Network design proposal and implementation strategies

Network Design Proposal

Network Requirements

ABC School Stats/User Counts

Having a current strength of approximately 845 students, ABC School provides education from Pre-Kindergarten to the 12th Grade. According to the requirements of The New York School District, 250 Curriculum computers along with 75 Administration computers are to be installed. The requirements for the wiring per room of layer 1 are that it should adjust a total of 25 computers, 24 of which will be used for the curriculum, whereas one will be used for administrative purposes.

WAN Design

The model for the WAN is 2 layers of hierarchy having a total of 3 hubs, one connecting the District Office or the Data Center, one the Service Center, and the remaining one connecting the Black Hawk School. A Frame Relay WAN will be responsible for providing the required internet services.

IP Addressing

For all the hosts, interconnection devices, and servers an IP addressing program will be developed which can be Class A, B, or C. respectively. Dynamic Host Configuration Protocol (DHCP) will be used by all the curriculum computers whereas static addresses will be utilized by the administrative ones.

Hardware/Software

Top quality communication alongside security should be the concern of the hardware and the software, adjusting for the requirements of the users as well as the redundancy.

LAN Design

Ethernet 10BaseT, 100BaseTX, and 100 BaseFX speeds must be supported by the LAN as well as establishing many IDFs and a MDF in the school. Administration and Curriculum should be the two segments of the LAN.

Security & Network Management

All applications should be protected by a dual firewall. Though the Administration Network will be allowed to access the Curriculum network, the Curriculum network will not be allowed to access the Administrator one. This can be achieved by utilizing the VLANs and/or ACLs. The security policy and anti-virus software should be present.

Section 1: The WAN Plan

This District will have 3 regional hubs, each connecting a total of 11 schools. New York District has 33 schools in total. The access to internet will be provided by the Data Center/District Office to the 11 schools using T1 lines and the other 2 hubs (Crockett, 2003).

WAN Implementation

Data Center/District Office consists of 8 T1's flowing in from the 2 hubs. Furthermore, 11 T1's are coming from those 11 schools respectively with T1 for the connection of the Internet. The handling capability should be of 20 T1 lines. 19 T1 lines which consist of 8 T1 lines from other hubs and 11 T1 lines for schools are supported by hubs of The ABC and Greenway C.O (One Stop Click, 2011; Power, 2002).

Internet Connectivity

A T1 Frame Relay line will be used for the Internet alongside the Pix 535 firewall that would permit access to the Ethernet PSTN Public Backbone. This will consist of one Master DNS server, one Master E-mail server, and one Apache Web server. There will be an Intrusion Detection System and ACLS at the router in the Data Office to stop any unauthorized Internet access. The Demilitarized Zone will be the space between the firewall and the router. This district will contain an Intranet Services Backbone which will have a Backup, Proxy, Database, E-mail, and Library, DNS, and Virus server. The hubs will provide access to the Internet to all these schools. Furthermore, a part-time internet access will also be available to the Community School in a remote location through ISDN (Integrated Services Digital Network) which is located in a distant location (One Stop Click, 2011; Power, 2002).

Section 2: IP Addressing Plan

A Class -- A address will be brought into use for the IP addressing which will enable it to stay hidden from unwanted hackers and users. 5 network addresses will be needed in each school, plus 8 bits will be borrowed from the address's host section which will result in 254 subnets that will have 65,534 hosts on each (ArrowMail., 2011; Power, 2002).

IP Addressing Scheme Summarized

• Class A Private Address

1. Borrowed Bits 8

2. Subnets 254

3. 65,534 Hosts every Subnet

4. Mask of subnet 255.255.0.0

• IP Address Network 10.0.0.0

• Added Security because of Private Address

• Supporting around 7 Subnets or Schools (ArrowMail., 2011; Power, 2002).

IP Addresses for Hubs & Schools

5 subnets will be allocated for every school respectively as indicated by the chart below (Learn Networking, 2008; Power, 2002).

