Designing Network Access


In the typical company, internal users make up the majority of the user base. Internal users are those who show up at the office on a daily basis, log on to computers that have access to the networks, and access resources within the organization. For the most part, the network only needs the basic services that allow users to authenticate and access the resources. Specialized authentication servers that work in conjunction with a domain controller and security measures such as firewalls are not typically necessary to control users on the LAN.

Note  

As you will see when we start discussing allowing remote users access to internal resources, you need to take special security considerations into account. For an internal user accessing internal resources, however, the security measures are not as stringent.

That is not to say that you don t need security in these types of situations. Security breaches are common. As a matter of fact, it is usually far easier for an internal user to cause a security breach because they already have access to resources. When creating a secure infrastructure, the first rule you should follow is to make sure that the internal resources are secure before you allow access to outside influences. It is not uncommon to find firewalls within a company s internal network protecting the resources in case there is a breach of the external firewalls. Think of a castle with its moat, gates, and locked doors that you have to pass through to get to the King s chambers.

As with every chapter up to this point, you need to identify the information that will impact this portion of your design. You will need to review the initial discovery that you did when you were trying to determine how the current infrastructure is designed so that you can glean information that will help you determine what you have to work with. You will use the current network information along with the requirements that you have identified for the new Active Directory infrastructure when you develop the user access requirements.

Microsoft has identified a network access hierarchy that works for most companies. This hierarchy is composed of network access layers that not only control the data that is transmitted on the network segments, but identify how clients and servers are positioned within an organization so that the resources needed by users are readily accessible.

Identifying the Network Access Hierarchy

Microsoft s network access hierarchy is based upon a three- tier design that controls how the network infrastructure should be designed and where systems should be located in order to keep the network running efficiently . Figure 9.1 represents the basic layout of the network using this hierarchy. Note the three tiers that are used here:

  • Core

  • Distribution

  • Access

    click to expand
    Figure 9.1: Network access hierarchy

The Core Tier

The core tier utilizes high-speed switching in order to keep segments connected. Typically, you won t find servers or client workstations at this tier; it is reserved for network devices that need high-speed access to unite the network segments together. This is usually seen as the backbone of the company.

When designing the core tier, you will take into account the network paths that define the backbone of the organization. An organization that hosts everything within a single building or campus may only utilize LAN technologies for their backbone. An organization that has many locations may use a metropolitan area network (MAN) or high-speed WAN to interconnect the locations. Figure 9.2 illustrates the core tier for an organization with five locations: three buildings within a campus, another connected through an ATM MAN connection, and another through a T1 WAN link.


Figure 9.2: Example of the core tier

The Distribution Tier

You ll find network devices that define the network segments and servers that provide network resources to many segments in the distribution tier. Network devices found at this level are responsible for routing the data from segment to segment and controlling access to the servers that reside on the distribution tier. Network security and access control policies are implemented at this level also. Here you will find the firewalls and address translation servers that control access to other segments of the organization, along with access from remote users. Servers at this tier include domain controllers, and DHCP, DNS, and WINS servers to name a few. Figure 9.3 illustrates an organization s distribution tier and how it relates to the other two tiers.

click to expand
Figure 9.3: Example of the distribution tier

The Access Tier

This is the layer at which the workstations and servers are connected. This tier is made up of network segments that are low- to medium-speed connections that allow several workstations to access the rest of the network.

When designing this tier, take into account the capacity of the distribution and core tiers so that you do not have more workstations connected to the access tier than the other tiers can support. You may also find that the access tier hosts servers that provide resources to a specific segment or workgroup, or you have an access tier segment that is made up of servers only.

When designing a segment for servers, you need to make sure that the network bandwidth will sustain the traffic from client workstations in other access tier segments. When placing servers in an access tier with client workstations, make sure that the resources provided by that server are not required by workstations that reside on segments in access tiers within other distribution tiers. Placing servers in the distribution tier would be preferable in such a case because the distribution tier has the capacity to handle the data.

