Network engineer a secured Debian Network incorporating hosted applications for thin-clients and remote access.

CANCELLED
Bids
0
Avg Bid (USD)
N/A
Project Budget (USD)
$30 - $5000

Project Description:
Hello,

I am setting up a server rack. The equipment I have is a HP Proliant DL380 server and a Cisco Catalyst 3500 series XL switch. I would like to hire a network engineer and security professional to review ideas I have for this network; one who can design a secure network from scratch incorporating these following requirements. This network is at the developmental stage, therefore some of the equipment I mention may be overkill for the job; also many of these ideas can be implemented in a variety of ways. The candidate for this task will work with me to clarify the requirements for this network, recommend suggestions, recommend security options, document the final recommendations professionally, and assist in the implementation and configuration of certain aspects of the project.

Gist:

1. Provide professional documentation describing the secured network which will be built, and what hardware will be required to build it. Please consider I am not looking for top of the line (not brand new) equipment.

2. Find inexpensive hosted application solution for 6 thin-client network. Provide thin-client/terminal hardware recommendations.

3. The 6 users will access their thin-client data from remote locations. There must be a secure (VPN perhaps) connection between their laptops and the data created on their thin-clients, this includes checking their e-mail remotely.


4. Debian, Virtualization, e-mail,web, MYSQL,VPN,RADIUS,RAS,Proxies.



Prioritization:

#1: Find Hardware solutions {thin-clients, routers}.
#2: Present network diagram with security implementations.
#3: Install and harden server O.S. (consider encryption & anonymity)
#4: Configure virtualization environments and relative additional servers.
#5: Secure communications to and from server and clients.
#6: FOG solution and IP Phones




## Deliverables

Hello,

I am setting up a server rack. The equipment I have is a HP Proliant DL380 server and a Cisco Catalyst 3500 series XL switch. I would like to hire a network engineer and security professional to review ideas I have for this network; one who can design a secure network from scratch incorporating these following requirements. This network is at the developmental stage, therefore some of the equipment I mention may be overkill for the job; also many of these ideas can be implemented in a variety of ways. The candidate for this task will work with me to clarify the requirements for this network, recommend suggestions, recommend security options, document the final recommendations professionally, and assist in the implementation and configuration of certain aspects of the project.

I regard highly the notion of using thin-client (zero-client) devices. I have seen corporate networks using Citrix Xenapp on WYSE thin-client devices, and those are hosted applications from a server. My network is VERY small, however I really like the neat, light-weight, portable and low administrative over-sight the thin-clients provide. I would like recommendations on what is available for hardware. I would even consider low-end computer terminals as user access points. I only need 6 of these devices to connect to the server therefore, I do not want to incur big expenses using Citrix. Is there a free (or very inexpensive) Citrix/ESXI style alternative which would allow me to host applications for these 6 clients?

Assume I have the 6 thin-client users above. All their data should be saved on the HP Proliant DL380 Server (or to a NAS - Network Attached Storage device). The server will have an e-mail server on it and therefore, the 6 users must be able to access their e-mail, access the Internet, access their hosted applications, access printers and scanners, and access their saved data which they downloaded or created and saved. There needs to be a security mechanism that protects the server from abuses from the clients. If the users interact with contaminated data or malware, the server or NAS must have defense measures set. I would like to implement a safety measure to prevent users from accessing pornographic or otherwise perverse content and websites. Finally, these 6 thin-client users will also have their own laptops which they own. I would like a way for these users to be able to access the data that they can also access on their thin-clients from their laptops (either from on the network or from a remote location). The connection must be secure (VPN perhaps) from the Thin-client to the server and from the laptops to the server. All e-mail transactions must be 100% secure. None of these 6 users should have any administrative privileges.

I will maintain administrative privileges to the network. I will have my own two laptops which I will need to be able to connect remotely to all relevant aspects of the network, and whenever I connect, my connections must be secured. When the network designs are completed, please consider administrative need in the final design.

Using the hardware I currently posses, I will be using the HP Proliant DL380 server which I would like to run Debian on. (Free to make suggestions as to which version, or another OS all together. I believe the compromise between stability and flexibility is best with Debian as opposed to Solaris, BSD or Ubuntu.) This Debian host will run multiple servers (perhaps use VMWare Virtual Server). I will definitely need an e-mail server and a web server to host a website. I may require a MYSQL Server, VPN Server, RADIUS Server, Remote Access Server, and proxy server.

