NTC/320 V5 West Consulting Network Design Summary 638125

NTC/320 v5 West Consulting Network Design Summary

West Consulting is a growing graphic design and printing company expanding its facilities in Des Moines, IA, and establishing a new test location in Australia. The company faces network performance issues due to bandwidth-intensive applications, especially when accessing server-hosted CAD software. To support its expansion and improve network reliability, the company requires a comprehensive network redesign addressing wireless security, unified communications, IP addressing, switch bandwidth, server infrastructure, internet links, security, and project timelines.

Paper For Above instruction

Introduction

West Consulting’s expansion necessitates a significant overhaul of its existing network infrastructure. The current networking environment is optimized for smaller operations and is not designed to support increased user loads, geographic expansion, or enhanced security needs. An effective network redesign must incorporate advanced wiring, wireless, security, and virtualization strategies to enable reliable, scalable, and secure operations across the multiple sites and regions.

Wireless Local Area Network (WLAN) Security and Infrastructure

Given the necessity for a secure WLAN solution in the new building, deploying WPA3 encryption would be paramount to ensure robust wireless security. This standard provides enhanced protection for wireless communications, including individual session encryption, which is vital given the sensitive nature of design data. Recommendation includes deploying new enterprise-grade access points supporting WPA3, alongside centralized authentication via RADIUS to control user access effectively.

To keep wiring costs down and future-proof the WLAN infrastructure, a phased upgrade is suggested with a focus on deploying access points that support 802.11ax (Wi-Fi 6). Wi-Fi 6 provides higher throughput, improved performance in dense environments, and better energy efficiency, supporting the increased number of users and devices with minimal latency. Legacy 802.11b devices should be phased out gradually, replaced by compatible Wi-Fi 6 clients to leverage these improvements.

Unified Communications System

To address the frequent international videoconferencing, West Consulting should implement a Unified Communications (UC) platform that offers Quality of Service (QoS) capabilities, ensuring that real-time voice and video traffic are prioritized over data traffic. Solutions like Microsoft Teams, Cisco Webex, or Zoom integrated with IP telephony can facilitate seamless global communication, with dedicated bandwidth allocations and multi-site connectivity setup to enable uninterrupted services with minimal latency.

A virtualized PBX system integrated into the corporate network can unify voice, video, messaging, and conferencing functions while ensuring scalability, security, and ease of management. The UC solution should also support device mobility, enabling employees to switch seamlessly between office and remote environments without service interruption.

IP Addressing Strategy and Network Segmentation

Implementing private IP addresses across all sites, following RFC 1918 standards, is essential for internal security and network management. Segmentation of employee, guest, and infrastructure devices onto separate VLANs is critical for security and performance. Employee devices can be assigned to VLANs with restricted internet access, guest VLANs can be configured with internet-only access via a captive portal, and infrastructure devices (servers, switches, routers) should be isolated within secured VLANs with strict access controls.

Network address planning should involve NAT (Network Address Translation) to parse traffic for external communication while maintaining internal address privacy. VLANs and ACLs (Access Control Lists) must be rigorously configured to prevent unauthorized access across different segments, especially protecting sensitive data on servers and infrastructure devices.

Switch Bandwidth and Redundancy

Upgrading switches to support 10 Gbps fiber uplinks between backbone switches is necessary to handle increased traffic and prevent bottlenecks. Each switch connection to the backbone should be upgraded to a 10GbE link, with high-quality fiber transceivers such as SFP+ modules. For server connections, dedicated 10GbE links should be established to provide high-speed access and minimize latency during data transfers or backups.

Redundancy options include deploying redundant switches with stacking capabilities or employing Link Aggregation (LACP) for failover and increased bandwidth. Implementing Spanning Tree Protocol (STP) enhancements or using Rapid Spanning Tree (RSTP)/Multiple Spanning Tree (MSTP) ensures network resiliency in case of link failures. Redundant power supplies for critical network devices increase availability and reduce downtime risk.

