Transcript document

ACACIA
Threaded Case Study
Presented By:
Louise Maguire,
Caroline Kearney,
Peter Honeyman,
Michael Mctague
ACACIA
Threaded Case Study
 Overview
 Objectives
 Local Area
Network
 Wide Area network requirements
ACACIA
Threaded Case Study

Security
 Servers
 Equipment
 Cabling
 Layout
 Wan addressing
 Vlans
 Access control lists
Acacia Objectives
 Provide Connectivity via a Wide Area
Network (WAN) to the entire school district.
 Implement LAN at local schools
 Provide Internet Access to all nodes
 Provide an Administration and Curriculum
LAN
 Allow up to7-10 year life, with a 100% growth
in the Local Area Networks (LANs) at each
school
Acacia Overview

The Washington School District is implementing an enterprisewide network to provide data connectivity between all the schools
in the district administrative offices and the District Office

.Three regional hubs are located at the District Office, the Service
Center, and the Shaw Butte Elementary School.

individual school site operates as a separate local area network
(LAN), the District Office retains total management over the entire
school district through a wide area network (WAN).
Acacia Objectives






Provide Connectivity via a Wide Area Network
(WAN) to the entire school district.
Implement LAN at local schools
Provide Internet Access to all nodes
Provide an Administration and Curriculum LAN
Allow up to7-10 year life, with a 100% growth in the
Local Area Networks (LANs) at each school
Obtain a minimum of 1.0 Mbps to any host computer
in the network and 100Mbps to any server in the
network
Acacia Objectives


Implement TCP/IP
Provide a series of servers to facilitate online automation of all
the districts administrative functions and curriculum functions
including an automated library information and retrieval system
for curricular research purposes.
 Security measures include a double-firewall implementation for
all Internet-exposed applications. For additional security, the
network is divided into three logical networks-Administrative,
Curriculum and External and there are separate LANs for
Administrative and Curriculum at each school site and the
District Office.
Lan Network

LOCAL AREA NETWORK:
 Two LAN segments will be implemented in each school and the District
Office. The transport speeds will be Ethernet 10BASE-T, 100BASE-TX,
and 100BASE-FX. Horizontal cabling shall be Category 5 Unshielded
Twisted Pair (CAT5 UTP) and will have the capacity to accommodate
100 Mbps. Vertical cabling shall be CAT5 UTP or fiber optic multi-mode
cable.
 One LAN will be designated for student / curriculum usage and the
other will be designated for administration usage. The LAN
infrastructure will be based on Ethernet LAN switching. This will allow
for a migration to faster speeds (more bandwidth) to the individual
computers via MDFs and IDFs without revamping the physical wiring
scheme to accommodate future applications.
WAN OVERVIEW
The WAN will be based on a 2-layer hierarchical model
Regional hubs
Local school sites
District Office
Service Center
Shaw Butte Elementary School
Security
SECURITY:
For security purposes, the school district will be divided into 3 logical network
classifications:

Administrative

Curriculum

External
A user ID and Password Policy will be published and strictly enforced on all
computers attached to the administration LAN.

E-mail

Domain Name Services (DNS)

World Wide Web server

Two separate VLANs: Curriculum and Staff/Administration

Utilization of access control lists and VLAN's for the above
Servers






All servers must have 100 megabits per second (Mbps) connections. All
file servers will be categorized as Enterprise or Workgroup type
services, and then placed on the network topology according to
function and anticipated traffic patterns of users.
Administration server
Dns and Email Severs
Library server
Application server
Other Servers
Equipment

9 Cisco Catalyst 2924 24-Port 10/100 Switches WSC2924-XL-EN Switches at the cost of €1,399.00 each
 101 10 Base T Hubs at the cost of 49.95 each
 1 Router at the cost of €3.995.95
 Category 5 Twisted Pair Cable at the cost of €224.99
for each 1000 feet.
 Multi-Mode Fiber Optic Cable (which is available only
in sections of 500 feet).
 8 24 Port Patch Panels at the cost of €116.00 each
Wan Addressing

