d liu tp trung.
- Domain Cotroller: DNS, DHCP server: Qun l h thng
cc i tng, phn gii tn, cp pht IP ng cho ton b
vng mng LAN.
- Web, FTP, Printer server: Qun l Web, FTP v my in
mng.
- RIS, WSUS: Trin khai h iu hnh, cp nhaut cc bn v
li cho h thng.
- RRAS, Antivirus: Lm chc nng Router (LAN-Routing,
VPN, NAT), qun l vic qut virus cho cc antivirus client
trn my nhn vin v cp nht cc bn dit virus mi t
Internet.

III. Phn tch cc thit b k thut:


1. Scalability (Kh nng m rng):
- Cc server m bo tc truy xut vi trng ti cao.
- C cu ca cng ty c kh nng m rng trong vng 5 nm ti.
2. Availability (Tnh sn sang s dng):
- C server d phng backup d liu khi gp s c.
- i vi nhn vin trong cng ty m bo truy xut vi tc ti a :
24h/1 ngy; 7 ngy/1 tun.
3. Performance (Hiu sut):
-

Bng thng: p ng tt cc ng dng ca h thng v user.


Utilization: 90%.
Thng lng c ch : gim hao ph trn ng truyn.
Tnh chnh xc: 99%.
Hiu sut: 90%.
7

THIT K V XY DNG MNG


4.

Delay: 100ms.
Jitter: 5ms.
BER: 10-5.
Security (An ton):

- Nhn din c cc thit b cn phi c bo v nh : DHCP Server,


DNS Server, H thng Mail Server , cc server lu tr thng tin ti
khon ca khch hng v nhn vin trong cng ty...
- Xy dng cc h thng pht hin xm nhp,cc h thng firewall chng
li s truy cp tri php t bn ngoi, m bo cc thng tin tuyt mt
ca cng ty trc s tn cng ca hacker.

THIT K V XY DNG MNG


5. Qun l c:
- B phn k thut c kh nng qun l , gim st hot ng ca mng cng
nh ca tng user , c th d on trc cc s c c th xy ra cho
h thng mng trong tng lai.
- Thng k ti nguyn mng ang c s dng trong h thng , nhiu hay
t , c lng ph hay thiu ht ch no hay khng c bin php x l
thch hp.
6. Tin dng:
- Nhn vin trong cng ty c th d dng s dng cc ti nguyn hin c ,
trao i thng tin nhanh chng vi cc phng ban khc v bn ngoi.
- Khch hng d dng ng k account .
7. Tnh thch ng :
- Mng c thit k thch ng vi cc thay i v cng ngh mi.
- Thit k linh hot thch nghi vi cc thay i v traffic v nhu cu v
cht lng dch v.
8. Chi ph hiu qu:
- Chn cc thit b d cu hnh v s dng.
- C ti liu hng dn s dng chi tit.
- p ng c yu cu ca nhn vin v khch hng vi mt chi ph ti
chnh cho php.
IV.

c tnh ha lu lng mng:

1. c tnh ha lung lu lng :


Tn
cng
ng

S
lng
ngi
dng

V tr

Cc ng dng s dung

User

Tng gim c

Mail,Web,File,Office,Database,My

THIT K V XY DNG MNG


in,Remote access
User

Ph tng gim Mail,Web,File,Office,Database,My


c
in, Remote access

User

Phng giao dch Mail,Web,File,Office,My in


khch hng

User

Phng k ton

Mail,Web,File,Office,My in

Admin

Phng IT

Mail,Web,File,Office, Domain
Controler,
DHCP
Server,DNS
Server,Mail Server,Web Server,File
Server,Administrative Tool,Remote
Access,Database Server

User

Phng
chnh

hnh Mail,Web,File,Office,My in

User

15

Phng nhn s

User

15

Phng marketing Mail,Web,File,Office,My in

Mail,Web,File,Office,My in

2. c tnh ha traffic :
Cng ng Kho d Nhu
cu
bng
ngi
liu
thng xp x cho
dng
(server,
ng dng
host)

Mail

Loi lung Giao


lu lng
thc
c
dng
bi
ng
dng
Client/Server SMTP

User/Admi
n

Server

1400Kb/ngy

File

Client/Server

FTP

User/Admi
n

Server

200000000Kb/ngy

Datab

Client/Server

FTP

User/Admi

Server

400000000Kb/ngy

Tn
ng
dng

10

THIT K V XY DNG MNG


ase
Remot
e
Access

Terminal
PPP
/host traffic
flow

n
User/Admi
n

Tng lu lng : 80008400Kb

11

Server

20000000Kb/ngy

THIT K V XY DNG MNG


Lng nhu cu bng thng trn tng ng dng :
WEB
S user
Tn sut phin
Khang thi gian trung bnh ca user
S user ng thi

