This chapter introduces the case study and includes the following sections:
This first chapter in Part III, “Designing Your Network: How to Apply What You Know,” introduces a case study of a fictitious company called Venti Systems. The design methodologies discussed in Part I and the technologies discussed in Part II are applied to this case network, as appropriate.
This chapter provides background information and context for the case study, introduces assumptions made, and discusses the requirements for the new and redesigned networks. These requirements are developed in the next chapter, building to a comprehensive network design.
For the purposes of this case study, assume that you have been contracted by Venti Systems to design an upgraded/new network as it completes its acquisition of two complementary companies and moves to new facilities.
Venti Systems is a manufacturer of high-end automotive power modules. The company is based in the west side of Toronto, in central Canada, and has a sales home office in Tokyo, Japan. Venti Systems is in the process of acquiring two other companies: Grandics Corporation, which is also in Toronto (but on the east side of the city), and Konah Power, based in Seattle, in the north-western United States.
Grandics Corporation manufactures electronic components and has a sales home office in New Delhi, India, while Konah Power manufactures powertrains and has a sales office in Frankfurt, Germany.
The locations of all the offices are shown in Figure 11-1.
Venti Systems, including its two acquisitions, produces a low-volume, high-value-added product. The company expects to grow both organically and by acquisition.
Currently in North America, Venti Systems has 100 people, while Grandics Corporation and Konah Power have 60 people each. One person is located in each of the India and Japan locations; those two employees work from home. The two-person sales staff located in Germany works from a small remote office.
The current network at Venti Systems, as illustrated in Figure 11-2, includes 10BaseT to the desktops and 100BaseT to the servers. All wiring is unshielded twisted-pair (UTP). The company has one e-mail server and two file servers—one for business applications and one for computer-aided design/computer-aided manufacturing (CAD/CAM). A fourth server backs up the business application file server for redundancy. A backup of each server is done daily, and the backup tapes are stored off-site. The network is Layer 2 switched, using Cisco Catalyst 1924 switches and one 2950T-24 switch. Each port on the 1900 switches is attached to only one device; hubs were removed a few years ago. Virtual LANs (VLANs) are not used in this network. One Cisco 2514 router, which includes two 10-Mbps Ethernet interfaces and the firewall feature set, is used for Internet connectivity through a digital subscriber line (DSL) connection of greater than 1 Mbps. No backup Internet connectivity exists.
Because the Venti Systems network is Layer 2 switched without VLANs, it has a flat IP addressing scheme. Private IP addresses, in the 10.0.0.0 network, are used, with Network Address Translation (NAT) on the Internet router translating all addresses to the registered address configured on the external Ethernet interface. The external Ethernet interface connects to the Internet service provider (ISP) DSL network, which offers Point-to-Point Protocol over Ethernet (PPPoE) connectivity.
Venti Systems employees do not tend to send or download much data over the Internet connection, so no performance issues exist there. Internally, however, slow responsiveness has been reported, especially by the research and development (R&D) engineers.
Virtual private networks (VPNs) are used to allow remote employees, including the one working in a home office in Tokyo, to access files and their e-mail. Security is provided by the Internet router and with virus-checking software installed on all devices.
Telephone service is provided by a relatively old private branch exchange (PBX) system.
All three companies use the same CAD/CAM system and a common suite of office applications (for word processing and so forth). Some differences exist in the financial and other business applications used.
The current Grandics Corporation network is similar to Venti Systems’ network. The current Konah Power building includes a low-tech industrial-grade network with shielded twisted-pair (STP) wiring, preventing signal attenuation because of electromagnetic interference produced by the heavy machinery. Konah outsources its Internet connectivity, telephone, and e-mail services.
Table 11-1 summarizes the current state of the three companies and their networks.
