Project Accomplishments
Download
Report
Transcript Project Accomplishments
www.bassys.net
BASSYS.NET
Business Applied Solutions and Security Systems
Network and Security Design
Project Accomplishments
“Experience Matters”
US: 4484 Sawgrass Court, Chino Hills, CA 91709
714.982.9349 909.518.5980
Philippines: 0513 Washington Street, Green Meadows Subdivision
Mabiga, Mabalacat, Pampanga
0917.502.2091
Project Roles
Consulting
◦ Project participation as Subject Matter Expert (SME)
Lead Network and Security Architect
◦ Leads network and security related design
Network and Security Consulting
◦ Leads client advisory and consulting
Network Project Oversight
◦ Performs project audits on design and implementation
Experience
◦
◦
◦
◦
Over 20 years
Global and Enterprise Network and Security Architecture
Proven and Best-Practice Technical Solutions
Process and Methodology development
CCENT® Certification
Design and implementation of a Global MPLS network
Project:
Enterprise Network Design
◦ 32 Nodes / 2 Data Centers
and
Implementation
◦ 12,000
clients
◦ Multi-continent DHCP service
Dual-carrier implementation provides redundancy and
increases up-time
Dynamic routing provides instant recovery
Use of industry proven equipment: Cisco Systems
Use of Tier-1 providers for Local, Backbone, TransPacific and Trans-Atlantic
$30M Project – Services, Hardware and Resources
Enterprise Network Design
5505
DSL
3ms
SoCal #3
5505
DSL
5505
DSL
VPN
Client
VPN
Service
DR
Site
#2
~1050
DS3
4ms
SoCal #2
9ms
1ms
1ms
OC192
1Gb
--62
s
M
1ms
MON 2 x 10Gig-E
1ms
1ms
2
x
2G
MB
1ms
N
O
22
s
29
—
ms
45
—
-Mb
45
-Mb
5
4
s—
ms
MidWest
#4
—
D
F
MidWest
#1
1G
ig
b--
MidWest
#3
ig
1G
b-45M
ms —
MidWest
#2
45Mb44ms—
Canada
45Mb-52ms—
--211ms
MPLS Carrier #1
Mb
23
57ms—
MPLS B2B
Singapore --45Mb--238ms
#1
--45Mb—214ms
10Mb--
OffShore
Partner
#4
47ms-45Mb--
MPLS Carrier #2
45 Mb
Data Center
#2
-Mb
b-
34
2ms
50
M
45 M
s—
49m
b--5
9ms
--25
Mb-48m
s
--20Mb Eth
45
s—
m
37
--25
M
#3
m
42
Backup
Data
Center
MPLS B2B
OffShore
Partner
ms
29
Date Center
#3
M
SR
ms
OffShore --4
5M
B—
Partner
6 0m
#2
--45
s
Mb-42m
s
Singapore
#2
MON 4 x 2G SRDF
--6
5m
0ms
-3
—3
2 Mb
m
--21
2M
b-
--62
b-1
8
ms
41
b—
5 M 4 ms
2
b--
5M
#1
-- 4
--4
OffShore
Partner --8M
22
M
3Mbps
3rd Party
Internet
Backup
Data
Center
b-
s
-- 6
1Gb
Internet
1ms
2M
m
SoCal #1
2 x 1 Gig Async Repl.
Main
Data
Center
N/A
155
Mb
1ms
1Gb
28ms
62
38
DR Site #1
2 x 1 Gig
100Mb
3rd Party
50 Mb
-
O
N
b—
4ms
Arizona
1G
ig
-E
M
2ms
1Gb
2ms
Mb
45
x
22
1 Gb
DS3
1Gb
2ms
SoCal
Data Center
#2
Data Center
#1
3Mbps
2
--6
1Gb
Internet
1 Gb
3rd Party
VPN
Service
Partner
2ms
1 Gig
SoCal #4
New
York
52ms—45Mb--
Internet
50ms-45Mb--
--45Mb--201ms
--45Mb—1
M
--45
b--1
38 m
28 m
s
28m
m
24
-1
b-
28ms
Mumbai
5M
--4
B-
3
-1
Geneva
9m
Geneva
s
100 Mb
#2
2 x 1Gb
1ms
2 x 1Gb
120ms
ms
ms
44
48
-- 2
—2
Mb
Mb
--2
-- 4
London
#2
--45Mb—
s
5M
54 m
5M
—1
Eth
36
ms
-- 4
Mb
--4
Tokyo #2
b-1
th
bE
s
32
8ms
--50
s/4
8m
s
s/4
4m
ms
Tokyo #1
M
100
Washington
D.C.
