IP address allocation, DHCP and DNS server
The IP addresses allocation in the new IT infrastructure model for Acme is based on the guidelines and policies of the IANA and ARIN in relation to IP addresses allocation as well as the routing of IP addresses. The system will make use of IPv4 (32-bit addressing). The customers of Acme will be leased IP addresses. In the new building, the IT model will constitute non-portable. All data points in the IT infrastructure will be allocated one IP address each. Additional IP addresses will be provided if need be dependent on the magnitude of need. IP addresses for all the users of the Acme system will be allocated dynamically. The Designated network administrators will assign various ranges of IP addresses to DHCP. The system will enable that each client computer o LAN in the entire Acme infrastructure to have its IP software configured to request an IP addresses from the DHCP server at network initialisation. The DHCP server will reclaim as well as be able to relocate IP addresses that are not renewed and thus enabling the dynamic use of IP of addresses. The DNS server will feature network IP addresses and hold a database of network names as well as addresses for the entirety of the Acme internet’s hosts.
Packet filtering
Packet filters will be used to enable or block packets normally while routing them from one network to another. This will be a handy devise especially in the proposed IT infrastructure models where there will be some integration between the internet and local network systems. The device facilitates flow of data interaction from the Internet to an internal network, and vice versa. To set up packet filtering the presented Acme IT model will entail as set up of a set of rules that define what types of packets for instance those to or from a particular IP address or port are to be passed and what forms are meant to be blocked. The Packet filtering set up in the presented design will obtain in the Cisco router.
The Packet filtering systems used will channel packets within internal and external hosts. This will be done extensively and each IP address will be catered to for the optimisation of security reasons. In the presented IT model, the filtering system will allow or block specific forms of packets in a way that reflects Acme’s site’s security policy as shown in the diagram below. The type of router used in a packet filtering firewall is known as a screening router.
In the proposed IT infrastructure the Packet Filtering will ensure that every packet has a set of headers containing particular information. The main information is:
- IP basis address
- IP target address
- Protocol ( UDP, or ICMP packet)
- TCP or UDP source port
- TCP or UDP target port
- ICMP communication type
Servers and services
The project developers have had to make a decision to select the feasible and best data storage and warehousing model. A choice has been made between long-time rivals Oracle and SQL Server database technologies.
Connolly, Thomas, et al (2003) contributions hold that in sharp contrast to other typical vendor solutions, the Oracle model has been at the forefront of meeting industry needs providing full-scale support for all industry standards in the broad spectrum of operating systems and hardware infrastructures in contemporary IT domains. Owing to its cross-platform (OS) portability the Oracle model provides a formidable alternative for entities to decide on what operating hardware they would prefer to use without having to face the hassle of attempting to surmount the hurdle posed by the disenabling SQL server model which is tailored for Windows platforms exclusively. Lightstone S et al (2007) note that any organisation has the privilege to depend on Oracle technology to reduce deployment expenses while also remaining flexible enough to meet future needs. This is particularly so as the choice for Oracle technological database systems will not tie anyone to the specific hardware or operating system infrastructure. The scholars state that this is particularly important for independent software vendors who have the privilege to set up an Oracle database once and then deploy anywhere they would wish to.
Lightstone S et al (2007) experimentations have indicated that the SQL server technological systems have limited support for the variety of hardware platforms that exist in IT domains. The researches indicate that SQL server supports fewer hardware applications in comparison to Oracle. Oracle is compatible with all major hardware environments as well as operating programmes. The scholars present that Oracle technology supports platforms in various categories which enlist ERP, CRM as well as the Procurement and Supply chain. They further observe that there are by far a larger number of more packaged software deployed on Oracle than those in the 2000 SQL server system.
Oracle is considered a technological innovation leader in the key data warehousing domains. Gray J and Reuter (2005) note that Oracle has transformed the technology terrain of business intelligence servers. Oracle technology addresses the entirety of the server-side business intelligence as well as data storage needs. This by extension includes the components of extraction, transformation and loading (Gray, J. and Reuter 2005). Further that the business intelligence server merits of Oracle technology extend to the Online Analytical Processing (OLAP) and retrieving realms. One handy thing about Oracle database technology is that it eradicates the need for the running of many engines in the business intelligence landscape.
