OVERVIEW:
The Washington School District is implementing an enterprise-wide network to provide data connectivity between all the schools in the district as well as the administrative offices and the District Office. Three regional hubs are located at the District Office, the Service Center, and the Shaw Butte Elementary School. While each individual school site operates as a separate local area network (LAN), the District Office retains total management over the entire school district through a wide area network (WAN).
OBJECTIVES:
- Provide Connectivity via a Wide Area Network (WAN) to the entire school district.
- Implement LAN at local schools
- Provide Internet Access to all nodes
- Provide an Administration andCurriculum LAN
- Allow up to7-10 year life, with a 100% growth in the Local Area Networks (LANs) at each school
- Obtain a minimum of 1.0 Mbps to any host computer in the network and 100Mbps to any server in the network
- Implement TCP/IP
Provide a series of servers to facilitate online automation of all the districts administrative functions and curriculum functions including an automated library information and retrieval system for curricular research purposes.
Security measures include a double-firewall implementation for all Internet-exposed applications. For additional security, the network is divided into three logical networks-Administrative, Curriculum and External and there are separate LANs for Administrative and Curriculum at each school site and the District Office.
LOCAL AREA NETWORK:
Two LAN segments will be implemented in each school and the District Office. The transport speeds will be Ethernet 10BASE-T, 100BASE-TX, and 100BASE-FX. Horizontal cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity to accommodate 100 Mbps. Vertical cabling shall be CAT5 UTP or fiber optic multi-mode cable.
One LAN will be designated for student / curriculum usage and the other will be designated for administration usage. The LAN infrastructure will be based on Ethernet LAN switching. This will allow for a migration to faster speeds (more bandwidth) to the individual computers via MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications.
In each location a Main Distribution Facility (MDF) room will be established as the central point to which all LAN cabling will be terminated and will also be the point of presence (POP) for the Wide Area Network connection. All major electronic components for the network, such as the routers and LAN switches, will be housed in this location. In some cases an Intermediate Distribution Facility (IDF) room will be established. The IDF will service its geographical area and the IDF will be connected directly to the MDF in a Star or Extended Star topology.
Each room requiring connection to network will be able to support 24 workstations and be supplied with four (4) CAT 5 UTP runs for data, with one run terminated at the teacher's workstation. These cable runs will be terminated in the closest MDF or IDF. All CAT 5 UTP cable run will be tested end-to-end for 100 Mbps bandwidth capacity. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; i.e. data hubs and switches. From this location data services will be distributed within the room via decorative wire molding. Network 1 will be allocated for general curriculum usage and network 2 will allocated for administrative usage.
THE LAYER TWO TOPOLOGY:
The two segments to be implemented will be constructed in such a way that one, the student/curriculum will not be able to access the other, teacher/administration. However, the teacher/administration segment will have access to the student/curriculum segment. This is because the network will have a VLAN implementation where the switches will use port-centric VLANS and two router Ethernet interfaces, one for each VLAN, will be connecting to two different switch ports, each with different VLAN assignments, so communication between VLANs can occur through the router. These VLANS will be VLAN (1) for the teacher/administration segment and VLAN (2) for the student/curriculum segment and both will have IP addresses of different subnets. In the router, so that the student curriculum will be denied access onto the administration segment, an extended access control list will be utilized. Each workstation's Network Interface Card(NIC) will be able to support 10 or 100 mbps and will be auto-sensing for full duplex and half duplex transmissions. Server Network Cards should be able to support up to 100 mbps and be auto-sensing for full of half-duplex as well. All other networking devices will be able to support up to 100 mbps as well and uplinks for the backbone should be able to support up to 1 gbps.
The types of switches that will be utilized in the LAN will be the catalyst 3500 series Gigabit Ethernet Switches. These will be able to implement the VLAN requirements of the network and support the speeds that will be required when the network is in place and also in the future. The MDF will have a 48 port switch and the IDF a 12 port switch.