Some of the above servers I may not need, this all depends on the security solutions for the stated requirements. Sifting through what is, and what is not necessary is a significant part of this project. My description of this project seems to be going in reverse order, however I am deliberately pushing the complexity towards the end. This solution is tricky because I have two needs. One need is to host the applications, and provide the remote connections for the 6 users. Therefore I need a safe, secure and reliable computing environment. The second and separate need is to use this network for my educational pursuits. I will be studying for my CCNA degrees, and need to set up a home lab for study. Besides the server itself, I currently own a Cisco Catalyst 3500 series XL switch. According to the switch's manual, it is to be used with the Cisco 2600 router. I do not really have a preference to what router I use, however I would like suggestions as to how these two separate criteria will be met. CBT Nuggets tutorials recommends the 851W Lab router for wireless, routing and VPN. It also suggests the 2514 but adds it is all CLI. Other Cisco sites suggest purchasing two 2520 routers plus one 2501 for CCNA work. Peers have suggested using two 1811W's. How many routers are needed to learn how to troubleshoot routing loops, etc? A need for a routing solution here is evident.

Another suggested solution posed is to purchase a AS2509-RJ Cisco Network Access Server. This could be a solution, but I would ask how it would fit in to the total plan and it's two independent criteria, the hosted application aspect and the personal education aspect.

Considering remote access, another possibility is to use a proxy server to encrypt network traffic, and allow secure remote access from work or hot-spots. This may incorporate the use of an SSH server for user identification at the proxy. I am interested in network anonymity. In fact, I would appreciate some anonymity solutions to keeping my network as private and closed as possible, and hardening Debian.

Once the configuration and setup is complete, I would ask for recommendations about how to best routinely back up or restore the server configuration, if all was lost. I have considered FOG (Free open source ghost), but I would like your advice.

I would like to setup and configure around 2 or 3 Cisco IP Phone 7960 series. I will need some advice as to the best way to work these into the system using either a SIP account or a SIP Server. (I have seen this done using a SIP account and a VOIP station Gateway).

I will also need assistance configuring Xsane (or other appropriate scanning solution) to work with an HP Office Jet Pro 8500 Wireless A909g multi-function device.

I am interested in using encryption on the server where necessary, however this server will be used for video encoding as well. I will be capturing video from VHS and 8mm video cameras, then converting it to DVD format, and splicing and making .mpeg and .avi as well. I do not want encryption to affect the performance on any of these processes.

Finally I would like to know if Windows 7 Pro could be put on this machine safely in a virtual machine. The Win 7 install must be hardened and secured, and placed inside a Jail if possible. I will not use Win 7 on this server if it presents a security risk.

Recap:

1. Provide professional documentation describing the secured network which will be built, and what hardware will be required to build it. Please consider I will be purchasing most of these devices used on Ebay or Craigslist, and I am not looking for top of the line (not brand new) equipment.

2. Find inexpensive hosted application solution for 6 thin-client network. Provide thin-client/terminal hardware recommendations.

3. The 6 users will access their thin-client data from remote locations. There must be a secure (VPN perhaps) connection between their laptops and the data created on their thin-clients, this includes checking their e-mail remotely.

4. Consider administrative need in the final design.

5. Select the most suitable Operating System for the Server (Debian perhaps). Consider VMWare Virtual Server, e-mail server, web server, MYSQL Server (educational only), VPN Server, RADIUS Server, Remote Access Server, and proxy server. Filter out unnecessary servers.

6. Application hosting environment vs CCNA Study Environment.

7. Suggest router hardware suitable to overcome the challenges in #6. Suggest actual hardware models, and how they would be implemented in the network. For ease of communication diagrams might be beneficial at this stage to depict the different router scenarios compared with using a Network Access Server (NAS), Proxy or SSH server.

8. Consider Network Anonymity, and provide routine backup solution.

9. Cisco IP phones, and SIP Account/VOIP Station Gateway, and Xsane scanner configuration walk through. Keep in mind Windows VM option and video encoding/ encryption performance issues.







This project can be broken into stages; I am flexible and open to suggestions.



Prioritization:



#1: Find Hardware solutions {thin-clients, routers}.

#2: Present network diagram with security implementations.

#3: Install and harden server O.S. (consider encryption & anonymity)

#4: Configure virtualization environments and relative additional servers.

#5: Secure communications to and from server and clients.

#6: FOG solution and IP Phones

#7: Details



Thank you, and I will await your feedback.

Skills required:
Anything Goes, Cisco, Database Administration, Electronics, Linux, MySQL, Solaris, SQL, System Admin, UNIX, Virtual Assistant
About the employer:
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.