Site To Site Vpn Design And Analysis Information Technology Essay

The ministry of foreign affairs of Qatar deals with all of international affairs and foreign policy of Qatar government and other countries governments. It has around 75 diplomatic missions around the world.

The current methods of communication used to send confidential document are; diplomatic mail, e-mail and fax. Diplomatic mail service would take two to three days to deliver documents. However, faxes and private lines don’t provide any type of security as they are unencrypted.

Network Technologies have been used widely to connect within business sites, and across other sites that are distant away from each other. The emergence of virtual private network have created a secure and cheaper medium for transferring sensitive information, and documents between two or more organizations through public network such as; the internet site-to-site VPN.

Throughout my studying period and work experience in networking technology, I have thought of implementing new technology in my work. My idea is to implement VPN technology to support mailing, and video system in the ministry. This technology will solve many problems such as; providing a lower cost solution of communication and enhancing securing line and sharing confidential documents.

The VPN connection is to be created between the embassy of the state of Qatar in London and the ministry of foreign affairs IT data centre.

Prepare a list of Deliverables

VPN site to site network.

IP telephony to provide cheap phone calls.

Secure tunnel to provide security for the network of Ministry of foreign affairs.

Finding the user Requirements

According to (Sommerville, 2004), Requirements capture involves three different phases which are as follow:

Eliciting requirements

Validating requirements

Recording requirements

All of these separate phases were carried out in order to start the project

Elicit requirements

Both primary and secondary researches were performed to obtain the requirements from two different users who were interviewed and questioned. The two user categories are Ministry of foreign affairs IT staff and some users from the embassy of the state of Qatar in London:

Primary research

Primary research methods are used to generate data which does not already exist.

(Erica & Priest 2009). There primary research techniques were used which were: questionnaire, Interviews and observation.

Observation

I spent few days at the embassy of the state of Qatar in London and I used to work at the IT department of the ministry of foreign affairs and from that I observed the following problems with the current communication and file sharing systems:

The only way of making a phone call is via the normal PBX; International call from Doha to London and vice versa which has the following disadvantages:

The cost of the voice conversations are very high

Only Voice conversation can be made; Video call conferencing can’t be established

Lack of security; any one can hack into the voice conversation and listen to it

Sending files and important document are done by using faxes which again has a higher cost and non-secure at all

To solve the problem of the fax security diplomatic mails were used but again it is very slow as it takes 3 to 4 days to reach the destination

Sending files by emails are used too but again it might be hacked and any one can read the important document sent by the e-mail

Interviews and questionnaires

An evaluation of a proposal designed was carried out to determine the difficulty of running the designated project and to determine the benefits of the proposed solution; feasibility study.

Several interviews was carried out with the IT stuff at the Ministry head quarter and with some users at the embassy of the state of Qatar in London and from these interviews ( see Appendix A) the following points were concluded:

From the questionnaires, the user requirements can be concluded as follow:

IT Staffs

IT staff are controlled from the finical department with the budget so they need a cost effective solution for the voice conversation

Security is a very important feature that the IT staff look for

They need to get rid of the diplomatic mails

They need a better way of a fast and secure file sharing

Embassy users

They need to call the ministry of foreign affairs almost every day due to business need which cost them a lot using the existing technology

Read also  The Basics Of Opnet It

They are sending a lot of confidential document to the head quarter using the diplomatic mail. They need a faster way and hence still very secure.

They need and organised filing electronic files system that is linked to the HQ

Sometimes, they need to make secure phone calls for security reasons.

Validating requirements

After gathering the data from the questionnaires and observation I have deeply analysed it to ensure that it is clear and does not make any conflicts with the IT HQ.

Recording requirements

Both the users and the IT staff requirements were recorded in a nice readable way.

Primary research results

Form the primary research results I came up with the VPN, virtual private network, solution which can fulfil the user requirements.

The following points are the benefits from the new proposed VPN solution:

Cost effective connectivity method and significant reduction of the monthly cost as the calls can be made over the internet (Voice over IP or VoIP)

The calls can be secured as site-to-site-VPN can be used that has encryption capacities; the Site to site VPN Creates a secure tunnel between cooperate and the branch office

Site-to-site VPN creates an encrypted tunnel between main office and its branches.

Shared applications and services using electronic archiving system can be accessed remotely from the embassy to the servers at the head quarter.

File and document mailing can be done in a fast and secure ways; as all the data and e-documents are encrypted and can only be read by the end user who has the decryption key.

The system has a minimum downtime when performing any required upgrades; “availability” (Andersson etal 2006).

The system is flexible to include modifications or any branch addition in the future.

The system can operate on various platforms easily as the VPN used over internet which is available almost everywhere.