Also since each school require 250 computers for the student/curriculum segment and four runs of cable to each classroom, we have to assume that 10 rooms will need to be designated as classrooms. The administration department will need to facilitate 75 members and will be arranged in cubicles with only one or two offices. The classrooms, needing four runs of cable each, will utilize 40 switch ports and the administration 12 ports, since it will have 12 runs of cabling total and will be distributed to the individual areas via hubs, with a maximum of six hosts on a hub, or at a telecommunications outlet.
These routers will be able to implement the VLAN and provide the features to allow for a fast WAN connection to the hub location. The two ethernet interfaces will connect to the switch each interface being on a switch that have different VLAN assignments(see Layer two topology above). The serial interface will then connect to the Point of Presence(POP) and out the WAN backbone to the hub location. The router will logically segment the LAN into two separate broadcast domains. That is, with the use of the VLAN implementation and the router being the main point of contact between VLANs we can now segment our LAN so that a broadcast from one host will not affect other hosts that don't need to see it. These two Broadcast Domains are the student/curriculum and the teacher/administration and with this segmentation not only will the students activities not affect the performance of the administration but security will also be enhanced. The IP addressing element will so be that the ethernet interfaces on the router will have ip addresses representative of the logical segment created by the VLANs. The student/curriculum computers will obtain ip addresses from a DHCP server on their segment, while the teacher/administration segment will have static ip addresses. The router will then be configured with an extended access control list that will deny hosts from the student segment onto the teacher/administration segment.
MAIN DISTRIBUTION FACILITY (MDF):
The Main Distribution Facility will be the central point of the LAN in each location. The point of presence (POP) will be located in the MDF. All LAN cabling will terminate in the MDF. All the major electronic components for the network will be housed in the MDF or IDF. A patch panel is required for the vertical cross connect to the IDF(s).
Rack mounts for the MDF
INTERMEDIATE DISTRIBUTION FACILITY (IDF):
A star or extended star topology will be utilized in connecting the IDF(s) to the MDF. An IDF will be established wherever horizontal cabling lengths exceed EIA/TIA recommended distances or wherever other site conditions might dictate. CLASSROOMS AND ADMINISTRATIVE OFFICES:
There will be 250 Curriculum computers and 75 Administrative computers in each school. Each classroom supports 24 workstations. Each classroom will have 4 CAT 5 UTP cabling runs, with 1 of these runs terminated at the teacher's workstation. Each classroom will have a separate wiring point of presence consisting of a lockable cabinet that will contain all cable terminations and electronic components. From this cabinet, cabling will distribute to the individual hosts via decorative wire molding.
WIDE AREA NETWORK (WAN) REQUIREMENTS:
The Acacia WAN will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will be based on a two-layer hierarchical model. Three (3) regional Hubs will be established at the District Office/Data Center, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations will be connected into the WAN core Hub.
TCP/IP will be the networking protocol used to traverse the district WAN. All other protocols will be filtered at the individual school sites using access routers. Access to the Internet or any other outside network connections will be provided through the District Office/Data Center through a Frame Relay WAN link. For security purposes, no other connections will be permitted.
WAN OVERVIEW:
The WAN will be based on a 2-layer hierarchical model:
Regional hubs
Local school sites
Three regional hubs will be established to form a fast WAN core network:
District Office
Service Center
Shaw Butte Elementary School
A router will be installed at each WAN core location , i.e., each regional hub. The regional hubs will be connected to each other via four Frame relay 128k data lines in order to provide point-to-point connectivity. The regional hubs will be connected to their respective school sites by Frame relay 128k line in order to provide point-to-point connectivity. Schools will be connected into the WAN core hub based on their proximity to the three respective hubs. The network design will allow 100% growth in WAN throughput. One Frame relay 128k data line will connect the District Office external firewall router to the Internet. The Community School connected to the Shaw Butte regional hub will access the district WAN via ISDN.
WAN NETWORK MANAGEMENT:
A network management host will be established at the District Office and will have total management rights over all devices in the WAN and LAN networks. Each regional hub will house a regional network management host to support its area. The District Office will maintain the user passwords for all WAN and LAN network devices. Any configuration changes on routers and LAN switches must be authorized from the District Office. All routers in the WAN and LAN will point to the network management host for the purpose of downloading new or existing configurations. All routers will have modem connectivity to the Data Center and Service Center for:
Router maintenance
Enforcement of district-wide network administration policies
The management scheme for the data portion of the network will be based on Simple Network Management Protocol (SNMP) standards. The Interior Gateway Routing Protocol will be used to assist in network management.
