Inter American University of Puerto Rico Guayama Campus
Graduate Program in Computer Sciences
CSNS-5100 Network Analysis and Design Dr. José René Colón (Professor)
Student: Gustavo Velázquez Dávila
3.2 Stakeholders Definition……………………………………………………………………………………..12
3.3 Network Preparation…………………………………………………………………………………………13
3.4 Network Planning……………………………………………………………………………………………..19
3.5 Network Design Plan………………………………………………………………………………………….21
3.6 Annotated Bibliography…………………………………………………………………………………24, 25
In the following work I will present a summary and a complete assessment of a proposal network design for the Patillas City Hall in order to serve to over 22,000 habitant from that town, the proposed changes are necessary to improve the service and to increase the employee efficiency. Our project is to plan a network design for the best known for everybody E-government is a general term describing is the use of technologies to facilitate the operation of government and the disbursement of government information and services. The system will serve for the municipality to: Increase revenue, Improve communications, Add a new modern technologies, Improve security and reliability in critical operation, Offer better customer support, Offer new services. As we know every company over the world is using the technologies to offer better customer support and new services, we think that is time now that the public sectors recognize the opportunity is now over the table. In this case we will notice that we going to work in a place that the infrastructure present is very limited, so we will have the chance to integer all the municipality department in the use of new technologies, new opportunities and create basically everything new. The new design is necessary due to the project of the new city hall building was cancelled and by this reason is very important to design a network that will satisfy the new requirements in the 21 century. The new network description will has 2 Cisco switches each one with 60 ports two new servers, a router to go to the Internet, the departments will be segmented logically for security concerns, VPN will be implemented as security measure too. Our system will be designed capacity of run video conference and connected to other public agencies as DTOP, IRS, and others, the network layout will give you a good idea of all this.
The project will consists in a Client /Server environment with 72 IBM computers 4 HP laser jet printers, 2 wireless access point, 2 servers that will act as a file server, email server and application server, 2 Cisco switches with 60 ports each one with gigabit capacity and 2900 Cisco router. Another thing included will be the cabling that will be implemented the EIA/TIA 568-B standard. A logical segmentation of the network need to take place in order to avoid network congestion and at the same time implement security between departments as example the Human Resource department doesn’t need to have access to the finance department. Wan services with a leased line will be implemented using the AT&T company for a T1 service this will be necessary for the service online that will be given to the general public as examples a business owner can pay their taxes online without need to be physically in the City Hall or the people can get documents needed start a new business and student can get information needed to c omplete an assignment of the Patillas town. Workstations: The workstation will be allocated in each area needed as example if Human Resource need 8
workstation those stations will be in HR area, the recommended workstation will be the IBM MP 58 model for the complete network one of the main reason to select IBM machines are because IBM machines encrypt the user id and password as they went across the network, if the user id and password went unencrypted through the network, using a network diagnostic tool called a LANanalyzer those data as user id
and password can be obtained in clear text. The system will use Novell Netware to make the log in where users need a user identification and password where their accounts, user id and password will be unique; the security policy will clarify all those aspects. None data will be allowed to be stored locally in any workstation because if you left users to save data in the HD locally then you must perform a data sensitivity or risk analysis to determine the level of exposure in order to install the proper third party security product.
Router 2900 series: This device will be connected to the leased lines this device is the device that let the users navigate through the Internet, in this device we can implement security policy as Access list control to improve security. At the same 4
time this layer 3 device will need some configuration as the following: Host name, Interfaces configuration with proper IP addresses, the VTY that is needed to perform remote connection by the Administrator in case of failed leased line or other fail personal in charge is out of office, the OSPF routing protocol will need to be configured and a BRI interface in case of fail of the leased line dial backup service is necessary. Another configuration needed will be NAT in the router to save IP addresses due to the addressing scheme used in the LAN will be a private addresses.
