Network Systems and Technology - Term Paper Example

? Table of Contents Page 3 Introduction Page 3-4 Network Architecture Page 4-7 1 Topology Page 4 2 Workstations Page 4 3 Network devices Page 5 1.4 Switch Implementation Page 5 1.5 Router Implementation Page 5 1.6 Access Control List (ACL) Page 6 1.7 Servers Page 6 2 IP Addressing Scheme Page 6-7 2.1 Allocation of Network and Host Page 6 2.2 Splitting up of IP Address Page 7 3 Cabling Page 7 4 4 Cost Page 8 4.1 Administration Department Page 8 4.2 Human resources Page 8 4.3 Accounting Page 9 4.4 Media Relations Page 9 4.5 MIS Page 9 5 Wide Area Network page 10 - 18 5.1 RADIUS Server Benefits and Requirements page 11 5.1.1 RADIUS Server Requirements Page 12 5.1.2 RADIUS Server Installation Procedure Page 13 - 17 5.1 DNS Server Page 17 6 Proposed Network Model Page 18- 20 6.1 Site 1 Local Area Network Page 18 6.2 Site 1 & Site 2 VPN Point to Point Connectivity Page 19 7 Conclusion and Recommendations Page 20 References Page 21 Abstract We have assumed a proposed network of a hospital that will remotely connect to maternity homes. Our IT strategy executes by defining the topology of the network. The topology will define the structure of the entire network along with preferred cable to be used. Secondly, hardware specification of all departmental workstations and will be carried out along with the cost . After defining the specification, we will address network devices along with switch and router deployment. Moreover, we will define all the associated servers that will play a vital role in synchronizing data with remote offices in this scenario. Furthermore, a proposed network diagram will be represented for each site i.e. site 1 and site 2. Sub netting will play a dominant role in breaking down global IP addresses into local IP addresses for each node on the network. For the WAN architecture, we will discuss the technologies, protocols and services that will be used for connecting these sites together. Moreover, for maintaining and monitoring the network, we will discuss network security features that will be implemented in this proposed network. The RADIUS access server will provide synchronization of data between both sites operating on a Virtual Private Network. In addition, Domain name Service will also be discussed. Introduction Organizations associated with health care needs to acquire up to date technological trends in delivering patient care at the optimal level. Medical information systems developed for supporting health care, facilitate organizations to align with best practices and quality and to make these health organizations successful in the market. However, acquiring and maintaining computer networks can be a difficult task along with its alignment with the goals and objectives of the organization. Moreover, along with the alignment with organizational objectives, involvement of all stakeholders in the implementation of a network is vital for understanding the purpose and benefits. Likewise, customization of network design is a requirement for supporting organizational goals and objectives, which can be a complex task. 1Network Architecture 1.1Topology We will apply star topology, as the network design will follow a centralized server / client architecture. Star topology will provide centralized administration and configuration of all the nodes on the network. Moreover, star topology initiates low broadcasts on the network, consequently, consuming low bandwidth and at the same time making the network capacity on optimal levels. 1.2 Workstations The minimum hardware specification of the workstations that will be installed in the current scenario are: System Specification Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive DVD Drive 16 X Chassis Thermal HT Support 1.3 Network devices Network devices are the objects for any network. The network functionality relies on the network devices .The dependability of the network devices emphasizes on the requirements of the organization. For example, an organization dealing with 3D animation and rich media may require a Gigabit Ethernet rather than Fast Ethernet. This is because the subordinates share the animated data among themselves for various purposes. The 3D animation contents are large in volume and require gigabit Ethernet for moving files at a high speed within the network. Hospitals may share high quality medical images with remote offices, resulting in a consideration of bandwidth requirement of the Internet or site to site VPN as well. 1.4 Switch Implementation Fast Ethernet switches will be implemented instead of hubs. Switches are more powerful and intuitive as compared to hubs. There are 6 departments excluding the board room. Six fast Ethernet 10/100 switches will be installed in each department. The switches will be connected to the router. 