The system is easy to learn and use and user documentation will be provided too.

Secondary research

A secondary research was conducted based on the primary research results and the user requirements. Background theory about VPN technology is mentioned in the next section followed by a practical uses of the VPN and a practical implementation of the project.

VPN Background theory

A virtual private network (VPN) is a computer network that uses a public network like the internet that can provide secure connectivity between remote offices and users with their head quarter or main office. The main benefit of VPN is to provide a non-expensive ways of communication as owing a private telecommunication lines are very expensive; VPN Enhances Productivity and Cuts Costs.

The data are transferred between the head quarter and the remote sites in a secure ways as Encryption is used to encrypt the data.

The following picture is an example of an internet VPN:

Figure 1: Internet VPN (WIKIPEDIA, 2010).

Some companies like CISCO and Juniper provides VPN solutions to the customers that has exceptional security features through encryption and authentication technologies that protect data in transit from unauthorized access and attacks. An intensive research was performed to study these two solutions to learn their practical requirements and uses.

CISCO for example provides two VPN technologies (VPN, 2010) that are Site-to-Site and remote access.

-Site-to-site

Figure 2: Site- to -site VPN (WIKIPEDIA, 2010).

It extends network resources to branch offices by using the internet to create a WAN, wide area network, infrastructure; all traffic between sites is encrypted using IPsec protocol Cisco VPNs also offer:

Reliable transport of complex, traffic, such as voice (which is what we need in our project)

Simplified provision

Integrated advanced network intelligence

-Remote Access VPNs

Figure 3: Remote access VPN (WIKIPEDIA, 2010).

Remote access VPNs extend almost any data, voice, or video application to the remote desktop, emulating the main office desktop so that anyone, at any time and at any where can access the main desktop.

IP telephony

IP telephony is the use of the internet infrastructure to transmit voice. The protocol commonly employed to achieve this feature is the voice over internet protocol (VoIP). Organizations are realizing the cost cutting benefits by employing VoIP for voice transmission from the advent of the internet and data networks (Vbulletin 2010). Rather than have a dedicated network to cater for the transmission of voice, the internet infrastructure comprising of data networks continues to prove vital in the accomplishment of IP telephony. IP telephony supports consistent voice communication. The Cisco Unified Communication has realized the major benefits of the IP telephony in today’s corporate world and has invested in providing Cisco IP telephony solutions. IP telephony has a number of benefits for:

Read also  The Eniac Computer the first processor invented

Providing a highly reliable communication channel that is also scalable. This takes advantage of the available LAN and WAN.

IP telephony results in improved employee productivity by use of supporting solutions such as the Cisco Unified Communication.

The suitability of the Cisco Unified Communication solution offers a number of services such as voice delivery, video, mobility and the support of IP phones. This range of products makes IP telephony an aspect that can literally transform the communication requirements of any organization. Most firms are exploring the wide range of options available to IP telephony and are making huge cost benefit advancements towards this goal (Stellman & Greene 2005).

The role played by IP telephony can therefore not be underestimated and as more and more firms are hooking on to the internet, the data network infrastructure is coming out as an important factor in the promotion of IP telephony (IP telephony – Cisco systems 2010) (refer to Figure 8 in appendix B)

System Requirements:

Figure 4: Real-life site-to-site VPN scenario (CISCO, 2010).

For real life scenario, the following equipments are required for implementation:

WAN Cisco routers with static public IPs

Cisco PIX firewall on each site

Cisco Call Manager in the HQ

Cisco Switches

Cisco IP phones

Figure 5: PIX firewalls establish the VPN tunnel (CISCO, 2010)

Each Cisco routers provide internet connectivity for its network. Both networks must have public IP assigned by the Internet providers. PIX firewalls are used to negotiate and establish the VPN tunnel between two ends. The Cisco CallManager is used to handle all of the VOIP calls and it acts as PBX. Extra feature can be used at the branch end by adding a Cisco CallManager express on the top of the router (i.e. Cisco Integrated Services Router). In case of the VPN tunnel failure, the Cisco CallManager Express can still handle calls inside the branch network thus the employees can call each others.

For the demonstration scenario, I will use GNS3 network simulator to simulate the VPN tunnel between the two ends. (GNS 3, 2010). The diagram below shows site-to-site VPN – IPsec over GRE Tunnel:

Figure 6: Site-to-site VPN -IPSec over GRE tunnel.

For VOIP demonstration, I will use the following equipments:

ADSL Cisco router (857)

Broadband Cisco router (861) , with static public IP

Linksys ATA (SPA 3102 and SPA 2102)

The two Cisco routers will negotiate and establish the VPN tunnel. The Linksys SPA 3102 will acts as PBX and also can be connected to the PSTN telephone network using the FXO port. The Linksys SPA 2102 acts as an ATA (Analog Telephone Adapter). It will convert VOIP calls to analog calls.