Cabling: The cabling standard used will be EIA/TIA 568-A (UTP) cat 5e with the R J45 connector as we know this standard defines a hierarchical cable system architecture, in which a main cross-connect (MCC) is connected via a start topology, the reason for having a 'Standard' is to define a method of connecting all types of vendors voice and data equipment, over a cabling system that uses a common media, common connectors and a common topology. This means that a building can be cabled for all its communications needs without the planner
or architect ever having to know what type of equipment will be used. the cabling need to be
certified with the correct calibrated instrument before perform any device connection with it and this certification is about the distance that it maximum allowed is 90 meter for horizontal cabling, Insertion loss, Near end crosstalk, Propagation delay, Attenuation to Crosstalk Ratio – Near End and others parameters. The cabling running through the building need to be identified in order to isolate network fails and to keep a good practice of a well organized job.
Servers: In today’s downsized environment the File Server is usually set up to allow a System Administrator to have total control over the system. This means that the Systems Administrator usually functions as the administrator, security officer, programmer, capacity planner, quality assurance group, and the change 5
control group. In other words, at this time in the deployment of Client/Server applications, one individual usually has total control over all the data files. In the proposed network we will set two servers one of them will act as a: email server, application server and web server the other one will act as a file server to save all document and all data generated by the different department each one will have 2TB of data capacity in order to avoid congestion and to make sure all of them work smoothly. In servers the Administrator has the responsibility of create account assign temporary passwords and set the appropriate privilege to all users as example only HR director can modify the job description of a position, users from the mayor office will not going to have that privilege. Another advantages of all this new system is that will give reliability at all the process when may be a legal issue it’s been discussing in a court or any kind of legal forum.
Scheme Addressing: The scheme addressing used will be an IP dynamic addressing where the address usually is written in dotted decimal notation, for example 220.127.116.11 that means that host 7 is on network 18.104.22.168; stations in an IP environment are call host. The term dynamic means that a DHCP will assign the address automatically that means that client dynamically request configuration parameters from servers, the DHCP goal is that clients should require no manual configuration and the Administrator should not have to enter any per-client configuration parameters into servers. All of this means that the DHCP server assigns an IP address to a client for a limited period of time. The private IP addressing will be the method used for the network in this kind of addressing the Administrator assigns to internal network and host without any coordination from an ISP or the Internet Assigned Numbers Authority (IANA). An ISP or the IANA provides public addresses for web servers or other servers that external user access. One 6
advantages of private network numbers is security, private network numbers are not advertised to the Internet in other word private address do not advertise to the Internet because they are not globally unique and that’s why a security in private addressing improve. This addressing scheme makes easier to change the ISP in the future, by the way if private address is used the only address changes required are in the router or firewall providing NAT services. The Network address translation (NAT) is an IP mechanism for converting addresses from an inside network to addresses that are appropriate for an outside network and vice versa.
Switches: The use of this devices for this network is essential as we know switches are devices that operate in layer 2 of the OSI model, the network will have two Cisco switches each one with 60 port with gigabit capacity with cut-through processing, in cut through switches they quickly look the destination address (the first field in LAN frame), determines the outgoing port and immediately starts sending bits to the outgoing interface. This is one of the reasons that switches offer lower latency than traditional bridges. The other advantages of these devices are that switches are that they can make partitioning in LANs without incurring in latency associates with bridges; they behave as a bridge except that they are faster. Another advantage is that to avoid excessive broadcast traffic switched networks can be segmented with VLANs and at the same time we make the network more secure and less congestion. Switching alleviates congestion in Ethernet LANs by segmenting into multiple collision domains, this reduce traffic on each segment and increase available bandwidth.
Software: Electronic Mail, File Sharing Access, Groupware, Web Browsing and Microsoft Dynamics solutions that will be the software used to handle multiple tasks inside the city hall operation. Why use this? Because Citizens are becoming more 7
vocal in their demands for better services that are more citizen-centric. At the same time, government agencies are faced with more limited public funding and requirements to show greater accountability in managing these limited resources, this software will help us manage finances, human resources, citizen relationships, funds and grants, and service delivery—all with a low total cost of ownership. Every day, these tools are used by government organizations to provide more effective services with greater accountability.
Increase efficiency and effectiveness •
Gain real-time insight into organizational information and metrics for
better decision-making. •
Streamline and automate critical processes to free up time for value-
added work. •
Integrate data and streamline information flow across different
systems, departments, and agencies for greater collaboration. •
Enable regulatory compliance through accurate fund and account
Effectively manage your most valuable asset—people •
Simplify the management of employee data, payroll, benefits, and
Comply with employment-eligibility and injury-reporting requirements.
