This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Designing a High school network is not just coming up with the physical infrastructure; it involves highly complex considerations and planning which will impact almost every aspect of campus life. The High school campus comprising of three locations has to be networked keeping in mind the fact that they are separated by not more than one kilometre from each other.
Given the requirements, the aim is to design a network which can accommodate three different classes of users with different privileges entitled to them. The expected outcome is to develop a network which has a large Mean time between failures (MTBF).
The initiative is to select appropriate equipments by maintaining a balance between cost, performance and efficiency. The choice of equipments is made by keeping in mind the future requirements. The planning phase will demand the minds of network architect, network engineers, and the requirements of stakeholders who in this case are high school management, administrators, teachers and students. The design phase will involve technicians who will be implementing the planned network. Next phase is the tuning phase where we analyse the performance of the network and the risks involved. These deadlines are to be met,
Laying out network plan
Choice of equipments
Tuning phase & Risk analysis
3 Configuration Management
3.1 Revision Information
Changes from earlier revision
Fix: Moved the firewall to server room
Reason: For safety and management reason
Fix: Replaced the wireless router in plan with wireless access point
Reason: To reduce cost and minimise the number of devices used
3.2 Key Referenced Documents
3.3 Acronyms and Abbreviations
ASA - Adaptive Security Appliances
CAT-5E - Category 5 Enhanced
CPU - Central Processing Unit
EIGRP - Enhanced Interior Gateway Routing Protocol
ISP - Internet Service Provider
LAN - Local Area Network
MTBF - Mean time between failures
SDRAM - Synchronous Dynamic Random Access Memory
SFP - Small form-factor pluggable
SPE - Services Performance Engine
UPS - Uninterruptible power supply
VLAN - Virtual Local Area Network
WAN - Wide Area Network
WAP - Wireless Access Point
WEP - Wired Equivalent Privacy
WPA/WPA2 - Wi-Fi Protected Access
4 Introduction, Overview & Scope
The high school campus has three locations with location 1 and 2 comprising of all the three categories of users, while location 3 accommodates only administrators. Before laying out the network plan, few key underlying principles are to be discussed. Each class of user has different needs, students should be able to access internet, teachers in addition to accessing internet should be able to access student database, while the administrators shall have universal access. Going by the requirement, there shall be diversity in way the three different group use the campus network. Administrators shall be provided with highly secured environment to monitor and manage the entire network. Firewall shall be placed in location where the campus network connects to the external world. This will restrict intruders from accessing the campus network. Security shall be provided within the campus between different class of users by formulating security rules and policies.
Fig.1 System level diagram
The next factor to be taken into account is the bandwidth. By the requirement, the school network will use services like web browsing, E-mail, database transactions, files transfer, sharing printer and network management applications. Bandwidth restriction shall be applied to specific groups to regulate the traffic and to prevent network slowdowns. Servers shall be setup to maintain student records, storing files, formulating access policies, assigning temporary IP addresses, sending/receiving emails and for hosting web page.
5 Project Analysis
5.1 Key Stake Holder Analysis
The building of high school network involves the contribution from school management, network administrators, teachers, students, network architect, network technician and the equipment provider. Of these, school management, network administrators, teachers and students are those who are affected by the outcome of the project.
The School management are the stake holders who are affected in large when the project fails to meet its requirements. Being the source of funds, any failure will cost them in large. Any misuse of network will be the responsibilities of management. Management should set proper access policies for each group of users and see to that there are no violations.
Teachers have to be provided with 24x7 internet access and also should be able to access student records from database. They should be able to communicate with students through e-mail regarding projects and assignments. Teachers shall be provided with logins which can be used on any systems to access their lecture notes, and other important files.
Strong content filtering policies should be formulated for students. Access to sites portraying violence, depiction of drug use, gambling, nudity, and sexual material should be restricted by employing content filters. Access to file storage and sharing websites should be blocked in order to conserve the bandwidth. Students should be able to upload their project work and reports into the database for teachers to evaluate.
Administrators on the other hand should be able to monitor the entire network, formulate security policies, check for intruders, and examine internet traffic. The entire above group can contribute to the success of the project by providing survey result on what they would need and what and how much on an average they might use the network.
5.2 Roles & Responsibilities
To achieve desired results, the stake holders are intended to participate and provide their feedbacks on the right time. These are few key roles and responsibilities of each stake holder,
Stake holders should be precise with their requirements and should inform the network technician about their highest priority.
Should actively communicate with the design team and provide continuous feedback.
Should be able to provide funds at the right time.
Should be easily communicable in order to get things clarified.
Should understand and approve plans as soon as possible.
Should offer assistance of all type to the project team.
Should be ready to hear alternative solutions.