35
500/ngy,15000/thng
10/24
100

MAIL
S user
Tn sut phin
Khang thi gian trung bnh ca user
S user ng thi

35
200/ngy,6000/thng
5/24
100

FILE
S user
Tn sut phin
Khang thi gian trung bnh ca user
S user ng thi

35
100/ngy,3000/thng
5/24
30

DATABASE
S user
Tn sut phin
Khang thi gian trung bnh ca user
S user ng thi

35
2000/ngy,60000/thng
10/24
30

REMOTE ACCESS
S user
50
Tn sut phin
100/ngy,3000/thng
Khang thi gian trung bnh ca user 5/24
S user ng thi
20
12

THIT K V XY DNG MNG

V. H thng mng ca cng ty:


c thit k theo m hnh 3 lp nh sau:
- Lp Core Layer.
- Lp Distribution.
- Lp Access.
M hnh logic c thit k nh sau:
Tng 1:

Tng 2:

13

THIT K V XY DNG MNG

Thit k chi tit cho tng lp nh sau:

Lp Access Layer:
-

Cc thit b trong lp ny thng c gi l switch truy cp.

Thc hin chia Vlan cho cc phng ban, gip mng c tnh linh hot
cao hn, tng tnh bo mt cho cng ty, tit kim bng thng ca h thng.
Trin khai cng ngh MPSL h tr cc chi nhnh v vn phng
nh d dng truy cp vo mng internetwork.
Trin khai Spanning Tree Protocol (STP) gip h thng mng n nh
v hot ng khng b lp.

Lp Distribution
-

Thc hin nh tuyn gia cc Vlan chia trn.

Cho php Load Balancing v Load Sharing.

Kim sot c lu lng mng.

Kim sot truy xut ti nguyn m bo an ninh cho h thng


mng v ti nguyn cng ty.

Cung cp cc kt ni bn trong ca gia lp Access v lp Core.


Lp Core Layer
14

THIT K V XY DNG MNG


y chng ta s dng mt switch backbone c tc cao v c kh
nng d phng cao.
-

Cung cp cc kt ni ca tt c cc thit b lp Distribution.

M hnh vt l v la chon thit b:


Tng 1:

La Chn Thit B:

15

THIT K V XY DNG MNG


thit
b
My
PC
My
in
laser
en
trng

tn ring thit b
PC SunPAC Leader
SLI316405W

s lng
35

MY IN LASER
SAMSUNG ML-2161
My ch IBM
My
X3300M4 7382B2A
Ch
Tower 4U
My
EPSON STYLUS
in mu CX5500
switch
16
Switch 16 cng
cng
DLINK DES 1016
switch
8 cng switch 8 cng Cisco
switch switch D-Link DES4 cng 1005A
u
bm
mng
dy
mng AMP-3333
My
photo Toshiba E450
b
nh
LINKSYS WRT300N
tuyn
WiFi
Router

n gi

9430000 330,050,000

1390000 6,950,000

34990000 34,990,000

2136000 2,136,000

599000 599,000

590000 3,540,000

139000 556,000

120

Cisco 2620XM

thnh tin

500 60,000

1250000 1,250,000

14000000 28,000,000

1250000 1,250,000

33000000 33,000,000
tng tin

16

442,381,000

THIT K V XY DNG MNG


Gn a ch v t tn:
Ban gim c gm:
- Vlan 1:1 Gim c:1 PC 192.168.1.239 trong dy a ch
192.168.1.236/27
- Vlan 2:2 Ph gim c:2 PC 192.168.1.237,192.168.1.238 trong dy
a ch 192.168.1.236/27
Cc phng ban gm:
Vlan 3: Phng giao dch khch hng:5 PC + 1 Printer: 192.168.1.226 > 192.168.1.231 trong dy a ch 192.168.1.224/27.
Vlan 4: Phng k ton: 5 PC + 1 Printer: 192.168.1.194

->

192.168.1.199 trong dy a ch 192.168.1.192/27.