The networks advertised at each school site must include the curriculum and administration LAN segments as well as the school's external network connection to the district.
A TCP/IP addressing and naming convention scheme will be developed to include:
Hosts
Servers
Network interconnection devices
This addressing and naming convention scheme will be developed and administered by the District Office.
SERVERS:
All servers must have 100 megabits per second (Mbps) connections. All file servers will be categorized as Enterprise or Workgroup type services, and then placed on the network topology according to function and anticipated traffic patterns of users.
DNS AND EMAIL SERVERS:
Domain Name Services (DNS) and e-mail delivery will be implemented in a hierarchical fashion with all services located on the master server at the district office. Each District Hub location will contain a DNS server to support the individual schools serviced out of that location. Each school site will also contain a host for DNS and e-mail services that will maintain a complete directory of all staff personnel and student population for that location. The school host will store all e-mail messages. The update DNS process will flow from the individual school server to the Hub server and to the district server. All regional servers will have the capability to communicate, thus building redundancy in the system in the event that the District server is unavailable.
ADMINISTRATIVE SERVERS:
Each school location will contain an Administration server, which will house the student tracking, attendance, grading and other administration functions. This server will be running TCP/IP as its OSI layer 3&4 protocols and will only be made available to teachers and staff. The server will use domain logon using MS CHAPand allowing only restricted IP addresses. A Proxy server will be a firewall for the administrative server.
LIBRARY SERVER:
The school district is implementing an automated library information and retrieval system, which will house an online library for curricular research purposes. This server will be running TCP/IP as its OSI layer 3&4 protocols and will made available to anyone at the school site.
APPLICATION SERVER:
All computer applications will be housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint , etc are requested by users these applications will be retrieved from the application server. This will provide district support staff with a easy and efficient method for upgrading applications without having to reload new software on each computer in the district network. This server will use TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the school site.
OTHER SERVERS:
Any other servers implemented at the school sites will be considered departmental servers and will be placed according to user group access needs. Prior to implementation of other server requirements analysis must be submitted for the purpose of determining placement of the server on the district network.
SECURITY:
For security purposes, the school district will be divided into 3 logical network classifications:
Administrative
Curriculum
External
This double firewall will have a public network, i.e. Ethernet backbone, established for the following services:
Dell firewall
Domain Name Services (DNS)
World Wide Web server
Two separate VLANs: Curriculum and Staff/Administration
Utilization of access control lists and VLAN's
A user ID and Password Policy will be published and strictly enforced on all computers attached to the administration LAN.
All Internet connectivity will be supplied through the District Office via a frame relay. All connectivity initiated from the Internet to the internal District network will be protected through Access Control Lists. Access Control Lists implemented by district office will be utilized on the routers to prohibit on the administration LAN any traffic from the curriculum LAN. Individual Web servers that need total exposure to the Internet will not be permitted on the internal District network. E-mail and Directory services will be allowed onto both LAN segments and will be able to communicate freely, including on the Internet.
EQUIPMENT SPECIFICS:
The following hardware will essentially solve the issue of equipping the Local Area Network design of the Acacia School Building. After reviewing the Threaded Case Study, we believe that the following hardware will be required:
9 Cisco Catalyst 2924 24-Port 10/100 Switches WS-C2924-XL-EN Switches at the cost of €1,399.00 each / 9 x €1,399.00 = €12,159.00101 10 Base T Hubs at the cost of 49.95 each / 101 x €49.95 = €5,044.95
1 Router at the cost of €3.995.95 / 1 x €3,995.95 = €3,995.95
Category 5 Twisted Pair Plenum Grade Cable at the cost of €224.99 for each 1000 feet. / €224.99
Multi-Mode Fiber Optic Cable (which is available only in sections of 500 feet). / €109.99
8 24 Port Patch Panels at the cost of €116.00 each / 8 x €116.00 = €928.00
Equipment total / €27,844.66