Table 11-1. Current State of the Three Companies
Venti Systems | Grandics Corporation | Konah Power | |
|---|---|---|---|
Product | Power modules | Electronics | Powertrain |
Location | Toronto-West | Toronto-East | Seattle |
Number of Employees | 100 (plus 1 in the home office in Japan) | 60 (plus 1 in the home office in India) | 60 (plus 2 in the small office in Germany) |
Main Duties | Office workers and engineering | Engineering | Laborers |
Network | |||
Topology | Flat, switched | Flat, switched | Flat, switched |
Connectivity | UTP | UTP | STP |
IP Addressing | Flat, private | Flat, private | Flat, private |
Proprietary Systems/Protocols | None—IP only | None—IP only | None—IP only |
Servers | Applications (and another to backup this applications server), e-mail, and CAD/CAM | Applications, e-mail, and CAD/CAM | Applications and CAD/CAM |
Redundancy | Application server backup only | — | — |
Applications | Business applications, e-mail, and CAD/CAM | Business applications, e-mail, and CAD/CAM | Business applications and CAD/CAM |
Corporate e-mail access | Corporate e-mail access | Outsourced | |
Cisco 2514 router with firewall feature set | Other vendor’s router with integrated firewall | Leased from ISP | |
Internet Connectivity | DSL | DSL | DSL |
Internet Connectivity Backup | — | — | — |
Business Continuity | Application backup automatic. Backup done daily; tapes stored off site. | Backup done daily; tapes stored on site. | Backup done daily; tapes stored on site. |
Remote Users (Including International Offices) | VPN to router for e-mail and file sharing. | VPN to router for e-mail and file sharing. | No remote access supported. E-mail is outsourced and file sharing is done through e-mail. |
Voice | Old PBX | New PBX | Outsourced Centrex |
Security | Virus check and firewall router | Virus check and firewall router | Virus check and ISP firewall |
QoS | — | — | — |
Network Management | Telnet to devices | Telnet to devices | Telnet to devices |
As described in Chapter 1, “Network Design,” determining the requirements is the first step that should be taken when designing a new or updated network. This section examines the requirements for the Venti Systems networks.
After the acquisition, the two Toronto-based companies will be moving together to a new head-office location on the west side of the city, to achieve better synergy and to consolidate personnel and manufacturing facilities. The new location currently has one building, and the company has an option to lease the neighboring building if its current growth trend continues. The Seattle office will remain and will become a branch office of the Venti head office. All the international sales offices will remain in operation.
The 100 people in the original Venti Systems office will combine with the 60 Grandics Corporation employees; 15 people are expected to be laid off immediately because of redundancies. The company then expects to hire another 40 people over the next 18 months commensurate with growth. The number of Seattle staff will go from 60 to 45 through natural attrition and departure incentives after the acquisition.
The new organization structure of Venti Systems includes a chief executive officer (CEO) with the following four departments reporting to her, as illustrated in Figure 11-3:
Finance
Marketing and Sales
Operations
Human Resources (HR)
The CEO is technology-savvy and has declared that the new head office is to be state of the art. However, even though she would like to have the latest and greatest “bells and whistles” in the new network, she has advised the designers to recognize that, in the real world, the company has requirements and constraints that must be adhered to. Thus, the company can take advantage of new technologies only when they meet requirements and are cost effective. For example, IP telephony/Voice over IP (VoIP) will be implemented in the new Toronto office, but the low volume of calls between offices does not warrant the expense of changing to VoIP in Seattle, in the international offices, or between offices at this time. Because of time differences, most of the communication exchange with the international offices is through e-mail.
With a larger management team and for the sake of efficiency, the new Toronto office is to have a network that takes advantage of wireless connections and VPNs, as well as IP telephony.
Within the new Toronto office network, voice will be given priority over other traffic. IP telephony will replace the outdated PBX system and allow the company to take advantage of other benefits, including unified messaging (using the Cisco Unity product). Calls between offices and to outside locations will be done over the PSTN. A call center is not required at Venti Systems, because of the nature of the business.