The Acme IT infrastructure will tap into the merit that comes with use of Oracle technology in the aspects of rapid deployments which will be used to eliminate the requirement to combine various sever units when running the Acme business intelligence system. This is also expected to reduce management costs. (Gray J and Reuter 2005) While SQL Server 2000 functions as data storage facility, OLAP evaluations are conducted in an external data repository. The problem with this is that it will require additional time for the retrieving of data.
Domain control server
The Acme Infrastructure will make use of the Windows NT Domain as a primary domain controller. The server will be useful for its backup domain controllers as the company handles bundles of sensitive and critical data which demand optimal security measures as well as backup. The Primary Domain Controller which holds the SAM will be used to authenticate access requests from research centres and all offices et work. The server has a valuable SAM security Accounts manager which will be used to manage the database of usernames, passwords and permission. The SAM for the Acme model will remain a component of the domain control server. The domain control server SAM unit will be used to store passwords of users, researchers, customers and officers of the entry of Acme personnel. The unit will store the password in a hashed format. This is one way of reinforcing the security measures of the Acme system. TO weather the possibilities of suffering offline attack the developers have considered the facilities of MS SYSKEY facility in Windows NT 4.0
File server
The Acme model will use Window Server 2003 for file storage. The merits of the model come with the delight of the Distributed File System (DFS) technologies which offer a broad spectrum of user-friendly replication together with simple and fault-tolerant access to geographically scattered files.
The file and storage services unit is critically needed for efficient backup of user and all networking data, the restoration of operation as well as an enhanced encrypting system which will be handy for Acme in its prospect of cutting costs while boosting productivity.
Email server
The Acme model will make use of the hMailServer. The server has been selected for its no-cost aspect which caters to the prospects of cost-cutting. The server will also provide administration tools for the management and handling as well as backup of all email-related data for the entirety of the Acme model system users. The model has been selected specifically in consideration of its guaranteed support IMAP, POP# and SMTP email protocol.
Web & Proxy server
Squid will be used as an Acme model web proxy server. While functioning to serve as web cache, the server will be valuable for providing means to block access to particular malicious URLs and thus will provide critical information filtering for all web access by the staff and researchers as well as customers serviced by Acme.
Firewall
Firewalls have become part of the best-known security solution in IT whilst their popularity continues to grow as they play a critical role in information security. Nonetheless, the infrastructure of security firewalls will have to be leveraged on effective and feasible security planning and a well-laid-out security policy. The best of firewalls can be obtained when they work for hand in glove with effective and up-to-date anti-virus software and a broad range of intrusion detection systems. The resources by the two authors zero in on the dynamics s and dimensions of firewalls in the precinct of all the associative elements in the exploration of the domains that deal with IT security. Acme will make use of Firewalls to protect the data warehouse and the entirety of the communication networks from possible attacks. Firewalls will be used together with VPNs. VPNs as the commonly used protection mechanisms for information systems working in concert with other associative models such as well as access controls, and firewalls and antivirus tools. The control of VPNs will be implemented in a layered manner which will facilitate the provision of defence-in-depth; The logic is that no one control is 100% effective so by layering these defences, the controls as a unit will be more effective and efficient.
Windows Update server
Microsoft Windows Server Update Services (WSUS) will be installed in the Acme system servers to enable designated Acme information technology administrators to deploy updated and latest Microsoft product updates to all individual computers operating on the Windows operating system. The WSUS will empower administrators to fully manage the allocation of critical updates such as antivirus software and various updates released through Microsoft Update networks.
VoIP
The Acme model has been modeled in tandem with the VoIP systems which will interface with conventional public switched telephone networks (PSTN) as a way of allowing for transparent phone communications worldwide. The VoIP will be particularly useful for the Acme enterprise looking for cost-cutting models. The system will be valuable for the communication needed by Acme for its officers and field officers as well as providing customer support at low costs.