retraining for a new career ????

HND GRADED UNIT

2008
NETWORKING AND INTERNETWORKING
Contents
Title page 1
Introduction. 5
Stage one planning to plan. 5
Project prerequisites. 6
Analyze Requirements (of the network and its users). 6
Analyse Network Load Requirements. 7
Develop LAN Topology. 7
Layer 3 Addressing. 7
Setting up VLAN Implementation. 7
Basic Network Design Methodology. 8
The Project Brief and Analysis. 9
Requirements. 9
Understanding client-server traffic flow.. 13
Fiber Optic Cable Connections. 15
Cable Termination Standards. 19
Patch panel colour scheme. 19
Fibre Channel 20
The new system.. 21
Planning. 21
Defining Network Segments. 22
Bandwidth and security. 23
Choosing a Hostname. 24
Development. 26
Virtual lab server. 26
Application server. 26
Squid Proxy Server. 28
Option 1—Use IPv4 for IP Addressing. 28
Option 2—Use IPv6 for IP Addressing. 28
Fibre optic backbone. 29
VLAN Planning. 30
STUDENTS VLAN.. 30
VLAN range. 30
Network Infrastructure. 32
Devices. 32
Network file system.. 44
Deployment and analysis. 45
Troubleshooting. 48
Software instalation. 51
Installing windows 2003. 51
Step #2: Beginning the installation process. 51
Step #3: The text-based portion of the Setup program... 51
Step #4: The GUI-based portion of the Setup program... 53
Install and configure a dhcp server in our active directory. 55
Configuring the DHCP service. 56
Exchange server. 57
Apache server and local intranet site. 59
User Hardware. 61
Class Workstations. 61
Server setup. 65
Example Security Zones. 65
Future expansion possibilities. 67
CONCLUSION.. 67
Bibliography. 67
Appendix. 68
Glossary of Networking Terms. 73

Introduction
Stage one planning to plan
The purpose of the Project Plan is to provide a high-level understanding of the work to be undertaken in the project and to identify the key decision and review points.

The First step in any project is to find a starting point in the planning process I find it beneficial to use a mind map to get my thoughts onto paper and as you add one item others become apparent and branch off to the next chain of thought below is the result

Mind map of planning strategies

Project prerequisites

Reusable Asset’s

To save money, time and the environment it is prudent to take stock of pre-existing hardware and software re use or upgrade, as much of it that meets the criteria for the new system during the survey of the existing equipment this can be determined
Tasks to perform prior to planning

Provide a plan to meet the customers requirements on time and within budget currently £350,000
Identify and define the major products required for the project
Identify the major activities to be performed to deliver the products;
Estimates the effort needed
Identifies the time-scales achievable, given the project constraints;
Assess the major risks of the project, and the associated countermeasures i.e. (Health and safety, local government planning constraints)
A network architecture design should be started without input from the security team within the organization. The organization’s security requirements in the form of an enterprise security policy are a significant factor in any network design
Analyse requirements
Develop LAN structure (topology)
Set up addressing (and naming conventions) and routing

Analyze Requirements (of the network and its users)
Business issues
Technology issues
Administrative issues
Gather Data -
Corporate Structure
Business information flow
Applications in use
Current topology
Performance characteristics of current network
Determine if documented policies are in place
Mission-critical data
Mission-critical operations
Approved protocols and platforms
Control versus distributed authority
Business requirements
Technical requirements
New applications or business operations
Availability requirements -
Throughput
Response time
Access to resources

Analyse Network Load Requirements
Client/Server applications
Host/terminal applications
Routing protocols
Regularly scheduled services, such as file backup
Estimate worst-case traffic load during the busiest times for users and during regularly scheduled network services
Develop LAN Topology
LAN topology that will satisfy Step 1 requirements
Star Topology, Extended Star Topology, bus and star, mesh
A LAN topology in which end points on a network are connected to a common central hub/switch by point-to-point links.
A ring topology that is organized as a star, implements a unidirectional closed-loop star (star wired ring), instead of point-to-point links.

Layer 3 Addressing
The router divides subnets and networks
The router structures an internetwork
Logical addressing should be mapped to the physical network
Develop and document the IP addressing scheme to be used in the network
Setting up VLAN Implementation
Group users by department, team, or application
Provide broadcast containment and security
Routers provide communication between Vlan’s (and security)
VLAN (Virtual LAN) - Group of devices on a LAN that are configured (using management software) so that they can communicate as if they were attached to the same wire (media), when in fact they are located on a number of different LAN segments. Because Vlan’s are based on logical instead of physical connections, they are extremely flexible.

Basic Network Design Methodology

Completing
A Plan
Designing
A Plan
Defining and
Analysing
Products
Project
Approach
Product
Flow
Diagram
Product
Breakdown
Structure
Product
Descriptions
List of
Activities
Draft Product
Checklist
Identifying
Activities &
Dependencies
Assessed
Plan
Analysing
Risk
Schedule
PL1
PL2
PL3
Scheduling
(Planning Tools
E.g. MS Project)
PL5
PL6
PL7
Estimated
Activities
Estimating
Activity Dependencies
PL4
PL=planning step 1 to 7Design Flow Process

Completing
A Plan
Designing
A Plan
Defining and
Analysing
Products
Project
Approach
Product
Flow
Diagram
Product
Breakdown
Structure
Product
Descriptions
List of
Activities
Draft Product
Checklist
Identifying
Activities &
Dependencies
Assessed
Plan
Analysing
Risk
Schedule
PL1
PL2
PL3
Scheduling
(Planning Tools
E.g. MS Project)
PL5
PL6
PL7
Estimated
Activities
Estimating
Activity Dependencies
PL4
PL=planning step 1 to 7

The Project Brief and Analysis
To consider the existing network, review the needs of the business and design a network, which will meet the business needs of the organisation and provide room for any future expansion this will be completed within budget. The allocated budget for this project is £350,000

Requirements
Access to the internet from desktop machines.
The proposed network designs will be delivered in budget and on time.
The proposed design will satisfy the business requirements for 10 years.
LAN throughput is expected to grow by 100 xs during this period.
WAN throughput is expected to grow by 10 xs during this period.
A minimum of 10 mbps to the desktop and 100mbps for backbone links will be provided.

Only one routed protocol will be used throughout the design. Currently this is TCP/IP.and will remain so using ip version 4 but with the possibilities of migrating to ip version 6 to increase scalability as the organisation grows

Access to SuperJanet III (WAN).
It is intended to connect directly to the SuperJanet Network and to remove the local Universities influence over the system. All annex sites will be connected to the main site by fibre optic cable this will connect all teaching and administrative computers at annex sites with the main college site for the purpose of delivering and receiving data. In a secure method

Topology of SuperJanet III (WAN).

The WAN will be based on a three-layer hierarchical model. External sites will be required to connect to the college prior to being given access to the internet. Thus, a firewall will be placed at each outlying site and at the main college facility. To protect each Vlan and LAN’s

Internal firewalls will be used to protect internal network traffic from exposure to possible threats. The intention is to form a fast WAN core network a high-speed link will be connected to Outlying sites will be connected into the core WAN facilities.

LAN connection
Currently 10 and 100mbps Ethernet is deployed in the network.
In order to ensure consistency in the network any new design will conform, to the EIA/TIA standards. Horizontal cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity for 1GBs. Backbone cabling to be fibre optic cable.

Two physical LANS will be installed in the building one of which will be split into several Vlan’s that will connect data and phone systems to the network for ease of management.

One Vlan designated for use by STUDENTS one for the teaching network the other LAN will be designated for administration usage phones and so on
The Admin network will have access to all
For Security reasons students cannot be accidentally connected into the admin network. As it will be protected by a firewall and on a separate LAN
The use of Two LANS will reduce the probability of a technician accidentally plugging a student into a port on a switch allocated for admin purposes.
In the event of catastrophic failure of one network the business can still function even in a reduced capacity

. The room that has been selected for use as the Main Distribution Facility (MDF) is at the Point of Presence (POP). Intermediate Distribution Facilities (IDF) will be used on each floor in the rooms designated in the plan with the IDF symbol 32 Rooms requiring to connect to the LAN/WAN will be provided with an appropriate number of ports on appropriate devices.
A Horizontal Wiring Closet (HWC) will be installed in the 32 rooms servicing hosts in the room or in adjoining rooms this will consist of a wall mounted lockable rack unit. Horizontal cable runs will be at l Cat5UTP.

