This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Network Management is a complicated topic today. In today's various kind of networking infrastructures, the instances of unified video, virtualization and communications has to be handled by the network. The responsibilities of the network manager is not only monitoring for security and performance but also realizing future network problems and go beyond the technology silos to make sure the network, the server, or the application everything should runs well.
Many of today's applications demand everything that the network can provide. Unfortunately, the networks are built upon protocols which were developed few decades ago. When today the technologies are well advanced many of these protocols have remained stale which can cause the performance issues within networks.
To ease many of the side-effects, the networking industry has found ways, of the shortcomings of Transmission Control Protocol (TCP) as well as bandwidth-starved and high-latency WAN links. The solution is usually denoted to as Wide Area Network (WAN) optimization.
TCP/IP has the ability to connect networks of different sizes and systems of different types together, which is the reason of its success as the network protocol. Along with a few others these networks are randomly defined into 3 main classes that have predefined sizes, which can be divided into smaller subnetworks by the system administrators. An IP address can be divide into two parts by using a subnet mask. One part recognises the host and the other part recognises the network to which it belongs. To acquire information such as DNS default domain name, default route and DNS server addresses DHCP (Dynamic Host Configuration Protocol) is very helpful.
To acquire an IP address over PPP over ATM (PPPoA) the DHCP client on WAN interfaces attribute extends the DHCP. DHCP uses a server that contains a list of IP addresses available, so that instead of configuring an IP address in the workstation, you just need to ask for an address whenever you needed one. You can also resolve issues of moving in between reconfiguring workstations and subnets. Each and every host/device has a unique IP address, it is a 32 bits long uttered as 4 decimal numbers in a format: 192.168.02.36 which is divided into two parts, one part is reffered to Network address and the other part referred to Host address.
Host addresses are administered locally when Network addresses assigned by Internet Service Provider for which you do pay to the service provider to acquire the addresses. The solution for the distribution of the IP address is one of the following methods:
Reverse Address Resolution Protocol (RARP),
Bootstrap Protocol (BOOTP), and
Dynamic Host Configuration Protocol (DHCP)
DHCP is an expansion to Bootstrap Protocol (BOOTP) which enables IP hosts to receive an available IP address automatically as well as dynamically configure themselves. Also supports mechanism for address assignment.
There are three types of mechanisms to which DHCP supports for the allocation of the IP addresses. 1) Manual allocation: which means the IP address of the client is assigned by the network administrator, 2) Automatic allocation: which means DHCP itself assigns a static (permanent) IP address to the clients, and 3) Dynamic allocation: which means DHCP itself assigns an IP address to a client as automatic allocation but until the client explicitly relinquishes the address or for a limited period of time only.
The only mechanism out of three mechanisms which allows automatic reuse of an address by the client which was assigned to it is the Dynamic allocation. Therefore, dynamic allocation is principally useful for assigning the permanent (static) IP addresses. There are many systems which need permanent (static) IP addresses such as SNA host systems, Servers, Gateways, Routers, etc. There are many applications which also require the static IP address of the device like licensing control, configuration of databases, in the security measures. Static IP addresses are also important for the mobile device such as PDA, laptops, IP camera, etc., so that the users can use their devices irrespective of their location.
For example if we need to configure a static IP address for an IP camera, the universal rule is that the device and the router should reside on the same subnet. The subnet is resolute on the router settings the subnet of the router is set to 192.168.0.1 throughout 192.168.0.254 by default. The device will be able to communicate with the router as long as it has an address inside that range and any other devices connected on the same subnet.
If you have a PDA mobile phone connected to the Netgear router that uses a permanent IP address, you also have a computer connected to the same router and you are using the default settings. In that case if you want to view pictures from the PDA mobile on your computer you should set the IP address on the PDA mobile to an address inside the range of 192.168.0.3 to 192.168.0.99, then you should also set the subnet mask of the PDA to 255.255.255.0 and the default gateway of the device to 192.168.0.1. You need to set it to 192.168.0.1 if you need to configure a DNA server.
Note: By default the Netgear routers may reside in both the 192.168.0.1 and 192.168.0.2. The default DHCP scope on a router is 192.168.0.100 to 192.168.0.199. Without any conflicts you can also use the address range from 192.168.0.200 to 192.168.0.254.
Likewise to authorize and give access the printers for printing jobs to the users to use locally as well as from a remote location through the internet, Internet Printing Protocol (IPP) will be used. IPP is a standard IP based protocol, which supports access control, encryption, and authentication thus making it a trustworthy and protected printing solution over the internet for managing and controlling printers remotely. IPP is not only set for media size, resolution, etc., but also the printers can be identified remotely.