ABC Network IP Addresses

10.6.0.0 Subnet has been designated to the curriculum network at ABC school, while 10.7.0.0 and 10.8.0.0 subnets have been designated to the administrative network and cluster heartbeat, respectively. VLANs and ACLs are used for network security; these are going to be discussed in the later sections. By making use of Dynamic Host Configuration Protocol (DHCP), server IP addresses are assigned to each curriculum. There is even the availability of mobility, which becomes convenient for those students who do not use the same computer every time. This has become possible because of DHCP server. The overhead expense for the router can be reduced by assigning the IP address for the admin statically (Zandolie Networks, 2007; Power, 2002).

The Decision to choose RADD?

An ordinary network has not been provided by RADD networking; in fact a robust system has been created by making use of software and hardware. It would not be wrong to say that RADD presents a highly scalable network environment. This is the reason why RADD Networking Inc. is highly in demand these days (Davis, 2008; Power, 2002).

WAN Internet Security

A dual firewall would soon be implemented, this would result in blocking external traffic from getting access to the private network and this firewall implementation would create a demilitarized zone (DMZ), which would allow access to the public servers. Cisco PIX 535 is the firewall selection. Many functions can be performed by the Enterprise-Class security firewall which has 1.7 Gbps of firewall, which permits the running of 500,000 concurrent sessions. Concurrent sessions are very important because it enables the explorer to open multiple web pages at a time. PIX 535 firewall will be handling the inbound traffic for public servers and outbound traffic for students and faculty members of all schools and hubs. Examples of other specifications are; 256 KB level 2 at 1-GHz, 1-GHz Intel Pentium III Processor, two 64-bit/66-MHz PCIs,, 512MB or 1GB of SDRAM, and one 32-bit/33-MHz PCI (Davis, 2008; Power, 2002).

Switches

Cisco Catalyst 3750G-12S

For the LAN backbone, the ABC school have selected Cisco Catalyst 3750G-12S switch. With the help of fiber optic cables, the switch would connect IDF to the MDF. This switch consists of an intelligent service which is of enterprise level. This switch can operate at layer 2 as well as 3 and will provide support to ACLs and VLANs. It will provide excellent IP routing along with high speed of 32-Gbp stacking bus (McQuerry, 2004; Power, 2002).

Cisco Catalyst 2950G-24TS-E

At access layer no less than one Cisco Catalyst 2950G-24TS switch will be placed to support both the new 1-Gigabit devices and the old 10-Megabit devices. Using Gigabit in the workstation would be a wise decision because the technology is moving towards the Gigabit standards. With the improvement of technology, hardware will be able to support the Gigabit throughout. Once this actually takes place, then ABC would save money because it would no longer be in a need to purchase new switches. 24 Ethernet 10/100/1000 M-bps ports and four SPF-based Gigabit Ethernet ports are provided by 2970 switch. 4-port SPF model has a capability to provide expandability and future growth, which is why it has been selected. Just like 3750, 2950 can also operate in layer 2 and 3 and it also provides support to VLANs and ACLs. Another feature of the switch is Voice over IP (McQuerry, 2004; Power, 2002).

Routers (Layer 3)

Cisco Catalyst 6506

The routing needs of WAN Layer 3 would be met by the Cisco Catalyst 6506 switch. This switch can also perform high district switching as well. This switch delivers secure services at the center layer. It blocks any incoming connections from the Internet and it even includes the Intrusion Detection System (IDS). Support is provided to the 20 T-1 lines by the Cisco Catalyst 6506 and it further assists in future growth (McQuerry, 2004; Power, 2002).

LAN Router

When the WAN needs of the school came into consideration then selection of Cisco 2621XM router took place. The switches present in Layer 3 will be performing complete local routing while Internet and WAN traffic is left behind to transverse the router. This router is limited to 1.45-Mbps. 2621 router performs at 30-Mbps and consists of 32 to 128 MB of DRAM. The flash memory of this router is 16 to 48 MB. Moreover, LAN connectivity is provided by two Fast-Ethernet ports. For WAN connectivity, a T1 interface port is in place (McQuerry, 2004; Power, 2002).

Servers

Linux is an operating system which is free of cost and very few viruses are written on it. Servers which are based on Linux are going to be used for security purposes and also for saving money. Such servers are easily maintained with secure software like SSH (McQuerry, 2004; Power, 2002).

