Planning a Network

Assessing Network Needs

• The first step in network planning is to assess the business or organizational needs for which the network is to be used, including the following:

• The size and purpose of the organization.
• The potential growth of the organization in terms of people and services.
• The number of mission-critical applications on the network.
• Important cycles for the business or organization.
• The relationship of the network resources to the mission of the business or organization.
• Security needs.
• The amount budgeted for network and computer resources.
• Will there be a need for high-speed communications.

Developing a Plan

• Incorporate an organization’s business plan, long-range plan, or mission statement into the planning process.
• Diagram the existing network or create a diagram for the network you will implement,
• Include the following information in the plan:

• Number and kinds of workstations.
• Number and kinds of server and host computers.
• Network topology.
• Network communications media.
• Types of network devices.
• Telecommunications services.
• Current network performance statistics.

Developing a Plan

• Many organizations that are planning a new network or a major expansion write planning documents to send to vendors.
• An RFI is an initial attempt to define in general terms what is needed. It usually describes the organization, its existing resources, and the type of services sought from the vendor.
• The organization may choose to select a vendor based on the vendor’s response to the RFI, or it may choose to send out a follow up RFP. An RFP takes cumulative information from the returned RFIs to establish exact specifications that later may be in a contract.

Select the Right Network Media and Topology

• To plan a network for the best performance and management characteristics, as well as reasonable cost and future expandability, you should follow these guidelines:

• Use an Ethernet physical star, logical bus topology under most circumstances. Such a topology offers the most equipment, expansion, and support options.
• Install category 5 UTP cable for flexibility in most cable installations. That gives you the ability also to install high-speed communications immediately or to convert to high-speed communications later.
• Install fiber-optic cables of backbones and between buildings to give you the highest bandwidth and to adhere to the IEEE and EIA/TIA-568 specifications for inter-building connections.
• Check for significant sources of EMI or RFI, for example, from equipment in a manufacturing plant or a machine shop. Install STP in those conditions to help minimize interference.
• Always install more cable and cable runs than you need immediately. Network growth happens quickly, so in the long run it is cheaper to install extra cable and wall outlets in the beginning than to add them later. That also ensures that all components are compatible from the start. From the beginning, increase you estimates of cable and outlets by 35 to 50 % to accommodate expected and unexpected growth.
• Check the local building codes and install plenum cable where mandated by the codes.
• Follow 100% of the IEEE and EIA/TIA guidelines for commercial building telecommunications cabling.
• For new building or remodeled buildings, ask to participate in the early planning stages. Besides making recommendations concerning wire installation, work to locate computer machine rooms, equipment rooms, and wiring closets in central locations for the most flexibility in wiring. Follow the EIA/TIA-569 specifications for wiring and telecommunications closets.

Example 1: Implementing a Network on A Single Floor of a Building

• Assume you are working with a title insurance company that employs 28 people in a one-story building. The building is 10 years old and has never been networked, although each employee has a desktop PC. There is no central computer; office members carry floppy disks to one another when they want to share files. Each title insurance representative keeps individual client records on his or her own PC. Information for billings is carried by floppy disk to an office assistant, who compiles the information for all representatives and sends out bills. The company has decided to install a network and has hired you as a consultant.
• Before the wiring is installed, a good place to start is to obtain a floor plan. Next, inspect the entire location and the physical layout. Discuss with management personnel how the network is to be used and develop a planning document that can be revised as the project proceeds.
• In this situation a Windows NT file server would enable the firm to take full advantage of a network and to manage network resources centrally from the server, such as shared files, user accounts, printers, and security. Network traffic also can be monitored through the server. An Ethernet physical star, logical bus network would give the firm options to grow while reducing the cost of network management by centralizing network communications. Problems with a node can be quickly identified and fixed through such a central design and network segments isolated so problems on one segment do not take down the entire network.
• The physical connectivity can be accomplished by installing category 5 UTP cable (after you first have checked plenum requirements) connected to stackable hubs. Because the firm does not plan to transmit large files or graphics at this time, a 10BASE-T network with 10 Mbps hubs is likely to be sufficient. Also, combination 10 Mbps and 100 Mbps NICs are a good choice, providing easy conversion to a 100BASE-T network in the future, if needed.

Example 2: Implementing a Network on Multiple Floors in Two Buildings

• In this example, assume you are planning a network for a small chemical company with offices in two buildings, each with four floors. The business office building is to have two Windows NT file servers and a DEC minicomputer in a computer room on the first floor. The building containing research labs with have two Windows NT file servers on the first floor and workstations on the other three floors.
• Again you would use an Ethernet physical star, logical bus design. The cabling on each floor would be category 5 UTP, connected to an intelligent hub at 10 Mbps or 100Mbps(depending on network traffic). The communications cable between floors would be fiber-optic. Also, fiber-optic cable would be used to connect the buildings. The hubs on each floor would be connected to a main intelligent hub on the first floor or to ATM switches on the first floor of each building. The advantage of using ATM switches are as follows:

• High-speed communications on the backbone between each floor and the ATM switch.
• High-speed communications on the backbone between buildings.
• High-speed communications to the minicomputer and the servers.
• The ability to isolate each server on its own segment.
• The ability to implement VLANs.
• High-speed connectivity to an ISP or other outside telecommunications connection for future expansion.
• The option of putting voice and video traffic between buildings, reducing additional costs of phone lines or third-party connections.

