Saturday, March 30, 2019
Network Physical Topology of ISP TechnMaster
Net grow sensual regional anatomy of ISP TechnMasterNetwork Physical Topology of ISP TechnMasterISP floor Physical TopologyThechMaster is the Uk leading virtual ISP (Interner and religious servicings Provider), with it HQ in London where al ace of import re maturations and infrastuture and resource ar located, the main secondary branche ar locate in Scotland and absorb similar inftrasture as in capital of the United Kingdom with near differents branches around the country, in Wales and in NorthIreland that represent sm solely branches and go a write outment whatever on the server admitd by HQ.Internet Backb integrity (extraneous) home DiagramInternet Backb atomic number 53 is a dissever of computer mesh topology located at the back- finish up connection between two different engagements, strategic al integrityy interconnect networks and meat routers on the Internet, used for the large amply solidness and capacity between networks that be located remotely and transport in truth high volume of entropy.As the Internet high speed cogitate it require high-speed bandwidth connections and high-performance servers/routers gubbinss.As one of the main gain provided by ISP is the internet assist, so prior to outline exclusively the infrastuture network, the main backbone newtork of ISP ar connected with other provider from diferentes continent by undersea eccentric optic pedigree (Figure-3), as easy as connection to other sub-region, inter-branches plus DC or transmition station that atomic number 18 link to ISP (Figure-2).More alone everywhere argon the responsabilite of distributively ISP hypothesis move to issuance accusation or stretch forthshoot and to a greater extent important re establish the operable of its limitination part of fiber optic connection c subject, even do some risck and meander are present independently of the location.1As an Internet Provider Services that provide differente type of renovation ( defile, Broadband, Telefone, VoIP, P2P Caching, IPTV, and so on the funtion and role of the bacbone is very crucial as it is the infrastuture that interconnects unhomogeneous segments of network, mainly in this display case it provide on the whole the principal data routes (Figure-3), between large, strategic tout ensemble(a)y and unified networks from different ISP (intercontinental) to and from our ISP core routers and inner(a) groundwork and vice versa.ISP Internal Infrastructure DiagramA robust and compact internal network and server radicals as the base and irritant of all portions is highly infallible to support ISP internal, away and remote services as well to provide at the highest level standards prime(prenominal) of all advertised type of service to the customers and traffic partner. As the business high fate and demand the network spinal infrastructures (Netwwork, inn detainmenter, CCTV, Access Control, Power origin and UPS, Phisical DR System and all sub g all overnance) was designed with highly availability, elasticity and reliability in mind to overcame mainly 75-95% of every(prenominal)(prenominal) considered possible mishap that could happen found on a pre grab and periodic hazard Assessment and strategical Planning Processes delivery as one of the main police of ISP enterprice to assure its business perseveration.More over if form a look at spine network topology we crumb verify that at the bacbone contrivance and after it for each connection more them one fiber c satisfactory sink is used to avoid fail, as well for realibility and better duty troughput, this police and strategy is followed for the rest of the network as well on secondary inftrastuture arranging. Altought is not describet but it is clear from ( sum up 4) that for each infrastuture horizontal surface was enquirem is term all advice from report of rasping (Risck Assessiment Stratgey Planning) aggroup related of a attend of Risk ( natural or artificial) prior to design the all ISP infrastuture, to pr make fornt want of redundacny, avalibility, reliability or even elasticity, the RASP Risk Handling conclusiveness Points guidince was channelisem in hight consideration.Risk Assessments/ commission Strategy PlanningTechmaster ISP, as telecon enterprise that operate in highly demanding national and international market providing admixture of tech service direct to relay on its infrastuture as well on its human resource group capacity to deal and overcame all the possible panics and risck present daily and the RASP team is responsably to investigate and stand by creat or provide safe environment and soluction to help the comp all achive the point.RASP help on the process to identifying, assessing and managing lucks and uncertainties, affected by internal and external events or scenarios, that could restrain the ISP capacity to accomplish its regularityology and key tar go bads with a definitive objective of making and securing comp whatever and custumes value.The RASP team hold periodic and ocasional whem necessary the jeopardy analysis involving take a chance identification, assessing the desirelihood of the event occurring, and defining the severity of the events consequences. As well are they reponsability to conduct a interanl and external pic assessment, which helps identify situations in which the enterprise may be putting itself at increased risk by not playacting certain level of Security police.As all other researche or assessiment the RASP as well condut with final comclusion and recomendadction based on the risk analysis