1.5 Router Implementation Routers are implemented on a Wide Area Network (WAN) as well as on the Local Area Network (LAN). There are six switches in each department. For eliminating the unnecessary broadcast within a LAN domain, the Access Contol List can be configured to minimize the unwanted broadcast from each network node. Access rights and permissions can also be configured for restricting the user at certain levels. 1.6 Access Control List (ACL) The ACL can be configured for restricting and allowing the access of any network resource to the specific user or group of users. Likewise, it provides “a mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted or denied access to the resource” (Access Control List. 2007). Suppose, in the current scenario, board room required access to all the network resources. In this case, the user available in the board room is permitted to access to all the resources of the network. The IP address of the system in the board room will have access to every host in every department. 1.7 Servers The network server can be a domain controller, firewall or Windows NT server. The requirement of the network server will emphasize on the requirements of the network. A large Network containing network nodes more than 50 may require a domain controller for the administration and configuration of user accounts and permissions. 2 IP Addressing Scheme IP version 4 scheme is best suited and cost effective for LAN implementation. The IP v6 required a high budget as the network devices supporting IP v6 are expensive, equipped with the latest technology as compared to the IP v4 Network devices. Suppose we have: Total Number of hosts = 62 IP Addresses range: 192.168.0.1 to 192.168.0.255 Total Usable IP addresses: 192.168.0.3 to 192.168.0.254 = 252 Gateway IP address: 192.168.0.1 Router IP Address: 192.168.0.2 VLAN can be implemented on “layer 3” switches to provide different IP addresses for each department. 1.1 Allocation of Network and Host 192.168.0.1 The blue digits represent the network part. The brown digits represent the Host part. 1.2 Splitting up of IP Address Class Range Network Address Host Address A 0-127 xxx xxx.xxx.xxx B 128-191 xxx.xxx xxx.xxx C 192-223 xxx.xxx.xxx xxx Figure 3.3 In Figure 3.3, the range is specifying the class of the P address. The network and host addresses are showing the available bytes for allocation. 2 Cabling For implementing this network, “CAT 5” cable is used. The length required for each switch depends on the distance and the location of the router. Wikipedia defines it as a “ Category 5 (CAT-5 or CAT5) is a type of network cabling that consists of four twisted pairs of copper wire terminated by RJ45 connectors. Cat-5 cabling supports frequencies up to 100 MHz and speeds up to 1000 Mbps. It can be used for ATM, token ring, Ethernet 1000Base-T, 100Base-T, and 10Base-T networking. Cat5 is one of ?ve grades of UTP cabling described in the EIA/TIA-586 standard” (Category 5 Cable. 2007). 3 Cost The cost is calculated separately for each department. The cost includes, network devices, Workstations and Operating system software. 3.1 Administration Department System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 18 = 5400 Euros Network device Specification and cost Network switch 100 Euros Total cost of network 100 Euros Grand total cost 5500 Euros 3.2 Human resources System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 9 = 2700 Euros Network device Specification and cost Network switch 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 2800 Euros 3.3 Accounting System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 13 = 3900 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 4000 Euros 3.4 Media Relations System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 4 = 1,200 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 1,300 Euros 3.5 MIS 1. System specification and cost including Windows Vista Processor Intel Dual Core E5400 2.7GHZ (2MB cache – 800MHZ FSB) Motherboard Intel DG41RQ (LGA775-SND+AGP+GIGA LAN-800MHZ FSB) Memory 1GB DDRII (800 Bus) Hard drive 320GB 3.5" SATA-II 7200RPM Optical drive HP DVDRW 24X SATA Chassis Thermal HT Support Total cost of workstations 300 x 6 = 1800 Euros Network device Specification and cost Network switches 1 x 100 = 100 Euros Total cost of network 100 Euros Grand total cost 1900 Euros Total Cost: 5500 + 2800 +4000 + 1300 + 1900 = 15,500 Euros Router cost: 2000 Euros Cable Cost approx. 2000 Meters = 500 +15,500 + 2000 Grand Total = 18,200 Euros. 