Our WAN Network Class C address is
192.1.1.1. This is the way the outside world
will see Washington School District.
 Inside the district, we will subnet a Class A
private address within the Washington School
District behind the Class C firewall. This will
accommodate all users within the District;
approximately 1,100 per school (32 schools).
This will allow for expansion.
Cabling

All cabling has been threaded above the drop ceilings of the halls and
then brought back down through the drop ceiling at each classroom's
and office's data media termination point. The horizontal cabling for the
temporary classrooms 36 through 41 are encased in the already
existing conduit provided for data media cable runs.
Multimode fiber optic cable connects the MDF with the IDF by a vertical
cross connect. Only 2 strands of the fiber optic cable are currently
utilized, with additional strands available for future bandwidth growth
requirements. The horizontal cabling from the MDF and IDF to the
individual classrooms and offices consists of 100BaseTcategory 5
(CAT5) unshielded twisted pair (UTP) cabling to further ensure
adequate bandwidth availability for future expansion.
Layout Offices

There are two lines of horizontal cabling to each office. Only one of the
two lines to each office is currently utilized; the second is again to allow
for future growth and to provide a backup cable line. The cabling threads
from the drop ceiling to the individual wall outlets through decorative wall
molding.
In offices 6, 7, 12, 17, and 18, there is currently only one personal
computer connection required. In offices 8 and 11, there are two
connections needed. Office 12 does not have its own data media
termination point, so its connection will be supplied by office 11.
For Office 11, one hub will be required to accommodate the two users in
Office 11 and the user in Office 12. This hub will be located in a cabinet
from which the cabling will run to the three wall outlets.
Layout Class Rooms

There are five lines of horizontal cabling to each classroom. Only
four of the five lines are currently utilized; the fifth is to allow for
future growth and to provide a backup should one of the other
cable lines fail. In each classroom, the wiring from the drop ceiling
descends to a locked cabinet in which is located the 3 hubs for
each classroom. Three of the four cable lines are connected to
these hubs. The other cable line is connected to the teacher's
personal computer. Eight cable lines are connected to each of the
3 hubs, and these 24 cable lines will connect to student personal
computers. From the locked cabinet, the cabling threads to the
individual wall outlets through decorative wall molding.
Vlans

The VLANS are implemented for the following reasons

Reduces administration costs related to moves, additions, and
changes
Provides better control broadcasts
Tightens network security
Micro segments with scalability
Distributes traffic load
Relocates servers into secured locations
Saves money by using existing hubs






Access Control lists
 Although
the use of passwords, callback
equipment, and physical security
devices are helpful, they often lack the
level of security needed in larger
networks. The best advantage is that
access lists allow the administrator to
filter the packet flow in and out of the
router interfaces. Access lists can offer
all of the following:
Access Control lists






Identify packets for priority
Identify packets for custom queuing
Restrict or reduce the contents of routing updates
Provide IP traffic dynamic access control with enhanced
user authentication using the lock-and-key feature
Identify packets for encryption
Identify Telnet access to the router virtual terminals
Access Control lists

o
o
o
o
Students are denied access to:
Any activity on the DNS server at the Service
Center
Any other activity on the web server (including
FTP) at the Service Center
The administrative server at Acacia
Any activity on the DNS server at Acacia
Access Control lists

o
o
o
o
The students have access to:
Internet access through the web server at the
Service Center
Applications on the application server at Acacia
Library services on the library server at Acacia
Other services available via the student server
at Acacia
Access Control lists

o
Teachers have access to:
District Office web server for Internet access
only; if teachers wish to load web pages, they will
be given limited access via password to a certain
directory on the web server
o Service Center DNS server for e-mail purposes
o The administrative server at Acacia
o All other servers at Acacia: Application,
Student, and Library
Conclusion






This completes are threaded case study on Acacia
School, we have addressed a number of topics
including
Hardware
Cables
Security
Topology
Networking