Vlan 5: Phng IT: 2 PC: 192.168.1.162 -> 192.168.1.164 trong dy
a ch 192.168.1.160/27.
Vlan 6: Phng hnh chnh: 5 PC + 1 Printer: 192.168.1.130 ->
192.168.1.145 trong dy a ch 192.168.1.128/27.
Vlan 7: Phng sale: 20 PC 192.168.1.98 -> 192.168.1.108 trong dy
a ch 192.168.1.96/27.
Vlan 9:Phng pht trin cc sn phm : 20 PC 192.168.1.34>192.168.1.39 trong dy a ch 192.168.1.32/27.
Vlan 10:Phng marketing: 20PC 192.168.1.2 -> 192.168.1.7 trong dy
a ch 192.168.1.0/27.
Cc server c gn IP c nh:
o DHCP server : 10.0.0.1
o DNS server : 10.0.0.2
o File server : 10.0.0.3
o Mail server : 10.0.0.4
17

THIT K V XY DNG MNG


o Web server : 10.0.0.5
o Database server : 10.0.0.6

18

THIT K V XY DNG MNG

Bng tm tt a ch

Phng ban

IP

Default
Networ
gatewa
k mask
y

Gim c

192.168.1.23
9

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Giamdoc

192.168.1.23
giam 7,
192.168.1.23
8

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Phogiamdoc

192.168.1.22
Phng giao 6
dch khch ->
hng
192.168.1.23
1

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Giaodichkhachh
ang

192.168.1.19
4
k
>192.168.1.1
99

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Ketoan

192.168.1.16
2
->
192.168.1.16
4

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Kithuat

Phng hnh 192.168.1.13


0
chnh
->

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Hanhchanh

Ph
c

Phng
ton

Phng IT

19

Prefered Alternate
DNS
DNS

Domain

THIT K V XY DNG MNG


192.168.1.13
5
Phng pht 192.168.1.34
trin
cc ->
sn phm
192.168.1.39
Phng
marketing

VI.

192.168.1.2
->
192.168.1.7

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Develop_produc
t

255.25 192.16
5.255.0 8.1.1

192.168 192.168.
.1.254
1.253

Marketing

Thit k an ninh cho h thng:

Trc tin, chng ta cn xc nh cc loi ti nguyn cn c bo v trong


h thng ca chng ta l:
An ninh cho cc thit b mng: router, switch, cc server
An ninh ti nguyn ca h thng mng gm: d liu quan trng ca
cng ty, ti khon ca cc nhn vin cng ty cng nh ca khch
hng
1. Phn tch cc nguy c c th nh hng n h thng:
K trm t nhp vo cng ty n cp cc thit b mng.
H thng in khng an ton c th gy h hng cc thit b.
C s d liu b hacker tn cng v ly trm cc ti liu mt.
D liu ca cng ty b chnh nhn vin trong cng ty n cp.
S truy cp ca cc nhn vin cha thm quyn.
Bo mt wireless cha an ton.
H thng b virus tn cng.
2. K hoch an ninh cho cng ty:
Bm m cng ty c bo v an ton, trnh tnh trng trm cp.
20

THIT K V XY DNG MNG


Thit k h thng in an ton, khng gy nh hng n cc thit b.
Trang b i ng nhn vin an ninh mng kp thi i ph vi cc
trng hp b tn cng t bn ngoi.
Trang b cc phn mm Firewall v Security c tnh an ton cao.
Bo mt cho cc thit b khng dy.
Quy nh quyn hn ca tng nhn vin c th trong vic truy cp ti
nguyn.
3. Chnh sch an ninh c th:
3.1. Bo v cc thit b mng
Tng cng cc nhn vin bo v thc hin lm vic theo ca, thi
lm vic tch cc khng l l.
Xy dng mt phng ring cha cc server: Mail, DHCP c
bo v nghim ngt, t ti phng k thut, admin v i ng k thut
c trch nhim mi c s dng.
Xy dng h thng my pht in cng sut ln hot ng mi khi
mt in. vi cc server hay cc thit b quan trng th cn trang b b
lu in IPS ring..
To 1 i ng k thut vin c trnh t i hc tr ln sa cha
v thay th cc thit b hng v cc li xy ra.
3.2.

An ninh trn cc thit b mng

Cisco Security Agent: bo m an ninh trn my server


Cisco Security Agent CSAbao gm mt cng qun l/iu khin
(Management Console) t ngay trn my ch Windows 2000 v cc phn
h (agents) c trin khai ti cc Host ni c cc d liu quan trng nh
database servers, work stations. Cc agent ny dng giao thc HTTP v
Secure Sockets Layer-SSL (128 bit SSL) cho cc giao tip qun l v cho s
trao i thng tin gia cc agent v cng qun l/iu khin.
CSA c ci ngay trn h iu hnh v n c th can thip v thm
nh nhng lnh gi phn mm c lm trong h iu hnh v ht nhn h
thng (kernel). Ni chung, CSA thc hin vic gim st xm nhp real-time
(thi gian thc), pht hin, ngn cn nhng hnh ng ph hoi bng vic
21

THIT K V XY DNG MNG


phn tch nhng s kin mc kernel, thng tin log ca h thng, v nhng
hnh ng mng trn server, c s d liu tn cng .
CSA l phn mm bo v trn server do s c ci trn nhng
my server no cn c bo v. Nhng my server no c d liu mt hoc
c cha thng tin nhy cm cn c bo mt th nn c ci CSA
phng chng v pht hin xm nhp.

