Develop Product Network Infrastructure for Warren Center for General MotorsWord文档格式.docx

1、 Lyle Brown. CCIE #3794KPMG Consulting, LLCUnder the direction of Cisco SystemsTable of ContentsProject Initiation 1Goals statement 1Objectives 1Executive Overview 1Concept 1Architecture 3Design 4Gap Analysis 5Security 6Network Management 6Templates 7Appendix AStatement of WorkAppendix BConcept for

2、Develop ProductAppendix CNetwork Architecture for Develop ProductAppendix DNetwork Design Samples for Develop ProductAppendix EGap AnalysisAppendix FSecurity Architecture for Develop ProductAppendix GNetwork Management Architecture for Develop ProductAppendix H Revised Architecture Template TT-?Proj

3、ect InitiationGoals statementThe goal of this effort is to define a local, managed and secure Network Infrastructure for Develop Product on the Warren campus that supports GMs stated business objectives and requirements.ObjectivesSpecific objectives to be met in achieving the stated goal are to:- De

4、velop a conceptual framework for Develop Product on the Warren campus to be used as a network blueprint document that links stated requirements, with the architecture for the network initiative. The initial concept is to be presented within two weeks of project initiation.- Conduct and document a “g

5、ap analysis” to describe differences between the current （planned） state network and the conceptual network. - Develop a Network Topology （Architecture） and corresponding Design Templates. This effort, while focused on the local environment, will include treatments for- connectivity to GMs other des

6、ign centers- connectivity to suppliers- connectivity to GMs corporate network, and- dial in capability.- Detail discussions regarding Network Management and Security implications of the Design.The original Statement of Work and amendments are included in Appendix A.Executive OverviewConceptGM has im

7、plemented a coherent plan to integrate the Warren Technical Center campus environment. The physical site consists of several large buildings on a square mile campus. The existing plan is to consolidate services in a single Data Center. This is effectively a 24x7 computer room where servers are locat

8、ed. This center will service the local environment as well as regional GM Mega Center sites. The current concept is to Geographically distribute end user sites. Each building or remote site is treated as a distinct LAN environment operating at Layer 2 （switching）. These Geographically distributed si

9、tes will be interconnected via Layer 3 （routing）. Connectivity to external entities Internet, partners, etc. are allowed through the GM WAN environment.This environment treats all users at a given location the same. There is no mechanism in place to favor one user over another. All traffic is mixed

10、and access is shared. Develop Products has a set of requirements that are different from the general population thus requiring specialized treatment.While Develop Products is a global enterprise and connectivity must be established with that in mind, there are a relatively few sites on the Warren ca

11、mpus with very high concentrations of Develop Product users. This will become even more so as renovation and construction of the VEC building is completed. It is anticipated that up to 12,000 engineers will occupy that building. The engineering aspect of the environment causes data volumes to be ver

12、y large. Transfer of data becomes the primary driver for Develop Product. Concurrent with data movement, simplicity and reliability become very important as well.The Develop Product Network Concept was created from a very general set of requirements from Develop Product. Essentially the initial set

13、of requirements included - reduce the number of devices between a Develop Product client and his primary server- reduce the number of routing hops between any Develop Product client, including global clients, and a Develop Product server- minimize the effects of routing by minimizing the number of L

14、ayer 3 devices traversed in a conversation- provide a topology that will deliver 50 IOPS （1.6 Mbps） to each Develop Product user- allow interconnectivity for Develop Product users and the rest of the world- describe a Highly Secured environment for the “crown jewels” （Portfolio）- describe a topology

15、 in such a fashion that component failure will displace no more than 500 users.Three Functional environments will be constructed to support distinct sets of users. This does not preclude access among them. Servers will be distributed among these environments based upon data resident on them. The cur

16、rent LAN distribution is Geographical. A Campus Area Network（CAN） interlinks the various buildings using routing, Layer 3. Each building houses a single LAN environment that communicates with others via the CAN.All servers for the regional Mega Center are housed in a single Data Center on the Warren

17、 campus. This particular building also houses the majority of the Develop Product users.The concept is to treat Develop Product as a logical building. Because the majority of the users will be housed in the same building as Data Center, it is possible to move servers from the General Purpose environ

18、ment directly into the Develop Product environment. This is done to help abbreviate the distance between client and server. Layer 3 services are collapsed into a single layer to minimize routing implications. Distinct environments are to be developed for the two sets of Develop Product users. One en

19、vironment is Highly Secured and will be placed behind firewall functions. It will be a distinct topology that is linked to, but separate from, the General Purpose environment. The second set of users will utilize a topology that is integrated with the General Purpose environment. While it is integra

20、ted with the existing environment, the selection of the path between client and server will cause segregation of traffic. It is called loosely coupled.The concept for the Highly Secured network is the same as that for the remainder of Develop Product except that it is physically separated from the o

21、ther two environments. However, initially servers will be placed in the same Layer 2 environment as clients for the Highly Secured environment. The only topological difference between the two is the connection into the overall GM environment. This connection will be through a single firewalled and c

22、losely monitored connection for the Highly Secured users. The concept allows the topology to span multiple buildings on the Warren campus. Connectivity can be through the use of dedicated fiber or utilize the existing CAN. Small clusters of either Highly Secured or loosely coupled Develop Product us

23、ers can reside on the existing network and retain connectivity to the desired environment. In the case of loosely coupled there are no special considerations that must be made. Access is allowed through normal routing. There must be special considerations in the Highly Secured environment though. So

24、me form of authentication and authorization must be implemented. This can be accomplished through the use of VPN technology or some implementation of user name/password technology.WAN connectivity is not specifically required for either the loosely coupled or the Highly Secured environments at this

25、time. The concept does not preclude this type of access. Remote, even global, users retain the capability to access both environments through existing topology.The Concept document developed is included in Appendix B.ArchitectureThe Architecture constructed for the Develop Product environment relies

26、 on traditional definitions of LANs. Both the loosely coupled and the Highly Secured environments are defined to be hierarchical in nature. Each will potentially consist of three layers Access, Distribution and Core. The Access layer will connect client devices to the network. It will be Layer 2 Eth

27、ernet switch. On the client side it will support 10/100Mbps connections and 1000Mbps connections on the network side. It will support multiple Layer 2 environments VLANs for user attachment. This device will support both the aggregation of traffic on a port, Trunking, and the aggregation of ports, C

28、hanneling. Trunking and Channeling will be implemented on the network side.The Core layer will be used to connect clients with servers. This will be a routed, Layer 3, connection. This device will be a switch with routing capabilities. It must be capable of supporting a large number of 1000Mbps conn

29、ections, Trunking and Channeling. The intent of the Concept is to connect every Access layer switch to every server at a Core device. The purpose of this is to reduce the required routing component to a single device connecting the two Layer 2 environments.Distribution layers are allowed in the Arch

30、itecture to support scaling issues. Because of port density considerations on Core devices, it may not be possible to connect clients and/or servers through dedicated ports. In these cases a Distribution layer can be inserted on either side of the Core to aggregate traffic and provide a logical conn

31、ection to the Core. These devices are Layer 2 and must support a large number of 1000Mbps connections, Trunking and Channeling.The requirements for redundancy and throughput dictate the use of multiple paths from client to server. Within the network this is resolved by the implementation of Cisco ISL Trunking and Channeling. Through the implementation of stringent planning, every Access switch can be designed to have multiple, load balanced Layer 2 paths to the Core. Likewise, through stringent planning, servers can have Layer 2 terminations at the Core. This wi