4 Wide Area Network As per network dictionary, wide area network is defined as “a computer network covering multiple distance areas, which may spread across the entire world. WANs often connect multiple smaller networks, such as local area networks (LANs) or metro area networks (MANs)”.Hospital premises will be equipped with broadband access that will provide “a high data-transmission rate Internet connection. DSL, ADSL, Wireless WAN and cable modem, all popular consumer broadband technologies, are typically capable of transmitting 256 kilobits per second or more, starting at approximately four times the speed of a modem using a standard digital telephone line” which can also be called Digital Subscriber line. The DSL is implemented for catering the needs of the school network. A device used to connect to the telephony company for Internet access (DSL modem. 2010).There is no superior requirement for downloading data from the Internet. The student network runs on the local area network. DSL supports up to 3 Mb/sec downstream speeds in an asynchronous mode means only the downstream. The upstream speed is from 128Kbps to 768 Kbps. 4.1 RADIUS Server Benefits and Requirements As per network dictionary, “Remote Authentication Dial In User Service (RADIUS) is a protocol for carrying authentication, authorization and con?guration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. RADIUS uses UDP as the transport protocol. RADIUS also carries accounting information between a Network Access Server and a shared Accounting Server”. Likewise, RADIUS is a security protocol and a “de facto standard protocol for authentication servers” (Remote Authentication Dial In User Service Security. 2007) that is based on a client/ server architecture and RADIUS server stores security information. Likewise, the clients establish connectivity with the RADIUS server for authentication. By acquiring the RADIUS server, Jan and Kim will have the following advantages: Data related to security will be distributed on the network and may include several devices that may interact with the security data. The RADIUS server will cater all the security data within the network and stores it on one location or workstation or on a storage device. In this way, risks and vulnerabilities associated with the security data will be mitigated. Moreover, the host that will store the security data will be considered as the RADIUS server (Overview, n.d). Moreover, RADIUS is a flexible protocol that can be tailored according to organizational requirements. Addon advantage is that RADIUS can also be integrated with Microsoft operating system environment, as they support RADIUS functionality (Overview, n.d). furthermore, information related to security is stored on text files at a centrally located that is the RADIUS server. If there is a requirement of adding new users, network administrators will only update the text file for updating new user information to the database. As the RADIUS server supports event logging that provides a comprehensive audit trail that may support RADIUS accounting features. Moreover, log files can be analyzed for security aspects or can be utilized for billing purposes. Supported Platforms are (Overview, n.d): SunOS 4.1.4 Solaris 2.5 HP/UX 10.01 Linux 1.2.13 (ELF) AIX 3.2.5 SGI Irix 5.2 DEC Alpha OSF/1 3.0 BSD/OS 2.0 4.1.1 RADIUS Server Requirements By implementing RADIUS server in a domain environment, synchronization with the user account database is achievable. Moreover, RADIUS server also provides a centralized administration of network policies and connection logging for accounting. Furthermore, for achieving centralized authentication, authorization and accounting for several access servers, RADIUS server is recommended (,RADIUS server). 4.1.2 RADIUS Server Installation Procedure This section includes a step by step installation guide for installing a RADIUS server. However, in server 2008, RADIUS installation is performed by a network policy server. Figure 5.1.2.1 In fig. 5.1.2.1, ‘network policy and access services’ will be selected, as this will be the first step in defining server roles. N Figure 5.1.2.2 As shown in Fig. 5.1.2.2, click the ‘Next’ button and continue, Figure 5.1.2.3 In Fig. 5.1.2.3, The network administrator will select a role according to the services required. Figure 5.1.2.4 The next step will be to select and install the role service that will be used for network policy and access services, shown in Fig. 5.1.2.4 Figure 5.1.2.5 After installing the role service, a summary will be displayed including all the selected options and configurations. Click ‘Install’, as shown in Fig. 5.1.2.5 Figure 5.1.2.6 After installing role services, now there is a requirement of configuring the network policy server. It can be found in the administrative tools, as shown in Fig. 5.1.2.6 Figure 5.1.2.7 In fig. 5.1.2.7, The network administrator will select the configuration scenario for setting up RADIUS server. There are total three scenarios available i.e. network access protection, RADIUS server for wired connections and RADIUS server for VPN and Dial-up connections. Figure 5.1.2.8 After selecting the configuration scenario, the network administrator will assign IP addresses, friendly name and shared secret, as shown in Fig. 5.1.2.8 Figure 5.1.2.9 The last option will be to specify the user groups that are already created in a domain environment. The network administrator will only add those user groups who need RAS security. 