Server and infrastructure redundancy will be implemented as necessary. A backup Internet connection is not initially required, because no mission-critical applications are running over the Internet, and the additional cost and complexity are not deemed necessary at this time.
The offices will keep their DSL connections, and all interoffice and remote-user communication will be through VPNs over the Internet.
All e-mail will be processed in the Toronto office, which will include two mail servers: an internal mail server and a mail relay server. The mail relay server will be located in the demilitarized zone (DMZ) and will sanitize e-mail messages before transmitting them to the internal mail server. The branch office, international offices, and remote users will access their e-mail and files through VPN connectivity to the head-office servers. A third personal digital assistant (PDA) e-mail synchronization server will provide push-based e-mail wireless services.
For ease of troubleshooting, the data on separate servers will be segmented as follows:
Two Cisco CallManager servers (subscriber and publisher, for IP telephony)
A Cisco unified messaging server
Three e-mail servers (one internal, one on the DMZ, and one for PDA synchronization)
A finance server
A CAD/CAM server
A general office server
Network management servers (the number of these servers will be determined during the design process)
The internal e-mail, finance, and CAD/CAM servers each will be clustered for backup. Sensitive data will be encrypted on servers as necessary. All servers will be equipped with intrusion prevention system (IPS) software, and the network will include intrusion detection systems (IDSs).
To improve performance within the Toronto office, a switched and routed environment will be implemented. Private IP addresses in the 10.0.0.0 range will still be used, but multiple subnets will be required. NAT will still be used on the Internet router, translating all addresses to the registered address configured on the external Ethernet (DSL) interface.
The Toronto office will have a wireless network, to allow complete mobility within the building.
All employees who need a computer will be given a wireless-enabled laptop; all of these laptops will be from one manufacturer, with one operating system, and with a standard suite of programs installed. Any employee with a laptop, including those in the international sales offices, can then become a remote user. All computers, including laptops and engineering workstations, will run the latest generation of antivirus software, which also includes antispyware software.
Because all three companies use the same CAD/CAM system and a common suite of office applications, the merged company will continue to use these same systems. However, some differences exist in the financial and other business applications used in the three offices; these will be standardized to use Venti Systems’ original applications. The data from the systems in the other offices needs to be translated and incorporated into the new system; a task force will be created for each application to be responsible for migrating the data and integrating the systems.
Within the Seattle location, few changes are required to the network because the work done there is not information-intensive. Communication between this office and other offices is mainly done through e-mail, which will be under the merged company domain through the e-mail server in Toronto. The Seattle office will remain as Layer 2 switched only because of the small number of people and the simplicity of the network. The office will have a VPN-enabled router to connect to Toronto. (The Cisco 2514 router, upgraded if necessary to at least the Internet Operating System [IOS] Release 12.2[29] firewall feature set, currently used by the Venti office will be moved to Seattle for this purpose; a new, more feature-rich router will be installed in the Toronto office.)
Management of devices within the network will be updated to include a more secure protocol, secure shell (SSH), for in-band connections.
Two other technologies were examined to see whether they would be useful for Venti Systems: content networking and storage networking. Venti decided that content networking is not required because the company is not involved in either e-commerce or high-volume file access. Storage networking, in the form of network-attached storage (NAS) appliances, might be considered in the future to help improve the performance, scalability, and reliability of access to the R&D data. At this time, NAS will not be implemented, but this decision will be revisited as the need warrants.
Business-related requirements and constraints for Venti Systems include the following:
Budget—. You can assume that sufficient budget is available for both capital and operating expenses for the new Toronto network, including IP telephony, wireless, and VPN, for new laptops, and for the minor upgrades to the Seattle network.
Schedule—. The move to the new office is to be completed within two months; the new network must therefore be in place and functioning by that time. The IP telephony network must be working in the new building because the PBX will not be moved. The business applications must also be merged by then, with integration phased in as defined by the assigned task forces.