All wiring schemes will conform to acceptable industry standards. TIA/EIA Standard 568A Vs 568B

Media and topology
After researching the media to use in this project the possibilities for modernising a network became very apparent as new technologies are developed (on what appears to be a weekly basis) to get a faster more efficient network
I have certain reluctance to commit to the new products that are available and stick to tired and trusted media although the newer media will no doubt be faster I am not convinced that it will prove to be as reliable or cost effective for this size of network

The topology of the project is mostly governed by the buildings physical plan and what is in place at present it is not always prudent to remove existing topologies that have been proven to work.
in an ideal world it would be a completely new system installed from the ground up but this would cause too much downtime and seriously affect the users adding to what is already there and replacing sections as time passes would minimise the downtime and reduce the interference to the users

When installing the new system some preparation work must be done installing a new fibre optic backbone and wiring closets ready for the switch over of systems the final topology will no doubt be a mesh in practice but for design purposes, we will call it a logical bus and star topology. With the bus referring to the fibre optic backbone

IS ETHERNET THE WAY TO GO
We have chosen cat 5e Ethernet for our network Ethernet was originally developed at Xerox PARC in 1973–1975 Ethernet was originally based on the idea of computers communicating over a shared coaxial cable acting as a broadcast transmission medium. The methods used show some similarities to radio systems, although there are fundamental differences, such as the fact that it is much easier to detect collisions in a cable broadcast system than a radio broadcast. The common cable providing the communication channel was likened to the ether and it was from this reference that the name "Ethernet" was derived. derived.
(CSMA/CD) governed the way the computers shared the channel.
To deal with convergence, newer faster more efficient network devices will improve
how much Bandwidth could be allocated to the system in the future as technology progresses other faster more reliable media will become available it may be plausible that directly connected fibre optic media could be used throughout the system

CISCO Gigabyte Ethernet card
Traditional shared Ethernet is a baseband medium, which means that only one station can send data onto the Medium at any one time. Multiple signals cannot be multiplexed as in the case of a broadband medium. On a shared Ethernet hub stations resolve access contention by listening on the receive pair of wires to check if any other station is sending data. The implementation of Ethernet switching instead of shared Ethernet entails the following improved operational features:
Dedicated collision domains
Each port on a switch is in its own collision domain and therefore a station connected to the LAN via a switch port rather than a hub port does not have to compete for access to the wire by listening for collisions before sending data. This increases the effective bandwidth on the LAN.
Traffic filtering and forwarding
A switch functions as a multi-port bridge and learns the location of each station's MAC address by listening to live traffic. For each frame that it switches, it will only forward traffic to the port where the destination MAC address resides. The switch is said to filter the frame on all other ports. This significantly reduces unnecessary traffic on the LAN and improves the efficiency with which bandwidth is utilized. Broadcast frames are however flooded to all ports, hence, a switch is said to create multiple collision domains but all ports remain in the same broadcast domain. This is often a desirable means of operations since broadcasting can be a necessary and often an efficient means of communications in the LAN as opposed to the WAN. Microsoft Windows uses NetBIOS, which heavily relies on broadcasting. Another example is the Address Resolution Protocol (ARP) whereby an ARP broadcast must reach every station on the IP subnet in order to resolve a destination IP address to its MAC address.
Full-duplex transmission
Traditional shared Ethernet operates in half-duplex mode. In other words, stations cannot send and receive at the same time. Because of the baseband nature of Ethernet, only one station can access the medium and send data at any one time. Stations on a shared Ethernet medium resolve contention by listening for collisions. Full-duplex transmission simply means that stations can send and receive at the same time. In Ethernet, this is accomplished merely by not listening for collisions. It is only valid to disable collision detection if the station is attached to its own dedicated switch port. This means that there are only two stations in the collision domain- the station itself and the switch port. Each station can then sends to and receive from the other without having to listen for collisions. This is sometimes called point-to-point Ethernet. Full-duplex operation like many networking terms, has been abused and has had disingenuous claims associated with it. The marketing wars amongst the switch vendors have prompted them to claim that full-duplex operation doubles throughput. Full-duplex operation does significantly improve throughput, but it can hardly be said to double it since application traffic is unlikely to be simultaneously sent and received at wire speed by the same station.

Understanding client-server traffic flow
Obtaining a detailed understanding of client-server traffic flow is arguably the greatest single challenge when implementing a switched LAN design. In situations where a network is being redesigned from a shared LAN environment to a switched LAN in order to meet increased bandwidth requirements it is possible to gather detailed quantitative information on traffic profiles. On a completely new network, this is not so easy prior to rollout. However failing a rigorous quantitative analysis a reasonable qualitative analysis of traffic profiles should be achievable. It is important to obtain a reasonable estimate of the following: What clients are talking to what servers, for how long and how much bandwidth is being consumed-now and in the future. What is the physical and logical location of all clients and servers- in other words be clear about the client-server data path for each application. What is the level of inter-server traffic? Again, this is consistent with the need to understand all major traffic flows across the network. The introduction of a LAN switch can be of limited benefit if these traffic flows are not adequately understood. To take an extreme example, consider the case where the server is remote and must be accessed across a 56k WAN link. In this case, a LAN switch will not significantly increase performance since the bottleneck is in the WAN rather than the LAN.
High-speed core
Several proprietary methods along with the 802.3ad standard exist to allow multiple links to be aggregated into a single logical high-speed connection. Multiple physical connections between the same two switches must be treated as a single logical connection; otherwise spanning tree will block redundant links. This capability can be used to provide high-speed connections between core switches and also to high-bandwidth servers. Even prior to the deployment of 10 Gigabit Ethernet, the capability exists to aggregate up to 8 Gigabit Ethernet ports to provide a high-speed campus backbone.
The concept of virtual LANs (Vlan’s)
Broadcast containment
Each port on a switch represents a separate collision domain however all ports on a switched network are in the same broadcast domain. Any broadcast that is issued by any station on the campus LAN would have to be processed by every station on that LAN on a completely flat, switched network. The interruption of each device's CPU is probably a more serious issue than the bandwidth consumption associated with broadcasts in a LAN environment. Vlan’s provide a mechanism for creating multiple broadcast domains in a switched network. A broadcast issued by a particular station will then only propagate to stations that are on the same VLAN. A router is required to enable communication between Vlan’s just as one is required for communication between physical LANs. This can be easily understood by noting that a VLAN is synonymous with an IP subnet. In a switched environment, if two stations are on the same VLAN then they must also be on the same IP subnet.
Security
By filtering broadcasts, Vlan’s impose a certain level of security similar to that normally associated with routed subnets. Consider the case of a network analyser that is plugged into a particular switch port. If this port is assigned to a particular VLAN then the analyser will only detect broadcasts associated with that VLAN rather than for the entire LAN. Security policies can also be configured on the router that controls the inter-VLAN communication just as for conventional LAN segments.
In the flexible learning centres, I will use thin clients with a departmental server
Key Benefits and Issues
Thin client computing offers a number of benefits including:
Greater security as data is not being stored out on desks where it might not be physically secure or even being backed up
No need to constantly upgrade desktop PCs – if more processing power is needed only a small number of central computers need to be upgraded. Obvious benefits for the budget and also for the environment
Users can connect to their desktop and applications from anywhere that is connected to the network – even from home or on the road
Applications can be updated for 100s of users in minutes, as only the central computers need to be updated
Support costs are reduced, as only simple devices are required out on users’ desks
Incremental costs of adding additional users should be lower than if they used conventional PCs through the saving from reduced hardware costs and the cost of configuring each new PC
In with all the good things are some drawbacks. These include:
Heavily graphical applications require a lot of processing and bandwidth to work and are probably not best suited to this type of environment
Installing lots of applications and hardware such as printers on central computers can cause conflicts – the design of the system must be right or there can be real problems
If the central network or servers go down users may not be able to use their computers at all – if you are using dumb terminals they will need the central network to be able to do even the most basic things
Connecting external devices such as PDAs can be very difficult or impossible depending on the type of the device. Quite often, it is easier to include some fat client machines on the network for those people that need them
Technologies Available
There are four main systems. They are:
Microsoft Terminal Services
Citrix Presentation Server
The X Window System
The Web / Browser-Based Applications
Microsoft Terminal Services
Microsoft saw the potential of the new software from Citrix and rather than write their own software they reached a deal with Citrix (helped by the fact Microsoft had invested in Citrix early on) where Microsoft would licence some of the code from the Citrix system. This effectively gave Microsoft a cut down version of the Citrix system. Microsoft then could not lose as if someone wanted to implement the Citrix system; they still had to purchase Terminal Services licences. Great business!
For the more serious thin-client solution running a Windows environment, Citrix was always the choice but Terminal Services offered a relatively straightforward and cost-effective option, especially for not for profit organisations where licensing costs are relatively small.
In recent years tools have been developed to allow Terminal Services to share some of the higher services of Citrix but at a much lower cost. These include load balancing based on server load, seamless applications (where an application appears on your normal desktop as an icon and runs as if it is installed as normal but is in fact running on a Terminal Server); secure gateways to increase access security and encryption.
Terminal Services is based on the Remote Desktop Protocol (RDP) and is now even included in Windows XP for remote access or support purposes allowing users the ability to let a remote technician take over their PC without installing additional software.
Citrix
The current version of the system from Citrix is called Presentation Server. As mentioned earlier, Citrix is generally targeted at the larger enterprise due to its greater cost (even for not for profit organisations) and greater scalability.
For the small and medium sized organisation, it can be difficult to justify the additional expense unless there is an application-specific requirement for Citrix over Terminal Services.
Citrix Presentation server is based on the ICA (Independent Computing Architecture) protocol.
X Window
The X Window System is the underlying protocol for the dominant windowing system for UNIX and Linux based systems. In combination with an X Terminal of some sort (either dedicated hardware or as software running on a PC) applications can be run in effectively the same way as with Terminal Services and Citrix.
The X Window System originated is the 1980s through a partnership between MIT, Stanford University and IBM with the goal of creating a graphics system that was platform independent.
As X Windows is part of UNIX / Linux, systems it would not be suitable for running Windows-based applications on the central server. However, there are Windows and Citrix clients available for Linux, which does mean that you can run Windows applications on Linux desktops.