4.2 DNS Server Primary reason for maintain a private DNS server ensures security, reliability, robustness and consistency. In order to provide security, clinical staff residing in both sites will access the DNS server via 128 bit encryption with SSL connections. Moreover, security controls must be up to date on the servers, for instance, security patches. DNS servers also provide error checking so that websites can be resolved without disruption. Moreover, network administrators can manage many Internet domains and sub domains. As the proposed network is connected to an Internet gateway, DNS server is required to resolve IP addresses into host names. Likewise, a DNS server is also required for identifying network nodes. For instance, if any user wants to share a file, DNS will resolve the IP address of that computer to a specific computer name that is easy to understand. Moreover, the DNS server will also maintain host names and IP addresses and all the computers available on the network. If we move one step further, step by step process for a typical DNS process consists of a file that is transmitted to a specific location i.e. on the Internet or computer within the network, the request will initially reach to the DNS server for translating hostname to IP addresses. After retrieving the required IP address, connectivity will be established for transferring the file. A DNS server is recommended because it will provide security, reliability and fast access to web requests. 5 Proposed Network Model 5.1 Site 1 Local Area Network Figure 2.1 5.2 Site 1 & Site 2 VPN Point to Point Connectivity Figure 2.2 Fig 1.1 demonstrates a proposed local area network of a hospital, as workstations are connected to a fast Ethernet switch. Ports of the switch will depend on the number of users. However, the number of hosts will specify the number of ports required for each department. Likewise, switches are connected with a CAT 5 cable capable of transferring data in Gigabits / Sec. Figure 2.2 demonstrates servers, security appliances, network components, and site to site VPN connectivity along with configuration of features in both routers i.e. Site 1 router and Site 2 router.MD5 hashing, Point to Point tunneling protocol, Virtual Private Network and CHAP configuration will be implemented on the router located at Site 1. If any user wants to establish a WAN connection between these two sites, there is a requirement of a VPN dialer and user credentials for logging into the VPN of the hospital. Moreover, for granting or denying Internet access within the entire network, Microsoft Internet Security and Acceleration server will administer Internet access management. Likewise, a network administrator can bind an IP addressed by the system or the MAC address to enforce compliance with policy violation issues. Moreover, a comprehensive security features are embedded within the network. MD5, PPP, CHAP, ACL and a domain environment is proposed to monitor, evaluate and maintain network services and applications. 6 Conclusion and Recommendations For establishing a network from the scratch, we have designed a proposed network of a hospital connecting to other sites via VPN. Likewise, for implementing a VPN, point to point connectivity is established, as shown in the proposed network diagram. Moreover, for securing and monitoring the network, Microsoft Active Directory, RADIUS, Domain environment, CHAP,MD5 and ACL is implemented. Furthermore, for providing Internet connectivity, Microsoft ISA server is deployed for managing Internet and file sharing access throughout the network. In addition, hardware specifications of all the workstations are demonstrated in the tables. Recommendations for deploying a site to site connectivity provides adequate security, no bandwidth sharing, dedicated leased line and Quality of Service (QoS). References Access Control List. 2007. Network Dictionary, , pp. 17-17. Broadband Internet Access. 2007. Network Dictionary, , pp. 76-76. Category 5 Cable. 2007. Network Dictionary, , pp. 88-88. DSL modem. 2010. Computer Desktop Encyclopedia, , pp. 1. , Overview . Available: http://www.stat.ufl.edu/system/man/portmaster/RADIUS/guide/1overview.html [4/25/2012, 2012]. Remote Authentication Dial In User Service Security. 2007. Network Dictionary, , pp. 409-409. RADIUS Server . Available: http://technet.microsoft.com/en-us/library/cc755248.aspx [4/25/2012, 2012]. Wide Area Network. 2007. Network Dictionary, , pp. 525-525. Read More