48ms—45Mb--
94ms
2ms
45 Mb
Internet
100 Mb
1ms
London
#1
#1
100 Mb
17ms
48
—6
M
ms
—
b--
—4
s—
4
6M
5M
b
5M
b --
Palm
Beach
46ms—
45Mb--
b--
Atlanta
38m
s—4
East
Coast
#1
-
5 Mb
50
Mb
2ms
100Mb
Hong
Kong
2ms
100 Mb
China
--
#3
2ms
50
East Coast
#2
East
Coast
M
b
Design of Internet Perimeter Security
Project:
Global Network Security
Implementation of Design to Global sites
Design
and Zones:
Implementation
Best Practice
Secure Production, DMZ,
Internet
Defense in Depth: Firewalls and Intrusion
Detection Systems
Proxy and Content Filtering Services with the use
of Blue Coat
Use of Information Security Best Practices
Use of proven security technology: Checkpoint,
Blue Coat, McAfee, Log Logic
$20M Project – Services, Hardware and
Resources
Global Network Security Design
Design of
Data Center
– Racks,
Power,
Project:
Design
and Build
of Data
Connectivity
Center
High-Availability Design:
◦ Local and Wide Area Network diversity
◦ Power diversity
Migration of equipment from current Data
Center to new Data Center
Use of proven technology: Cisco Systems
$25M Project – Services, Hardware and
Resources
Data Center Design
To Campus
Core or to
Edge distribution
Core module
Control service
Optional
Optional
IDS/IPS or
DLP
Appliance
Access
Control
General trusted zone A
(Non - production)
General trusted zone B
(production)
Development
environment
Cache
Director
(optional)
Distribution
Layer
Cache
Director
(optional)
Load
balancer
(optional)
Load
balancer
(optional)
Distribution
Layer
Load
balancer
(optional)
Load
balancer
(optional)
FC
Access
Presentation
Layer
Web
Web
Web
Web
Web
Web
Web
Access
Web
Web
Web
Web
E-mail
Call Manager
Web
App dev
server
App
Dev
App dev
App Dev
Database
Dev
Database
Dev
SAN
NAS
To Data center or campus
core module
App Server
App server
App server
App server
Test/QA
environment
Control service
Optional
Optional
Cache
Director
(optional)
Presentation/Web –
Application layer
IDS/IPS or
DLP
Appliance
Access
Control
Load
balancer
(optional)
Control service
Optional
Optional
IDS/IPS or
DLP
Appliance
Access
Control
FC
Application
Layer
App
App
App
App
App
Web
Web
App Test
server
App
Test
App Test
App Test
Database
Test
Database
Test
SAN
NAS
To Data center or campus
core module
Research
Lab
Control service
Optional
Optional
IDS/IPS or
DLP
Appliance
Access
Control
Database
server
Database
server
Database
server
NAS
NAS
Cache
Director
(optional)
NAS
Load
balancer
(optional)
FC
FC
FC
Database
server
Database
server
Database
server
NAS
NAS
NAS
SAN
SAN
Web
Database Layer
FC
SAN
FC
SAN
Data Center Module – Logical View
Web
App Test
server
App
Test
App Test
App Test
Database
Test
Database
Test
SAN
NAS
Project: Design and Build of Corporate
Campus
Design of multi-building campus environment
Design of Wide Area Network diversity
Design of Local Area Network connectivity
Design of Wireless Network connectivity
Design of Audio/Video Network
Management of facility relocation from current site to new
campus site
Use of proven technology: Cisco Systems, Blue Coat
◦ Carrier entrance diversity
◦ Multi-path fiber (single and multi-mode)
◦ Corporate Access
◦ Guest Access
$80M Project – Services, Hardware and
Resources
Corporate Campus Design
To Data center or campus
core module
IP
IP
Laptop
Laptop
LWAPP
General trusted zone A
(Non - production)
Development
environment
Cache
Director
(optional)
LWAPP
AP
Load
balancer
(optional)
AP
Wireless
VLAN
Wireless
VLAN
Wireless
VLAN
Video Vlan
Wireless
VLAN
AP
Voice VLAN
LWAPP
AP
Data VLAN
Voice VLAN
Video Vlan
Data VLAN
LWAPP
Video Vlan
Data VLAN
Voice VLAN
Data VLAN
Voice VLAN
Video Vlan
FC
Access layer
Web
Floor Access layer
Web
App dev
server
App
Dev
App dev
App Dev
Floor Access layer
Database
Dev
Database
Dev
NAS
SAN
To Data center or campus
core module
Test/QA