Fiber Optic Cable Connections
We terminate two ways - with connectors that can mate two fibres to create a temporary joint and/or connect the Fibre to a piece of network gear or with splices, which create a permanent joint between the two fibres. These terminations must be of the right style, installed in a manner that makes them have little light loss and protected against dirt or damage in use.No area of Fibre optics has been given greater attention than termination. Manufacturers have come up with over 80 styles of connectors and about a dozen ways to install them. There are two types of splices and many ways of implementing the splice. Fortunately for you, and me only a few types are used most applications. Different connectors and splice termination procedures are used for single mode and multimode connectors, so make sure you know what the Fibre will be before you specify connectors or splices!
Connector and Splice Loss Mechanisms
Connector and splice loss is caused by a number of factors. Loss is minimised when the two Fibre cores are identical and perfectly aligned, the connectors or splices are properly finished and no dirt is present. Only the light that is coupled into the receiving fibre's core will propagate, so all the rest of the light becomes the connector or splice loss.
.

Guide to Fibre Optic Connectors
Check out the "spotters guide" below and you will see the most common fibre optic connectors. (All the photos are to the same scale, so you can get an idea of the relative size of these connectors.)
ST (an AT&T Trademark) is the most popular connector for multimode networks, like most buildings and campuses. It has a bayonet mount and a long cylindrical ferrule to hold the Fibre. Most ferrules are ceramic, but some are metal or plastic. In addition, because they are spring-loaded, you have to make sure they are seated properly. If you have high loss, reconnect them to see if it makes a difference.

FC/PC has been one of the most popular single mode connectors for many years. It screws on firmly, but make sure you have the key aligned in the slot properly before tightening. It's being replaced by SCs and LCs.

SC is a snap-in connector that is widely used in single mode systems for its excellent performance. A snap-in connector latches with a simple push-pull motion. It is also available in a duplex configuration.

Besides the SC Duplex, you may occasionally see the FDDI and ESCON* duplex connectors which mate to their specific networks. They are generally used to connect to the equipment from a wall outlet, but the rest of the network will have ST or SC connectors. *ESCON is an IBM trademark
Below are some of the new Small Form Factor (SFF) connectors:
LC is a new connector that uses a 1.25 mm ferrule, half the size of the ST. Otherwise; it is a standard ceramic ferrule connector, easily terminated with any adhesive. Good performance, highly favoured for single mode.

MT-RJ is a duplex connector with both fibres in a single polymer ferrule. It uses pins for alignment and has male and female versions. Multimode only, field terminated only by prepolished/splice method.

Opti-Jack is a neat, rugged duplex connector cleverly designed around two ST-type ferrules in a package the size of a RJ-45. It has male and female (plug and jack) versions.

Volition is a slick, inexpensive duplex connector that uses no ferrule at all. It aligns fibres in a V-groove like a splice. Plug and jack versions, but field terminate jacks only.

E2000/LX-5 is like a LC but with a shutter over the end of the Fibre.

MU looks a miniature SC with a 1.25 mm ferrule. It is more popular in Japan.

MT is a 12 Fibre connector for ribbon cable. Its main use is for preterminated cable assemblies.

SplicingSplicing is only needed if the cable runs are too long for one straight pull or you need to mix a number of different types of cables (like bringing a 48 Fibre cable in and splicing it to six 8 Fibre cables - could you have used a breakout cable instead?) And of course, we use splices for restoration, after the number one problem of outside plant cables, a dig-up and cut of a buried cable, usually referred to as "backhoe fade" for obvious reasons!Splices are "permanent" connections between two fibres. There are two types of splices, fusion and mechanical, and the choice is usually based on cost or location. Most splicing is on long haul outside plant SM cables, not multimode LANs, so if you do outside plant SM jobs, you will want to learn how to fusion splice. If you do mostly MM LANs, you may never see a splice.

Cable Termination Standards
568A Vs 568B
Cables and connectors TIA/EIA Standard history
In 1985 many companies from the telecommunications industry, becoming concerned about the lack of a third party premises cabling standard and their governing body the CCIA (Computer Communications Industry Association) requested that the EIA (Electronics Industry Association) develop this standard. The first draft of the standard was not released until July of 1991 this was given the name EIA/TIA-568. Although similar to the existing AT&T method of terminating twisted pair cables the new standard provided backward compatibility for phones that used two pairs instead of just one – enabling them to operate on pairs one and 2. Later in 1991, a Technical Systems Bulletin (TSB-36) was released with references to category 4 and 5 cables. Twelve months later TSB-40 was published addressing higher speed UTP for hardware connecting, this was revised in January of 1994 to include RJ45 modular jacks and fly leads. At this time TIA/EIA-568 was also revised and renamed TIA/EIA 568A, the existing AT&T standard 258A was included and referred to as TIA/EIA-568B. As both these standards were popular and widely used they were both adopted into the International Standards titled Generic Cabling for Customer Premises Cabling (ISO/IEC 11801:1995).
Patch panel colour scheme

Colours
Purpose
Reason
Yellow
Infrastructure
Routers and switches
Red
Server
Easy identification of High Priority connections
Blue
Workstation
Most common cable colour for the item that will yield the greatest number of connections
Green
Peripheral / Printer
Easy identification of the Low Priority connections... these can go onto the oldest, slowest connectivity devices to focus production on the workstations.
Gray
Phone system
Differentiate from pc network
Black
Backbone fibre optic
Standard colour for this type

We will follow these standards to conform to the normal
In addition, create our own standardisation process with cable colours for example

Good practice
By using separate colours for all the various systems that have to connect to the patch panels trouble shooting the system can be made easier in the server cabinet environment the whole network will follow the above colour scheme throughout

Fibre Channel
As time progresses and the new media becomes cheaper and more reliable it would be wise to include a scope for future improvements upgrading the system to Fibre Channel with super high speed switching
DEVELOPING THE SYSTEM
Alternatives-- expanding the system for the future

Fibre Channel is a layered protocol. It consists of five layers, namely:
FC0 The physical layer, which includes cables, fiber optics connectors, pinouts etc.
FC1 The data link layer, which implements the 8b/10b encoding and decoding of signals.
FC2 The network layer, defined by the FC-PI-2 standard, consists of the core of Fibre Channel, and defines the main protocols.
FC3 The common services layer, a thin layer that could eventually implement functions like encryption or RAID.
FC4 The Protocol Mapping layer. Layer in which other protocols, such as SCSI, are encapsulated into an information unit for delivery to FC2.
FC0, FC1, and FC2 are also known as FC-PH, the physical layers of fiber channel.
Fibre Channel routers operate up to FC4 level (i.e. they are in fact SCSI routers), switches up to FC2, and hubs on FC0 only.
Fibre Channel products are available at 1 Gbit/s, 2 Gbit/s, 4 Gbit/s, 8 Gbit/s, 10 Gbit/s and 20 Gbit/s. Products based on the 1, 2, 4 and 8 Gbit/s standards should be interoperable, and backward compatible. The 10 Gbit/s standard (and 20 Gbit/s derivative), however, is not backward compatible with any of the slower speed devices, as it differs considerably on FC1 level (64b/66b encoding instead of 8b/10b encoding). 10 GB and 20 GB Fibre Channel is primarily deployed as a high-speed "stacking" interconnect to link multiple switches.

In the Fibre Channel switched fabric topology (called FC-SW), devices are connected to each other through one or more Fibre Channel switches. This topology allows the connection of up to the theoretical maximum of 16 million devices, limited only by the available address space (224). Multiple switches in a fabric usually form a mesh network, with devices being on the "edges" ("leaves") of the mesh. While this topology has the best scalability properties of the three FC topologies, it is also the most expensive, the only one requiring a costly FC switch.

Benefits
With a high speed, connection like this sharing pathways to storage usually simplifies administration and adds flexibility since cables and storage devices do not have to be physically moved to move storage from one server to another.
Other benefits include the ability to allow servers to boot from the SAN (storage area network) itself. This allows for a quick and easy replacement of faulty servers since the SAN can be reconfigured so that a replacement server can use the logical unit number (LUN). Of the faulty server. This process can take as little as half an hour and is a relatively new idea being pioneered in newer data centres. There are a number of emerging products designed to facilitate and speed up this process still further. For example, Brocade ™ offers an Application Resource Manager product, which automatically provisions servers to boot off a SAN, with typical-case load times measured in minutes. While this area of technology is still new, many view it as being the future of the enterprise datacenter. However, the budget for this project will limit the design possibilities for the present

The new system
Planning

There will be two main servers available to contact the outside world protected by a pix firewall between them and the outside world

The file servers will be categorised as Enterprise or Workgroup type services, and then placed on the network topology centrally in the MDFs blade server cabinet

The Administration server, which will house the student tracking, attendance, grading and other administration functions.
This will feed into the main Administrative servers. The main Administration server will be used for Payroll; Accounts Personnel systems will be based on a UNIX platform running Solaris 10g Clients access the system via an intranet. The system will use a Graphical User interface. To simplify use by teaching staff who are not as computer literate as they might be
This server will be running TCP/IP as its OSI layer 3&4 protocols and will only be made available to teachers and staff.

