Develop Product Network Infrastructure for Warren Center for General Motors.docx

资源描述

Develop Product Network Infrastructure for Warren Center for General Motors.docx

《Develop Product Network Infrastructure for Warren Center for General Motors.docx》由会员分享，可在线阅读，更多相关《Develop Product Network Infrastructure for Warren Center for General Motors.docx（9页珍藏版）》请在冰豆网上搜索。

Develop Product Network Infrastructure for Warren Center for General Motors.docx

DevelopProductNetworkInfrastructureforWarrenCenterforGeneralMotors

DevelopProductNetworkInfrastructure

For

GMWarrenMegaCenter

___________________________________________________________________________________

Preparedfor:

GeneralMotors

Preparedby:

LyleBrown.CCIE#3794

KPMGConsulting,LLC

UnderthedirectionofCiscoSystems

TableofContents

ProjectInitiation1

Goalsstatement1

Objectives1

ExecutiveOverview1

Concept1

Architecture3

Design4

GapAnalysis5

Security6

NetworkManagement6

Templates7

AppendixA

StatementofWork

AppendixB

ConceptforDevelopProduct

AppendixC

NetworkArchitectureforDevelopProduct

AppendixD

NetworkDesignSamplesforDevelopProduct

AppendixE

GapAnalysis

AppendixF

SecurityArchitectureforDevelopProduct

AppendixG

NetworkManagementArchitectureforDevelopProduct

AppendixH

RevisedArchitectureTemplateTT-?

ProjectInitiation

Goalsstatement

Thegoalofthiseffortistodefinealocal,managedandsecureNetworkInfrastructureforDevelopProductontheWarrencampusthatsupportsGM’sstatedbusinessobjectivesandrequirements.

Objectives

Specificobjectivestobemetinachievingthestatedgoalareto:

-DevelopaconceptualframeworkforDevelopProductontheWarrencampustobeusedasanetworkblueprintdocumentthatlinksstatedrequirements,withthearchitectureforthenetworkinitiative.Theinitialconceptistobepresentedwithintwoweeksofprojectinitiation.

-Conductanddocumenta“gapanalysis”todescribedifferencesbetweenthecurrent（planned）statenetworkandtheconceptualnetwork.

-DevelopaNetworkTopology（Architecture）andcorrespondingDesignTemplates.Thiseffort,whilefocusedonthelocalenvironment,willincludetreatmentsfor

-connectivitytoGM’sotherdesigncenters

-connectivitytosuppliers

-connectivitytoGM’scorporatenetwork,and

-dialincapability.

-DetaildiscussionsregardingNetworkManagementandSecurityimplicationsoftheDesign.

TheoriginalStatementofWorkandamendmentsareincludedinAppendixA.

ExecutiveOverview

Concept

GMhasimplementedacoherentplantointegratetheWarrenTechnicalCentercampusenvironment.Thephysicalsiteconsistsofseverallargebuildingsonasquaremilecampus.TheexistingplanistoconsolidateservicesinasingleDataCenter.Thisiseffectivelya24x7computerroomwhereserversarelocated.ThiscenterwillservicethelocalenvironmentaswellasregionalGMMegaCentersites.ThecurrentconceptistoGeographicallydistributeendusersites.EachbuildingorremotesiteistreatedasadistinctLANenvironmentoperatingatLayer2（switching）.TheseGeographicallydistributedsiteswillbeinterconnectedviaLayer3（routing）.Connectivitytoexternalentities–Internet,partners,etc.–areallowedthroughtheGMWANenvironment.

Thisenvironmenttreatsallusersatagivenlocationthesame.Thereisnomechanisminplacetofavoroneuseroveranother.Alltrafficismixedandaccessisshared.DevelopProductshasasetofrequirementsthataredifferentfromthegeneralpopulationthusrequiringspecializedtreatment.

WhileDevelopProductsisaglobalenterpriseandconnectivitymustbeestablishedwiththatinmind,therearearelativelyfewsitesontheWarrencampuswithveryhighconcentrationsofDevelopProductusers.ThiswillbecomeevenmoresoasrenovationandconstructionoftheVECbuildingiscompleted.Itisanticipatedthatupto12,000engineerswilloccupythatbuilding.Theengineeringaspectoftheenvironmentcausesdatavolumestobeverylarge.TransferofdatabecomestheprimarydriverforDevelopProduct.Concurrentwithdatamovement,simplicityandreliabilitybecomeveryimportantaswell.

TheDevelopProductNetworkConceptwascreatedfromaverygeneralsetofrequirementsfromDevelopProduct.Essentiallytheinitialsetofrequirementsincluded

-reducethenumberofdevicesbetweenaDevelopProductclientandhisprimaryserver

-reducethenumberofroutinghopsbetweenanyDevelopProductclient,includingglobalclients,andaDevelopProductserver

-minimizetheeffectsofroutingbyminimizingthenumberofLayer3devicestraversedinaconversation

-provideatopologythatwilldeliver50IOPS（1.6Mbps）toeachDevelopProductuser

-allowinterconnectivityforDevelopProductusersandtherestoftheworld

-describeaHighlySecuredenvironmentforthe“crownjewels”（Portfolio）

-describeatopologyinsuchafashionthatcomponentfailurewilldisplacenomorethan500users.

