valdner.com
 Project Proposal
 Core Routers IPs
 Data Center IPs
 Service Center IPs
 Shaw Butte IPs
 Physical Wiring
 Room Connections
 MDF cabling
 Cut Sheet
 Cabling
 LAN Devices List
 Contact
Threaded Case Study: Washington School District

project proposal
 

1.     Wide Area Network

The Washington School District Wide Area Network (WAN) will consist of three regional core routers, each two of them interconnected with four T1 lines. This will provide a reliable backbone network. School locations will be connected to these three centers – 11 school locations connected via 11 T1 lines to each regional core site. The routing protocol on these lines will be PPP. Access to Internet will be provided through the district office/data center in Phoenix, which will be connected with a Frame Relay link. The three core routers will be Cisco 7200 series routers. These are scalable and flexible, fully modular routers which support Fast Ethernet, Gigabit Ethernet, Packet Over Sonet and more. Routers at school locations will be Cisco 2600 series, providing flexible LAN and WAN configurations, multiple security options and a range of high performance processors.

2.     Local Area Network & Wiring Scheme

The Local Area Network (LAN) will be divided between two segments – one designed for administration usage and one for student usage. The transport speeds will be 10/100BASE-TX to individual computers. Cabling will be category 5 UTP, which has the capacity to accommodate 100 Mbps. Vertical (Backbone) cabling will be fibre optic multi-mode cable which can provide data flow at Gigabit Ethernet speeds. (See physical wiring)

In each location a Main Distribution Facility (MDF) (see MDF) room will be established as the central point to which all LAN cabling will be terminated. It will house major electronic components such as routers, switches and servers if applicable. Because in most of schools the horizontal cable runs will exceed EIA/TIA-568-A recommendations, IDFs will be also established there. They will house switches and other needed equipment serving its geographical area. IDFs will be connected directly to the MDF in extended star topology.

There will be five Cisco Catalyst 2950G series switches installed on each floor (two in Internet access room, one in MDF, and two in MDF or IDF depending on site conditions). Each can support up to 48 10/100BASE-TX ports and 2 1000BASE-SX/LX/LH/ZX ports, with VLAN and trunking support. In some classes will be installed Cisco Catalyst 3550 series XL switches with 24 ports to provide additional ports for connecting individual student PCs. They have 24 10/100BASE-TX ports and provide basic functions like VLAN support and trunking.

Each room will have four UTP CAT 5 horizontal cable runs, terminated in the nearest MDF/IDF. One will be connected to administration VLAN, for the teacher. One connected to switch for student computers connections and two will be spare. In every classroom, there will be a lockable cabinet containing all the cable terminations and electronic components; i.e. data hubs and switches. From this location data services will be distributed within the room via decorative wire molding. Other rooms will have only one UTP CAT 5 cable installed and connected to teacher’s computer. (See room connections)

3.     School Servers

All file servers will be located in student LAN segment, and placed on the network topology according to traffic patterns of users.

ADMINISTRATIVE SERVER which will house the student tracking, attendance, grading and other administration functions, will be located in the MDF. It will be accessible only from administration LAN segment.

LIBRARY SERVER will house an online library, will be placed in the nearest MDF/IDF and will be accessible by students and also by teachers.

APPLICATION SERVER holding applications (word processing, Excel, PowerPoint, etc) will be located in MDF and connected with Gigabit Ethernet, because of heavy traffic resulting from its usage.

DNS and E-MAIL delivery will be implemented in a hierarchical fashion with all services located on master server at the district office. Each school location will contain a DNS and MAIL server to support the individual school needs. These servers will be located in the MDF.

4.     Addressing and Network Management

A complete TCP/IP addressing and naming convention scheme for all hosts, servers, and network interconnection devices will be developed and administered by the District Office. Whole school district will be using private class B IP address 172.16.0.0. It will be filtered and translated to public addresses at the core router located in the data center in Phoenix. IP address space will be subnetted using Variable Length Subnet Mask (VLSM).

All computers located on the administrative networks will have static addresses; student computers will obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP). Each site should have a server running DHCP and use only addresses consistent with the overall District Addressing Scheme. (See core routers IPs, data center IPs, service center IPs, shaw butte IPs)

A master network management host will be established at the District Office and will have total management rights over all devices in the network. This host will also serve as the router configuration host and maintain the current configurations of all routers in the network. All routers will be pointed to the master Network Management host for the purpose of downloading new or existing configurations. The District Office will maintain the super user passwords for all network devices and configuration changes on these devices will be authorized from the District Office

5.     Security

Internet Connectivity shall utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. In this implementation all connections initiated from the Internet into the schools private network will be refused (only established connections will be accepted). In the district security model the network will be divided into three logical network classifications, Administrative, curriculum and external with secured interconnections between them.

Because administration and student computers share the same physical wiring, segments will be divided logically using VLANs. By utilizing Access Control Lists on routers, traffic originated on student computers could be easily denied access to devices on administration network segment.

Applications such as E-Mail and Directory services will be allowed to pass freely since they pose no risk. A user ID and Password Policy will be published and strictly enforced on all computers in the District. All computers in the District network will have full access to the Internet.


Copyright 2003-2004 Martin Valdner