King Fahd University of Petroleum And MineralsKing Fahd University of Petroleum And Minerals

Computer Engineering DeptComputer Engineering Dept..

COE – 444COE – 444

Internetwork Design & MGTInternetwork Design & MGT

A structured Data Network Design and A structured Data Network Design and Upgrade for CCSE NetworkUpgrade for CCSE Network

““Server Placement”Server Placement”

Group#11

Muhammad Al-Abdul-Hadi 205169 Ahamd Mosaic

208601 Amjad Muslih 208503 Haider A. Al-Mubarac

203749 Muhammad AL-Saeed 995238

OUTLINE

Recommendations for Server Placement

Main Factors in Security Aspect New Proposed Design Problems Faced

Recommendations for Server Placement

CCSE-PSRV2 (Student print server, Antivirus server)

o Remove it from VLAN 67(administration).o Put it in VLAN 172 (Student).

VLSI (COE Faculty Printer Server)o no need to place in the shared VLAN

o suggest to place it in Faculty subnet, VLAN 65.

o place it on 3Com335-1-156 since it connects all faculty switches together.

Recommendations for Server Placement (Cont.)

CCSE-DBP2 (Student publishing and database platform)

o used mainly by students.o Remove from VLAN67

o Place it in students VLAN172

CCSE-DBP1 (Database platform; publishing setup)

o Remove it from VLAN67o place on VLAN 65 o assuming it will be used mainly by faculty.

Recommendations for Server Placement (Cont.)

MAKKAH (CCSE web server): Remove from VLAN64 Place in VLAN172 frequently accessed by student

CCSE-MATERIAL (MatLab Server):

traffic of 51% (peak hour). Replace the 100 Mbps with 1 Gbps & connect it to switch

3Com335-1-102/103.

CCSE-SOFTWARE: traffic of 45% (peak hour). replace the 100 Mbps with 1 Gbps. Upgrade server

Recommendations for Server Placement (Cont.) KUZAMA, Bareed (mail server):

o Old Workstation used as a server.o Upgrade it to a higher performance server

Recommendations for Server Placement (Cont.)

Soldier(POP3 Server, Mailbox Server, CCSE Network Time server):

o Peak traffic 84.4%(high)o seems to be a loaded all the time. o Keep it in faculty VLAN65o Duplicate one to VLAN172

Main Factors in Security Aspect

Physical Access.o Physical place restricted to authorized people.

Administrative Delegation.o Deciding who will have administrative authority over the

server User Authentication.

o To verify that users are who they declare themselves to be.

User Authorization.o Regulating what users have access to log on and what

server resources they can access.

Main factors in security aspect System Privileges and Restrictions.

o Setting the access permissions to the applications.

Application Privileges and Restrictions.o Access to the applications on a server should be restricted

to a subset of users based on their job function.

System Auditing.o Needed for monitoring effectiveness of the configuration.

Security Patches Management.o Poor patch management can be particularly damaging to a

server environment.

Security

From the above assessment it can be seen that the security used in CCSE servers is good and does not need any further improvement.

3com335-1-76

CC

SE

-DB

P1

CC

SE

-DB

P2

CC

SE

-PD

C

CC

SE

-PS

RV

2

CC

SE

-AA

PS

2

Unmanaged Hub

CCSENETMON5

CCSE-RADIUS

CCSENETMON3

CCSENETMON7CCSENETMON1

196.1.67.0/24

CC

SE

-DB

P3

VL

AN

17

2

VL

AN

17

2

VL

AN

65

3com335-1-102/103

CC

SE

-BA

RIU

M

CC

SE

-AP

PS

3

CC

SE

-MA

TE

RIA

L

CC

SE

-XE

ON

CC

SE

-NE

ON

ics-

db

serv

er1

ics-

db

serv

er2

3com336-142/143

3com335-1-64[Bridging Mode]

3com335-1-130/169

172.16.0.0/16

CC

SE

-SO

FT

WA

RE

CC

SE

-AT

OM

VLAN 64 (Administration and Monitoring)

VLAN 172 (Student/Labs)

3com338-77

COLO

NEL

SOLD

IER

GEN

ERAL

SHAM

SI

SPID

ER

KABS

A

PEAR

L,W

WW

Solaris Stations [Sunfire1, Sunfire2.. Sunfire9]

3com338-65

Hear

tBea

t1He

artB

eat2

Nasr

een

Mar

s

Vlsi

ccse

Khuz

ama

Peng

uin

Dhah

ran

File

r

3com338-99

Tom

cat

Unai

za

Fire

flyJu

pito

r

Nept

une

Mer

cury

Java

serv

3com338-166

Taif

Mak

kah

Mad

inah

Venu

s

196.1.64.0/24

3com335-1-128

VLAN

172

&6

5

VLAN

65

VALN

65

VLAN

172

VALN 64 (UNIX Servers)

Problems

Lack of information:o Who uses what?o How many users use the application?o How frequently the application is needed

by users? Delay in getting the required

information. The traffic analysis doesn’t help in

making decisions.

?