The main administrative server called server will be replaced and all files and settings migrated to a new windows 2003 blade cabinet .This hosts the student records system package called Dolphin. This allows the scanning in of attendance registers and produces reports for the Funding Council on Student attendance, completion and pass rates. The blade will contain servers to support the individual functions serviced out of that
Location secondary MDFs. On the 4rth floor
Defining Network Segments
When determining the network segments that should exist in an environment, perform the following actions:
· State the purpose of each proposed network segment and determine the hosts and server roles that will be on it.
· Determine whether the proposed network segments should be physical or logical.
The following section discusses the issues involved in making these determinations.
Network Segment Requirements and Purpose
Network segments are typically created to control the flow of traffic between hosts on different segments for the following reasons:
· Connectivity: To provide basic communications.
· Performance: To improve performance by providing broadcast traffic containment.
· Security: To control the flow of traffic between segments at layer 3.
An enterprise organization is likely to have a network segmentation design that uses segments for all these reasons. In addition to defining the number of networks segments, this step also requires decisions on where to use physical and logical segments. The following section provides information on making these design choices.
Physical or Logical Network Segments
Network segments may be either physical or logical (VLANs) in the design. This section presents the advantages and disadvantages of each design option along with an example that shows how network segments should be defined.
Design Option 1—Physical Network Segments
If a physical implementation is being considered, the following advantages and disadvantages should be understood.
Advantages
Advantages of defining physical network segments include:
· Security: Because each network segment is separated from another network segment with no physical connectivity between them, the devices that provide connectivity for hosts on physical network segments are not susceptible to a hacker breaching one device and gaining access to any logical network managed by the device.
· Expense: Purchasing multiple physical devices is generally less expensive than buying a single device that permits logical network configuration.
· Simpler setup: No configuration is required to set up the segments; they are created simply by plugging the devices together.
· No firmware updates required: Because the firmware of the physical devices is so much simpler, they are less likely to require firmware updates.
Disadvantages
Disadvantages of defining physical network segments include:
· More physical devices to manage: With more physical devices to keep track of, the ongoing management costs are higher. This is especially true when a highly available solution is required.
· Difficult to reconfigure: If the network topology changes, the process of "replugging" the physical devices is slower due to the requirement for physical cabling changes.

Bandwidth and security

Domain name services and e-mail services
Planning Naming Service
To make your network user-friendly, you need to provide a service to convert hostnames into IP addresses. Domain name service (DNS) and the host table, to perform this function. We should plan to use both.
Source Zone or Tier
Destination Tier/NIC
Peak Bandwidth Requirements
Average Bandwidth Requirements
Maximum Latency
Minimum Acceptable 9s Rating
Internet Client Access

Public
Perimeter Web/1
7 MBps
2 MBps
100 ms
5
Public
Perimeter DNS/1
1 MBps
500 KBps
100 ms
5
Internal Client Access

Internal
Internal DNS/1
5 KBps
1 KBps
100 ms
3
Internal
Internal Active Directory/1
5 MBps
1 MBps
100 ms
3
Internal
Core Database/1
10 MBps
2 MBps
100 ms
3

Choosing a Hostname
Once you have a domain name, (org.org) you are responsible for assigning hostnames within that domain. You must ensure that hostnames are unique within your domain or subdomain, in the same way that host addresses must be unique within a network or subnet. But there is more to choosing a host name than just making sure the name is unique
Guidelines are:
Use real words that are short, easy to spell, and easy to remember. The point of using hostnames instead of IP addresses is that they are easier to use. If hostnames are difficult to spell and remember, they defeat their own purpose.
Use theme names. For example, all hosts in a group could be named after the department they serve. Theme names are often easier to choose than unrestricted names, and increases the sense of community among network users.sugestions is

Department
Users
Host names
Administration
Admin staff
Admin +room number+ pc number
maths
Staff and students
Math +room number+ pc number
English
Staff and students
Engl +room number+ pc number
computing
Staff and students
Comp +room number+ pc number
music
Staff and students
Music +room number+ pc number
Pcs will be numbered and named clockwise around each room starting from the centre moving outwards to aid in troubleshooting comic names can also be used to personalise them to the users one suggestion to implement could be Muppet or cartoon character names
It is important to avoid using project names, personal names, acronyms, numeric names, and technical jargon. Projects and users change over time. If you name a computer after the person who is currently using it or the project it is currently assigned to, you will probably have to rename the computer in the future.
Using nicknames to identify the server function of a system, e.g., www, ftp, ns, etc. Nicknames can easily move between systems if the server function moves

Domain name services (DNS) and e-mail delivery will be implemented in a hierarchical fashion with all services located on the master server in the MDF. On the ground floor, each site will also contain a host for DNS and e-mail services that will maintain a complete directory of all staff personnel and student population for that location. That will be contained in active directory users and computers and will be subdivided into ou’s (organisational units)

Each host at the outlying sites will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual Site server to the Main DNS server. The main DNS server will need to look up secondary and tertiary DNS servers located in the internet. All DNS servers will have the capability to communicate between themselves, thus building redundancy in the system in the event that the master server is unavailable.
Alternatively, the master server require a partial or complete restore of data, the ability to query any or all of the site servers to acquire the needed information will be provided. Through replication and backup procedures

The DNS server will continue to be within the Sun Netra e-mail Server running under Solaris. The operating system will be upgraded to Solaris 10 utilising it is built in database facilities
This is connected to a Windows exchange mail server to provide an interface to all windows based clients. And there MAC Linux Unix counterparts
With the implementation of the exchange server and annually cleanable extra file storage it will be possible to offer each student a limited e-mail account and shared file storage, which will be located in the main MDFs blade cabinet

Development

To Develop the System Further the Addition of Newer Technologies Is Crucial To Aid in Any Further Expansion the Use of Virtual Servers Will Allow Scope for Limitless Computing Powers For a Minimal Expenditure
Virtual lab server
As part of the development, I have created a new server containing several tutor built virtual servers that can be accessed remotely from the student machines in room 212.not unlike remote desk toping.
too much time is spent installing and troubleshooting Microsoft virtual pc ,we will set up copies of machines on this server that do not save changes made to them when closed. To allow the students to carry out labs in a more efficient environment
For server installation, tasks a separate drive in the server will have blank virtual hard drives, copies of the operating systems and product keys required to install them.
Microsoft has adopted this system on line on their msdn sites for virtual labs

Application server
A software distribution server housing all computer applications in a central server will be included to minimise installation and maintenance of the software and access to it will be controlled by group policy in ad
As applications such as Word processing, cad and web development software these applications will be retrieved from the application server requests for Excel, PowerPoint, etc.will be on a first time use install this will provide district support staff with an easy and efficient method for upgrading applications without having to reload new software on each computer in the district network.
This server will use TCP/IP as its OSI layer 3 and 4 protocols
And an on demand or first time use installation where permissions allow in active directory and provide An option to upgrades over the wire via a ghost image of every machine or using Remote Installation Services

Teaching servers
A Windows 2003 server, (central) will provide access to the P :\( for teaching staff) and s :\( for students) network drives. This provides file access for students to obtain read only versions of coursework. Candidates have no access to upload information. As active directory and ntfs, permissions will restrict the access to them
A Linux server is available for the tuition of UNIX classes. In the network lab Access is via the lab clients only and will access the internet through a proxy server gateway
Only HNC students have accounts with this server.
MCP courses are currently running in Room 312 and thus eight machines will be multiboot to accommodate a Windows 2003 server. These will connect to the college network for testing purposes. In addition, will run virtual machines for server programs
A TFTP server and a Novell 4.11 Intranet Ware server are intended to be placed in the Cisco academy lab to facilitate the teaching of multi protocol routing. The machine using this software will need to be multi boot. It is intended to protect this program from being switched on accidentally and generating excessive broadcast traffic by having the partition password protected. In addition, limit access to the network facilities by the use of a proxy server in the fourth floor MDFs cabinet

A CAD lab server will be available to service engineering classes in room 153. This runs AutoCAD version 5.Wireless
Wireless

The use of wireless technologies is desirable to provide a method of connectivity for students and teaching staff who bring there own laptops
College visitors, staff and students can establish a connection to the college.
It will have a limited access policy to protect the network from any threats it will
Provide flexibility in the locations from which the service can be implemented
And is a widely used technology, requiring little support from the host system
Bandwidth requirements for the implementation of a campus VPN tunnel are
Minimal and are based solely on the number of simultaneous users and their
Respective throughput.
.
The project is subject to, and currently implemented for the existing network infrastructure in limited locations but will be expanded by the use of antenna located in various locations throughout
VPN tunnelling is required with a little additional support or
Maintenance as it functions using existing infrastructures and services for which, in
The majority if not all organisations, maintenance and support will already be
Available in-house.
:
Wireless network infrastructure;
VPN Server;
 Wireless gateway