CSA c th d tm nhng truy cp bt thng vo h thng theo thi


gian thc (real-time). N kim tra vic xm nhp vo h thng thng qua
chnh sch an ninh c nh trc v nhng hnh ng bt thng i vi
server, v n s ngn cn nhng hnh ng lm tn hi n server ng thi
pht sinh email gi n ngi qun tr thng bo v nhng s kin lin
quan ti security.
3.3.

Phn quyn ngi dng:

H thng server ca chng ta c ci t h iu hnh Window


Server 2008 Proffesional. V vi vai tr ngi qun tr mng, chng ta cn
phi c cc chnh sch c th quy nh quyn hn ca tng phng ban v
ca tng nhn vin trong cng ty nh sau:
Quy nh thm quyn c th cho tng phng ban cng nh gim c
v cc ph gim c. Mi ti khon nhn vin nm trong Group
phng ban nhn vin lm.
Trong tng phng ban, c nhng chnh sch c th cho cc cp nhn
vin. Gim c c truy cp tt c cc ti nguyn ca cng ty.
22

THIT K V XY DNG MNG


Trng phng ca cc phng ban c truy cp cc ti nguyn ca
phng ban mnh v cc phng ban lin quan vi phng mnh. Trng
phng Pht Trin c truy cp ti nguyn phng K Thut, phng
Pht Trin Web, phng MarketingCc nhn vin trong phng ch
c truy cp ti nguyn ca phng mnh.
Mi nhn vin trong cng ty u c cp ti khon ring truy cp
vo ti nguyn h thng. Mt khu c quy nh bt buc trn 8 k
t. S dng c ch xc thc vi mi ln truy cp
V mi thng password truy cp s c bt buc thay i sang
password mi.
Quy nh chnh sch cho tng loi ti nguyn (Read Only,
Read/Write, Full Control) trnh tnh trng mt d liu quan trng
3.4.

An ninh ti nguyn d liu:

i vi nhng d liu t bit quan trng, thc hin sao lu sang


ng di ng v c lu gi trong phng ti liu mt.

Ti liu mt th ch c gim c, ph gim c v cc trng


phng c truy cp

Xy dng h thng Firewall v Security m bo an ninh tt:Norton


Security, MS Firewall
Xy dng h thng mail server vi phng thc bo mt HTTPs
C h thng pht hin xm nhp IDS trn mi phng ban, quyn iu
khin v kim sot do i ng k thut ca phng k thut m nhim.
3.5.

Wireless Securiry:

To cc Access Control List trn cc thit b Access Point, qun l


vic truy cp vo cc thit b ny. y mi phng ban chng ta t 1
Access Point. Chng ta to mt Access Control List (ACL) trn cc
thit b Access Point ca 8 phng ban. Mi nhn vin trong phng ban
ch s dng Access Point ca phng . C th nh sau: t Access
Point v tr trung tm trong cc phng ban. Phng gim c v ph
gim c dng chung mt Access Point c t trc 2 phng ny.
S dng WPA key.
Khng cho nhn vin trong cng ty mang Access Point vo cng ty
23

THIT K V XY DNG MNG


Gim sot cc truy cp ca cc ti khon khng thuc cng ty vo AC
3.6.

Bo mt trong VPN:

thit lp h thng truy cp t xa vo h thng mng ca cng ty,


c th s dng mt router ring chuyn lm chc nng ny. Tuy vy,
chng ta cng c th s dng Internet Router nh mt Remote Access
router bng vic trang b thm cc module c modem gn sn.
C th u t Cisco Router 2611XM lm 1 Remote Access router.
Cisco Router 2611XM gm 1 slot network module h tr giao tip
tch hp 16 Analog modem v 2 cng giao tip 10/100 Mbps kt
ni vo mng LAN ni b. Ngoi ra Cisco Router 2611 cho php thc
hin tnh nng VPN v Firewall thng qua phn mm h thng IOS
bo v an ninh cho h thng mng ca cng ty.

24