Running head: IT 640 FINAL PROJECTHeading 21 1

Network Analysis and Architecture Evaluation

Quintana V. Richardson

Southern New Hampshire University

IT 640
Heading 21 2

Table of Contents

Abstract ............................................................................................................................... 4

Current Network Architecture ............................................................................................ 5

Network Applications ......................................................................................................... 5

Email ............................................................................................................................... 5

Payroll ............................................................................................................................. 5

Accounting ...................................................................................................................... 5

Billing ............................................................................................................................. 6

Operations ....................................................................................................................... 6

Physical Network Devices .................................................................................................. 6

Firewalls .......................................................................................................................... 6

Routers ............................................................................................................................ 7

Switches .......................................................................................................................... 7

Wireless Access Points ................................................................................................... 7

Critical Traffic Patterns....................................................................................................... 8

Service............................................................................................................................. 8

Application ...................................................................................................................... 8

Other Captured Information ............................................................................................ 9

Potential Performance Issues .............................................................................................. 9

Dallas Office ................................................................................................................. 10

Heading 21 3

Memphis Office ............................................................................................................ 10

Security Issues .................................................................................................................. 11

Dallas and Memphis Office .......................................................................................... 11

Future Network Architecture ............................................................................................ 12

Future Communication Needs ...................................................................................... 12

Network Architecture.................................................................................................... 12

Visual Representations.................................................................................................. 13

Planning and Security ....................................................................................................... 14

Performance and Security Issues .................................................................................. 14

Network Management Tool .......................................................................................... 15

Security Devices ........................................................................................................... 16

Changes to Existing Devices ........................................................................................ 16

Challenges ..................................................................................................................... 17

Overall Risk .................................................................................................................. 18

Summary ........................................................................................................................... 19

References ......................................................................................................................... 20

References ......................................................................................................................... 21
Heading 21 4

Abstract

SNHUEnergy Inc. is a medium size oil and gas company that is currently experiencing rapid

growth. They are seeking the advice of a network consultant on designing a network

infrastructure that will handle growth over the next ten years as they move their operations to

other geographical areas in the region. In addition, they'd also like to branch out into

transportation and oil refinement. While this is a huge move for SNHUEnergy, they are looking

forward to future developments and they'd like to have this project finalized within the next year

and a half. They currently have a total of 120 employees between the Dallas and Memphis office.

When the project is complete, they will hire approximately 60 new employees each year during

the next two years of expansion. The network consultant must analyze the current network

architecture to evaluate its structural design and traffic patterns to improve on their current

network structure by increasing its functionality and performance.

Heading 21 5

Current Network Architecture

The body of your paper uses a half-inch first line indent and is double-spaced. APA style

provides for up to five heading levels, shown in the paragraphs that follow. Note that the word

Introduction should not be used as an initial heading, as it’s assumed that your paper begins with

an introduction.

Network Applications

The network applications for the current network at the Dallas Headquarters are Email,

Payroll, and Human Resources. There is a Server Farm that consists of 4 servers to handle daily

tasking and operations. The major components of the network are two switches, a router, and a

firewall at the Dallas office and a switch and a router at the Memphis location.

Email

Each employee is assigned a corporate email address that allows them to send and receive

electronic mail at their workstation utilizing Microsoft Outlook, which is one of the most popular

email applications widely used today. Email runs on SMTP or the Simple Mail Transfer Protocol

and operates at the application layer of the OSI model as a user end application.

Payroll

For APA formatting requirements, it’s easy to just type your own footnote references and

notes. To format a footnote reference, select the number and then, on the Home tab, in the Styles

gallery, click Footnote Reference.

Accounting

Include a period at the end of a run-in heading. Note that you can include consecutive

paragraphs with their own headings, where appropriate.

Heading 21 6

Billing

When using headings, don’t skip levels. If you need a heading 3, 4, or 5 with no text

following it before the next heading, just add a period at the end of the heading and then start a

new paragraph for the subheading and its text. (Last Name, Year)

Operations

Like all sections of your paper, references start on their own page, as you see on the page

that follows. Just type in-text citations as you do any text of your paper, as shown at the end of

this paragraph and the preceding paragraph. (Last Name, Year)

Physical Network Devices

The physical devices play a major role in the implementation of network infrastructure.

Without these devices, the network might cease to exist. The firewall, router, and switches are all

necessary physical components of the SNHUEnergy network. Each regional location needs to

incorporate these devices to appropriate a reliable network at the local level. The routers allow

outside connectivity to the internet and the Memphis office.