A wireless network, generally regarded as being insecure. In practice
Additionally the user will be issued an IP address from the server

Allowing campus policies to allow access to IP address restricted services.
The proposed method could be used to allow a VPN tunnel and associated
Authentication to take place over any infrastructure presuming a default rule is in
Place to allow unauthenticated traffic to reach the target VPN server. With regards to
Wireless network access
Three distinct wireless standards currently exist, these being
802.11a (54Mbit/s), 802.11b (11Mbit/s) and 802.11g (54Mbit/s), the main difference
Between the standards being throughput and range. Any of these wireless standards are suitable
;
If the organisation wishes to participate in cross campus VPN tunnelling, they will
Require a VPN server on campus to which their staff or students can establish a secure connection
. The college will use
A Cisco® 3005 VPN Concentrator or a ® 3030 VPN Concentrator.
A wireless gateway is required however, the concepts could be applied to wireless networks secured using different
Gateways, including a Linux based computer configured as a NAT/firewall gateway or
Even a firewall interface onto a demilitarized zone. Alternatively, pix firewall The Blue socket gateway
Recognises all connections to the wireless network and denies them access onto the
Campus network

Squid Proxy Server
New implementation on this server enables the dynamic modification of ACL s, which allows the users to request different bandwidth levels. Communication between the UM server and squid proxy server is implemented on the cache object protocol, which was designed to handle cache-manager requests.

The bandwidth allocation system on user request, which will drive for better utilization and efficient usage of existing Internet bandwidth. The new implementation should support reliable authentication, dynamic bandwidth allocation on user request and should be capable of handling users on their login name.
In order to implement dynamic bandwidth allocation on user requests, squid proxy server should modify delay pool parameters in its client who requests bandwidth modification. But if the system is implemented to change the ACL group of that client who requested for bandwidth alteration, the user will be able to have what he actually needs. The basic concept behind this implementation is to modify the ACL structure dynamically without modifying the delay pool parameters of each client.

Choosing the IP Version to Use
Most organizations today use IPv4. This version has been considered the IP standard for many years and is therefore a proven technology. However, IPv4 was never designed to support the numbers or types of devices it is now used for—not only computers and networking devices but even handheld PCs and mobile phones now use IP. IPv6 is currently being reviewed as a replacement for the IPv4 standard. IPv6 provides for a much larger address space than was ever possible with IPv4, and it offers better support for the services required. However, while many organizations may migrate to IPv6 some day, most are content to remain with IPv4 presently. A migration to IPv6 will be a major undertaking for most organizations, and the fact that facilities such as private addressing (covered later) and NAT exist to overcome the limitations of IPv4, at least for the time being, makes migration somewhat unattractive. Details of IPv6 are provided in Request for Comments (RFC) 1752.
The following options list the advantages and disadvantages of using IPv4 or IPv6 for the deployment of a new network.
Option 1—Use IPv4 for IP Addressing
IPv4 offers the following advantages and disadvantages.
Advantage
The advantage of using IPv4 is that it is a universally adopted, supported, and proven technology.
Disadvantage
The disadvantage of using IPv4 is that the maximum numbers of IP addresses it can support (10 billion) is insufficient, given the proliferation of devices and hosts that require addresses.
Option 2—Use IPv6 for IP Addressing
IPv6 offers the following advantages and disadvantages.
Advantages
Advantages of using IPv6 include:
· Increased IP address pool: The additional length of the IPv6 address over IPv4 (128-bit rather than 32-bit) offers a vastly increased pool of addresses.
· Simplified header: IPv6 offers a simplified header format to reduce the network overhead and increase network performance.
Better support to services: An example of the better support that IPv6 offers to services is the pre-allocation of network resources to support time-dependent services.
Disadvantage
The disadvantage of using IPv6 is that it is not yet universally supported or widely implemented; therefore, limited support is available at this time.

.

A firewall server is currently in place to filter all traffic entering and leaving the College. This will be replaced by a pix firewall to increase security and will be controlled by the front-end server 1 and active directory database only authenticated users will be allowed access
A software licensing server is available to audit and monitor uses of all software. Again, this will be implemented via active directory

Fibre optic backbone
The backbone and serial connection to the annex of the network will be fibre optic cable. To increase the throughput and speed of communications on the network this will add to the overall costs involved in the project the cable will have to be set between the main building and the annex it will however make the system more efficient and secure
IP address plan variable length subnet masking
The IP address plan may also in part dictate the VLAN strategy along with .the use of dhcp to assign ip addresses to the client machines phone systems
AD Sites & Subnets
Used by:
Site Name
Subnet
Netmask
Subnet Name(Created)
Corporate
Central
10.1.11.0
255.255.255.0
10.1.11.0/24
10.1.16.0
255.255.255.0
10.1.16.0/24
10.1.17.0
255.255.255.0
10.1.17.0/24
10.1.18.0
255.255.255.0
10.1.18.0/24
10.1.19.0
255.255.255.0
10.1.19.0/24
10.1.20.0
255.255.255.0
10.1.20.0/24
10.1.22.0
255.255.255.0
10.1.22.0/24
10.1.23.0
255.255.255.0
10.1.23.0/24
10.1.24.0
255.255.255.0
10.1.24.0/24
10.1.25.0
255.255.255.0
10.1.25.0/24
10.250.0.0
255.255.128.0
10.250.0.0/17
192.168.13.0
255.255.255.0
192.168.13.0/24
192.168.15.0
255.255.255.0
192.168.15.0/24
192.168.16.0
255.255.255.0
192.168.16.0/24
192.168.17.0
255.255.255.0
192.168.17.0/24
192.168.19.0
255.255.255.0
192.168.19.0/24
192.168.23.0
255.255.255.0
192.168.23.0/24
192.168.24.0
255.255.255.0
192.168.24.0/24
208.217.184.32
255.255.255.224
208.217.184.32/27
Corporate
West
10.20.11.0
255.255.255.0
10.20.11.0/24
172.16.32.0
255.255.255.0
172.16.32.0/24
Perimeter
Central
10.1.0.0
255.255.255.0
10.1.0.0/16
10.1.25.0
255.255.255.0
10.1.25.0/24
10.250.0.0
255.255.128.0
10.250.0.0/17
192.168.13.0
255.255.255.0
192.168.13.0/24
192.168.15.0
255.255.255.0
192.168.15.0/24
192.168.16.0
255.255.255.0
192.168.16.0/24
192.168.17.0
255.255.255.0
192.168.17.0/24
192.168.19.0
255.255.255.0
192.168.19.0/24
192.168.23.0
255.255.255.0
192.168.23.0/24
192.168.24.0
255.255.255.0
192.168.24.0/24
208.217.184.32
255.255.255.224
208.217.184.32/27
SBO
Central
10.205.1.0
255.255.255.224
10.245.19.0/27
Flexibility
Vlan’s go some way towards combining the intelligence of a routed network with the flexibility of a switched LAN. For example, a user that is on a particular VLAN can remain on that VLAN after moving to a different physical location within the campus. All that is required is a change in the relevant switch configurations. There is no need for a hardware change or re-patching of cables. This flexibility is further facilitated by the fact that Vlan’s can be extended across multiple switches using a VLAN trucking protocol. Generally, Vlan’s have helped simplify the administration and management of moves, ads' and changes in a LAN environment that uses layer 3 processing.

VLAN Planning
STUDENTS VLAN
Virtual Network Segments on L3 Switches
This figure contains four VLANs. Virtual1 connects the client to the switch (in this example the switch is the “default gateway” for the client because the switch is capable of routing at L3 between VLANs). Virtual2 is a dedicated VLAN connecting the switch and the external interface of the firewall server. The firewall processes packets based on filtering rules and if the requirements of the rules are satisfied, the firewall relays the request out of its internal interface attached to the Virtual3 VLAN. The switch then processes this traffic, and if the request satisfies additional access control list (ACL) filters applied to the VLAN the request is routed to the Virtual4 VLAN. The server also uses the switch as its “default gateway.” In this configuration, each VLAN could be called a LAN. In addition, all four VLANs could collectively be called a LAN.
There are a number of issues to be considered when planning the implementation of Vlan’s on a large campus LAN. The number of Vlan’s to be deployed must be decided upon along with the number of hosts that each VLAN should support. The VLAN architecture and how far the Vlan’s span throughput the campus is another important design issue.
Assigning LAN Connectivity Devices
Once the network segments have been determined, the next step is to assign these segments to the network devices capable of supporting the required roles between each segment.
At this point in the design process, it should be clear what roles are required and at which points in the logical design they are needed. Therefore, the next step is to identify the physical devices capable of supporting the network requirements.

VLAN range
Vlan’s can be local to the wiring closet where, for example, each of the eight floors in the building represents a different VLAN regardless of the work function of the users. This means that broadcasts are locally contained however; the downside is that traffic to other wiring closets, where servers reside, must be routed. There is a growing trend to share enterprise resources at centralised locations such as server farms. Such a trend has been fuelled by the increased prominence of Web-based computing and shared office applications. With most resources being centralised it is likely that client to server traffic will be routed in any case, unless the LAN is one big IP subnet, which would not scale well for broadcasts.