Provide employees with security-enhanced Web access to human
resources (HR) and payroll data.
Increase citizen satisfaction •
Gain a holistic view of citizen interactions across multiple
communication channels. •
Improve response to citizen requests with centralized databases and
automated follow-up tools. 8
Enable one-stop citizen self-service through Web portals.
Increase ability to analyze service trends and respond quickly to
changing constituent needs. •
Conduct targeted community outreach with comprehensive
Company Background The City Hall of Patillas is located in the middle of Patillas town with a total of about 400 employees including all employee that their works is completely out of the office or running through all the city and as we all know the main reason of it is bring services to over twenty two thousand habitant and others that come from other places as tourist, contractors, attorneys, physicians and others. At this time the Patillas City Hall do not have any web page it’s depend for information of www.leonespatillas.com but we planned to register a new domain www.patillaspr.gov totally independent from the first mentioned web. In the new projected web people will get information historic information from the town, can apply for public job, will make transaction as pay any debt of taxes or any other, they can fill online document as document needed to start a new business, they will print other necessary document to perform any public transaction without need to go physically to the city hall. At this time the infrastructure available in this city hall is basically none they just have 15 terminals in the complete building as example and is true people from the CRIM office share a computer for almost 4 employee to perform their duties, people from the tax fundraising office only have two terminals with one printer to assist hundred of business people weekly to get their patent, pay their taxes and others efforts. The other critically aspects of all this is that data generated by them are saved locally in the workstation, where people can change document without left any trace, they don’t log in with usernames and passwords in other words they still in the 1980’s. The only offices that use Internet is Finance, the mayor office and the Head Start office that is in the main building and the federal government require head start to have Internet service, but all this offices don’t save data in any special storage they saved locally and don’t backup anything. The 10
finance office use an old software that at this time nobody knows how is called to perform their duties and they work in a ineffective environment, because the physical aspects is not good, we can observe an old cat-5 cabling running through any place without be well organized in order to preserve a good place for work and create a favorable work environment. At this time the IT department is represented by an outside contractor of only one people who come to the offices when some issues with the workstations are reported. The main departments of the city hall are: Finance, Human Resource, CRIM, Head Start, Civil Defense, Housing Department and Tourist Office, those department need changes in the way they operate due to they use a load of procedure manually and this creates slow and poor services to the general public and cause that inefficient service in all aspects. We can thing that this new system will fix the 100% problems of the Patillas City Hall, but in the way we implement the new system we will see favorable changes in all aspects because there is no way that operation in public office get worse with the new system. A this moment and the information collected in a visit to the Patillas City Hall 72 employees need a computer to perform duties that’s means that they are needing a complete new system to really put them in the century 21 during the visit we observe that the most complete office with workstation (4) is the Head Start office due to the requirements of the Federal government to be committed with a services to the little’s.
Justification of Project The new project will be justified due to inefficiency observed in process due to lack of technology use creating this poor service to the public, some benefits of the new project will be: Increase Revenue and profit for the city, Improve communications with other government branches and the general public, Modernized an out dated technologies, Improve security and reliability in city hall operation, Offer better customer support, Offer new customer services, Move to a global-network business model, Reduce telecommunications and networks costs including phone service payment, due to in order to make a phone call to San Juan the employee can send an email, other example of cost reduction is the capacity of Video Conference, may be a meeting with the Governor in the Old San Juan can be accessed by video conference saving cost in fuel, time and employment efficiency due to when meeting finished they can perform other duties instead of be driving from San Juan to Patillas and vice-versa. Fax services can be partially eliminated with a copier with the capacity of be connected to the LAN where employee will scan a document and send it through his email and there is not paper wasted, more secure communication and a document that will go directly to the destination without fear that any person will get access may be to a confidential document. Another benefits is that the HR department will have absolutely control of the confidential document as: employee position, salary, disciplinary actions, any health condition, contract time, and a complete list of all employee with all the information as: date hire address, nuclear family, phone numbers, days of vacation balance and more. Finance department can has all this information too including salary increase, position salary, money pay in overtime, purchase order information, money pay in all expenses including all contractor that make business with the municipality, this 12
will help them with Contralor Office auditing due to everything will be accessible all the time and there is no need to go to search in an old box document that may be get lost or get damage creating writing observation by the Auditors or even worse be cited by the court.