Should communicate to the project team in a timely manner regarding change of requirements.
Should have good faith on the network designers cost estimates.
5.3 Other Constraints & Assumptions
The Internet censorship regime in Australia proposes laws and regulation for internet usage within Australia. According to Broadcasting Services Amendment (Online Services) Act 1999, requires content hosts (i.e.) ISP to delete any content hosted by Australian website from their server (Web, Usenet, FTP, etc) that is declared as "objectionable" or "unsuitable for minors" on receipt of a take-down notice from the government regulator, the Australian Broadcasting Authority ("ABA"). Further State and Territory criminal laws apply to content providers. These laws can enforce prosecution of users who make content available on internet which are declared as "objectionable" or "unsuitable for minors". It is the responsibility of the network administrators to avert such activities within the school network. The school management will be held legally responsible and answerable to the government for any violation of laws.
5.4 Guiding Principles
5.5 Literature Search
The High school network will be built using Routers, Switches, Firewalls, Servers and wireless access points. Routers will be setup at each location to breakdown the broadcast domain. Routers will be used to configure security and access policies. It acts as a default gateway and learns/advertises loop free paths between sub-networks. Data sent by the computer is forwarded to the Router which is the default gateway. The router makes decision of routing the data to different networks. Routers have limited number of ports so cannot be directly used for connecting PCs.
For this purpose switches are employed. A switch is a multiport device which maintains a database of the devices connected to its interface. So it performs the operation of receiving data and forwarding them to the intended user. The High school network will use 48-port switch and 24-port switch depending on the number of devices present. VLAN's will be configured on switch ports to group the three different classes of users. Configuring VLAN for different groups makes it easier for managing devices, enhancing security and segmenting the network at low cost.
Security being the top priority, firewall will be installed between the central router and the ISP to protect the internal network from outside world. Firewall will prevent intruders and unauthorised users from accessing valuable resources. They also provide means of controlling network and application activities.
Web server will be setup for hosting high school website. More powerful the server, the faster it can serve web pages.
Proxy server will filter unwanted contents, block requests made to certain sites and speed up network traffic by caching pages that are frequently visited.
Mail server looks after transporting emails between the users in the campus network.
Application server is dedicated to run specific application.
Database server acts as a centralised storage for maintaining student records and other important files.
FTP server will be setup to enable rapid storage and retrieval of data from the workstations
Wireless Access Point
WAP connects to the existing wired network to provide internet access to wireless device.
6 Specific Requirements
Students are allowed a bandwidth of 1GB per day for web browsing
P2P traffic will have restrictions compared to other traffic types
Teachers will have a bandwidth of 5GB per day for FTP downloads and web browsing
Administrators will have unlimited access
Minimum System requirements
PC with good configuration preferably with Intel processor, 1GB of RAM, Hard disk storage of 80GB, CD/DVD drive, Speakers/headphones.
A high speed broadband internet connection such as DSL or cable
Software solutions like Operating system, Office automation software, Web browser, E-Mail application
Interconnected systems, Interfaces and Protocols:
Routers and Switches must be setup at secure locations and must be inaccessible to students
Printer/Scanner/Photocopier to be setup in each room
Plans & Policies
Create a category of approved users and restrict all other users from accessing school network
Each class of users must be given logins with different usage policies set to them
Student login must restrict them from accessing FTP downloads
Content filtering must be configured to block objectionable/unsuitable sites
Stop inappropriate file sharing and maintain fair network usage policies
Cisco series of network devices shall be used
Servers to be deployed in location 3
Dell desktops preferred
7 Preferred Solutions
7.1 System structure
Fig.2.Overall deployment diagram
System wide specification
Network address allocation
The high school network consists of 3 locations with each location separated by not more than 1000 meters. Each location had different number of users and diverse class of users. Each location is planned to have different network address. Instead of assigning static IP address, the network will use dynamic IP address which will make use of the address space efficiently. For this purpose DHCP pooling is configured on each router located in location 1, 2 and 3. DHCP pooling enables the router to assign IP address only when the PC is powered on.
Cisco 3945E Integrated Services Routers will be used for constructing the high school network. It uses the latest ISR generation 2 technology enabling multicore network processing and supports up to 350Mbps WAN performance. It is designed to offer great energy efficiency with slot-based controls to decrease costs and support sustainability. In addition to this, Cisco 3945 ISR offers enterprise class security features like stateful firewall, Intrusion prevention and content filtering. As we are going to use only Cisco routers, we will be implementing EIGRP as it is scalable, bandwidth efficient and can converge faster than its Cisco companion protocols.
