IT-Master, a marketing firm, has decided to move its workforce entirely remote and provide remote services to employees. Along with this change, the company plans to slowly transition all services to the cloud, starting with web services.
As the security engineer, IT-Master has tasked you with verifying the on-premises network infrastructure to securely connect to and extend web services to a nearby Amazon Web Services (AWS) data center during peak hours. You see this as an opportunity to harden IT-Master's on-premises network so that remote workers can connect securely to the local virtual desktop infrastructure from the Internet.
You must analyze the current network infrastructure and apply a level of network segmentation that groups devices and services into zones described as AWS, Perimeter network, Intranet, or the Office. This creates a layer of security to connect part of the company's network to the cloud while providing remote workers access to their company resources.
On-Premises Network
- Hosts proxy servers at the network edge for secure web browsing for office employees.
- Hosts SharePoint and Windows File services within the internal network.
- Hosts a Virtual Desktop Infrastructure (VDI) solution within the internal network.
- Hosts company website within perimeter network.
- Segmentation:
| VLAN | Purpose |
|---|
| 100 | DMZ and Web services |
| 110 | VDI and File services |
| 120 | Office network |
Cloud Network
- Uses default network.
- Directly connects with on-premises network.
- Auto-scales web services to cloud during peak hours.
Task
Drag the network devices to the appropriate network areas, then use the dropdown selectors to identify the network zone and specify the VLAN. Devices within networks may be placed in any order.