ThreeFunctionalenvironmentswillbeconstructedtosupportdistinctsetsofusers.Thisdoesnotprecludeaccessamongthem.Serverswillbedistributedamongtheseenvironmentsbasedupondataresidentonthem.ThecurrentLANdistributionisGeographical.ACampusAreaNetwork（CAN）interlinksthevariousbuildingsusingrouting,Layer3.EachbuildinghousesasingleLANenvironmentthatcommunicateswithothersviatheCAN.

AllserversfortheregionalMegaCenterarehousedinasingleDataCenterontheWarrencampus.ThisparticularbuildingalsohousesthemajorityoftheDevelopProductusers.

TheconceptistotreatDevelopProductasalogicalbuilding.BecausethemajorityoftheuserswillbehousedinthesamebuildingasDataCenter,itispossibletomoveserversfromtheGeneralPurposeenvironmentdirectlyintotheDevelopProductenvironment.Thisisdonetohelpabbreviatethedistancebetweenclientandserver.Layer3servicesarecollapsedintoasinglelayertominimizeroutingimplications.

DistinctenvironmentsaretobedevelopedforthetwosetsofDevelopProductusers.OneenvironmentisHighlySecuredandwillbeplacedbehindfirewallfunctions.Itwillbeadistincttopologythatislinkedto,butseparatefrom,theGeneralPurposeenvironment.ThesecondsetofuserswillutilizeatopologythatisintegratedwiththeGeneralPurposeenvironment.Whileitisintegratedwiththeexistingenvironment,theselectionofthepathbetweenclientandserverwillcausesegregationoftraffic.Itiscalledlooselycoupled.

TheconceptfortheHighlySecurednetworkisthesameasthatfortheremainderofDevelopProductexceptthatitisphysicallyseparatedfromtheothertwoenvironments.However,initiallyserverswillbeplacedinthesameLayer2environmentasclientsfortheHighlySecuredenvironment.TheonlytopologicaldifferencebetweenthetwoistheconnectionintotheoverallGMenvironment.ThisconnectionwillbethroughasinglefirewalledandcloselymonitoredconnectionfortheHighlySecuredusers.

TheconceptallowsthetopologytospanmultiplebuildingsontheWarrencampus.ConnectivitycanbethroughtheuseofdedicatedfiberorutilizetheexistingCAN.SmallclustersofeitherHighlySecuredorlooselycoupledDevelopProductuserscanresideontheexistingnetworkandretainconnectivitytothedesiredenvironment.Inthecaseoflooselycoupledtherearenospecialconsiderationsthatmustbemade.Accessisallowedthroughnormalrouting.TheremustbespecialconsiderationsintheHighlySecuredenvironmentthough.Someformofauthenticationandauthorizationmustbeimplemented.ThiscanbeaccomplishedthroughtheuseofVPNtechnologyorsomeimplementationofusername/passwordtechnology.

WANconnectivityisnotspecificallyrequiredforeitherthelooselycoupledortheHighlySecuredenvironmentsatthistime.Theconceptdoesnotprecludethistypeofaccess.Remote,evenglobal,usersretainthecapabilitytoaccessbothenvironmentsthroughexistingtopology.

TheConceptdocumentdevelopedisincludedinAppendixB.

Architecture

TheArchitectureconstructedfortheDevelopProductenvironmentreliesontraditionaldefinitionsofLANs.BoththelooselycoupledandtheHighlySecuredenvironmentsaredefinedtobehierarchicalinnature.Eachwillpotentiallyconsistofthreelayers–Access,DistributionandCore.

TheAccesslayerwillconnectclientdevicestothenetwork.ItwillbeLayer2Ethernetswitch.Ontheclientsideitwillsupport10/100Mbpsconnectionsand1000Mbpsconnectionsonthenetworkside.ItwillsupportmultipleLayer2environments–VLANs–foruserattachment.Thisdevicewillsupportboththeaggregationoftrafficonaport,Trunking,andtheaggregationofports,Channeling.TrunkingandChannelingwillbeimplementedonthenetworkside.

TheCorelayerwillbeusedtoconnectclientswithservers.Thiswillbearouted,Layer3,connection.Thisdevicewillbeaswitchwithroutingcapabilities.Itmustbecapableofsupportingalargenumberof1000Mbpsconnections,TrunkingandChanneling.TheintentoftheConceptistoconnecteveryAccesslayerswitchtoeveryserverataCoredevice.ThepurposeofthisistoreducetherequiredroutingcomponenttoasingledeviceconnectingthetwoLayer2environments.

DistributionlayersareallowedintheArchitecturetosupportscalingissues.BecauseofportdensityconsiderationsonCoredevices,itmaynotbepossibletoconnectclientsand/orserversthroughdedicatedports.InthesecasesaDistributionlayercanbeinsertedoneithersideoftheCoretoaggregatetrafficandprovidealogicalconnectiontotheCore.ThesedevicesareLayer2andmustsupportalargenumberof1000Mbpsconnections,TrunkingandChanneling.

Therequirementsforredundancyandthroughputdictatetheuseofmultiplepathsfromclienttoserver.WithinthenetworkthisisresolvedbytheimplementationofCiscoISLTrunkingandChanneling.Throughtheimplementationofstringentplanning,everyAccessswitchcanbedesignedtohavemultiple,loadbalancedLayer2pathstotheCore.Likewise,throughstringentplanning,serverscanhaveLayer2terminationsattheCore.Thiswi

展开阅读全文