Assignment 2: XYZ Company Troubleshooting and Maintenance Plan
XYZ Company is currently using a modular network design that divides specific areas of their network by physical or logical connectivity. Like your standard hierarchical design, the XYZ enterprise network consists of a core backbone and campus but it also contains data centers, distribution centers, and an Internet edge. The core layer for any company is always the backbone of the network. The core is where you will find fast and robust network equipment. The focus of this layer is not packet manipulation but speed and reliability of data. At the distribution layer packets are routed between subnets using routers and layer three switches. The very last layer, the access layer, focuses on delivering services to end user devices and allowing access out of the network. Having this type of modularity allows the company to maintain flexibility of its network and also eases the implementation and upgrade process. Since the company is also heavily invested in e-commerce the use of WAN based technology allows XYZ to connect back to its retail point of sale systems which maintain a dynamic inventory and generates restock orders. These systems connect back to XYZ’s regional distribution centers using IPsec over secure VPN tunnels.
Internet Protocol Security (IPsec) is a set of protocols that allows hosts to communicate securely by encrypting the IP packets within a session. It accomplishes this through symmetrical encryption algorithms that tend to be more efficient and easier to implement in hardware. These symmetrical encryption algorithms require a secure method of key exchange to ensure data protection which the internet Key Exchange (IKE) ISAKMP/Oakley protocols provide (“IPSec VPN WAN Design Overview – Cisco,” n.d.).
Typical business employee’s work in offices away from central sites that provide applications and services required for operations. As these services extended to branches and campuses the requirements for increased bandwidth, availability, and security also increase. The XYZ Company has addressed these areas by deploying IPsec VPN’s as part of its WAN strategy. IPsec tunnels work great for securing data because they protect the entire IP packet. They are also only used between secure IPsec Gateways. For example two Cisco routers connected over the Internet via IPsec VPN (“Understanding VPN IPSec Tunnel Mode and IPSec Transport Mode – What’s the Difference?,” 2015). This level of protection ensures as data traverses unsecure networks the information that’s contained is safe from social engineering attacks like XYZ has faced in the past.
For XYZ’s troubleshooting and maintenance plan, I would suggest the divide and conquer approach. Out of all the methods available to diagnose network related issues it is my opinion that the divide and conquer process provides the fastest problem resolution. Starting in the middle of the OSI model lets you quickly determine if your problem resides in the lower or upper levels based on your results. For example, a successful ping test is an indication that the lower layers of the OSI model (data link, physical) are working properly. As you continue to step through the troubleshooting process, you can then use a top down or bottom up approach to focus on the parts of the network where your problem may lie. Although this is a good and balanced approach to troubleshooting, it is by no means static since there are always multiple methods to address a problem. Combining this structured approach with good preparation and technique will prove vital to the health of XYZ’s network.
In addition to being reactive XYZ network technicians should also follow a daily, weekly, and monthly maintenance process to sustain the overall health of the network. Doing so will help increase the network teams knowledge of the companies systems as well as help eliminate problems before they have an opportunity to create major disruptions. Furthermore having a schedule will assist each department in remembering some of the basic yet important network tasks. It’s easy to lose track of day to day maintenance processes when you develop a pattern of just responding to urgent matters. The key here is ensuring that these tasks are routine and part of XYZ’s documented maintenance model. One of the most valuable parts of any network is the personnel who support it. Without routine care and maintenance, even the best-designed networks can fail, and a failure of the network translates to losses in business productivity. The following is the proposed maintenance schedule that XYZ network engineers should adhere to:
Although tasks may differ based on work functions the proposed maintenance plan is universal in that it outlines the bare minimum procedures that should take place on every network. It also provides a guide in which other system administrators can follow and streamline according to their maintenance roles. Installing new hardware, monitoring the network, and performing backups are just some general maintenance activities that all network administrators should perform. Ultimately the standards that each department follows will be based on the requirements of the company and each sections scope of responsibility.
It is my opinion that this troubleshooting and maintenance plan will contribute to the successful operation and performance of XYZ’s enterprise network. In addition, act as a template for other system administrators to write troubleshooting and maintenance plans for their areas of expertise.
XYZ Network Diagram
IPSec VPN WAN Design Overview – Cisco. (n.d.). Retrieved from http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/IPSec_Over.html
Lacoste, R., & Wallace, K. (2015). CCNP routing and switching TSHOOT 300-135 official cert guide. Indianapolis, IN: Pearson Education.
Understanding VPN IPSec Tunnel Mode and IPSec Transport Mode – What’s the Difference?. (2015). Retrieved from http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html