Introduction
This document explains the preliminary user-oriented functional design based on the design
specifications and the technical and non-technical needs listed in the requirements paper.
Additionally, it provides a high-level overview of the system architecture, explains the data design
related to the system, and specifies design goals that the chosen methods should reach. The high-
level system design is presented, and some low-level details are provided, covering hardware,
software details, techniques for storing and retrieving data, and external interfaces.
Overview
The client needs an IT infrastructure to carry out company operations that involve internal VPN
access for customers and staff and e-commerce apps. The main focus is on the appropriate
authentication system, security of the websites and wireless connections, essential firewall, VLAN
and user device configurations, and customer and client information privacy.
Authentication
One-Time Password generators will be used as a secondary authentication factor to be integrated
into an LDAP server's centrally managed authentication process.
External Website
The external website is mainly used for purchase activity by customers. Its essential goal is to provide
a secure e-commerce transaction complying with Payment Card Industry Data Security Standard. To
do this, it is necessary to:
Protect the confidentiality of the data;
Reliable authentication to the website;
Reliable authorisation system, denying unauthorised access to the website and user
data;
Ensure integrity of the data;
Ensure availability and usability of the data and functionality;
Secure and continuous logging and archiving of the transactions for later reference and
support activities.
Since the customer-facing website will be an e-commerce site allowing users to browse and buy
products and create and log into accounts, it will be delivered via HTTPS with an SSL certificate. This
website would be open to the general public.
Internal website
The internal employee website, which requires authentication for employee use, will also be
delivered through HTTPS. Only authenticated accounts in the company's internal network will be
permitted access. The internal website will be secured from malicious traffic and access using a
firewall restricting access to the company's intranet only. The multi-factor authentication system will
allow reliable and user-friendly authentication for employees. The administrators must manage user
accounts, their access permissions and activity supervision.
Secure remote access
A network-level VPN solution, such as OpenVPN, will be required since engineers need remote
command-line access to workstations and internal websites. In addition to a VPN, a reverse proxy is
This document explains the preliminary user-oriented functional design based on the design
specifications and the technical and non-technical needs listed in the requirements paper.
Additionally, it provides a high-level overview of the system architecture, explains the data design
related to the system, and specifies design goals that the chosen methods should reach. The high-
level system design is presented, and some low-level details are provided, covering hardware,
software details, techniques for storing and retrieving data, and external interfaces.
Overview
The client needs an IT infrastructure to carry out company operations that involve internal VPN
access for customers and staff and e-commerce apps. The main focus is on the appropriate
authentication system, security of the websites and wireless connections, essential firewall, VLAN
and user device configurations, and customer and client information privacy.
Authentication
One-Time Password generators will be used as a secondary authentication factor to be integrated
into an LDAP server's centrally managed authentication process.
External Website
The external website is mainly used for purchase activity by customers. Its essential goal is to provide
a secure e-commerce transaction complying with Payment Card Industry Data Security Standard. To
do this, it is necessary to:
Protect the confidentiality of the data;
Reliable authentication to the website;
Reliable authorisation system, denying unauthorised access to the website and user
data;
Ensure integrity of the data;
Ensure availability and usability of the data and functionality;
Secure and continuous logging and archiving of the transactions for later reference and
support activities.
Since the customer-facing website will be an e-commerce site allowing users to browse and buy
products and create and log into accounts, it will be delivered via HTTPS with an SSL certificate. This
website would be open to the general public.
Internal website
The internal employee website, which requires authentication for employee use, will also be
delivered through HTTPS. Only authenticated accounts in the company's internal network will be
permitted access. The internal website will be secured from malicious traffic and access using a
firewall restricting access to the company's intranet only. The multi-factor authentication system will
allow reliable and user-friendly authentication for employees. The administrators must manage user
accounts, their access permissions and activity supervision.
Secure remote access
A network-level VPN solution, such as OpenVPN, will be required since engineers need remote
command-line access to workstations and internal websites. In addition to a VPN, a reverse proxy is