The 'local' VLAN is a popular design the alternative is to allow Vlan’s span the entire LAN or campus in an effort to ensure that a minimal amount of client to server traffic incurs the additional latency of routing. This may be feasible where workgroups are relatively autonomous e.g. admin, student services, etc. Modern server platforms tend to support multiple shared applications, which can undermine so-called 'end to end' Vlan’s. The improvements in layer 3 switching technology and high-speed backbones have also reduced the latency associated with routing and layer 3 processing. A better reason for deploying a local VLAN implementation is that it prevents the propagation of broadcasts across the campus backbone.
Number of Vlan’s
The number of Vlan’s to be used can be decided upon... This decision cannot be made independently of the IP addressing plan where the number of LAN subnets will usually correlate to the number of Vlan is deployed. Depending on the organisation's personnel structure, it may or may not be possible to group users with a common work function in the same VLAN.
Number of users per VLAN
It is good practice to have an estimated maximum number of users per VLAN. This does not necessarily have to be consistent throughout the enterprise. For example, Vlan is containing clients that utilize a high bandwidth or broadcast-intensive application should have a lower number of users. The IP addressing plan may also present a limiting factor to the amount of hosts on each subnet and hence on each VLAN.
Optimizing the Spanning Tree Domain
The 802.1d spanning tree protocol (STP) is necessary on bridged or switched networks in order to allow redundant inter-switch links, whilst preventing broadcast loops. The fact that spanning tree can be potentially slow to converge.
Most switch vendors offer some proprietary methods to speed up spanning tree convergence. For example, Cisco's PortFast feature sets the forward delay timer to zero on a port that does not connect to another switch. This prevents PCs from having connectivity problem upon boot up due to their port being slow to move to a forwarding state. This is a useful feature as STP is only required on ports connecting to other switches.
The Root Bridge triggers the spanning tree BPDU messages that propagate throughout the switched network every two seconds. This is one of the reasons why the Root Bridge should be located at a central point close to the backbone of the network. This ensures that all downstream switches will experience similar delays in receiving and hence processing BPDU messages, which enhances the stability of the spanning tree calculation. All ports on the root switch are in a forwarding state for the purposes of spanning tree and consequently it typically has a higher processing load than other switches. This means that it should be one of the more powerful switches on the network. Clearly, the root switch should be carefully chosen. The spanning tree protocol automatically elects a root switch based on the lowest Bridge ID. With all parameters at their default values, this becomes a lottery of the switch with the lowest MAC address ID. However, the root election can be biased, by lowering the bridge priority on the intended root device. This is desirable for not only the reasons just mentioned but it also protects against a newly commissioned switch initiating a root election simply because it has a lower MAC ID than the existing root switch.
A port that has spanning tree enabled must go through the stages of blocking, listening and learning before moving to a forwarding state. This is at the heart of spanning tree's slow convergence but is necessary in order to ensure a loop free topology. All of the major switch vendors have proprietary methods of accelerating spanning tree convergence in a safe manner. For example, the spanning tree protocol can be disabled on a per-port basis in order to move the port directly to a forwarding state. This prevents problems such as workstation DHCP requests timing out after boot-up since the port had yet to move to a forwarding state. Extreme care should be taken whenever disabling spanning tree, insofar that it should never be disabled on a port that may connect to another switch.
One final issue that must be resolved at the design stage is how spanning tree is handled in a VLAN environment. It is possible to implement a single spanning domain for the entire campus LAN. Alternatively, a separate instance of spanning tree can be implemented on each VLAN. This means that each VLAN could potentially have a different (or indeed the same) root switch. It is important to be clear about the implementation
Being followed and to plan accordingly. For example, With multiple spanning tree domain

Network Infrastructure
The hardware that “makes the network” (from servers all the way through to the desk-side port)
Data cabling
Patch Panels
Pc
Switch / Hub gear
Routers
Firewalls
Patch cable management
Wireless access point(s)
Antennas

Devices
Hardware components connected to the network.
Servers
Hardware/bare-metal OEM & model
CPU
RAM
Hard disk
OS (and patches)
Services
Charter (i.e., purpose such as Oracle DB)
Workstation
Hardware/bare-metal OEM & model
CPU
RAM
Hard disk
OS (and patches)
Print Servers
Hardware/bare-metal OEM & model
CPU
RAM
Hard disk
OS (and patches)
Printers / Copiers
Hand Held(s)
Hardware/bare-metal OEM & model
CPU
RAM
Hard disk
OS (and patches)
PLC(s)
IP Cameras
IP Phones
Peripherals
Hardware that is not (directly) connected to the network rather, such components which are attached -- temporarily or permanently -- to a component of the network. Since such peripherals are potential points-of-failure of the security infrastructure, there must be policy, procedure and process for reducing risk and/or exposure.
Bar Code Reader (1D and 2D)
Cell phones
Digital camera(s)
Docking station(s)
Hand Held Computing Devices (inc.: PDAs, inventory taking, etc.)
Keyboards
Local printers
Microphones
Monitors / Displays
Mice
Speakers
Removable storage devices (inc.: USB memory sticks, external hard disk, floppies, CDs, DVDs, etc.)
USB Hubs
VoIP phone handsets
Software
Operating Systems
Productivity Applications
Support Applications
Device drivers
Services
Engines
Administrative
Attributes specific to a given site, defining the administrative structure of various components of the network
Directory Services (hierarchy of components within the network)
Groups
Licenses
Login Scripts
Passwords and Policies

Identifying and Selecting Internetworking Devices
LAN Switches
Performance issues include filtering and forwarding rates and aggregate packet processing power. Generally, today's switches do not introduce and significant delay and are capable of supporting full traffic on each segment. However, potential congestion may exist on uplink ports. For example, if a 24-port Ethernet switch has a single 100 Mbps uplink, that connection may be a source of congestion. However, if traffic is bursty, as it usually is on today's LANs, this is unlikely to be a major issue.
Layer 2 versus Layer 3 switches. Layer 2 switches offer excellent performance and very low prices. It makes very little sense these days to consider traditional repeater hubs. As the price of layer-3 switches falls and the performance increases, many sites are considering layer 3 switches as edge devices because they give you more control over traffic prioritization and quality of service.
Microsegmentation is the process of establishing a separate broadcast/collision domain for a very small number of devices or for each node.
Vlan’s: port-based and address-based
Vlan’s separate broadcast/collision domains
Allow creation of logical subnets that span physical boundaries, as is the case at SU where a single VLAN for the College extends between the main campus and West College. Another example is the library, which has part of their LAN in the Machine Room at fourth floor where they house their servers.
May facilitate moves, adds, changes since a user can move to a different office while preserving all current address parameters.
Routers are used to provide inter-VLAN communication. Thus, each VLAN must also have a connection to a router to allow for inter-subnet traffic.
Translational bridging (e.g., a switch with 24 Ethernet ports and an FDDI uplink port)
ATM switches Workgroup ATM switches: normally interconnect Ethernet devices to an ATM backbone
Campus ATM switches: normally used to interconnect LAN routers or switches
Enterprise ATM switches: normally used to interconnect campus ATM switches and to integrate diverse communication services
Multiservice ATM access switches normally used by service providers to integrate diverse systems on a common ATM infrastructure
choices EQUIPMENT RACK DETAILED

Networking Devices

DescriptionProduct
TypeDescription
Qty
Remarks
Firewall (Internal)WS-C6509
Embedded into internal switchCatalyst 6509 Chassis
-1

Load Balancer (Internal)WS-CAC-2500W
Cisco CSS 11500Catalyst 6000 2500W AC Power Supply
21
With SSL Termination/Fiber GigE
Load Balancer (Perimeter)WS-CAC-2500W/2
Cisco CSS 11500Catalyst 6000 Second 2500W AC Power
21
With SSL Termination/Fiber GigE
Router (Border)CAB-AC-2500W-UK1
Cisco 7600 RouterPower Cord, 250Vac 16A, straight blade NEMA 6-20 plug, UK
2
Fiber GigE Interface
Switch (BOso)S6S22ALV-12113E
Cisco 2900Catalyst 6000 SUP2/MSFC2 IOS ENTERPRISE LAN ONLY
21
See below
Switch (Internal)EMS-65-76-001-2.1
Cisco Catalyst 6513Cisco 6500/7600 Mgr v2.1 Mgr Single Chassis RTU
21
See below
Switch (Perimeter)WS-C6X09-EMS-LIC
Cisco Catalyst 65096x09 RMON Agent License
21
See below
Switch (Client)WS-X6K-S2-MSFC2
Cisco 3550Catalyst 6500 Supervisor Engine-2, 2GE, plUK MSFC-2 / PFC-2
31
See below
VPN (Perimeter)WS-X6K-S2-MSFC2/2
Class 6 Server – High Range Low Density *Cat 6500 Red. Sup2, 2GE, MSFC2 and PFC2 (In Chassis Only)
21
See server configurations
VPN (Site2Site)WS-X6316-GE-TX
Cisco VPN 3030 ConcentratorCatalyst 6000 16-port 1000TX GE Mod., RJ-45
21
See below
Wireless Access PointWS-X6548-RJ-45
Cisco Aironet 1200 Access PointCatalyst 6500 48-port 10/100, RJ-45, x-bar
21
PEAP Compliant
Wireless Access PointWS-X6381-IDS
Cisco Aironet 350 Access PointCatalyst 6000 IntrUKion Detection System Module
21
PEAP Compliant
SC6K-IDSM-3-K9
Catalyst 6000 IDS Module v3.0 Base Software
1

