Site To Site Vpn Design And Analysis Information Technology Essay
The ministry of foreign affairs of Qatar deals with all of international affairs and foreign policy of Qatar government and other countries governments. It has around 75 diplomatic missions around the world.
The current methods of communication used to send confidential document are; diplomatic mail, e-mail and fax. Diplomatic mail service would take two to three days to deliver documents. However, faxes and private lines don’t provide any type of security as they are unencrypted.
Network Technologies have been used widely to connect within business sites, and across other sites that are distant away from each other. The emergence of virtual private network have created a secure and cheaper medium for transferring sensitive information, and documents between two or more organizations through public network such as; the internet site-to-site VPN.
Throughout my studying period and work experience in networking technology, I have thought of implementing new technology in my work. My idea is to implement VPN technology to support mailing, and video system in the ministry. This technology will solve many problems such as; providing a lower cost solution of communication and enhancing securing line and sharing confidential documents.
The VPN connection is to be created between the embassy of the state of Qatar in London and the ministry of foreign affairs IT data centre.
Prepare a list of Deliverables
VPN site to site network.
IP telephony to provide cheap phone calls.
Secure tunnel to provide security for the network of Ministry of foreign affairs.
Finding the user Requirements
According to (Sommerville, 2004), Requirements capture involves three different phases which are as follow:
Eliciting requirements
Validating requirements
Recording requirements
All of these separate phases were carried out in order to start the project
Elicit requirements
Both primary and secondary researches were performed to obtain the requirements from two different users who were interviewed and questioned. The two user categories are Ministry of foreign affairs IT staff and some users from the embassy of the state of Qatar in London:
Primary research
Primary research methods are used to generate data which does not already exist.
(Erica & Priest 2009). There primary research techniques were used which were: questionnaire, Interviews and observation.
Observation
I spent few days at the embassy of the state of Qatar in London and I used to work at the IT department of the ministry of foreign affairs and from that I observed the following problems with the current communication and file sharing systems:
The only way of making a phone call is via the normal PBX; International call from Doha to London and vice versa which has the following disadvantages:
The cost of the voice conversations are very high
Only Voice conversation can be made; Video call conferencing can’t be established
Lack of security; any one can hack into the voice conversation and listen to it
Sending files and important document are done by using faxes which again has a higher cost and non-secure at all
To solve the problem of the fax security diplomatic mails were used but again it is very slow as it takes 3 to 4 days to reach the destination
Sending files by emails are used too but again it might be hacked and any one can read the important document sent by the e-mail
Interviews and questionnaires
An evaluation of a proposal designed was carried out to determine the difficulty of running the designated project and to determine the benefits of the proposed solution; feasibility study.
Several interviews was carried out with the IT stuff at the Ministry head quarter and with some users at the embassy of the state of Qatar in London and from these interviews ( see Appendix A) the following points were concluded:
From the questionnaires, the user requirements can be concluded as follow:
IT Staffs
IT staff are controlled from the finical department with the budget so they need a cost effective solution for the voice conversation
Security is a very important feature that the IT staff look for
They need to get rid of the diplomatic mails
They need a better way of a fast and secure file sharing
Embassy users
They need to call the ministry of foreign affairs almost every day due to business need which cost them a lot using the existing technology
They are sending a lot of confidential document to the head quarter using the diplomatic mail. They need a faster way and hence still very secure.
They need and organised filing electronic files system that is linked to the HQ
Sometimes, they need to make secure phone calls for security reasons.
Validating requirements
After gathering the data from the questionnaires and observation I have deeply analysed it to ensure that it is clear and does not make any conflicts with the IT HQ.
Recording requirements
Both the users and the IT staff requirements were recorded in a nice readable way.
Primary research results
Form the primary research results I came up with the VPN, virtual private network, solution which can fulfil the user requirements.
The following points are the benefits from the new proposed VPN solution:
Cost effective connectivity method and significant reduction of the monthly cost as the calls can be made over the internet (Voice over IP or VoIP)
The calls can be secured as site-to-site-VPN can be used that has encryption capacities; the Site to site VPN Creates a secure tunnel between cooperate and the branch office
Site-to-site VPN creates an encrypted tunnel between main office and its branches.
Shared applications and services using electronic archiving system can be accessed remotely from the embassy to the servers at the head quarter.
File and document mailing can be done in a fast and secure ways; as all the data and e-documents are encrypted and can only be read by the end user who has the decryption key.
The system has a minimum downtime when performing any required upgrades; “availability” (Andersson etal 2006).
The system is flexible to include modifications or any branch addition in the future.
The system can operate on various platforms easily as the VPN used over internet which is available almost everywhere.