PUERTORICO GOVERNMENT US FEDERAL GOVERNMENT PUERTO RICO TAX PAYERS
The project will be realized with public fund that come from American Recovery Act, Puerto Rico government support with funds the project from a special assignment and Puerto Rico tax payers from sales tax funds . The risk of this project is the burocracy of government that sometimes act as a firewall by themselves and by general public, but now thinking in the new government philosophy of process automation it is alienated with Central and Federal government, so the first risk was the funds consignation, but at the same time is a project that President Barack Obama is pushing to states and US territories. The other risk is that employees and syndical leadership begins to rise messages that this is for employment reduction or privatization of the services
Network Preparation Name of new solutions or applications 1) 2) 3) 4) 5) 6) 7) 8)
Electronic Mail File Sharing Groupwise Microsoft Dynamics Web Browsing OS Windows 7 Pro. Windows Server 2008 Office 2007
Proposed Network : As described the proposed network will consist basically in over 72 new workstations, two Cisco switches each one with 60 ports for network future grow, two servers that will be use for data storage, web server, apps server, email server. The old building cabling will be replaced totally for a new one, a new web page will be available for general public where people can perform certain type of transaction to save time and money to them. The Finance and HR departments will use Microsoft Dynamic software in order to increase employee’s productivity, better and fastest services this software features were described in previous page. New Cisco Router will connect our network to the leased lines of the Telco infrastructure the company and it will provide a T1 service to the new City Hall network.
1) Workstations: The workstations will use 64 bits Windows 7 professional with
2GB of RAM memory an Intel dual core processor, Video card of 256mb and a HD of 80GB 2) Switches: The Cisco AS5350 universal gateway is a one-rack-unit, two, four, or
eight T1/E1 gateways that provide universal port data, voice, wireless, and fax services on any port at any time. The Cisco AS5350 offers high performance and high reliability in a compact, modular design. This cost-effective platform is ideally suited for Internet service providers (ISPs) and enterprises that require innovative universal services. The Cisco AS5350 supports widely deployed routing protocols, including those generally found in high-end access servers and routers (that is, Border Gateway Protocol Version 4 [BGPv4], Open Shortest Path First [OSPF], Enhanced Interior Gateway Routing Protocol [EIGRP], and Intermediate System-to-Intermediate System.
3) Cisco Router 2811: The 2811, a compact platform, delivers multiple services – including state full firewall, NAT and hardware-based intrusion detection (IDS) – along with high-capacity WAN transport, obviating the need for multiple separate appliances. It deliver a full telephony services including Cisco Call Manager and this router can sustain 2 T1bidirectional WAN data traffic.
4) Servers: For this task we choose a Dell Power Edge server T710 we choose Dell due to they are a well known vendor with discount to some public institution we are going to give 50MB to each employee for storage purpose, the OS Windows Server 2008 will be keep separately from the files, this will protect the files if OS has to be reinstalled. The staff of director and the mayor will have 2GB 15
of data for storage. The feature of this servers are: Windows Server 2008 OS, two hard drive of 500GB each configured in RAID 1(mirroring). The DellTM PowerEdgeTM T710 offers customer-inspired usability with excellent system and image commonality. The PowerEdge T710 features a clean, logical layout of components and power supply placement for quick installation and simplified deployment. An interactive LCD provides system health monitoring, alerts and control of basic management configuration from the front of the server. A built-in AC power meter and ambient temperature thermometer can be monitored from the LCD without software tools. With up to 16 hard drives and up to 144GB of memory, the Dell PowerEdge T710 is ideal for large capacity computing. A customer inspired design provides excellent system commonality along with a clean, logical layout of components and power supply placement for quick installation and simplified deployment.
