"INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEsecurity certificate of the host server and the domain name host servers are using a oneIP addresses for many web sites or we can say that one IP address will allocated tomultiple URL’s and easy URL will show up the same IP address on the digital signedsecurity certificate and due to this problem the certification can also contains the URL ofany other site and due to this problem the browser will generate the alert for the user.This problem is always generating the security alert for the user and every time the userwill stop the communication and browsing due to the security problems. This whole activity is increasing the security problems of the session, because thebrowser can’t understand the original security certificate and the duplicate securitycertificate. And every time TLS will generate the wrong security alert for the users of thesite. But, we can overcome this problem, by implementing some advance securityparameters and functionality in the virtual host. Because always, the virtual host isallocating different IP addresses to different website addresses and we only need tomake the security certificate after accessing of the host and user IP addresses andwhen the server will finalize which IP address is leading to which user, then we canmake the ask for the digital signed security certificate. In other words we can say thatwe can easily fill out this issue of the Server Name Indication by implementing somebasic and new features of the Transport Layer Security protocol. And this change willnot affect the other encryption strategies and techniques of the TLS and SNI.5.1. Projected Growth RequirementItem Total Codec Bandwidth / TotalQuantityCall BandwidthRequirementCisco 7942g 300 G711 87 kbps 22 MbpsIP PhoneCisco 7942g 300 G729 33 kbps 8 MbpsIP PhonePage 9 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGE5.2. VoIP Design LayoutTo support the expansion of VoIP as well as interfacing with public ISDN telephoneservices a Cisco Telepresence ISDN GW MSE 8321 will be implemented, each bladeinstalled can support up to 240 calls with a bandwidth of 56Kbps to 2 Mbps. This devicecan also enable the use of up to 72 PRI ISDN ports and can support up to 120 videocalls per blade. To support future growth of IPv6, Cisco Unified CommunicationsManager 10.5 will be installedas the call manager server. Version 10.5 has improvedthe ability to integrate both IPv4 and IPv6 based platforms.5.3. Equipment ListDevice Type Manufacture Device Model Current QuantityFuture Quantity r Router Cisco ASR 1006 2 2Multi-Layer Cisco6500 2 2SwitchPage 10 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGESwitch Cisco4500-X 2 2Switch Cisco3850 7 14Multi-Layer Cisco9506 1 1DirectorAccess Point CiscoAironet 1700 5 5Voice Gateway CiscoTelepresence 1 1ISDN GW MSE8321IP Phone Cisco7942g 150 300Call Manager CiscoUnified 1 1Communication s Manager 10.56. Maintenance6.1. Encryption of the communication SessionThe communication session is established between the client and server by using thebrowser, now it is the responsibility of the browser to take care of the session. But sometime the steaming session can be insecure due to less security parameters. TLS andServer Name Indication is also providing some rules and steps to secure the sessionand for this purpose a complete encryption technique is being used during thecommunication. When a user will send the request of communication with the serverthen this message will be encrypted completely and on the receiving side this messagewill be decrypted by using the provided decryption keys and methods. On the other hand, when the hosting server will send the data on the basis of therequest this data will also be encrypted for secure communication. In this way thesession will be successfully interconnect the client and server by using the browser.Now this all activity is depending upon the Transport Layer Security protocol and ServerName Indication is providing the required parameters to maintain this communicationPage 11 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEaccording to the requirements. Hence, we can say that the Server Name Indication isalso making the communication more secure between the user and hosting server.6.2. Checking the CertificateAnother advance feature of the Server Name Indication is the identification andchecking of the certificate originality. When the TLS and SNI (Server Name Indication)will verify the connection of the user with host server, then a signed certificate will beanalyzed by the SNI by comparing the URL entered by the user in the browser with thesite domain name which provided by the hosting server. In other words we can say thatthe domain name in the certificate with is providing by the server will be compared withthe user side URL of the site and if this name will notmatch then a security problemand a security alert will be generated by the browser about the security threat. In other words we can say that the browser will pop up an alert to indicate that thesecurity certificate is not valid. Due to this alert the user will take care of his/herconnection and communication with the domain server or host. On the other hand if theURL of the user side will be the same as the certificate of the domain server is providedthen the browser will authenticate the established connection without any securityproblem. All these security checks and security certificates authenticate is directlyrelated to the TLS and SNI.6.3. Advance security checkAnother main feature of the SNI is the advance security check before the connectionestablishment with the virtual domain host. Basically the Transport Layer Securityprotocol is looking to establish the connection with the virtual domain host, but it is notfocusing on the advance security measures of the connection and the browser can’tidentify the accurate direction of the established connection. That’s why; the ServerName Indication is also included in the advance version of the Transport Layer Securityprotocols. By using the SNI, we can easily verify the connection parameters of the hostserver and for this purpose the SNI will enable the domain name host server to send thesecurity certificate to the user at the early strategies of the connection. In other words,Page 12 of 16 "