Server and Data Center Virtualization

An on-premise data center should be designed utilizing virtualization technologies like VMware vSphere, Microsoft Hyper-V, or Nutanix, enabling the consolidation of physical servers and efficient resource utilization. Hardware virtualization reduces costs, simplifies management, and enhances disaster recovery capabilities. Network virtualization can be achieved through software-defined networking (SDN), enabling flexible, programmable networks that adapt to the dynamic needs of the data center.

Deploying redundant hardware components (servers, storage, networking equipment), along with snapshot and backup solutions, will safeguard against hardware failures, ensuring high availability. Storage area networks (SANs) and network-attached storage (NAS) should be incorporated to facilitate scalable and reliable storage solutions.

Internet Link and Redundancy

To improve Internet link speed and ensure reliability, upgrading to a fiber-based broadband connection (such as Gigabit Ethernet or higher) is recommended. Multiple ISPs with diverse routing paths should be provisioned to facilitate redundancy, minimizing risks associated with ISP outages. Implementing automatic failover mechanisms, such as BGP (Border Gateway Protocol), will ensure seamless transition between providers in case of failure, maintaining continuous Internet connectivity.

Network Security Enhancements

Given past attacks on their DMZ, West Consulting should implement multi-layered security strategies. Deploying next-generation firewalls (NGFW) with intrusion prevention systems (IPS), deep packet inspection, and application awareness will better protect intranet servers. Segmenting the DMZ logically with stricter access controls and continuous monitoring through Security Information and Event Management (SIEM) solutions will identify and mitigate threats proactively.

VPN solutions with multi-factor authentication (MFA) can secure remote access for employees and partners. Regular security audits, vulnerability assessments, and employee security training will sustain a resilient security posture.

Project Timeline and Implementation

Ensuring these improvements are completed within a 6 to 9 month window requires phased planning. The initial phase should focus on core upgrades—replacing End of Life (EOL) hardware, implementing security enhancements, and upgrading critical infrastructure like switches and routers. Parallelly, deploying virtualization and setting up the new wireless infrastructure in the new building should occur.

Subsequent phases can handle site-specific configurations, establishing redundant internet links, and completing security hardening. Regular progress reviews, parallel testing environments, and comprehensive documentation are critical to staying on schedule.

Conclusion

The network redesign for West Consulting must be comprehensive, secure, and scalable to support rapid expansion into new markets while maintaining high performance and secure communication channels. Strategic investments in wireless security, high-bandwidth backbone switches, virtualization, and security safeguards will position the company for future growth and resilience. Effective project management within a 6 to 9 month timeframe is feasible with phased implementation and rigorous planning.

References

• Agarwal, P., & Rao, R. (2020). Modern Network Security Strategies. Journal of Cybersecurity, 15(2), 56-70.
• Cisco Systems. (2021). Cisco Catalyst Switches Data Sheet. Cisco. https://www.cisco.com
• Dhillon, G., & Backhouse, J. (2022). Virtualization in Data Centers. International Journal of Cloud Computing, 10(1), 45-60.
• Engelman, M., & West, J. (2019). Wireless Security Protocols and Standards. IEEE Communications Magazine, 57(6), 80-86.
• Gonzalez, L., & Perez, A. (2021). Implementing Business Continuity with Redundant Internet Links. Network Security Journal, 12(4), 24-29.
• Microsoft. (2023). Guide to Implementing Unified Communications. Microsoft Docs. https://docs.microsoft.com
• Richardson, M. (2020). Network Segmentation and Security Best Practices. Cybersecurity Review, 22(3), 15-21.
• Smith, D., & Lee, K. (2018). Data Center Virtualization Technologies. Journal of Information Technology, 34(4), 34-45.
• Verizon. (2022). Next-Generation Firewalls and Security Solutions. Verizon Security Briefing. https://www.verizon.com
• Zhao, H., & Kim, S. (2023). Multi-ISP Strategies for Reliable Internet Connectivity. Journal of Network Infrastructure, 18(2), 66-78.