Workgroup Servers

Dell Power Edge 2650 will installed that possess up to 2 Intel® Xeon Processors. The desired range of processor will be 2 GHz to 3.06GHz. Some of the notable features of the processor are:

Hyper-Threading Technology;

NetBurst Micro-Architecture;

Hard Drive Bays for 5 X 1";

256 MB - 12GB 200 MHz DDR SDRAM; and Hot-Plug SCSI Drives .

Enterprise Servers

Dell PowerEdge 6650, which shall be up to 4 Intel® Xeon Processors will have Processor Speeds of 2, 2.5, & 2.8 GHz. Some of the notable features are:

Hyper-Threading Technology;

NetBurst Micro-Architecture;

Up to 2MB Built-in L3 Cache;

512 MB - 32GB 200 MHz DDR SDRAM;

Hot-Plug SCSI Drives; and Hard Drive Bays for 5 X 1."

Proxy/Cache/Content Filtering

At each school, Proxy/Cache/Content Filtering server is used in order to protect the students and the faculty members from getting access to inappropriate content, for reducing the legal liability, for increasing the productivity, and for conserving the WAN bandwidth. This server would be running as an Operating System, the Red Hat Linux, and for proxy server the Squid would be used whereas Websense will be used as content filtering software. Network bandwidth is going to be kept conserved by the server by storing the Internet content and by requesting the users to deliver the same information. The chances of traversing the Internet and the WAN would be eliminated in this way (McQuerry, 2004; Power, 2002).

Red Hat Linux

Secondary DNS

Server Operating System

Squid

Conserve Bandwidth

Proxy Server Software

Websense Enterprise V5

Inappropriate content is filtered here

Cluster Servers

For providing data base and terminal services to the users, cluster servers are the best recommendation. For the faculty members and the students, this kind of cluster software will look like a single system. CAT5e Gigabit Ethernet connection, commonly known as heartbeat is used by the servers to communicate with one another. With the help of separate VLANs and subnets, the heartbeats would be kept completely isolated from the entire network. With the help of these connections, the computers become able to balance the load, which was previously not possible for the stand alone computers (Botsford, 2011).

High Availability & Load Balancing

For avoiding a point of failure these clusters came into being. Now stuff like applications can be easily distributed to a number of computers, thus achieving a degree of parallelism and providing greater availability (Botsford, 2011).

Scalability

An environment which consists of clustered servers is highly scalable due to the fact that it increases the computing potential of the computers by adding greater number of processors to the servers (Botsford, 2011).

Ease of Administration

This cluster thus, appears as a single unit which becomes easier for the administrators to manage and use. Under normal working hours the administration would be able to carry out the maintenance work. Admin department would not be required to stay late or work on weekends (Botsford, 2011).

Inexpensive Hardware

It is not necessary to use expensive servers in case of clustered environment (Botsford, 2011). The main reasons are load balancing and redundancy.

Terminal Servers

Windows 2003 terminal services are ideal as far as terminal servers are concerned. It is less expensive and the administration could also be handled easily. Moreover, it supports Linux Operating System at the workstation (Botsford, 2011).

High Availability of Information

Students and teachers can access their accounts from anywhere they wish. They could also log on to their personal files and can set desired settings (Botsford, 2011).

Ease of Administration

It is easier for the network administrator to fix the bug at run time and also guide the user if the bug is found again in future (Begin Linux, 2010).

Inexpensive Workstation Hardware

It reduces the work load since all the processing is done by the terminal server whereby, the workstation is only left to deal with the send and request process (Begin Linux, 2010).

Linux Workstations

Linux workstations help in cutting off the cost of Windows operating systems. ABC School can simply use the "rdesktop" to get connected to Windows 2003 terminal server (Begin Linux, 2010).

ABC Campus Network/Wiring Diagram

A fine research has been done to figure out the location of MDFs and IDfs that were used by the ABC school. Rough visuals were created to get closer to the desired results. The visuals include different premises of the school and the structure of the class rooms. It also contained the administration department and the POP. These visuals were then used by a legend who could explain the exact structure of the school and the conduit systems that are used by schools of the same caliber.