Cisco Catalyst 6509 ConfigurationWS-SVC-FWM-1-K9
Firewall blade for Catalyst 6500
1

ProductSC-SVC-FWM-1.1-K9
DescriptionFirewall module software for Catalyst 6500
Qty1
Remarks
WS-C6509MEM-S2-128MB
Catalyst 6509 Chassis6000 Sup2 Mem, 128MB DRAM Option
1

WS-CAC-2500WMEM-MSFC2-128MB
Catalyst 6000 2500W AC Power SupplyMSFC-2 Mem, 128MB DRAM Option
1

WS-CAC-2500W/2MEM-S2-128MB
Catalyst 6000 Second 2500W AC PowerSup2 Mem, 128MB DRAM Option
1

CAB-AC-2500W-UK1MEM-MSFC2-128MB
Power Cord, 250Vac 16A, straight blade NEMA 6-20 plug, UKCatalyst 6000 MSFC-2 Mem, 128MB DRAM Option
21

S6S22ALV-12113ECON-OSP-WS-FWM1K9
24x7x4 Onsite Svc, Firewall blade for Catalyst 6000 SUP2/MSFC2 IOS ENTERPRISE LAN ONLY6500
1

EMS-65-76-001-2.1CON-OSP-WS-C6509
Cisco 6500/7600 Mgr v2.1 Mgr Single Chassis RTU24x7x4 OS Service,Catalyst 6509
1

WS-C6X09-EMS-LICProduct
Catalyst 6x09 RMON Agent LicenseDescription
1Qty

WS-X6K-S2-MSFC2CVPN3030-RED
Catalyst 6500 Supervisor Engine-2, 2GE, plUK MSFC-2 / PFC-2VPN 3030 Concentrator (Redun. and 2 P/S);1500UKers@50Mbps
1

WS-X6K-S2-MSFC2/2CVPN3030-SW-35-K9
*Cat 6500 Red. Sup2, 2GE, MSFC2 and PFC2 (In Chassis Only)^Rel 3.5 SW Load VPN 3030 Concentrator (Reqd for 3030)
1

WS-X6316-GE-TXCAB-AC
Catalyst 6000 16-port 1000TX GE Mod., RJ-45Power Cord,110V
1

WS-X6548-RJ-45CON-OSP-VPN3030R
Catalyst 6500 48-port 10/100, RJ-45, x-bar24x7x4 Onsite Svc, Cisco VPN 3030-RED
1

WS-X6381-IDS
Catalyst 6000 IntrUKion Detection System Module
1

SC6K-IDSM-3-K9
Catalyst 6000 IDS Module v3.0 Base Software
1

WS-SVC-FWM-1-K9
Firewall blade for Catalyst 6500
1

SC-SVC-FWM-1.1-K9
Firewall module software for Catalyst 6500
1

MEM-S2-128MB
Catalyst 6000 Sup2 Mem, 128MB DRAM Option
1

MEM-MSFC2-128MB
Catalyst 6000 MSFC-2 Mem, 128MB DRAM Option
1

MEM-S2-128MB
Catalyst 6000 Sup2 Mem, 128MB DRAM Option
1

MEM-MSFC2-128MB
Catalyst 6000 MSFC-2 Mem, 128MB DRAM Option
1

CON-OSP-WS-FWM1K9
24x7x4 Onsite Svc, Firewall blade for Catalyst 6500
1

CON-OSP-WS-C6509
24x7x4 OS Service,Catalyst 6509
1

VPN 3030 Concentrator Configuration
Product
Description
Qty
Remarks
CVPN3030-RED
VPN 3030 Concentrator (Redun. and 2 P/S);1500UKers@50Mbps
1

CVPN3030-SW-35-K9
^Rel 3.5 SW Load VPN 3030 Concentrator (Reqd for 3030)
1

CAB-AC
Power Cord,110V
1

CON-OSP-VPN3030R
24x7x4 Onsite Svc, Cisco VPN 3030-RED
1

Cisco Catalyst 6513 Configuration
Product
Description
Qty
Remarks
WS-C6513
Catalyst 6513 Chassis
1

WS-CAC-4000W-UK
4000Watt AC Power Supply for UK (cable attached)
1

WS-CAC-4000W-UK/2
Redundant 4000W AC Power Supply for UK (cable attached)
1

S6S22ALV-12113E
Catalyst 6000 SUP2/MSFC2 IOS ENTERPRISE LAN ONLY
1

FR-C6FW
Catalyst 6000 family IOS Firewall Feature Set
1

WS-C6513-EMS-LIC
Catalyst 6513 RMON Agent License
1

WS-X6K-S2-MSFC2
Catalyst 6500 Supervisor Engine-2, 2GE, plUK MSFC-2 / PFC-2
1

WS-X6K-S2-MSFC2/2
*Cat 6500 Red. Sup2, 2GE, MSFC2 and PFC2 (In Chassis Only)
1

WS-X6408A-GBIC
Catalyst 6000 8-port GE, Enhanced QoS (Req. GBICs)
1

WS-X6316-GE-TX
Catalyst 6000 16-port 1000TX GE Mod., RJ-45
1

WS-X6316-GE-TX
Catalyst 6000 16-port 1000TX GE Mod., RJ-45
1

WS-X6548-RJ-45
Catalyst 6500 48-port 10/100, RJ-45, x-bar
1

WS-X6548-RJ-45
Catalyst 6500 48-port 10/100, RJ-45, x-bar
1

WS-X6381-IDS
Catalyst 6000 IntrUKion Detection System Module
1

SC6K-IDSM-3-K9
Catalyst 6000 IDS Module v3.0 Base Software
1

WS-SVC-FWM-1-K9
Firewall blade for Catalyst 6500
1

SC-SVC-FWM-1.1-K9
Firewall module software for Catalyst 6500
1

MEM-S2-128MB
Catalyst 6000 Sup2 Mem, 128MB DRAM Option
1

MEM-MSFC2-128MB
Catalyst 6000 MSFC-2 Mem, 128MB DRAM Option
1

MEM-S2-128MB
Catalyst 6000 Sup2 Mem, 128MB DRAM Option
1

MEM-MSFC2-128MB
Catalyst 6000 MSFC-2 Mem, 128MB DRAM Option
1

CON-OSP-WS-FWM1K9
24x7x4 Onsite Svc, Firewall blade for Catalyst 6500
1

CON-OSP-WS-C6513
24x7x4 Onsite Svc, Catalyst 6513 Chassis
1

WS-G5484
1000BASE-SX Short Wavelength GBIC (Multimode only)
4

Cisco 3550 Configuration
Product
Description
Qty
Remarks
WS-C3550-48-EMI
48-10/100 and 2 GBIC ports:Enhanced Multilayer SW Image
1

CAB-AC
Power Cord,110V
1

CON-OSP-C3550-48E
24x7x4 Onsite Svc, 48-10/100 and 2 GBIC ports:Enhanced Mult
1

BUDGET

DEVICE
MAKE
PRICE EACH
QUANTITY
TOTAL
MOUSE
HP
4.99
800
3992
MONITOR
Acer
120
800
96000
KEYBOARD
HP
6
800
4800
SAN DRIVES FILE STORAGE
dell
59.9
80
4792
SMART BOARD SPEAKERS
orion
25.76
16
412.16
CAD TABLET
trust
47
10
470
CAD PEN
trust
12
10
120
MICROPHONE
trust
5.99
10
59.9
WEB CAM
Kensington
35
5
175
MODEM CARD
fuzilogic
12.56
2
25.12
CLIENT
HP
599.99
300
179997
SERVER BLADES
HP
919.99
20
18399.8
ROUTER
CISCO
1500.34
4
6001.36
SWITCH
CISCO
435.55
14
6097.7
FIBRE OPTIC CONECTOR
BOX
35.55
1
35.55
MDF WIRING CLOSET

190.98
1
190.98
IDF CABINET

95.21
16
1523.36
TRANCIEVER/IDF REPETER COMBO

132.22
2
264.44
IP PHONES
CISCO
56.21
40
2248.4
UPS
CISCO
250.6
4
1002.4
CONSOLE CABLES

2.99
25
74.75
HARDDRIVE CADDY USB
TRUST
8.99
10
89.9
BLADE CABINET
HP
74.99
2
149.98
WIRELESS REPEATER
belkin
35.12
4
140.48