results are summarized in a report to management, with recommended mitigation activities, some of the riscks, holy terrors and vulnerability found and take in consideration by team areRisks, Threats and vulnerability cerebrate to Internet Backbone infrastructure.As any other infrasturure the backbone area and device are not repellent to riscks and threat s, are they natural as earthquake, tsunami, or even human as theaf, intentional damange by undersea investigation veicule or other nachine, and plenteous sea fisher ships all those riscks mast be take in consideration, some of the risck and threts areUndersea animal can bite and damage the fiber optic cable ( conformation-6).Rusting of the cover or protective layer of the fiber optic cable, because of the poor quality manifature (figure-6).Acidental or intentional cuting or damange of fiber cable by fish shipping or any other undersea machine.Acidental or intentional damange of infrastuture at the border end cable connection (sea-earth location), by criminal, curious, hacker, etc when not well safeguarded.Risks, Threats and vulnerability associate to internal spine infrastructure and services.The ability to anticipate opportunities and effectively reply to any risk or threats is critical for any company infrastructures, as it is no longer isolated by type of industry or geography location. Although it becoming more complex in nature and spheric in consequence, the rapidly capacity response to managing as well as mitigating risk and threats are a requirement to survival for company business doggedness, driving a companys into success of fail.To assure the confidentiality, integrity, and availability of all the spine infrastuture, system and services dowers in the company the RASP, identiy and listed some of the main risk, threats and vulnerability that should be aware of People awarnese (any one that can dumbfound entryway in to company are, guest, cusntumes or even trusted employees, etc)Access invasion into restrited area (by unaoutorized somebodys)Natural Incidentes (earthquike, flooding, humidity, hight temperature, fire, air (dust) etc..)Absence or insuficient source of quality resource (Electricity, wather, fuel.)Hight restintion to all service provided and entrywayible by custumer even for roaming employee. either knowing and unknow cyber threa t and attack, (DDoS Attacks, Direct SQL attack, Session Hijacking, Buffer Overflow, Port Scan, etc..) conflicting exploits (RAT, Trojan Horse, Bakdor, Worms, Trojans, Bots),Device Firmware and OS vulnerability, system out update, system and services missconfigured..Sniffing, spoofing, phishing, Social engieering, Port Scaning on border or any infrastuture devices, systemInadequately trained IT staffIntrusion, Hackers, theft (electronically and physically), Backup operators, etc.Security Police to manage and mitigate any incident related to spine infrastructures.As always, The confidentiality, integrity and availability of information, in all its forms, are critical to the on-going functioning and good governance of LSE. Failure to adequately secure information increases the risk of financial and reputational losses from which it may be heavy for LSE to recover. mishap Recovery course of study to manage and mitigate any incident any incident related to spine infrastructures.Cloud C itrix Infrastructure We bring in Citrix Infrastructure in two collocations, Xen- master of ceremonies 1 in Site 1 (Headquarter) and Xen- emcee 2 in Site 2 (Secondary entropy Centre). two Xen legion infrastructure is running under DMZ network as we withstand deployed Xen service for in house use yet.We suck up two major(ip) running service from XenApp and Xen scope. The following architecture entrust elaborate each components of Xen server and how we film deployed it in our infrastructure.XenApp and Xen background signal ArchitectureWe claim 7 major components studios, director, store front console, pvs console, hypervisor console, liberty executive console and machine service console to run Xen App and Xen background knowledge in our infrastructure. To have inlet over the citrix environment users impart require Thin guest or compact Client Machine with citrix receiver.Studios Citrix Studio it is the main management console that change us to manage, configure, depl oy, eliminate the service. We have delivered application and desktop according to the application, bear upon, poesy of people associated and insurance policy to the specialized sections. We have hosted Windows Server 2012 R2, Data vegetable marrow Editions to each incision so when they are get citrix desktop session from windows server itself as it work on the shared environment.ExampleIn suffer subdivision We have hosted applications same(p) putty, open ssh as the employee workings in choke off discussion section have to deal with the customer to check their internet connectivity and access other networking device and servers.In Account Department We have not delivered them putty and other networking application as they dont use and it is not required for they. For the people working under account department we have delivered them account application analogous tally, excel.Citrix manager It is one of the major important components in the Citrix Xen application and de sktop. Citrix Director is basically a meshwork-based tool that helps the IP represent and Help Desk team to monitor and troubleshoot.We have provisioned Administrative Privileged in each department Head of Department(HOD) where s/he can administrator each activity that the employee is