The following diagram represents a network design, which was created using Microsoft Visio replica, for having an accurate idea regarding the distance existing between IDFs and MDFs and individual classroom and IDFs. This distance is essential to determine because classroom workstations and IDF are connected via CAT5e cable which bears a maximum distance capability of 100 meters = 328 ft. MDF and IDF are connected via multi-mode fiber optic cable which possesses a maximum distance capability of 220 meters = 722ft.

Security Measures & Network Management

Security breaches have become quite common all over the world which has led to serious and enormous problems hindering network functionality and integrity. The core aim of the network design revolves around preventing such intrusions from occurring within LAN and WAN design. The security and network management is divided into seven different categories namely: operational security, surveillance, access rights, auditing, viruses, external security and passwords (Payne, 2006).

External Security

All the cabinets, MDFs, and IDFs would be locked, and only the Network Administrator will have all the keys and will be entrusted with the responsibility of taking care of all sorts of entry into the cabinets and the closets. This will be instrumental in preventing any physical access from conducting any sort of malicious act to the equipment. A device will be installed at the doors of each cabinet and closet where a wireless signal would be transmitted to a pager when the door gets opened. This ensures security as the network administrator will get to know through the pager if any access is made to the cabinet or the closet (Payne, 2006).

The networking equipment is kept in the closet where it is easy to control the temperature. Closets having windows are not advised for usage as windows will let the sunshine in which will increase the closet's temperature. The rise in temperature decreases the life expectancy of computer circuits and also strains out the capacity of any existing air conditioning equipment. The probability of vandalism increases with the usage of external windows (Payne, 2006).

High quality surge protectors are also deployed on all devices requiring electrical current for preventing electrical damage to the networking equipment (Payne, 2006).

Operational Security

Operational security is required for limiting the usage access of the system. It incorporates who can use the system and when can one operate the system. Employees who do not need sensitive data areas are not provided with its access. For example, teacher files or administration files cannot be accessed by students, and administration information cannot be accessed by teachers. The information of the school is divided into information access groups by the network administrator. It is the network administrator who determines who needs to be present in each group and what access rights are to be catered to each group (Payne, 2006).

Access to the system could also be limited on the basis of days in a week or any time of the week. The network design incorporates a lockout of network access on weekends and at nights as well. Moreover, network is also limited at certain times of the week or day (Payne, 2006).

Surveillance

Surveillance tends to be an excellent deterrent to computer vandalism and theft in the view of several network administrators. Video cameras are placed at key locations which deter criminal and lends a hand in identifying criminals in cases of theft or vandalism. The proposed network design is based on Hawk-Eye recessed dome camera which has the ability to rotate up to 360 degrees and possesses a tilt angle of +/- 90 degrees (Payne, 2006).

The proposed network design uses IP-based video on the cameras which helps the administrators at the district office and at school to monitor all the on-going activity (Payne, 2006).

The electronic management will be able to monitor the system requests and data flow cycle by means of an alternative surveillance mechanism known as intrusion detection. This will enable immediate operations of protective mechanisms, in case an unauthorized movement is detected (Payne, 2006)

Passwords and ID Systems

All the firewall systems protecting confidential and private data, needs verification using a personal identification number (PIN), password or any other personal information, before allowing access to the user. Normally, such a password or ID is easily recalled through memory by the user or the user can use the fingerprint or other physical features to gain access. Although, passwords are presumed to be the most widely used identification, but they are also the least effective form. This is true in most cases where password gets leaked to unauthorized or illegal users. Sometimes, the password may be stolen from a paper on which it is written. But, frequently it happens that the password becomes an easy guess for the unauthorized user (Payne, 2006).

The author will ensure safety precautions through a mechanism related to the creation and modification of passwords. These precautions include the changing of password after every 90th day, and creation of at least eight alpha/numeric character passwords with at least one letter in the uppercase format (Payne, 2006).

Auditing

Computer auditing is much effective in preventing crimes and capturing a criminal after a crime is committed. The process features installation of a software system that supervises each transaction that passes through the system. The owner, time and date of each transaction is recorded in an electronic log. Thus, if an unauthorized transaction is hinted, the scanning of the electronic log can be able to retrieve the desired data (Payne, 2006).