Resources required for implementation

A PC work station.

Broadband Internet connection, with static Public IP.

GNS3 Network Simulator.

Risk assessment

Risk management is important in order to ensure the successful completion of this phase of the project and also the complete project. (Nielsen 1993).

Table 1: Risk Management.

Type of risk

Description

Risk Level

Risk management plan

Misunderstanding the requirement requirements

The requirements are recorded from the users but maybe not understood

Low

Double checking the requirement with as much user as they are available

Non-available resources

The project resource might not be available at the project implementation time

Medium

Ensure all resources are reserved before starting the project implementation

Dead-line of the project is not met

Missing the dead line as we might take more time than expected

Medium

Produce Gantt chart and ensure it is met

System delay an latency

There might be some delay and latency in the call conversation due to the nature of the internet

Low

Ensure high quality encryption devices and VPN routers are used to reduce the delay into a minimum figure

Phone System down (internet dependant)

Because the phone system depends on the internet it might be down in case of the internet is down

Read also  Integrated Library Management Utility From Prospects

Very low

Ensure there is an emergency phone that can be used in this case or a cellular phone

Quality management

The quality in the context of project management can be defined as “The quality in the context of project management can be defined for short as the systematic monitoring and evaluation of a certain project to check wither it met the customer expectation or not. By applying such process the engineer or the designer of the project can confirm the project requirement before submitting it to the user. (QA, 2010).

The main aim of this project is to transfer both voice and data in a fast and secure way so four main parts needs to be checked after the project implementation to establish the requirements that are connectivity, security, phone calls, and file transfers that are listed in the following table:

Table 2: Quality management and testing plans.

The element to be tested

The performed task

The Schedule

Fast connectivity

Establishing the VPN tunnels and monitor how long it take to finish the connection established

March

2010

Security

Turn on encryption and try to read the data by using a sniffer program. If a clear text is found it means the encryption is not working well.

March 2010

File transfer

Trying to transfer different file sizes 1kb – 1Gb and check how efficient is it to transfer big file size and what how long the process takes

April

2010

Voice calls

Making a phone calls and check for very important parameters such as, the quality of the sound, Delay, echo, jitter and so on

April

2010

Revising the Plan and the Gannt Chart

The project has been approved by the instructors from Bradford College, upon that the action plan I did initially, however, I made a slight changes to it as I put a more detailed tasks. Also a Gannt chart was done to view the plan in a nice and readable way.

Table 3: Detailed description of the plan:

Activity

Detailed Description

Target Date

Other Comments

Milestones & CPA

1-project proposal

2-analysis and design

3-implementation of design(VPN)

4- Test& Evaluate the implemented solution

20th,10, 2010

13th, 12, 2010

20th , 1, 2011

1st, 3 2011

Update the deliverables

-add more details to my deliverables to make more specified for matching my aim.

27th, 10 ,2010

Continually update your project log

To note down what I have done, include picture and brief description.

27th, 10, 2010

Viewing existing research example/evaluate/working

Check the research I have found for the proposal and see how I am going to use it for my plan and design

3rd, 11, 2010

Select primary research methods

Observation and questionnaires

Was performed by interviewing some users from the IT section and from the Embassy of Qatar in London

10th ,11, 2010

Analysing the results

Studying and analysing the user feedbacks implement the right project the fulfil their needs.

13th,11, 2010

Secondary research

Conducting a secondary research based on the users feedback

15th,11, 2010

Collate research of specific websites/book/e-journals for which knowledge is necessary

For further knowledge need to upgrade the system I have to find some books and e-journals must be taken

18th,11, 2010

The books will be taken from the recommended websites.

VPN theory

Collecting some Background theory about VPN

19th ,11,

2010

Design the Project

20th-26th 11, 2010

Overview for the design

Check my design and see how I can improve it and make it more clear to understand

27th, 11,2010

Risk assessment

Check the risk side of the VPN and how this is a safe environment to use

28th,11, 2010

According to what will be provided by Bradford collage.

Quality Management

Evaluation plan will be created to test that the project met the users requirements

29th, 11, 2010

Finalise design documentation

Making sure everything from the proposal is included to the design and plan

30th,11, 2010

Final Report

Checking the final documentation for my report before handing the final draft

9th,12, 2010

Starting the Implementation of the project

20th , 1, 2011

Testing and evaluation of the practical work

Based on the Quality management plan

1st ,3,2011

Figure 7: Gannt Chart for the project

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)