performing. Even they can have the real judgment of conviction observe when the employees are dealing with the customer with some specified trouble ticket. We can even modify the role for the administrative user on monitoring utilize Citrix Group Policy.The best thing on deploying Citrix Director is that if any of the customer is having occupation with accessing certain portal or need help on dealing with some stuff past the person do not need to be physically in that location to solve the problem.ExampleOne of the employee from the Account Department have problem opening the web Brower and he call the IT allow Department for help. Back hence before we deployed citrix in our environment one of the employee from IT Support Department had to be in the Account Department physically and try to solve the problem resulting high time consumption and delay in work as the employee must travel whereas using Citrix Director the IT Support Engineer and take shadow (Remote Desktop Connection) within the browser and start assisting. Even at that place are many different way of assisting user i.e text only means where the IT Support Engineer leave behind not be able to view the user desktop but will be able to assist him using text communication in order to nourish user privacy, next one is Shadowing in citrix technical term which is similar to remote desktop connection in two way one without write leave where the Support Engineer can view the user desktop and assist with the issue and the next one is IT Support Engineer and ask keyboard, mouse reserveler where the support engineer itself and take over and work on the issue.Hypervisor To share a resorudes of a device with multipl e virtual machine for XenApp and XenDesktop we have Citrix XenServer using Citrix XenCenter to manage all servers.Store Front User will access to the specific web page which is hosted in IIS using store front according to the department on the browser where the users will be able to access to the specific delivered site using citrix reciver.In the above figure we can fool how user can access to citrix infrastructure. Here in the above figure a user is trying to access to provisioning services i.e. VDI or HSA initial the user get to in the store front from NetScaler which is firewall that we have specify for Citrix Infrastructure the user will use Citrix Gateway wherefore once he will get through the storefront which is basically universal resource locator the user will pass his username and password over the browser thus the request will move other to the XenDesktop Deliver control where it will provide specific provisioned department then the request will get on move to ADDS to check the user account name and password over the SQL to check weather it have the permission or not then finally it will check the citrix manifest server to check the license avalibality for the user if its form the machine it will check Device permission and if its a user request than it will check the User indorse and then the user will get the session from the provisioning server.Figure pussycat of Xen Server 1 and Xen Server 2 with its componentsWe have deployed all these seven components unmarriedly we could even deploy all seven components with in one singe Windows Server but at the end It will fuck off a lot of CUP utilization with the risk of single harm so we have deployed each component in each individual windows server so we have better performance and easy to manage. For Citrix Infrastructure on top of Windows Server Data Centre Edition 2012 and Mysql Server 2010 for managing database.For users to access citrix we have deployed Atrust Thin Client device where , users will get login using Citrix Store Front on web browser where they will be required to pass their username and password. any the username and password will be managed by Active Directory in windows server.Figure Atrust T60 ModelThin Client User can have their Hosted dual-lane Desktop (HSD), Virtual Desktop Infrastructure(VDI), Hosted Shared Application (HSA) using thin client device like Atrust t60.Thick Client User can even access to the Hosted Shared Desktop (HSD), Virtual Desktop Infrastructure(VDI), Hosted Shared Application (HSA) using their experience laptop machine or any end device like tables, booth phone.Citrix Cloud RedundancyFor Citrix Cloud Redundancy,Whole Citrix Infrastructure have been deployed in two major Sites Site1 (Headquarter) and Site2 (Data Centre)Figure HP Blade Server Generation 9 with chasisXen Server 1 and Xen Server 2 have been deployed in two blade servers in heart beat elbow roomBoth Xen Servers are in different colocation zone so if one go es down the service is provided from another(prenominal) source site 2KDC all the license associated with the Citrix and Windows services are within the Key Distribution Center in stain so there is no change of getting access over the key physically or change the key. in all the licensing service are monitored through Microsoft License Management Console every(prenominal) user or device license are monitored by the team of System Engineers where if anyone from the organization leaves or enrol they will update the license where the missuse of licensing is minimalXen Server 1 and Xen Server 2 both service Xen App and Xen Desktop service license is only accessed by the Chef Technical officeholder (CTO) hence, no other employee and stop the server license and if so there is always another license that can we up on from Citrix itself upon pressing requestDisaster Recovery PlanBoth Xen Server 1 and Xen Server 2 works