Cisco Catalyst 4948E Switch and Cisco Catalyst 3750 v2 -24TS-S Switch will be deployed for interconnecting systems. Cisco Catalyst 4948E Switch is a 48 port layer 3 Ethernet switch capable of switching at 176Gbps and has a throughput of 131mpps for IPv4 and 110mpps for IPv6. It is IPv6 ready and is compatible with fibre optic technology which will be the future of transmission medium. Cisco Catalyst 3750 v2 -24TS-S Switch is a 24 port layer 3 switch which will be setup in areas where deploying Cisco 4948E switch will be a waste of resource. Three different VLANs for students, staffs and administrators will be configured on switch ports.
Security and Privacy
Security being the foremost requirement, Cisco ASA 5550 Firewall will be setup at the border of the network. Cisco ASA 5550 integrates network firewall, application security and attack protection using intrusion prevention system. In addition to Cisco ASA 5550 Firewall, routers within the network will act as a stateful firewall offering security against unauthorized access within the network. To offer privacy, each class of user will be offered with logins having different level of usage policy.
Allowed but monitored
Email & chat
Allowed but monitored
Modifying system settings
Access to server
To secure the network from physical threat, Surveillance cameras will be operated in locations like operator room, administrator room and server room.
All the devices used in the network come with warranty and will maintain a MTTF. In order to offer uninterrupted operation, all devices will be given uninterrupted power supply. Server racks will be fitted with temperature and humidity sensor to check temperature and control the In-row cooling system. Servers will be fitted with backup drives for disaster recovery and migration solution.
7.2 Block Characteristics
7.2.1 Location 1
Fig.3.Deployment diagram for location 1
Location 1 must accommodate 65 PC's which comprises of 20 teachers, 5 administrators and 200 students. We must also layout printers and wireless access points wherever necessary. Keeping the future needs in mind, two 48 port switches will be needed to satisfy the needs. Further the location 1 has two labs and two staff rooms. Both lab 1 and lab 2 will accommodate 20 PC's each. Cisco Catalyst 4948E Switch will serve the purpose of interconnecting these 2 labs. Staff room 1 will have 10 PC's exclusively for teachers while Staff room 2 will have 10 PC's for teachers and 5 PC's for Administrators. Another Cisco Catalyst 4948E Switch will be setup for interconnecting the staff rooms. Router_location1 will be configured for DHCP pooling for an address space 10.0.1.1 to 10.0.1.100. Wireless Access points are placed at the junction of two rooms to provide uninterrupted wireless internet access.
7.2.2 Location 2
Fig.4.Deployment diagram for location 2
Location 2 must accommodate a total of 100 PC's which comprises of 30 teachers, 10 administrators and 300 students. We must also layout printers and wireless access points wherever necessary. Keeping the future needs in mind, two 48 port switches and one 24 port switch will be needed to satisfy the needs. Location 2 has three labs and two staff rooms. Lab 1, 2 and 3 will accommodate 20 PC's each while Staff room 1and Staffroom 2will have 15 PC's exclusively for teachers and 5 PC's for administrators each. Devices in lab 1 and 2 will be interconnected using Cisco Catalyst 4948E Switch. Similarly devices in lab3 and staff room1 will be interconnected using another Cisco Catalyst 4948E Switch. Staff room2 will connect to the network by using Cisco Catalyst 3750 v2 -24TS-S Switch. Wireless Access points are placed at the junction of two rooms to provide uninterrupted wireless internet access.
7.2.3 Location 3
Fig.5.Deployment diagram for location 3
Location 3 is a dedicated facility for administration. It must accommodate 15 administrators and 6 servers. Keeping the future needs in mind, two 24 port switches will be needed to satisfy the needs. Location 3 has admin room and a server room. The Edge Router, Firewall and Servers are installed in server room. This facility is secured and none of them except for administrators have access.
8 Risks, Opportunities, and the Test Plan
8.1 Risk Analysis & Elimination
Will result in loss of data and may even lead to hardware failure
Installing UPS, surge protection and power conditioning
Will cause the server to crash and become unresponsive
Deploying InRow Direct Expansion cooling system
Will result in loss of valuable enterprise data
Using backup drives and taking backups regularly
Will require re-configuration of device
Taking backup of the router/switch configuration file
Network Security threats
Will lead to compromise of confidential data
Configuring stateful firewall in routers and deploying a dedicated firewall at the edge of the network
Will lead to compromise of confidential data and loss of resource
Installing surveillance cameras in important areas
Affects system files and causes it to malfunction
Installing latest antivirus/internet security solution and updating it on regular basis
Insufficient user knowledge
Loss of time and high school resources
Educating the user
Use of network for illegal activities
Raises question about management, worst case banning of the high school
Using network monitoring tools
Activities beyond academic curriculum
Will have negative impact on students and may spoil the school's reputation
Setting up strict usage policies and content filters
Technological equipment installed in school campus may generate job opportunity for job aspirers specialized in that field. This will in turn contribute to the development of high school. Routers and switches installed in school campus can be used for educational purpose in the future. A good network design may add to healthy contest among various competitors.