Figure 9.4 illustrates the devices that are connected at the access tier and their relationship to the distribution tier of the hierarchy.

click to expand
Figure 9.4: Example of the access tier

You should already have a diagram of the existing network infrastructure from when you performed the network discovery in Chapter 2, Determining Business and Technical Requirements. This diagram holds the information that you need to determine how the existing infrastructure is tied together. Review the information on the diagram and determine where each of the tiers will be implemented.

When determining how the different tiers will be implemented for the organization, start by defining how users will access the network and the segments that host their workstations. User access will define the access tier. You will find that most organizations already have the access tier in place, although some organizations may have both the access and distribution tiers built as a single tier. If this is the case, inventory the resources and the servers that the resources reside on and try to determine if the users would be better served if the resources were located in the distribution tier. If the resources are used within a single workgroup or by a very small group of users within subnets that are all part of the same access tier segment, you could leave the resources at the access tier. However, if several users need access to the resources and the users reside in different access tier segments, consider relocating the resources to the distribution tier.

The routers or switches that define the segments that the workstation resides on will be connected to both the access tier to support the workstations and the distribution tier to support access to network services on the distribution tier. You should note the servers that are located within the distribution tier. Most of these servers will host resources that users from different access tier segments need to use. If a server is only used by users from one segment, you many want to consider relocating that server to the access tier so that a network failure at the distribution tier would not necessarily affect the resource access.

In the next section, we will discuss some of the security considerations when internal users are connecting to resources on the network.

Security Considerations

As mentioned earlier, it is far easier for an internal user to cause a security breach because they do not have to discover a method of accessing the network; they have already been granted this. The challenge for the network administrator is restricting the users to only those resources they need to use.

Once authenticated, an internal user is able to access any of the resources for which they have permission. Therein lies the one of the most important keys to security: permissions. NTFS permissions on file shares, folders, and printers, and permissions set on Active Directory objects are the primary security options available to network administrators. If the administrative team does not have control over the permissions that are assigned to network resources, they are not able to control what the users access, intentionally or unintentionally.

Sometimes setting permissions on objects and resources is not enough. In previous chapters, we discussed scenarios that organizations face when they have highly sensitive data. The organization may only want the data available to a specific group of users, or mandates due to governmental contracts may require you to control who can access certain resources. In this case, you will want to implement methods to secure the data, such as isolating a network from the rest of the organization or using security policies to restrict access to the resources.

For example, in the case of an organization that has a contract to manufacture equipment for the Department of Defense, the data that they use as the specifications when manufacturing equipment may be top secret and should be kept from prying eyes. The organization needs to guarantee that the data will be held in confidence. In this case, the server that holds the information could be configured so that an IPSec policy is used to encrypt the transmission of data, or the server could be isolated on its own network segment so that only workstations on that segment can communicate with it.

The best security comes from examining the data that the users need to access and determining how the data is utilized. Policies and procedures should be put into place that dictate how groups are created and how the permissions to resources are assigned to those groups.

Improving Availability

If users cannot access data, the network is useless. At the same time, guaranteeing that the data they are trying to access will be available can be a costly option. Reliable solutions and fault-tolerant solutions do not come cheaply. You need to consider several criteria when developing a highly available network solution.

When determining which solution you wish to implement, you should consider the cost of having the additional reliability against the cost of users not having access to their data. The following sections cover some of the topics to consider when determining how you are going to build your highly available infrastructure or services.

Mean Time Between Failures (MTBF)

Most devices are rated with a mean time between failures (MTBF) rating. This rating indicates how long, usually in hours, a device will run before you should expect it to fail. Of course this does not guarantee that the device will run for that many hours, but neither does it mean that the device will fail whenever it hits that time frame. Manufacturers run tests on systems and determine how long a device is likely to remain available. Usually, the higher the quality of the parts that makes up the device, the higher the MTBF. Although you should also take note of those manufacturers that skew the tests so that they represent the MTBF that they want to obtain.

Warranties on devices with a longer MTBF are usually longer as well. As a corollary, the longer the MTBF, the more money you can expect to shell out when purchasing it.

Mean Time To Recovery (MTTR)

The mean time to recovery (MTTR), or sometimes referred to as Mean Time To Repair, states how long you should expect an outage to continue when a device or system fails. The MTTR is harder to quantify than the MTBF.