environment
Cache
Director
(optional)
Load
balancer
(optional)
Distribution
Layer
FC
Buiding module
Web
Web
App Test
server
App
Test
App Test
App Test
Database
Test
NAS
SAN
Database
Test
To and from Campus Core or
WAN core
To Data center or campus
core module
IP
IP
Laptop
Laptop
Load
balancer
(optional)
LWAPP
AP
AP
Wireless
VLAN
Wireless
VLAN
AP
LWAPP
Wireless
VLAN
Video Vlan
Wireless
VLAN
AP
Voice VLAN
LWAPP
Data VLAN
Voice VLAN
Video Vlan
Data VLAN
LWAPP
Research
Lab
Cache
Director
(optional)
Video Vlan
Data VLAN
Voice VLAN
Data VLAN
Voice VLAN
Video Vlan
FC
Access layer
Web
Floor Access layer
Web
App Test
server
App
Test
App Test
App Test
Database
Test
NAS
SAN
Database
Test
Floor Access layer
General trusted zone B
(production)
To Data center or campus core
module
Distribution
Layer
Distribution
Layer
Presentation/Web –
Application layer
Load
balancer
(optional)
Load
balancer
(optional)
Buiding module
Access
To and from Campus Core or
WAN core
IP
IP
LWAPP
Wireless
VLAN
AP
Web
E-mail
Call Manager
App Server
App server
App server
App server
LWAPP
AP
Control service
Wireless
VLAN
Voice VLAN
Video Vlan
Wireless
VLAN
AP
Data VLAN
LWAPP
Wireless
VLAN
Voice VLAN
Video Vlan
Data VLAN
AP
Web
Laptop
Laptop
LWAPP
Optional
Optional
Video Vlan
Data VLAN
Access
Control
Voice VLAN
Video Vlan
Data VLAN
Voice VLAN
IDS/IPS or
DLP
Appliance
Access layer
Floor Access layer
Floor Access layer
Database
server
Database
server
Database
server
NAS
NAS
NAS
Distribution
Layer
FC
Buiding module
SAN
FC
SAN
Database Layer
Campus Core (optional)
Module
Campus Module – Logical view
Design ofDesign
Global Remote
Access of
capability
Project:
and Build
Remote
◦ Corporate access / 5,000 users
Access
Network
◦ Partner access
◦ OffShore consultant access
Use of IPSec and SSL
Use of Cisco ASA and Juniper SA platforms
Authentication, Authorization and Accounting
solution
Use of proven technology: Cisco Systems,
Juniper, RSA, Blue Coat
$5M Project – Services, Hardware and Resources
Remote Access Network Design
Enterprise edge
Non-trusted/ISP/SP
General trusted
zone B
(production)
SSL VPN
IDS/
IPS
Vendors/Contractors/Off-shore
DLP
Appliance
Home office/Mobile user
Untrusted
ISP(s)
Zone
Edge Distribution
Firewall
Router
Vendors/off-shore
part of Zone A of
E_services Module
VPN
concentrator
Remote CG Users
Remote Access service module – Logical View
Connection to
management module
Teleworkers
Department
of Public Social
Services
Other
Project
Accomplishments
◦
◦
◦
◦
◦
Internet Access
◦
◦
◦
◦
Design and implementation of 70 node wide-area network
Two data centers providing high-availability services
Carrier WAN services providing high-availability networking
VPN and dial-up remote access services
Secure Business to Business connections to financial institutions
Implementation of Gigabit, OC12, OC3, DS3, T1, DSL
Carrier access diversity
Dual-carrier model for redundancy
BGP routing
Managed Security Services
◦
◦
◦
◦
3rd party management and monitoring of perimeter security
Firewalls, Intrusion Detection, Event Correlation and Escalation
Moves, Add, Change management
Service and Incident Reporting
Unified Communications
Other
Accomplishments
Continued
◦ Design
and implementation of Cisco IP-Telephony
◦ Design and Implementation of Network Quality of Service
(QoS)
◦ Cisco Call Managers and Voice Gateways
◦ Use of standard codecs: G.711 to G.729
◦ Integration with Polycom and Tandberg Videoconferencing
◦ Integration with Desktop Videoconferencing
◦ Integration with Lotus Notes and MS Exchange
WAN Optimization
◦ Design and implementation of WAN compression and
optimization
◦ Optimize high data volume applications such as Oracle,
Sybase, MS SQL
◦ Optimize high-volume network protocols such as CIFS, NFS,
FTP, SnapMirror
◦ Use of Riverbed and Blue Coat