Scalability Goals: The scalability means how much growth a network design must support. In
the proposed system for about 72 users adding about 4 printers one copier, it will support about 80 nodes and we select switches with 60 ports each one that will give us over 40 port free for future growth, a T1 Internet services enough to run videoconference and support a load of users connected to the internet, our router has capacity to connect two T1 connection that let administrator increase bandwidth in case of a higher demand by the network and users, the router also has capacity for future VoIP network. The servers with capacity each of 1TB and OS server 2008 make sure any future growth for this network with memory capacity of 18 DIMM slots of 1GB to 16GB DDR3. Analyzing the proposed network design it should be able to adapt to increases the network uses and scopes. Availability Goals: Refer to the amount of time a network is available to users in the presented
case the, the proposed network will be available most of the time due to the operation of the city hall is about 7:30 am to 5:00 pm. The backup will be performed at weekend on Saturday in a short period of time this will give us the commodity that the operation of the government is practically cero on weekends and no interruption for personnel duties will be necessary only outside users can observe interruption in the web page in about 6 hours in a year giving 99.9% of availability for them. Unless and power failure occur or a mayor rupture the network for employees will be 99.9% available. Performance Goal: When analyzing technical requirement and planned infrastructure we can
say that this system will meet the goals of the expected performance. Bandwidth will be a T1 with 1.544 megabits per second Depending on what they are doing; a T1 line can generally handle quite a few people. For general browsing, hundreds of users are easily able to share a T1 line comfortably. The total capacity in use will be moderate due to city hall employee no need to be online 100% to do their jobs. The maximum of utilization will be under the system capacity and no network saturation is 17
possible. Throughput is the average rate of successful message delivery over a communication channel in this new system analyzing the complete infrastructure we can predict that this goal will be meet due to the complete system is an updated one.
Security goals: One or the most important goals is security, our system will have a border
router that will work as firewall at the same time of provide connection with our ISP. VLAN’s between departments implemented provide another way of security, an anti-virus is another tool to improve security. Client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP or protocols.
Administrative Goal: The network administration will be performed by two help desk personnel they will work with new accounts, security, and system performance. At the same time they have to make sure that system use is according to the policy and they need to watch for backup, storage and documentation.
Use goal: LAN will increase the efficiency of workers by letting them exchange data and by eliminating redundant effort three of the most common benefits for the proposed network are: increased efficiency, improved communications and lowered costs. Users will have prohibited download software with copyright infringement, download executable programs, destroy any hardware or software, printing files not relates to their jobs as example print a picture of Jennifer Lopez or other. System administrator have to encourage the well use of the network if those policy are clear and communicated to the personnel the use goals will be accomplished.
Adaptability goal: The technology used in the new system will let us incorporate any elements without making hard to implement as described the hardware uses 18
are with capacity to incorporate new elements as VoIP, increase the capacity of storage, capacity of add more nodes to the network, the addressing scheme let us the flexibility to change the ISP at any time.
Cost goal: The cost goal need to be achieved to avoid detractors of the system be opposed,
the time will tell if money used will return in benefits, but in places as the city hall of Patillas there is no way to be worsen because there is no present any kind of technology, and all money expenses will result in benefits as: reduce corruption, increase the taxes revenue, reduce paper use, fastest services, mobility outside the building will be reduced, reduce the use of faxes and telephone lines, communication between personnel. Warranty goals: This will be achieved due to new system will be validated, tested and may be
modified before take place, people will be trained and educated in the use of its.
Network Planning: The network planning will take place in a building of 96 feet of length 80
feet of width and 45 feet high, where the gross of the work take place in the first floor, the second floor is used for municipal legislature when meet all Wednesday at night. The hardest work identified is the cabling phase due to this is an old building with areas where the cabling activity will be difficult because when this building was designed this technology was not available. The targeted time to finish the project will be 10 month.
