Design spec-for network infrastucture
Setting up a small Office Sites
In common practice more, or all the places start a small office setting up with computers and peripherals and call it as Information Technology. Whatever the sense you call it as an IT there should be person handling the operations from its place or remote places .In small companies, they are not place any personal for their IT operations and paying to other companies to get the services .
This document is written for the Technical consultants, Administrators surely not for big organizations who handling more sites. Only for running a small organizations or planning to build a small offices.
Planning, Implementing, deploying
Planning a setup keep few details in mind.
The design consists of Sites, Domains, Domain controllers, Child domains, Trusts, Other servers, Project based servers, Servers hosted on other platforms, Systems, Users, Printers or Other network resources’
Supporting operating systems ,Supporting Hardware, Security, Antivirus, wireless accessories, Bandwidth, ISP’s and plans, Backup bandwidth ,IP scheme, which class based on how many networks or hosts based on the customer requirements and should be scalable and expandable at any time.
And also It is very difficult to change physical setups frequently with customer requirements.
What the Services need for the setups. Eg.dns, dhcp, wins, iis, apache, tomcat etc.
What all the Applications needs for the operations like Sql, oracle, project, primavera, tally etc.
Need Branch office , or remote office setup connectivity .Eg. vpn,ras,radius,etc.
What security measures can apply Eg. ids, ips, Isa, snmp, nms products
Implement the idea
After the master plan next step is how to do the setup and what and all need to support ,what the plan to Disaster recovery, What backup plans can choose and on what devices?, Office application software’s .And also important to know what is the Network utilization after deployment. is it fitting? Do I need software’s for network utilization and security scanning,what is the capacity for the migration?and migration plans.
Supports staff’s and software’ for the operations Eg.Helpdesk and IT monitoring software’s like open view, nagios, snmps and Devices to support L3,L2,L1 etc .
Deploying it to the real life
Starts the problems after deployments done .don’t scratch the heads if remember few good thing in minds Password must complex and easy to use, Server names work stations name in easy NetBIOS names as well as small and fitting for large scale operations.Start with administrative tools to manage users and machine.such as Gpo’s , groups, ous.for security use proxies with Webfiltering,content filtering policy.Updates the security patches automatically.Use WSUS for centrally monitor and install.Antivirus definition files to make auto update from sites or from central server console. Schedule the ADS, servers and users back up. Schedule for FRS.
Network Design and planning
Now a day’s even small or large companies have established computer networks(work group or domain). And the trend now companies are interested new technologies Instead of old ones, such as wireless LAN (WLAN), where it makes sense. Smaller companies and new companies, however, often face the prospect of designing and implementing a new computer network from the ground up.
The first step is to do a network design. The company may use an internal network architect or hire an outside consultant for this purpose. The network architect chooses the network topology, network protocol, and network architecture best suited to the network users’ needs. The network architecture must also provide for fault tolerance and redundancy, so no data will be lost in the event of a network failure.
With the design complete, the company would purchase and install the hardware and software contained in the network design. The task of managing the network then falls to the network administrator or administrators, who are charged with ensuring the network is available, performs well, and is secure from unauthorized users (whether inside or outside the organization). Network administrators use a variety of network management software and tools to do their jobs.
Network security is one of increasing importance of attacks on computer data, including viruses and worms. Companies have a separate computer security department or designate one network administrator to focus on security. The network security specialist uses a sophisticated software tools to help protect network data.
First step LAN setup
Most and basic step for the communication .There are different type or topology available, choose the best one for the industry.Cheap and most running topology is Ethernet(IEEE 802.3) star Topology.
Ethernet is a standard for connecting computers into a local area network (LAN). The most common form of Ethernet is called 10BaseT, which denotes a peak transmission speed of 10 mbps using copper twisted-pair cable.
Fast Ethernet is an upgraded standard for connecting computers into a local area network (LAN). It works just like regular Ethernet except that it can transfer data at a peak rate of 100 mbps. Also referred to as 100BaseT, fast Ethernet is more expensive and less common than its slower 10BaseT sibling.
Building a good Infrastructure most important is proper cabling and good cables.Cat 5 is the using standards everywhere now a days.
Cat-5 Short for Category 5
Cat-5 is based on the EIA/TIA 568 Commercial Building Telecommunications Wiring Standard developed by the Electronics Industries Association as requested by the Computer Communications Industry Association in 1985.Cat 5 network cabling that consists of four twisted pairs of copper wire terminated by RJ45 connectors. Cat-5 cabling supports frequencies up to 100 MHz and speeds up to 1000 Mbps. It can be used for ATM, token ring, 1000Base-T, 100Base-T, and 10Base-T networking.
Computers hooked up to LAN s are connected using Cat-5 cables, so if you’re on a LAN, most likely the cable running out of the back of your PC is Category 5.
*The only real difference between 568A and 568B is that the White/Orange-Orange/White and White/Green-Green/White pairs are swapped.
For making cross cables you have to crimp 1-3,2-6,3-1and 6-2(actually needs only 2 pair for communications. One pair Transmits and other pair Receive ).
Upcoming fashion in this area is WLAN (802.11a) or wireless LAN.More or less using mixture of these setup for their environments. The benefit used by Managers, Gusts or who is not sitting permanently in the office.There are two new terms considering WLAN .One is access points(AP) and the other one is clients for the station.There are two modes of services for the WLAN s are Basic and extended service
Basic service set
The basic service set (BSS) is a set of all stations that can communicate with each other. There are two types of BSS: independent BSS and infrastructure BSS. Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS.