8.3 Testing Considerations
Developing a good product not only involves innovative design and use of best technologies available in market. A good product is a result of testing under various circumstances. Before actually implementing the network physically, initial ideas can be tested using network visualization software solutions to create virtual network topology. One such solution is OPNET IT Guru which allows testing of network by providing tools for constructing the network virtually and testing the virtual network to study various useful statistics like throughput, queuing delay, packet loss, utilization of each link in the network. Once the pre design test is concluded, the physical network can be built. Most of the tests are automated and only few require human intervention. Regardless of the type of testing, the conducting staff must have sufficient knowledge about networking and may require expertise in areas like router, firewall, networking protocols depending on the nature of test.
8.4 Test plans
Purpose & Implementation
Network Connectivity test
This test examines IP-level connectivity. Ping command is executed on host device to test the connectivity. It sends ICMP data packet to the network address specified and lets us evaluate response time.
Packet loss test
This tests network latency and network loss between two nodes. Pathping command can be used for this test. It can identify the degree of packet loss at any router/link and can also determine which router/subnet has network problems.
This test calculates the amount of data that can be transmitted on a test link for a given time. Many throughput testing softwares are available in market one of which is TTCP. It transmits several TCP packets continuously and measuring the time elapsed for the packets to travel from one end to the other.
Network/ Vulnerability scanning
This test scans for vulnerable services running on host devices and identifies any deviations in organizational security policy. Port scanning softwares like nmap may be employed for this testing.
This test attempts to break through the security of the network based on the understanding of network design and techniques used by attackers. It identifies weak spots in the network and brings it to the knowledge of network analyser. As this test simulates an attack and makes use of tools and techniques prohibited by federal laws and regulation, permission for conducting this test must be obtained.
9 Project Management
9.1 Resource and Skill Acquisition
Days to learn
Conducting training and seminars
Configuring network devices
Class room with training sessions
Routers, switches, WAP etc
Setting security & access policies
Class room and training sessions
PC with operating system installed
Installing hardware & software
PC with operating system installed
Network monitoring & management
PC with packet sniffing/analysing software installed
Class room with training session
PC with operating system installed, Network devices
9.2 Configuration Management Plans
Configuration management involves studying the current configuration of the network, making changes to the configuration whenever required, and maintaining the reliability and be able to trace the changes in configuration throughout the lifecycle of the network. It requires backup of network devices configuration files on a regular basis. As this is a new network, it is the duty of us to backup the configuration and make it available for future use. These configuration files can be used restore the devices back to operating condition in case of failure.
Steps in configuration management:
Configuration identification: It involves identifying network components whose configuration has to be managed followed by creating identification scheme to uniquely identify each component
Configuration change control: It involves identifying which component requires changes documenting the changes in network. It also identifies who controls the changes to the network
Configuration status accounting: It basically maintains record of all configuration changes and components affected by the configuration change
Configuration reviews: Reviews will be done on regular basis to check the integrity for the configuration status accounting information
9.3 Cost Estimates
Cisco 3945E Integrated Services Router
Cisco Catalyst 4948E Switch
Cisco Catalyst 3750 v2 -24TS-S Switch
Netgear Prosafe Wireless-N Access Point
Dell Inspiron One 19 Desktops
Dell PowerEdge T410 Server
HP LaserJet Enterprise P3015x Printer (CE529A)
Belkin 24-Port CAT5e patch panel
RJ45 CAT5E Straight Ethernet LAN Network Cable
Cisco ASA 5550 Firewall Edition Bundle - Security appliance
Open Frame Racks
InRow Direct Expansion Cooling System (for servers)
NetBotz Rack Monitor 450 (with 120/240V Power Supply)
APC Temperature & Humidity Sensor
NetBotz Camera Pod 160
APC Smart-UPS 5000VA 230V Rackmount/Tower
Network planning and design cost
9.4 Time Plan
Learning needs of stakeholders
Identifying requirements & collecting data
Designing virtual network and simulating
Network topology ready
Choice of equipment & Cost analysis
Ordering and receiving equipments
Laying out physical network
Testing physical network
Fine tuning performance
Network ready for use
10 Conclusion & Recommendations
The campus network has been designed with requirements specified by stakeholders and extensive market research. The network has been built with latest devices and technologies to extend the usable period. Options for extending the existing network are made keeping in mind the future needs. Staffs have been instructed about using equipments and provided with necessary documentation. It is recommended to follow the guidelines given in documentation for making in configuration changes.