Activity Design Cabling Hardware&Software Configuration System Validation Training
Approximated time 3 month 1.75 month 1month 2 weeks 1.5 month 1 week
Comments 1 certified technician 5 Outside contractors 2 certified technician 2 certified technician 4 certified technician 2 outside contractor
Different system phases Phase
t r a h c w o l F
Co nf igu rat ion
Validat io n
En dof P ro ject
Project Approximated Cost Design Router 2800 series 2 Cisco Switches AS5350 Hardware Configuration Software Licenses Cabling 2 Servers Validation Training Total Cost
$7,000 $1,899 $8,997*2= $17,994 $4,500 $27,000 $35,000 $14,800 $15,500 $12,300 $135,993
Network Design Plan: The network design plan is one oriented to the client/server with a flat architecture or topology with private addressing scheme an example of a private address is 10.2..1.2 and the default subnet mask of 255.255.255.0. The network will be segmented logically and with VLAN’s the switching configuration will have the VLAN’s and spanning tree protocol to avoid switching loops this is used to avoid network loop and allow redundancy, remember that layer 2 devices forward all broadcast by default. The proposed network will support multicasting for video conference purpose Multicast is a different beast entirely At first glance, it appears to be a hybrid it allow multiple recipient to receive messages without flooding the messages. Multicast work by sending messages or data to IP multiple group addresses. Routing process will use OSPF as routing protocol the RP gathers information about available networks and the distance or cost to reach networks. In addition to directing packets, a router may be responsible for filtering traffic, allowing some data packets to pass and rejecting others. Filtering is a very important responsibility for routers; it allows protecting computers and other network components from illegitimate or hostile traffic. Strategic for the network management is use a software call SOPHOS this product will let us to get the level of protection we need with high-capacity, high-availability gateway and groupware email security and data protection via anti-malware, anti-spam and data loss prevention technology, level of protection you need with a choice of endpoint security solutions that keep you protected against the latest threats, reduce the impact on your users, block web threats at the gateway, prevent phishing and create and enforce acceptable internet use policies to provide essential safeguards for data loss and protect your confidential information and ensure regulatory compliance with a range of encryption products that deliver policy-based security across mixed environments and operate transparently to your users. Administrator will be in charge of write the policy and make sure the proper use of the system.
Note: Firewall is a Cisco Router
This is the proposed network design with redundancy between switches, the network computers are identified by department and each one will be a separated VLAN’s. and logically segmented by private IP addresses.
Annotated Bibliography: Cisco − Improving Security on Cisco Routers Cram Session CISCO CCNP Managing Network Security. Cisco CCNP Routing Study Guide A lot of readers may already be familiar with Cisco and what it does. However, those of you who are new to the field just coming in fresh from your MCSE, or maybe even with 10 or more years in the field but wishing to brush up on the new technology, may appreciate a little background on Cisco
THE EASY GUIDE TO DATA AND VOICE NETWORKING Here’s a strong candidate for the most important word for the 21st Century. The word is Convergence. It’s important because it will bring about one of the most subtle, yet profound changes in our modern way of life. Almost since its invention, the telephone has been a standard piece of equipment
IP Network Design Guide Martin W. Murhammer, Kok-Keong Lee, Payam Motallebi, Paolo Borghi, Karl Wozabal
Encyclopedia of Networking 2 nd edition by Wernel Feibel As in the first edition, I’ve tried to make this Encyclopedia a comprehensive source of information. about matters relating to networking. I’ve also tried to present the information in a clear and useful manner
ROUTER SECURITY CONFIGURATION GUIDE This document is only a guide to recommended security settings for Internet Protocol (IP) routers, particularly routers running Cisco Systems Internet Operating System (IOS) versions 11 and 12.
TCP/IP TUTORIAL AND TECHNICAL OVERVIEW OF IBM 7nd edition John Katrel, John Karas, Adolfo Rodriguez The TCP/IP protocol suite has become the de facto standard for computer communications in today’s networked world. The ubiquitous implementation of a specific networking standard has led to an incredible dependence on the applications enabled by it. Today, we use the TCP/IP protocols and the Internet not only for entertainment and information, but to conduct our business by performing transactions, buying and selling products, and delivering services to customers. 24
CISCO ROUTER HANBOOK George Sackets
We have all heard the saying "It’s what’s inside that counts" at some point in our lives. In the world of networking Cisco Internetwork OS” CCNA STUDY GUIDE Since its inception, the Cisco Certified Network Associate program has established itself as the premier internetworking certification. Sybex is proud to have helped hundreds of thousands of CCNA candidates prepare for their exams in recent years, and we are excited about the opportunity to continue to provide individuals with the knowledge and skills they’ll need to succeed in the highly competitive IT industry.
Routers and Routing Basics, Wendell Odom & Rick McDonald Cisco Networking Academy Program 2008 v3.1 Cisco Networking Academy Program First-Year Companion Guide Top-Down Network Design Priscilla Oppenheimer Windows 7 Bible Jim Boyce www.cisco.com
www.ieee.org CCNP Switching Study guide Cisco IOS Access List Dictionary of Networking Cisco Designing Network Security CCNA 2 Module 1 WAN& Routers