Firewalls

The Dallas Office is the only location where there is a firewall in the current design. The

firewall purpose of the firewall is to protect the network from harmful traffic such as trojans,

viruses and malware. The network administrator will set rules for the flow of incoming and

outgoing traffic on the network. Once that data approaches the doors of the firewall the process it

goes through is as simple as knocking to find out whether you will be allowed access or not. If

that traffic does not fit within the rules of access the firewall will deny entry. The purpose of the
Heading 21 7

firewall is to prevent unwanted network traffic from communicating with devices on the

network. Firewalls operate at layer 3, 4, and 7 of the OSI layer model.

Routers

The router manages traffic by forwarding packets of data from one network to another. It

determines where incoming and outgoing data should go and allows the devices to communicate

with each other by assigning an IP address to the network devices. The router provides a direct

connection to the internet by way of the internet service provider (ISP). The current network

design of SNHUEnergy shows a router installed at the Dallas Office as well as the Memphis

location.

Switches

A switch, which is also called a hub or bridging hub is a piece of network

hardware/equipment that allows device interaction. It provides physical ports for UTP cables that

are connected to network devices. When a switch receives data from a PC on the network it

analyzes that data to of the TCP/IP data packets to determine its destination and once that

information is confirmed, the switch will redirect the packets of data to its intended destination.

The Dallas office has incorporated two switches to its network to provide connectivity for the

abundance of devices requiring a wired connection to link one device to another.

Wireless Access Points

Although a wireless access point is technically referred to as a wireless device, it can also

provide a hard-wired connection if necessary. The wireless access point at the Dallas Office

receives a hard-wired connection by use of UTP cables to Switch-1 of the network. According to

the diagram for the Memphis Office, there are currently no Wireless Access points installed on

that network at the time.

Heading 21 8

Critical Traffic Patterns

The SNHUEnergy network consists of an internal and external network currently

comprised of the Dallas Office, the Memphis Office and other information sent and received

through the ISP to clients, customers and sites over the World Wide Web. The key applications

are human resources, email, VoIP, payroll, accounting, billing, and operations. The Dallas Office

handles all applications except for billing and operations which is handled by the Memphis

office. Utilizing data captured by the Traffic Flow Wireshark we can determine the source and

destination address of traffic, the protocol used to transmit this information.

Service

The VoIP service sends and receives data over the Real Time Transport Protocol, which

manages the was multimedia is sent over an IP network. This information is located by analyzing

the Traffic Flow Wireshark Capture and identifying frame numbers, source address

67.16.104.172, and destination address 10.0.6.73. You will also notice that the highlighted

transmissions are all VoIP data transmissions with the same source and destination address. You

will also notice that each transmission contains 216 bytes on wire and 216 captured.

Application

The application structured query language allows you to consolidate data on a database

and retrieve it from an internal or external network. MYSQL is the protocol it uses to send and

receive data over the network. All MYSQL transmissions are 79 bytes on wire with source

destination 10.0.8.42 and destination address 10.0.8.73 as indicated by Traffic Flow Wireshark.
Heading 21 9

You will also notice the TCP protocol utilized to send information between applications and it

uses a substantial amount of bandwidth to do so.

Other Captured Information

Towards the bottom left of the log you will see where the request listed in frame 2283

was clicked on within the application and more detail information was displayed about that

request. It displays the Linus Cooked Capture protocol was used which suggests that this

application is operating in a Linux environment, the internet protocol is IPv4 with the source and

destination address listed as 67.16.104.172 and 10.0.6.73, User Datagram Protocol utilizing port

numbers 52220 as the source port and 65534 as the destination port, and Real Time Transport

Protocol. One other protocol listed is the SSH (Secure Shell) protocol which typically operates in

Linux, Unix, and Apple operating system environments.

Potential Performance Issues

There are several areas of concern with the design of the network for both the Dallas and

Memphis offices. The current structure does not provide adequate equipment for growth, security

or redundancy for the LAN at either location. Currently, there is only one server for each

application. There are many reasons a server may crash to include hardware and software failure,

power outages, and usage overloads. An organization never knows when or how fast their

business will grow. The only thing they can do to prepare is to make every effort to support such

growth when they are structuring a WAN. Scaling a WAN involves more than the typical

addition of equipment to that network. Traffic between sites flow through overlay tunnels and

the equipment used to establish this connectivity has limitations on the number of tunnels they

can support at once. When you are operating at full capacity, that equipment starts to eat up
Heading 21 10

memory and CPU resources. If this occurs, resources will be overloaded, and domain collisions

might occur when switching packets on the network. The network will experience a decline in

the CPU’s ability to process requests. SNHUEnergy will undoubtedly suffer financial losses if

their business cannot meet the future demands of their clientele and/or keep up with the growth

of their competitors.