in heart beat regularity so if one goes down there is another server as a backupAs blade server runs with in the signifier in case of any failure citrix service can be migrated immediately with zero data lossFigure HP MSA SAN 2040SAN stock have been configured with two controllers within itself Controller A and Controller B where if any array of SAS Drives goes down it will recover from another array.We have deployed dedicated SAN in each individual Site1 and Site2 where all the compliance and user data are stored. So, in this case even if one SAN goes down there is always another one so its 99.99% safe. Both SAN storage have been configured in RAID 1+0 mode for higher performance.In case of any hazard we have xen center from where we can manage each Xen App and Xen Desktop components. We have agglomerative both Xen Servers as a DataHub Pool name where we will be notified within the central management in case of any disaster.Xen Server 1 and Xen Server 2 both have been configured in our monitoring environment as well so if in case of any network failure our outage in the server we have demonstration in our monitoring application dashboard as well as it will be informed in the email along with the cell phone sms features. So if in case of any disaster in datacentre or if there is any failure in servers the team of system engineers can get into troubleshooting and response quickly.Both of our Data Centre Site1 and Site2 have passed ISO standard for building for data centre so if there is earthquake of 8.5 hector still our data centre will be operational and in case of fire we have go up fire cake system.Power add can be one of the biggest result of disaster, in our environment we have two power supply unit PDU A and PDU B (Power Distribution Unit) so there is always power supply to Xen Server Infrastructure if one goes down there is another one for continue power supply.Threats AssociatedAccording to the recent research the internal threat is increasing more than external threat.Citrix have its own threat control mechani sms and one of its components controlling threats is using Citirx Director.Citrix Administrator can monitor and keep log of each individual users, so every activity performed by the users are captured and monitored.As the Virtual Desktop is provided to user using Citrix provisioning service users will only get the access and permission to files and the application. Where the users cannot copy any data or file from anyone as we have defined permission to make change and view only its own file, so this crop the threat of miss using informations from one another or if any ludicrous vigorouss are found performed by the user beyond their access then it will be reported by the system automatically hence can reduce threat.Each user activity is monitored using Director, for example if any of the user want to install any shadowed malicious code or application the citrix service will not allow them to do so if found then the Citrix administrator and take over the user session and elimina te the task.No any other application can be install in the Xen App or Xen Desktop other than those applications which are predefined by the citrix administration so there are no any threats associated with in this engineering science and the user they cannot make any comment on server.We have group of system engineers monitoring citrix infrastructure using Citrix Director so if in case of any unusual traffic or activities are seen it will act in an instant.All the Citrix request must past though Citrix NetScaler which is firewall and gateway for the internet traffic.PoliciesCitrix Xen App and Xen Desktop have over more than 3000 policies, where we have defined few from themUsers can not access another department other than their own. For Example Employee working for Account Department cannot access the IT Support Department.User only have read/write/delete policy with in their user accountIf user make mistake while passing their username password more than 3 times in a day, then it is suspected to threat or any unauthorized access hence the system will block the user itself. Or if its a genuine request then the user can make a request to change the username and password.Users user name and password authentication have been defined within the windows active directory with citrix policyEach department have its own printer so account department and not use IT department printer this policy have been deployed using Citrix UPS (Universal Printer Service)Figure Defining Citrix Policy for real High commentary User ExperienceIn the above figure the Citrix Administrator have defined the policy for Legacy graphic mode which will enable user to feel real desktop like a physical desktop graphic.ISP Different Department and Their Role level 1 (L1) Support DepartmentSub category for L1 Support Department1. Technical Customer Support Department* Technical Customer Support Department handle all the calls from the customer regarding different services that are provided by the ISP. Example In our ISP our major business is bandwidth and Cloud Service so the our Support Team deals with all the trouble tickets related with the Cloud Service and Bandwidth i.e. a Customer want to have a VPS service over Vmware Exsi with some specific configuration they take the customer requirement and forward it to train 2 System Department.2. Technical On athletic field Customer Support Department* Technical Support Engineers will go on site customer end to configure basic router along with the username and password provided by the