Design Project 2 ‐ Leahy Center Client Infrastructure - squatchulator/Capstone GitHub Wiki

Deliverable Statement

The goal of our project is to provide Generator and its employees/clients with reliable and stable infrastructure. Throughout the partnership between the Leahy Center & Generator, we’ve gained an in-depth understanding of the existing infrastructure’s strengths and weaknesses.

We have identified two critical areas for improvement:

Security Enhancement: Our first objective is to enhance the security of devices and network appliances. This would include continuously monitoring host activity on Generator endpoints using Elastic stack. This service does enhance the likelihood of detecting malicious activities but does still leave Generator exposed to network-based attacks. With the current logon system that the endpoints use, it is significantly harder for our security team to match potentially malicious actions to a specific user. Our solution to this problem is to use an Active Directory infrastructure to have accounts created for Generator users upon signup to give them secure and unique login credentials which will allow them to customize their programs and have unique download locations, have managed permissions, and our analysts can match activity to users by name.

Availability & Redundancy: The second key objective is to enhance the availability and reliability of essential services. We plan to deploy two servers that mirror the functionality of the primary server, ensuring seamless failover in the event of a system failure. This will significantly reduce downtime and network disruptions.

Objectives

Create a budget/price plan: Will need to make a price plan based on the budget the client gives us. Link to price plan. Link to Document reviewing priceplan
Set up regular team meetings: Will meet weekly on Monday's for now.
CALs: Max spearheaded this and figured out the following:

"After calling multiple Licensing Engineers from 3rd party sites as well as from Microsoft themselves, they told us that we needed a User CAL (Client Access License) for each user. Generator had 200-300 users while only around 20 full time Employees. So we looked into this further and they said due to the fact that we are using Active Directory, we can only use User CAL's but while looking at their own documentation we found a definition for a Device CAL. The definition was: "With a Device CAL, you purchase a CAL for every device that accesses your server, regardless of the number of users who use that device to access the server. Device CALs may make more economic and administrative sense if your company has workers who share devices, for example, on different work shifts." This definition is exactly what generator has. So instead of paying $8,000 - $12,000 for 200-300 user CALs we decided to go with the 50 device CAL's which costs $2,000. This help cut the overall cost a little bit more and if Microsoft comes to us about this we will refer them to their own documentation and the quote I showed above. I also met with Joe briefly to talk about CAL's on 10/25/2023 as well as to talk about next steps for our capstone."

Research additional non-hardware costs:
We did a physical on-site visit at Generator and reviewed their hardware.

To-do's:

Buy/determine when we will buy components: Not completed - will happen during next sprint. In progress.
OSINT Scan: We may be having another Leahy Center peer conduct investigations on Generator. We are fleshing this our during the next sprint.
Create Visual Network Map: Although our current tools provide an inventory - we do not have an actual visualization of the network. We believe this will help due to the physical placements of hardware there.
Account Script: We can create an Account script now for the deployment of the accounts they will need.
Adobe Premier Licenses: We need to look at Generators Adobe Premier Licenses because we do not know if we can make them switch to Device licenses instead of Client Licenses. Also need to take inventory of these existing licenses.

Project Board

Demonstration/Presentation

Demonstration Video

This is a video outlining what we completed this sprint and what we've fleshed out on the project board, as well as what we aim to do before the planning phase is over.