Dallas Office

The potential performance issues that may occur within the current Dallas Office network

infrastructure are Security, Reliability and Scalability. If a server crashes, the information on that

server will be inaccessible since there isn’t another device on the network with that same

information available. There are currently two switches located on the headquarter network.

While there are enough ports available for the current infrastructure, the switches will not meet

the demands for future connectivity. When the network is expanded, there may will not be an

adequate number of ports on the switches to accommodate the additional number of users and

device expansion required to for a larger demand in network resources.

Memphis Office

The Memphis location has several issues of its own to include a lack of redundancy in

power and equipment, security, reliability, and scalability. There is only one switch at this office

and while it’s not a current issue now it will become an issue of scalability when the company

hires new employees over the next 2 years. One of the largest problems I foresee is the huge

dependency on the Dallas office for internet connectivity and access to critical applications.
Heading 21 11

Security Issues

Dallas and Memphis Office

The current network of the Dallas Office includes one firewall connected between the

router and the ISP. If this firewall should fail, critical applications will be exposed to viruses and

other threats to the reliability of the data on the network. There is no firewall at the Memphis

location as well which leaves the network susceptible to threats, malware, hackers, and other

vulnerabilities of not having a protected network. If any of these threats occur, the network might

be subject to crashing or even an overloaded that may potentially limit access to servers. In the

interim, password access might become restricted and the integrity of data may be compromised.

Such issues may cause the company to lose thousands of dollars or more depending on the threat

level.
Heading 21 12

Future Network Architecture

SNHUEnergy’s primary focus is change their current network infrastructure from its

normal operating stance to an infrastructure that will accommodate growth over the next two

years. The plan is to design a wide area network with VPN, cloud technology, additional routers,

switches and firewalls. Implementing such technology affords the ability to increase bandwidth,

decrease traffic, create centralized servers, and protect the data traversing the network. Currently

neither the Dallas office nor the Memphis office are equipped to handle these needs.

Future Communication Needs

SNHUEnergy’s primary focus is change their current network infrastructure from its

normal operating stance to an infrastructure that will accommodate an increase in staffing

requirements by 120 additional employees to aid in their strategy to grow their business by 50%

each year over the next two years across their 2 current locations, Dallas and Memphis, and open

3 regional offices over that period.

Network Architecture

The plan is to design a wide area network with more advanced services and connectivity

by adding VPN, cloud technology, routers, switches and firewalls to the current network

infrastructure. Implementing such technology will enhance the capacity to increase bandwidth,

decrease traffic, create centralized servers, and protect data packets traversing the network.
Heading 21 13

Visual Representations

SNHUEnergy, Inc.
Logical Network Design Router B

Core Level
Primary Firewall Standby Firewall

Distribution A
Distribution B
Demarcation Point

Access Switch Access Switch Access Switch Access Switch Access Switch
1 2 3 4 5

Payroll Email
End-User End-User End-User
Server Farm

Server Farm

Accounting Video Phone Video Phone Video Phone HR

Fig. 1 Dallas Headquarters – New Design

Heading 21 14

Planning and Security

Performance and Security Issues

Implementing a SD WAN can be accomplished in a non-disruptive way by adding to the

networks existing WAN hardware inline between the LAN router and the LAN switch. Once

SNHUEnergy is acclimated to the SD WAN, the existing WAN hardware can be removed from

the network. Transitioning to a SD WAN is a smooth process as it can be facilitated in stages,

over time, to migrate regional locations to SD WAN. Implementing a SD WAN will allow

SNHU to deploy a single network that affords SNHUEnergy the option to switch transports

based on the sensitivity of the application’s data. With that, SNHUEnergy can transmit fewer

sensitive data over a public connection and use Multi-Protocol Label Switching for more secure,

time sensitive connections. The MPLS routing technique directs data from one place to another

by providing short form network address instead of the typical long addressing system to avoid

the complexities of routing table lookups and speed transmission of data. The MPLS routing

technique would be used to ensure fast and effective low latency video conferencing. In addition

to speed, MPLS technology will allow SNHUEnergy to transmit data over the internet

anonymously and more secure as it pre-determines more efficient transmission routes prior to

sending data packets over the network. Other benefits of an SD WAN are network reliability,

flexibility and scalability, enhanced security, and fast office moves or additions as SD WAN

nodes can configures themselves within minutes. SNHUEnergy will appreciate the benefits of an

SD WAN in the long term as they expand their business and compete with other businesses for

increased market share.