Note
Venti Systems’ managers have decided to merge the acquired companies quickly, because they realize that if the merging of personnel takes too long, they will only “prolong the pain and defer the gain.” Thus, when the merger/acquisition is announced, the corporate leaders will move at full speed to integrate the two operations.
People—. Training of existing (or newly hired) network personnel on VoIP and IP telephony must be undertaken and completed in time for the implementation to be completed and tested.
Legal—. Venti Systems has no contractual obligations related to the network that must be upheld. New laws require IT governance best practices and the privacy and security of customer and financial data be assured, including a secure backup of such data. Examples of such regulations are Sarbanes-Oxley (SOX) and the California Law on Notice of Security Breaches (Senate Bill [SB] 1386) in the United States, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.
History—. Because the Seattle plant belongs to the heavy-industry sector, its employees tend to be less high-tech-savvy. This is another reason that VoIP is not being implemented in Seattle at this time. With the culture shock of merging with the other companies, the acquisition of new laptops, and so forth, introducing new phones and a new phone system would probably be too disruptive at this time. In the future, if the benefits that VoIP would bring to this office are warranted, its implementation will be revisited.
Policies—. No policies are in place that might restrict the network design. Venti Systems has no issues related to the use of proprietary technologies. However, policies need to be implemented for things such as Internet access, network and laptop security, and so forth.
Table 11-2 summarizes the requirements for the merged company and its networks.
Table 11-2. Requirements for the Merged Company
Venti Systems—Toronto | Venti Systems—Seattle | |
|---|---|---|
Product | Power modules and electronics. | Powertrain. |
Location | Toronto-West. | Seattle. |
Number of Employees | 145 (185 within 18 months following the merger, plus 1 each in the home offices in Japan and India). | 45 (plus 2 in the small office in Germany). |
Main Duties | Office workers and engineering. | Laborers. |
Venti Systems—Toronto | Venti Systems—Seattle | |
Network | ||
Topology | Switched and routed | Switched. |
Connectivity | UTP, wireless. | STP. |
IP Addressing | Hierarchical, private. | Flat, private. |
Proprietary Systems/Protocols | None—IP only. | None—IP only. |
Servers | Cisco CallManager (one publisher and one subscriber), unified messaging, e-mail servers (one internal, one on the DMZ, and one for PDA synchronization), finance server, CAD/CAM server, general office server, and network management servers. Servers to be clustered: internal e-mail, finance, and CAD/CAM. | Office server and a CAD/CAM server. E-mail processed by head-office server. |
Redundancy | Server and infrastructure redundancy. | — |
Applications | Business applications, e-mail, and CAD/CAM. | Business applications and CAD/CAM. |
Enterprise e-mail with PDA message-forwarding capability. | In-house, using head-office server. | |
Edge Device | Firewall and VPN concentrator. | Cisco 2514 with firewall feature set (previously in the Toronto office). |
Internet Connectivity | DSL. | DSL. |
Internet Connectivity Backup | — | — |
Business Continuity | Backup done daily; tapes stored off-site. | Backup done daily; tapes stored off-site. |
Remote Users (Including International Offices) | VPN tunnel to head office for mail and file access. | Seattle office and remote users access head office through VPN. |
Voice | IP telephony with unified messaging, and voice gateway to PSTN provider. The voice-enabled router will be equipped with the firewall feature set. | New PBX (from Grandics Corporation). |
Venti Systems—Toronto | Venti Systems—Seattle | |
Security | Advanced virus-checking software, IPS, IDS, firewall, and firewall router. | Advanced virus-checking software and firewall router. |
QoS | Voice traffic will be given priority. | — |
Network Management | SSH for in-band connections. | SSH for in-band connections. |
Support for Applications | Business applications software will be standardized on head-office current applications. Task forces will be named to plan and implement the integration of each application. | |
This chapter introduced the Venti Systems case study, including a description of its current state and that of the two companies that it is in the process of acquiring. The requirements for the upgraded network and the network in the new building were developed, in preparation for the rest of the design steps in the following chapter.