Depending upon several factors ”such as whether you have staff qualified to repair the device, or how long it takes to restart a system that was powered down ”you need to determine how long it will take to return to normal operations. If you are working with outside vendors , make sure you have outage limits incorporated into the Service Level Agreement (SLA). Keep in mind that MTTR is the average time a repair will take to restore the entire system to its pre-failure state. If your design incorporates fault tolerance, your outage time will be less than MTTR.

Redundancy

One thing is for certain ”equipment will fail. And more than likely, it will fail when you need it the most, or when you are on vacation. Having backup equipment for redundancy helps alleviate the problems associated with equipment failure. If the redundant equipment takes over automatically when the original equipment fails, you need to keep your users accessing their resources while you repair the failed device, thus reducing the downtime. If you do need to replace the failed equipment with the redundant equipment, you will reduce your downtime considerably. If you did not have the equipment available and you had to either order the equipment or repair the failed equipment, you would incur longer downtimes.

Secondary Paths

Even if you have redundant equipment, if you do not have additional network paths, a failure of the network connection keeps the users from accessing their resources and affects the services that need to use the connections. Planning for fault tolerance by having an additional network path allows users and services to continue processing if the primary connection goes down.

Some organizations have an identical secondary connection to the primary, but others have a less expensive connection type as a backup. Although the less expensive connection will not support the same amount of capacity that the primary connection would, the inconvenience of slower communication is overshadowed by the ability to continue working.

Load Balancing

Whereas secondary paths allow you to continue working when a primary connection fails, load balancing alleviates the load from one device so that all of the devices take on a fair amount of the workload. When load balancing, the user will not notice as much degradation in performance because more than one device is taking on its fair share of the workload. However, when a device in the load-balanced cluster fails, the other devices will have to take on the additional load, so for the remainder of the time that a device is down, the user may experience a drop in performance.

Building the network infrastructure to accommodate internal users is by far easier and usually less complex than designing for remote users. In the next section, we are going to discuss the options that are available when designing the network infrastructure to support remote user access to the network.

Considerations for Internet Access

Allowing users to have access to the Internet is a mixed blessing. Although many use the Internet as a resource and take advantage of the wealth of knowledge they can find there, others may waste time surfing and becoming unproductive. If you are going to allow access to the Internet, you need to design your network so that the users can gain access to the information they need to perform their job, while at the same time restricting them from causing harm to the organization s network.

Very few organizations allow users to have direct access to the Internet. While planning your Internet access, determine how much access you want the users to have and then choose a method of access that will help you maintain your security and network efficiency. You can use a network address translation (NAT) device that controls the Internet requests from your internal network while keeping the internal addresses from being seen by external users.

start sidebar
Real World Scenario ”Guaranteeing Connectivity

Tom needs to make sure that users in the Kansas City office do not lose access to their databases as they perform their end-of-the-month processing. Historically, the connection that had been used had proven to be about 80 percent reliable. Although the connection was not always down during the critical processing time, there were instances when the reporting was delayed due to the connection.

For the new Active Directory design, Tom has decided that he not only needs to make sure that the connection is available for the users, he also wants to make sure it is available for the replication traffic that will occur. Within the new design, Tom has identified the need for redundant connections to the Kansas City office as well as additional hardware to make the network infrastructure more fault tolerant. The existing dedicated T1 connection will remain, but he budgets an additional T1 and distributes the cost between the offices. Finally, to make sure that the connections are monitored and maintained better, Tom negotiates a SLA for the T1 connections.

end sidebar
 

To help alleviate some of the Internet traffic that your users will generate, and to better control which users can access the Internet, you can implement a proxy server. Proxy servers can cache pages that users have visited. If another user visits the same page, the proxy server can pull the data from its hard drive instead of having to request the data from the Internet. Another benefit of proxy servers is the ability to control access by using the user s account or group membership. NAT servers can control the addresses of the clients that can connect, but cannot control by user account.




MCSE
MCSE: Windows Server 2003 Active Directory and Network Infrastructure Design Study Guide (70-297)
ISBN: 0782143210
EAN: 2147483647
Year: 2004
Pages: 159
Authors: Brad Price, Sybex

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net