Heading 21 15

Network Management Tool

One of the most vital processes in network management is measuring and controlling

the amount of bandwidth utilized by the devices and applications on a network. When

measuring bandwidth, you can detect whether your consumption levels are too high or too low

and determine the direct cause of that analysis. When a network begins to perform badly, that

may be an indication that the bandwidth consumption is on the high end of the spectrum. This

analysis offers the proper data for network management to make the necessary adjustments to

scale usage down to a more manageable level.

Analyzing bandwidth isn’t just measuring the usage of bits and bytes, the network

manager also observes the flow of that data in reference to the ratio of data packets sent and

received over the network and where there is a balance in the information transported over the

network. Today it isn’t necessary for a company to hire an individual to manage bandwidth

because this task can now be done with software applications that are faster, more accurate,

and more detailed than a singular individual doing the same work.

SolarWinds NetFlow Traffic Analyzer is a software application that monitors traffic

flow and analyzes the bandwidth usage of devices, an IP address, or a specific protocol on the

network. By analyzing this flow, a picture can be drawn for inference to visually see what the

network traffic is doing, where it's coming from and where the data packets are being sent to.
This data flow analysis is translated into a format where everyone technical and non-technical

can understand the data being analyzed.

SolarWinds NetFlow Traffic Analyzer can be used for a large global organization to

follow traffic between devices on the LAN in one facility and across the WAN to remote

locations in the company. It can be used to troubleshoot congestion and see in detail which

devices are talking the most on the network. It can also see the communication between

departments and how much information is being transported during communications and
Heading 21 16

whether uploads or downloads cause congestion or if that traffic aligns with the amount of

bandwidth provided by the service provider.

Security Devices

There are several types of security devices that SNHUEnergy could implement into their

existing system to mitigate potential and future security incidents from occurring. Limiting

access to sensitive information is the cheapest way to protect a network from unwanted harm.

Another option is physical security to protect several areas of the network from unauthorized

entry and to serve as access control to prevent unwanted entry into sensitive areas. Physical

security patrol protects a facility from theft, vandalism, and disasters such as fires. In addition,

SNHUEnergy may find it beneficial to install a surveillance system, access control systems, and

sensors for lighting control, and smoke detection. As far as the actual network is concerned, it is

very necessary to install a physical hardware firewall to provide access to a VPN connection at

each location. The hardware firewall can do everything software firewalls can do with increased

response times and the ability to handle more traffic and support multiple servers. In addition, a

hardware firewall will be less susceptible to attacks due to it running off its own operating

system and will not interfere with the network if it requires maintenance or reconfiguration.

Changes to Existing Devices

Currently the Dallas headquarters of SNHUEnergy is in a single building with multiple

floors that house several divisions of the organization. The divisions are Human Resources, IT,

Accounting, Billing, Operations and Payroll. The network servers accommodate Payroll,

Accounting, Email, and Human Resources in Dallas and Billing and Operations in Memphis.

The phone system is a VOIP phone management system with added video conferencing, both

which are hardwired to switches on the network with UTP cables. The firewall protection server
Heading 21 17

installed on the network is in the MDF of the Dallas office. In addition to email, end-users also

have access to an internet connection provided by the ISP or internet service provider.

There are several areas of concern with the design of the network for both the Dallas and

Memphis offices. The current structure does not provide adequate equipment for growth, security

or redundancy for the LAN at either location. The Dallas office should break the network down

into smaller groups and restructure from around that concept. Instead of having a server farm

with four servers, divide the group of servers into two server farms hardwired to an Access Level

Switch. Repeat those steps with the end-users to split the workstations into three points of

connectivity. Access level switch 2 will provide connections for devices on the 1st floor. Access

level switch 3 will connect workstations, VOIP phones, and video conferencing, and wireless

access points for the 2nd floor. Access switch 4 is the final point of access level connectivity to

provide connectivity for the 3rd floor of the building. Upstream, add two distribution switches for

redundancy and then connect each access level switch to each one of the distribution level

switches. Connect both distribution switches to each other. Then, connect a primary firewall to

Distribution Level Switch A and a standby firewall to Distribution Level Switch B. Connect both

firewalls together as well, again this step is to continue to add redundancy at every level of the

network. Last, provide a connection for a router at the end of the line to each firewall.