The system is easy to learn and use and user documentation will be provided too.
Secondary research
A secondary research was conducted based on the primary research results and the user requirements. Background theory about VPN technology is mentioned in the next section followed by a practical uses of the VPN and a practical implementation of the project.
VPN Background theory
A virtual private network (VPN) is a computer network that uses a public network like the internet that can provide secure connectivity between remote offices and users with their head quarter or main office. The main benefit of VPN is to provide a non-expensive ways of communication as owing a private telecommunication lines are very expensive; VPN Enhances Productivity and Cuts Costs.
The data are transferred between the head quarter and the remote sites in a secure ways as Encryption is used to encrypt the data.
The following picture is an example of an internet VPN:
Figure 1: Internet VPN (WIKIPEDIA, 2010).
Some companies like CISCO and Juniper provides VPN solutions to the customers that has exceptional security features through encryption and authentication technologies that protect data in transit from unauthorized access and attacks. An intensive research was performed to study these two solutions to learn their practical requirements and uses.
CISCO for example provides two VPN technologies (VPN, 2010) that are Site-to-Site and remote access.
-Site-to-site
Figure 2: Site- to -site VPN (WIKIPEDIA, 2010).
It extends network resources to branch offices by using the internet to create a WAN, wide area network, infrastructure; all traffic between sites is encrypted using IPsec protocol Cisco VPNs also offer:
Reliable transport of complex, traffic, such as voice (which is what we need in our project)
Simplified provision
Integrated advanced network intelligence
-Remote Access VPNs
Figure 3: Remote access VPN (WIKIPEDIA, 2010).
Remote access VPNs extend almost any data, voice, or video application to the remote desktop, emulating the main office desktop so that anyone, at any time and at any where can access the main desktop.
IP telephony
IP telephony is the use of the internet infrastructure to transmit voice. The protocol commonly employed to achieve this feature is the voice over internet protocol (VoIP). Organizations are realizing the cost cutting benefits by employing VoIP for voice transmission from the advent of the internet and data networks (Vbulletin 2010). Rather than have a dedicated network to cater for the transmission of voice, the internet infrastructure comprising of data networks continues to prove vital in the accomplishment of IP telephony. IP telephony supports consistent voice communication. The Cisco Unified Communication has realized the major benefits of the IP telephony in today’s corporate world and has invested in providing Cisco IP telephony solutions. IP telephony has a number of benefits for:
Providing a highly reliable communication channel that is also scalable. This takes advantage of the available LAN and WAN.
IP telephony results in improved employee productivity by use of supporting solutions such as the Cisco Unified Communication.
The suitability of the Cisco Unified Communication solution offers a number of services such as voice delivery, video, mobility and the support of IP phones. This range of products makes IP telephony an aspect that can literally transform the communication requirements of any organization. Most firms are exploring the wide range of options available to IP telephony and are making huge cost benefit advancements towards this goal (Stellman & Greene 2005).
The role played by IP telephony can therefore not be underestimated and as more and more firms are hooking on to the internet, the data network infrastructure is coming out as an important factor in the promotion of IP telephony (IP telephony – Cisco systems 2010) (refer to Figure 8 in appendix B)
System Requirements:
Figure 4: Real-life site-to-site VPN scenario (CISCO, 2010).
For real life scenario, the following equipments are required for implementation:
WAN Cisco routers with static public IPs
Cisco PIX firewall on each site
Cisco Call Manager in the HQ
Cisco Switches
Cisco IP phones
Figure 5: PIX firewalls establish the VPN tunnel (CISCO, 2010)
Each Cisco routers provide internet connectivity for its network. Both networks must have public IP assigned by the Internet providers. PIX firewalls are used to negotiate and establish the VPN tunnel between two ends. The Cisco CallManager is used to handle all of the VOIP calls and it acts as PBX. Extra feature can be used at the branch end by adding a Cisco CallManager express on the top of the router (i.e. Cisco Integrated Services Router). In case of the VPN tunnel failure, the Cisco CallManager Express can still handle calls inside the branch network thus the employees can call each others.
For the demonstration scenario, I will use GNS3 network simulator to simulate the VPN tunnel between the two ends. (GNS 3, 2010). The diagram below shows site-to-site VPN – IPsec over GRE Tunnel:
Figure 6: Site-to-site VPN -IPSec over GRE tunnel.
For VOIP demonstration, I will use the following equipments:
ADSL Cisco router (857)
Broadband Cisco router (861) , with static public IP
Linksys ATA (SPA 3102 and SPA 2102)
The two Cisco routers will negotiate and establish the VPN tunnel. The Linksys SPA 3102 will acts as PBX and also can be connected to the PSTN telephone network using the FXO port. The Linksys SPA 2102 acts as an ATA (Analog Telephone Adapter). It will convert VOIP calls to analog calls.