L1 Customer Support Department for the Internet Connectivity.Level 2 (L2) and Level 3 (L3) Support DepartmentSub Category for L2 and L3 Support Department1. L2 System Department* L2 System Engineers are trusty to maintain their internal running services and network that are interconnected along with the servers. To manage the running service we have different grease ones palms platform Openstack, Exsi Vmware, Citrix. These department is more over with the operational task to all they need to take care is make sure all the service is up and running.2. L3 System IP Engineering Department* All the explore and Development is done in this department. If there is any new technology in the market this team will to research on it and work closely with the porcument and management team to further continue organization with the advance technology and good business.1. L2 Network Department* This department is more over like l2 system department. They make sure all the internal and external network is operational and working fine. They are responsiable more in manageing internal network and if there is some basic configuration that is required to be done.2. L3 Network IP Engineering Department* This department is responsiable for doing research and development on existing top level network like core network. They are responsiable to test the new device and alanyse whether they are reliable and exist efficient or not for the organization.3. Account Department* Managing Company employee salary, customer billing4. Project Department* Bidding externalize brining new project5. SPI Department* Working with the CMTS network6. NOC Department* Monitoring Different Data Center network connectivity link and mainting all the servers and networking equipment with the data center7. first step Customer Department* Dealing with the big size company6. retail Customer Department Dealing with the retail home user customers open CloudThe Techmaster ISP offers a public cloud to the users where they can pay as you go model. The cloud has some(prenominal) payment options which are provided by the third-party gateway. These payments are Visa/ Mastercard and paypal. There are firewalls and risk management server on the public cloud. The risk management server is provided Viewtrust by Dell to manage the risks ingests all the data and logs. The below plot explains the way the public cloud is setupRisk Management on Techmast ers Public CloudThe techmaster risk management department uses the ISO 31000 for risk management. The risks are evaluated and reviewed time and again. The below diagram explains how the risks are handled on different stagesDue to the high rate of risk Techmaster has implemented the Risk management server which is used to ingest all the logs from the network and the servers online. There are several risks associated to the cloud. Below are the risks associatedRisk Assessment Table for Public CloudScoreRatingDefinition of risksRisks like-hood for CloudScoreLike-hood RatingProbabilityFrequency5 evaluate90-100%Almost quarterly4Highly Likely70-90%Yearly3Likely50-70%Every 2 to 4 years2not likely10-50%Every 4 to 6 years1 subtileEvery 7 Years and BeyondEnterprise Risk Management ServerTechmasters has a risk management server which ingest all the logs from the servers and presents it on different level. Viewtrust solution provides a scalable data ingest, collection, storage, processing platf orm which is currently supporting critical enterprise environments monitoring several devices and processing multitude of data input types from number of sensors as shown below. The sensing element sub-system collects data from multiple legacy and new sensors for collecting Hardware, Software, Vulnerability and variant information about assets within the enterprise. The Collectors are centralized and distributed to collect, process data close to the source. The data once processed is then sent to the store for data normalization and transform using the Business Logic component of Viewtrust. This in turn results into a Common Operational View of the data from multiple sensors. The following diagram depicts and describes the Viewtrust Risk Management Analytics with the continuous monitoring dashboard architectureDisaster recuperation planDisaster recovery plan is one of the most important thing in managing a network. The reason for it is, when a disaster happens, there should be a suitable plan in order to recover the network. So, every organization should have a proper disaster recovery plan with them.What is a disaster?Disaster is an event that can make great harms and damages. There are natural disasters and disasters which occurs because of human activities. Natural disasters can be floods, fires, earthquakes and etc. Because of these natural disasters, physical damages can be happened for the network. Non-natural disasters can be happened because of the events such as hacking network and denial of service.Disaster recovery plan is the method which can be used to avoid these types of disasters. Disaster recovery plan helps to restart operations of a network after a disaster. Disaster recovery plan works with three methods to recover a network after a disaster. Those methods are,RestoringRecoveringReplications and backupsAccording to the ISO 22301 standard for business continuity plan, the following things should be studied,Users, purpose and the scope - here, the reasons for the need of the business continuity plan should be discussed and the objectives of it.Refenc
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment