EN | ES

Al Hokair Project

This is the design of the IT infrastructure that would serve a fictional shopping mall in Dubai, deployed by the Al Hokair Group conglomerate. It is a final project for a Master’s degree in Private Security Management offered by the University of Alcalá (UAH). (posgrado.uah.es/es/oferta/Direccion-y-Gestion-de-Seguridad-Privada/ ) for which I provided consulting services to an applicant. The IT component of the master’s program didn’t necessarily have to be an elaborate development, but I wanted to take advantage of the opportunity and design something that could work in a real-world setting.

The facilities had to meet basic requirements for connectivity, image recording, and fire protection. The proposed solution was the following:

Design was made with two main elements containing the servers, modules added for every service and one core network in a star-design:

  • Module 1 – Access Points that provides wifi throughout full premises. 

  • Module 2 – Videosurveillance.

  • Module 3 – Fire  Protection Sensors (FPS). 

  • Module 4 – Supports the previous elements, is using a cluster of virtualization servers and a storage array. It deploys central servers for previous modules as well as essential services such as backup, name servers, resource access directory servers, antimalware, a web server for management and a mail server.

Every module described has its aggregation layer compounded by standard switches and firewall clusters.

  • Module 5 – Network core. Special attention was paid to layer 2 segmentation and addressing spaces. A server was placed in DMZ to work as HoneyPot.

  • Module 6 of the diagram is an infrastructure’s cloud replica. It is not simply a Disaster Recovery Plan solution, even though it is described as being for recovery. It is a block designed to be functional in the event of the loss or replacement of Module 4. Deployment on AWS involves:

    • Root account, operational accounts, and financial or other management accounts creation as needed.

    • SSO access with AWS-Single Account Access.

    • Create the VPC with public and private subnets, a NAT Gateway, and use more than one region if budget allows.

    • Connect the data center in Dubai via a site-to-site VPN (paying special attention to routing tables).

    • Configure the necessary ACLs.

    • Replicate the on-premises servers on EC2. Properly configure the Security Groups.

    • Leverage Route 53 and AWS Certificate Manager services to provide access and security for the corporate website.

    • Evaluate the need for or suitability of using S3 storage services for backups.

    • Deploy CloudWatch and CloudTrail for monitoring and compliance.

    • Use AWS Budgets, Cost Explorer, and the admin panel at all times to review costs.

    • The AWS portfolio is vast; almost any need could fit here if the budget allows.

  • Module 7 is a remote management service for management and systems personnel, operating from mobile locations.

The elements can be easily identified in the image using the following mnemonics:

  • ahg – Al Hokair Group
  • ap – Access Point
  • sw – Switch
  • fw – FireWall
  • vs – VideoSurveillance
  • fps – Fire Protection Sensor
  • av – AntiVirus
  • hp – HoneyPot
  • rt – router

 

Each element in this project has its development designed, from suppliers and budget to maintenance and the personnel required for its operation, all ready for execution.