Challenges

The biggest challenge the company may face in attempt to implement new software and

devices with the current network infrastructure in planning and finances. The network consultant

will plan these changes in phases so that the entire network is not interrupted at once. In fact, the

changes shall be scheduled at night during down times. Cubicles phone systems and workstations

will be installed one department at a time and tested to ensure proper connectivity. When
Heading 21 18

purchasing equipment, the consultant may advise the company to either lease the equipment or

purchase pre-owned equipment from reputable sources. They can also deploy the use of

subscription-based services such as SaaS through a provider such as Microsoft for cloud-based

applications. There are many advantages of these services such as immediate cost savings

because you for services overtime instead of paying upfront, reliability because you will not have

to manage the servers or equipment, and scalability for future growth.

Overall Risk

If SNHUEnergy does not consistently manage the security of their network, they may

face challenges with assurance in the future. Computer viruses have been known to impact

networks in ways that cause years of damage to the company and their customers. Viruses do not

discriminate when it comes to attacks, they pose damage to large and small companies and

typically smaller companies take a bigger hit because they don’t regularly monitor their network.

Hackers are not always from outside of the network. In many cases, networks have been hacked

by their own employees or the access to the network was provided by insiders. Oftentimes,

employees open emails and click links that invite malware unto the servers and they never

realize it until the damage is done. The best way to protect the company is to create awareness

and implement solutions.

Heading 21 19

Summary

When Network applications and components are not connected, they are nothing more

than spare parts for great ideas. SNHUEnergy, Inc. has trusted a network consultant with their

network to analyze and brainstorm a new concept to serve as a major overhaul. The components

of a network cannot provide functionality alone, therefore they must be interconnected to create

a functional system with a considerable level of performance. Often times, a network cannot

render the desired performance without the right combination of hardware, software, and

structural design. Installing additional switches, routers, and firewalls increase bandwidth,

increases reliability, improves latency, and decreases network traffic. When there are excessive

workstations and devices connected to a switch you run the risk of increasing network collisions.

In addition, adding redundant equipment to the network decreases the risk of data loss due to

equipment failure. More so, failure to install firewalls can leave a network vulnerable to

intrusions, viruses, and malware. Therefore, it is important to perform an evaluation in the

preliminary stages of development to determine the necessary components required to build a

network. Lack of preparation can lead to premature network failure and loss of assets.
Heading 21 20

References

Donahue, G. A. (2007, June 21). Network Warrior. Retrieved from

http://shop.oreilly.com/product/9780596101510.do.

Gookin, D. (n.d.). What You Need to Know about Network Hardware. Retrieved from

https://www.dummies.com/computers/pcs/what-you-need-to-know-about-network-

hardware/.

How to Setup a Network for Small Businesses. (2019, November 6). Retrieved from

https://www.cisco.com/c/en/us/solutions/small-business/resource-

center/networking/primer-building-small-office-network.html.

Routers, Switches, Firewalls, Etc. (n.d.). Retrieved from

http://thenetworkengineer.com/hardware/routers-switches-firewalls-etc/.

Horton, L., & ServiceMesh. (n.d.). Understanding network traffic flow analysis. Retrieved from

https://searchnetworking.techtarget.com/tip/Understanding-network-traffic-flow-analysis.

Shekhar, A. (2017, December 14). Different Networking Devices and Hardware Types - Hub,

Switch, Router, Modem, Bridge, Repeater. Retrieved from

https://fossbytes.com/networking-devices-and-hardware-types/.

Understanding Traffic Patterns - NetVizura User Guide. (n.d.). Retrieved from

https://confluence.netvizura.com/display/NVUG/Understanding Traffic Patterns.

Heading 21 21

References

“The Ultimate SD-WAN Guide for IT Professionals - SD-WAN Experts.” SD Wan Experts,

www.sd-wan-experts.com/the-ultimate-sd-wan-guide/.

“What Is SD-WAN? - Software-Defined WAN (SDWAN).” Cisco, Cisco, 11 Dec. 2019,

https://www.cisco.com/c/en/us/solutions/enterprise-networks/sd-wan/what-is-sd-

wan.html.