Example 3: Building a WAN Between Cities

• In the third example, assume you are designing a network to connect three atmospheric science research centers for a consortium of US universities. Each center has more than a hundred networked users, mostly scientists and technicians. The researchers work with huge data files and share a supercomputer at the California research site. They need high-speed communications between the sites, which are located in Minnesota, Colorado, and California. Two of the centers have an Ethernet network and one has a combined FDDI and token ring network.
• One way to build a WAN linking all three sites is to connect them using T1/T3 or satellite communications between router modules in intelligent modular hub. When a router is connected to telecommunications services, such as a T1 or T3 line, two devices are used to connect each router to the line: a CSU and a DSU. The CSU is a physical interface to connect the router to the communications line. The DSU converts data so it can be sent over the line and converts received data to be forwarded onto the network. Both devices are combined into one unit and work on a principle similar to a high-speed modem that converts compresses or decompresses data transmitted over telephone lines.
• Using routers has the advantage that different kinds of transport systems and protocols can be connected over long distances. The intelligent modular hubs containing the routers have the advantages that network traffic can be monitored and controlled with network management software and the hubs can be expanded later for high-speed networking. The disadvantage is that all functions in one unit creates a single point of failure.

Estimating Networking Costs

• As you plan a network, you need to develop cost estimates and select network equipment based on what the organization can afford.
• Calculate networking costs in terms of two factors:

• Component costs
• Human resource costs

• In most cases, a star topology using UTP cable and hubs is the least expensive solution.
• Category 5 cable is slightly more expensive than category 3 cable, but the option to upgrade to high-speed networking makes the extra expense worth it.
• Networking costs start to go up as you employ more complex equipment.
• As you plan and design a network, consider the human resource costs. The cost of network equipment that is more efficient and reliable is offset by the productivity gains of its users.
• To calculate productivity costs:

• Find out the earnings of the network users.
• Assume that the slower network causes each user to spend at least 2% of their time waiting. Multiply the amount from step 1 by .02.
• Compare the amount from step 3 to the expense of the faster network equipment. It is likely that the human expense in waiting is several thousand dollars more than the equipment expense.

Managing Network Performance Through Centralized Planning

• Planing a network that uses a hub- and star-based design makes centralized network management possible.
• Centralized network management means that central points are established for critical network functions.
• Another way to centralize network management is through computer equipment rooms and through the placement and design of wiring closets.
• Well-planned wiring closets are another way to centralize and improve network management.
• Hubs, repeaters, bridges, and routers are located in wiring closets, as are telephone and video cabling. Thus making it easier to troubleshoot problems, expand services, and to protect valuable equipment.
• Access to wiring closets should be kept to a minimum to prevent unauthorized changes.
• The wiring closet should be kept cool, dry, and clean. This helps prevent unnecessary damage to the equipment of extra wear.
• To limit problems caused by someone accidentally turning off or damaging equipment, wiring closets should not be used for other purposes.
• Professionals following the EIA/TIA 568 and 569 specifications should build Patch panels. Patch cords should follow all distance limitations.

Managing Performance Through Network Segmenting

• Network planning should take network traffic patterns into account, placing network equipment such as bridges, routers, hubs, and ATM switches to control network traffic.
• That includes the ability to use the equipment to segment a network to direct traffic along the most efficient routes while reducing the total traffic flow across each node.
• One way to segment a network is to use a bridge to filter packets with certain addresses so they do not enter portions of a network where there are no nodes that would receive the packets.
• VLANs are another way to manage a network for best performance.
• Isolate each server and host on its own segment. That ensures that access to servers or host is no affected when another node on the same segment has malfunctioned.
• Use bridges, routers, hubs, and ATM switches to segment network traffic, so a frame is not flooded onto networks unnecessarily.
• Design networks for easy segmentation through the placement of hubs and switches.

Planning Account Management

• On many networks, management is simplified through the creation of user accounts on a centralized server.
• The setup of accounts can be standardized for each user so users have consistent account names, controlled access to network resources, and security to protect each account from intruders.
• Another advantage of centralizing user accounts is that it saves time on account management.
• NT Server account management tools are on example of how accounts can be centrally managed at the server. Those tools enable account management by the following means:

• Account Policies
• User Home Directories
• Group Policies
• Account Auditing

Account Policies

• Setting account naming policies

• Organizations set up account names based on the account users’ actual names or functions within the company.
• Between 8 and 20 characters for a user name.
• Can be descriptive of the position, that way if the person leaves or changes position, the account can be given a new password instead of being purged.
• The advantage to having accounts based on users’ names is that it is easier to know who is logged onto a server.