Resources required for implementation
A PC work station.
Broadband Internet connection, with static Public IP.
GNS3 Network Simulator.
Risk assessment
Risk management is important in order to ensure the successful completion of this phase of the project and also the complete project. (Nielsen 1993).
Table 1: Risk Management.
Type of risk
Description
Risk Level
Risk management plan
Misunderstanding the requirement requirements
The requirements are recorded from the users but maybe not understood
Low
Double checking the requirement with as much user as they are available
Non-available resources
The project resource might not be available at the project implementation time
Medium
Ensure all resources are reserved before starting the project implementation
Dead-line of the project is not met
Missing the dead line as we might take more time than expected
Medium
Produce Gantt chart and ensure it is met
System delay an latency
There might be some delay and latency in the call conversation due to the nature of the internet
Low
Ensure high quality encryption devices and VPN routers are used to reduce the delay into a minimum figure
Phone System down (internet dependant)
Because the phone system depends on the internet it might be down in case of the internet is down
Very low
Ensure there is an emergency phone that can be used in this case or a cellular phone
Quality management
The quality in the context of project management can be defined as “The quality in the context of project management can be defined for short as the systematic monitoring and evaluation of a certain project to check wither it met the customer expectation or not. By applying such process the engineer or the designer of the project can confirm the project requirement before submitting it to the user. (QA, 2010).
The main aim of this project is to transfer both voice and data in a fast and secure way so four main parts needs to be checked after the project implementation to establish the requirements that are connectivity, security, phone calls, and file transfers that are listed in the following table:
Table 2: Quality management and testing plans.
The element to be tested
The performed task
The Schedule
Fast connectivity
Establishing the VPN tunnels and monitor how long it take to finish the connection established
March
2010
Security
Turn on encryption and try to read the data by using a sniffer program. If a clear text is found it means the encryption is not working well.
March 2010
File transfer
Trying to transfer different file sizes 1kb – 1Gb and check how efficient is it to transfer big file size and what how long the process takes
April
2010
Voice calls
Making a phone calls and check for very important parameters such as, the quality of the sound, Delay, echo, jitter and so on
April
2010
Revising the Plan and the Gannt Chart
The project has been approved by the instructors from Bradford College, upon that the action plan I did initially, however, I made a slight changes to it as I put a more detailed tasks. Also a Gannt chart was done to view the plan in a nice and readable way.
Table 3: Detailed description of the plan:
Activity
Detailed Description
Target Date
Other Comments
Milestones & CPA
1-project proposal
2-analysis and design
3-implementation of design(VPN)
4- Test& Evaluate the implemented solution
20th,10, 2010
13th, 12, 2010
20th , 1, 2011
1st, 3 2011
Update the deliverables
-add more details to my deliverables to make more specified for matching my aim.
27th, 10 ,2010
Continually update your project log
To note down what I have done, include picture and brief description.
27th, 10, 2010
Viewing existing research example/evaluate/working
Check the research I have found for the proposal and see how I am going to use it for my plan and design
3rd, 11, 2010
Select primary research methods
Observation and questionnaires
Was performed by interviewing some users from the IT section and from the Embassy of Qatar in London
10th ,11, 2010
Analysing the results
Studying and analysing the user feedbacks implement the right project the fulfil their needs.
13th,11, 2010
Secondary research
Conducting a secondary research based on the users feedback
15th,11, 2010
Collate research of specific websites/book/e-journals for which knowledge is necessary
For further knowledge need to upgrade the system I have to find some books and e-journals must be taken
18th,11, 2010
The books will be taken from the recommended websites.
VPN theory
Collecting some Background theory about VPN
19th ,11,
2010
Design the Project
20th-26th 11, 2010
Overview for the design
Check my design and see how I can improve it and make it more clear to understand
27th, 11,2010
Risk assessment
Check the risk side of the VPN and how this is a safe environment to use
28th,11, 2010
According to what will be provided by Bradford collage.
Quality Management
Evaluation plan will be created to test that the project met the users requirements
29th, 11, 2010
Finalise design documentation
Making sure everything from the proposal is included to the design and plan
30th,11, 2010
Final Report
Checking the final documentation for my report before handing the final draft
9th,12, 2010
Starting the Implementation of the project
20th , 1, 2011
Testing and evaluation of the practical work
Based on the Quality management plan
1st ,3,2011
Figure 7: Gannt Chart for the project
Order Now