The IPP is burdened with the HTTP/1.1 which is the most broadly acknowledged standard protocol over the internet and also has the capability to perform multiple transfers over a single TCP/IP connection. The advantage of using on the top of the HTTP is the authorization can be done through using SSL3 or HTTP's Digest access authentication mechanism. Also SSL/TLS protocol can be used for the encryption and through an IPP gateway the IPP can also be used to gain of the printing facilities even from the non-IPP enabled printer. By using Dynamic allocation mechanism you can assign printers for a short-term basis or by assigning a static IP it can be used until the client explicitly relinquishes the address. And as mentioned in the above example it can also be transferred over other intranet network by amending the default settings.
VPN is a Virtual Private Network which allows organizations/firms to connect securely several physical locations and users together by using an entrusted public network, such as Internet as the main transport medium. Furthermore cable, mobile broadband and DSL providers have made outstanding increases in market dispersion over the past decade, making access to high-bandwidth Internet connectivity nearly everywhere. Also the increased adoption has made this kind of Internet connectivity less costly than private leased line alternatives. By combining common Internet access with VPN technology, organizations are able to extend the reach and speed of their network while reducing the costs.
By encrypting data in transit to prevent unauthorized access, VPNs provide high levels of security. VPNs are usually divided into one of two high-level categories: remote access (also called client-to-gateway or dialup) or site-to-site (also called gateway-to-gateway). The implementation and technologies used to deliver the solution change significantly while in both categories the basic concept of providing an encrypted tunnel between two networked nodes remains stable.
Remote Access VPNs
Remote access VPNs are also called as dialup or client-to-gateway VPNs which connect a single host with the security gateway, who may connect tens, hundreds, or even thousands of unique remote clients to the private network. There are many remote access VPN gateways which uses a single remote access technology, but FortiGate system and likely products combine multiple access technologies into a common platform for cost effectiveness, maximum flexibility and simplicity.
Most remote access VPNs use the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) protocols. To each technology there are advantages and disadvantages and the best solution for remote access s allowing the best-suited technology or often a combination of the two to be used as needed. A remote user can have the same access privileges as a local user with IPsec-based VPN gateway, the drawback of this type of remote access VPN is that it requires a client on the remote user's system. Client-based systems lead to additional complications, but to provide the most strong remote user experience in some situations it may be the best option.
More flexible alternative to IPsec VPN gateway are commonly SSL-TLS VPN (SSL-VPN). Their use of SSL-TLS protocols is the primary reason for their additional flexibility. SSL-VPNs reduce the requirement for a separate endpoint client by leveraging a browser's cryptographic facilities. However, this clientless access method is generally more limited than client-based solutions and remote access is usually limited to web-based applications. Many SSL-VPN gateways generally also include a lightweight client that is dynamically installed, executed and downloaded upon initial connection to the gateway to address this shortcoming which also provides a more strong experience over the clientless option.
Site-to-Site VPNs usually connect remote office and branch office locations back to a headquarters location. Site-to-Site VPNs also used to establish limited access for trusted business partners to their private network by some organizations/firms. A FortiGate multi-threat security device or any other supported VPN device is deployed at each network location where VPN tunnels are to be established in both situations. FortiGate devices are ten configured to establish an encrypted and authenticated tunnel, through this virtualized tunnel routing traffic between the according and sites to the defined policy.
For site-to-site tunnels there are altering VPN topologies including partially-meshed, fully-meshed, and hub-and-spoke configurations.
VPN connections spread out from a central FortiGate device (the hub) to numeral remote FortiGate devices (the spokes) in a hub-and-spoke configuration.
Locations that usually communicate with each other are configured to have devoted VPN tunnels in Partially-meshed configurations.
And Fully-meshed configurations connect all VPN nobles to each other for the most error-acceptance of the three consumption topologies.
Network Management is the most demanding and challenging in today's world. As almost every organization/firms are dependable on internet in terms of communication, mails, conferencing, etc. Especially when several static devices, mobile devices, servers, etc. need to be connected with one another for the business needs. In this analysis we have seen how the IP addresses work or travel, how we can manage several intranets linked over a WAN, for remote access VPN is the best solution for authorization and access control as VPNs are efficient, fast and cost-effective way to connect users and remote locations. Network Management can manage all kind of issues arises in the connections, security, etc by using different protocols and methods.