Setting account policies in Microsoft Windows NT Server

• The user manager for domains tool on an NT server is used to set account policies.
• The account policies that can be set up are the following:

• Password expiration

• The option to have users change their passwords are regular intervals.
• Guards against situations where passwords have been compromised.
• A recommended interval is 30-90 days.

• Password length

• Require passwords to be more than 5 characters in length.
• Makes it harder to guess.

• Password history

• Some operating systems keep a record of recently used passwords.
• This gives some time before an old password is reused.

• Account lockout

• A mechanism that prevents access to an account after a certain number of unsuccessful logon attempts.
• Access may be denied for 10-15 minutes or when the administrator comes and unlocks the user’s account.

Creating Home Directories

• One way to manage where users place files on the network is through the creation of home directories.
• A home directory is a specified location where an account holder can store files, such as on a file server.
• The advantage of having home directories on a file server is that it reduces expenditures for hard disk space on individual workstations. It is more expensive to upgrade individual workstations than it is to upgrade storage space on a server.
• Also, each user’s files are centrally located for easier access by other users.

Setting Group Policies

• Rights enable an account or a predefined group to have high-level access capabilities, such as the right to access a server or to access advanced functions on a server.
• Permissions are associated with access to files and folders on a server, controlling the way an account or a group accesses information.
• Managing rights and permissions by individual user accounts is far more labor intensive than managing by groups.
• Groups help reduce the effort required to manage accounts.
• Accounts having the same security and access needs can be assigned to a group. Then security access is set up for the group instead of each account.
• A local group consists of accounts, network resources, and global groups.
• Global group is used to make one Microsoft domain accessible to another so that resources can be shared and managed across two or more domains.

Auditing Account Activity

• Auditing records can be kept on the following:

• Account logon and logoff activity.
• Successful and unsuccessful access of files and folders.
• Successful and unsuccessful use of rights and permissions.
• Significant changes to an account, such as adding it to a group.

Planning Network Security

• Developing a comprehensive plan to protect network resources is vital.
• All networks contain resources and information on which users depend.
• An interruption of network service or loss of data can be costly.
• The security plan should address the following:

• Passwords and password maintenance
• Access privilege management
• Encryption
• Power protection
• System and data backups
• System fault tolerance and redundancy
• Firewalls
• Virus monitoring
• Disaster recovery

Setting Passwords

• Passwords are critical defense against intrusions.
• All accounts should have a password that is changed on a regular schedule.
• An account such as the NT Server Administrator account should have a long password that is difficult to guess and that is changed every 30-60 days.
• A guest account should be disabled. It is like a backdoor, and usually overlooked.

Managing Access Privileges

• Microsoft provide the following guidelines for setting permissions:

• Protect the WinNT folder that contains operating system files on NT servers and workstations and its subfolders from general users through No Access, but giver the Administrators group Full Control Access.
• Protect utility folders with access permissions for only Administrators.
• Protect software application folders with Add & Read to enable users to run applications and write temporary files but not to alter files.
• Create publicly used folders to have change access, so users have broad access except to take ownership and set permissions.
• Provide users full control of their own home directories.
• Remover the group Everyone from confidential folders, such as those used for personal mail or for software development projects.

Database Security

• Modern relational databases come with security built in.
• Oracle, Sybase, Microsoft SQL Server, Informix, and DB2 are some examples.

Data Encryption

• It is relatively easy for an enterprising hacker to build a network interface and software to capture frames on the network.
• Data encryption techniques have become increasingly important to protect critical information from interceptions on networks.
• A common method for encrypting data is to require one or more "keys".
• An encryption key is a digital code or password that must be known to both the sending node and the receiving node. Some security schemes use keys with up to 512 digits.

Creating Firewalls

• Firewalls protect a network from intruders and reduce unwanted traffic.
• Routers are frequently used as firewalls, because they examine every packet before sending it on.
• A dedicated firewall adds security options such as network address translation, logging, FTP management, SMTP proxy, HTTP, network encryption, and virtual network encryption.

Virus Protection

• A virus can be carried by a program, e-mail, macro, downloaded file, and other sources.
• Best protection is to purchase software from reliable vendors.
• You can use the following measures in network planning to protect against viruses:
• Purchase reliable scanning software; obtain a site license for all servers and workstations on the network.
• Have the virus scanner running in the background on servers so it can immediately detect a virus.
• Set the scanner to run a full scan on a regular basis, such as every night before or after file backups.
• Scan all software for viruses before installing the software on a network server or workstation.
• Unzip or decompress compressed files before scanning, because a scanner may not find a virus in that type of file.
• Do not use software that has been handed from person to person, including macros.
• Educate users to be careful about where they obtain software and to scan for viruses as soon as they install the software on a workstation.