Independent basic service set
An independent BSS is an ad-hoc network that contains no access points, which means they can not connect to any other basic service set. Infrastructure basic service set
An infrastructure BSS can communicate with other stations not in the same basic service set by communicating through access points
Extended service set
An extended service set (ESS) is a set of connected BSSes. Access points in an ESS are connected by a distribution system. Each ESS has an ID called the SSID which is a 32-byte (maximum) character string. For example, “linksys” is the default SSID for Linksys routers.
Security features include with the mechanism called a shared key encryption
WEP – wired equivalent privacy and WPA – Wi-Fi protected access
Internet Service Provider(ISP)
VSNL is playing the major role for provide the access to internet and other internet based services. Others are Bharthi and Sify.They can provide the device to connect internet and your devices. I prefer a backbone connectivity(ISDN) for redundancy from other providers .
Note: If you are worry about mail server and web server hosting in-house, an ISP can provide these services also for you.
Next build your site
Site is a single TCP/IP subnet, or more subnets. Now you have to think about what class of IP can use for my company. Based on your need(more networks or hosts) use any ranges from any class .Use a scheme for easily deployment (sub divided for your departments).
Three class using for private ranges are(RFC 1918)
Class A from 10.0.0.1 to 10.255.255.254 subnet mask 255.0.0.0
Class B from 172.16.0.1 to 184.108.40.206 subnet mask 255.255.0.0
Class C from 192.168.0.1 to 192.168.255.254 subnet mask 255.255.255.0
You can configure a subnet mask from usual to any other classes (for an example you are only concentrated hosts from class A and want to avoid more broadcasts ,you can use 10.0.0.x with 255.255.255.0)
After selecting a class you should think about Static or a DHCP service to the LAN.
Note: Static is the good idea if you are mapping ports for departments or buildings.
Which is easy to manage entire systems?, adopt that
A Work group model is a very basic one, But Domain model is advanced one.
Work group is a group of computers connected on a network, in that one or more shared resources or a shared printer connected to access to the whole computers.
A domain is a group of computers connected over a net ,in that one or more resources or a shared printer connected to the network to access. In over that a central system is managing all the users and passwords or authentication to access the resources centrally.
You can build a domain on Microsoft servers or on Linux servershttp://us1.samba.org/samba/ or http://linux-cifs.samba.org/
For easy to administrate use Microsoft Active directory services or ADS.
Now you think again what should customer needs. Once more ,how many sites ,domain controllers, Other supported systems for ADS are planned. Choose an operating system to make an ADS .
Note: Please go through the Microsoft documents to choose the OS for your Enterprise. There have some functional level limitations and feature differences. More over scalable and expansible. Visit http://www.microsoft.com/windowsserver2003/default.mspx
Services and applications servers
Requirement basis add services and applications servers to the domain. services like DNS,MAIL,WEB, DHCP,VPN etc and servers for the back end applications or dedicated services like ORACLE,MS SQL, FTP, Tomcat, Apache etc.
Assign a scheme to all the servers , workstations and printers a easily to remember as well as fitting for large scale operations NetBIOS names.
For eg. Dom1or dc01 for domain controllers (not the domain names)sr01 or s001 for servers ws01 or d001 for workstations and pr01 or p001 for network printers.
If you have more site located in different places plan for best, least network consumption and time based operation for the site to site link operations. What all the servers and devices
In between the sites and what is the speed of the link ,these all are considerable factor for the best and smooth operations.
Note: Care about you are using low band width for FRS from your branch office to main office which having more data and starting the services on the peak times. or using a DHCP services to branch office, your DHCP relay agent is not working.
Now we are ready to harden our systems and network. Security consists of 2 parts, LAN and WAN. In LAN itself systems security and internal net access securities.WAN in the sense your perimeter level securities.
Computer security covers desktop levels of securities like passwords, antivirus, anti spam, patches, inbuilt firewalls etc. But in internal network security covers file security, LAN access security, web filter security, Wi-Fi security etc.
In WAN it is gate way level protection to the entire networks.ie gateway level antivirus, gateway anti spam, firewalls, Ids/Ips etc.
What kind of supporting devices can use? What all are different products in different layers? which is the best and cheap?.There are lots of devices and manufactures. They are playing to come to the top positions.
Devices now a day’s adding the advanced features and changing the roles .
L3 levels – routers and firewalls
L2 levels – switches
Network monitoring tools
A network monitoring application is one form of network management software. This software “watches” network traffic, compares it with various measures of network health, and warns if the network is about to go down. If one network circuit is becoming overloaded, for example, the network monitoring software would automatically send an alert (such as an email or page) to the network administrator, who would then take action. Remote network management software gives the network administrator remote access to the network management tool so he can see how things are going – from home, for example – and even fix problems that arise. Network performance management software reports on network quality of service (QoS) metrics such as sub-standard application performance and conformance with applicable service level agreements. This type of tool analyzes past network performance and proactively suggests ways to avoid problems in the future.
Tools are commonly use: Ethereal(wired)MRTG, Percival , Ntop, Nagios etc
Disaster Recovery Plans
The first thing come to disaster recovery plan is proper documentations. The documentation contains all about your setup like physical and logical network diagram ,quick references, team lists of alerts, check lists , back up data’s etc. And also it includes vender or any 3rd party contracts details for the sudden actions .
And the next one is how to prevent loss from fire, server down, power failure, Human error, virus attacks, thefts etc.
What is the time for retrieve it back?. What is the tools for recover?.