£327,062.28

BUDGET
£350,000

TOTAL COST
£327,062.28

BALANCE
£22,937.72

Servers and their location

Blade Server name
Location
Blade function
Org.org main server1
MDFs / pop blade cabinet
Primary server
Org.org main server2
MDFs / pop blade cabinet
Backup and mirror server
Exchange server
MDFs / pop blade cabinet
Mail distribution
Dhcp server
MDFs / pop blade cabinet
Address distribution
File storage
MDFs / 4th floor blade cabinet
HR Records
Shared storage
MDFs / 4th floor blade cabinet
Staff and student
Administration
MDFs / 4th floor blade cabinet
records
Teaching storage
MDFs / 4th floor blade cabinet
Teaching aid file storage
Linux
Cisco lab
Lab server and intranet
Software distribution

Software deployment
Pix firewall
MDFs / pop blade cabinet
security
VPN server
MDFs / pop blade cabinet
Wireless tunnel to the network
DMZ
MDFs / pop blade cabinet
Proxy Comms

Blade Server Specifications
Server Type
Reference Description
Implementation

1
Dual P3, with 2Gb of RAM, 2 18GB disks for OS4 NIC ports, 1 Remote Mgmt Port
HP DL360G2 (2 - PIII 1.266Ghz) with NC3134 dual port card, 2 10KRPM 18GB drives, iLO Mgmt Port
2
Dual P4, with 2Gb of RAM, 2 18GB disks for OS4 NIC ports, 1 Remote Mgmt Port
HP DL360G3 (2 - P4 Xeon 2.4Ghz) with NC3134 dual port card, 2 Ultra320 18GB drives, iLO Mgmt Port
3
Dual P3, with 2Gb of RAM, 2 18GB disks for OS, 2 18GB disks for data4 NIC ports, 1 Remote Mgmt Port
HP DL380G2 (2 PIII - 1.266Ghz) with 2Gb of RAM, 2 18GB disks for OS4 NIC ports, iLO Mgmt Port
4
Dual P4, with 2Gb of RAM, 2 18GB disks for OS, 2 18GB disks for data4 NIC ports, 1 Remote Mgmt Port
HP DL380G3 (2 - P4 Xeon 2.4Ghz) with NC3134 dual port card, 4 Ultra320 18GB drives, iLO Mgmt Port
5
Quad P3 Xeon, with 4Gb of RAM, 2 18GB disks for OS, 2 HBA's,5 NIC ports, 1 Remote Mgmt Port
HP DL580 (4 - P3 Xeon 700Mhz) with2 NC3134 dual port network card, 1 NC3123 single port network card2 18GB 10KRPM drives,2 FCA-2101 Host Bus Adapters1 RI-LOE II Mgmt Card
6
Quad P4 Xeon, with 4Gb of RAM, 2 18GB disks for OS, 2 HBA's,5 NIC ports, 1 Remote Mgmt Port,
HP DL580G2 (4 - P4 Xeon 1.6Ghz) 2 NC3134 dual port network card, 1 NC3123 single port network card2 18GB Ultra320 drives,2 FCA-2101 Host Bus AdaptersiLO Mgmt Port
7
8-proc P3 Xeon, with 8Gb of RAM, 2 18GB disks for OS, 2 HBA's,5 NIC ports, 1 Remote Mgmt Port,
HP DL760 (8 - P3 Xeon 700Mhz) with 2 NC3134 dual port network card, 1 NC3123 single port network card2 18GB 10KRPM drives,2 FCA-2101 Host Bus Adapters1 RI-LOE II Mgmt Card
8
Quad P3 Xeon, with 4Gb of RAM, 8 18GB disks for OS, 2 HBA's,5 NIC ports, 1 Remote Mgmt Port,
HP ML570 (4 - P3 Xeon 700Mhz) with 2 NC3134 dual port network card, 5304 Array Controller8 18GB 10KRPM drives,2 FCA-2101 Host Bus Adapters1 RI-LOE II Mgmt Card
9
Quad P4 Xeon, with 4Gb of RAM, 8 18GB disks for OS, 2 HBA's,5 NIC ports, 1 Remote Mgmt Port,
HP ML570G2 (4 - P4 Xeon 2.0Ghz) 2 NC3134 dual port network card, 5304 Array Controller8 18GB 10KRPM drives,2 FCA-2101 Host Bus Adapters1 RI-LOE II Mgmt Card
10
32 Processor Machine with 32 GB of RAM5 NIC ports1 Remote Mgmt Port2 HBA's
Unisys ES7000

Server Configurations
Server Type
Reference Description
Implementation

Servers and Software

Service
Server Type
BLADE NUMBER
Operating System
Microsoft Software
Extension Software
PerimeterWebApplicationscoobie-WEB-01shaggy-WEB-02
1
2
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
PerimeterWebApplicationvelma-WEB-03scrappy-WEB-04
2
2
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
PerimeterSrvrManagementdastardlyCP-MGT-01
1
1
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
PerimeterNetManagementmuttleyCP-MGT-02
3
1
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
PerimeterDNSbugs-DNS-01buster-DNS-02
1
2
Microsoft Windows Server 2003, Std

Perimeter VPNyosamitysamVPN-01daffyVPN-02
1
2
Microsoft Windows Server 2003, EE

Perimeter Proxyelmur-PRX-01goofy-PRX-02
4
2
Microsoft Windows Server 2003, EE
Microsoft ISA 2000

Perimeter DomainControllersmickeyCP-DC-01pluto-DC-02
1
2
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Perimeter Backupwalt-BAK-01
3
1
Microsoft Windows Server 2003, Std

CommVault Galaxy & Agents
Perimeter Application Servicesdisney-APP-01warner-APP-02wallace-APP-03gromet-APP-04
6
4
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Perimeter App. FirewallmartinSA-FWP-01taz SA-FWP-02
6
2
Microsoft Windows Server 2003, Std
Microsoft ISA 2000
CommVault Galaxy iDataAgent
Internal WINShomerNA-WINS-01marge-WINS-01
1
2
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Internal Web ApplicationOrg-NA-WEB-01Org-NA-WEB-02Org-NA-WEB-03Org-NA-WEB-04
2
4
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Internal SQL Server ClusterOrg-NA-SQL-01Org-NA-SQL-02Org-NA-SQL-03Org-NA-SQL-04
7
4
Microsoft Windows Server 2003, EE
Microsoft SQL Server 2000 EE
CommVault Galaxy iDataAgentHP SAN Software
Internal SQL Read-Only NLB Clustergranpa-SQLR-01lisa-NA-SQLR-02bart-SQLR-03wiggamSQLR-04
4
4
Microsoft Windows Server 2003, EE
Microsoft SQL Server 2000 EE

Internal Server Mgmtmr burns-MGT-01
4
1
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Internal Scale-Up SQL ServersmithersSQLU-03skinner-SQLU-04
10
1
Windows Server 2003, Datacenter Edition
Microsoft SQL Server 2000 EE
CommVault Galaxy iDataAgentEMC SAN Software
Internal Proxybarney-PRX-01SAM -PRX-02
3
2
Microsoft Windows Server 2003, EE
Microsoft ISA 2000
CommVault Galaxy iDataAgent
Internal PrintWALDORF-PRN-01FOSIE-PRN-02
5
2
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgentHP SAN Software
Internal Network MgmtGAFFER-MGT-02
4
1
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgentBROCADE Fabric Manager
Internal HP SQL Maintainence ServerHENSON-SQLM-01
5
1
Microsoft Windows Server 2003, EE

CommVault Galaxy & AgentsHP SAN Software
Internal FileOrg-NA-FIL-01SCOOTERFIL-02
5
2
Microsoft Windows Server 2003, EE

CommVault Galaxy & AgentsHP SAN Software
Internal EMC SQL Maintenance ServerSWEEDISH CHEFSQLUM-01
5
1
Microsoft Windows Server 2003, EE

CommVault Galaxy & AgentsEMC SAN Software
Internal Domain ControllersELMO-DC-01
9
1
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Internal Domain ControllersBIGBURD-DC-02
8
1
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Internal Domain ControllersANIMAL-DC-01PIGGYDC-02KERMIT-DC-01
1
3
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Internal Domain Controllerschicken-DC-01Gonzo U-DC-02
4
2
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Internal DNSspiderman-DNS-01superman-DNS-02
1
2
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Internal DHCP /WINS Server ClusterOrg-NA-MSP1-01Org-NA-MSP1-02
4
2
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgentHP SAN Software
Internal DeploymentOrg-NA-DEP-01
4
1
Microsoft Windows Server 2003, Std

CommVault Galaxy & Agents
Internal Certificate ServicesOrg-RT-CA-01Org-RT-CA-02
1
2
Microsoft Windows Server 2003, EE

Internal Certificate ServicesOrg-SA-CA-01Org-SA-CA-02Org-SA-CA-03
1
3
Microsoft Windows Server 2003, Std

Internal BackupOrg-NA-BAK-01Org-NA-BAK-02
5
2
Microsoft Windows Server 2003, EE

CommVault Galaxy & Agents
Internal AuthenticationOrg-NA-IAS-01Org-NA-IAS-02
1
2
Microsoft Windows Server 2003, Std

CommVault Galaxy iDataAgent
Internal ApplicationOrg-NA-APP-01Org-NA-APP-02Org-NA-APP-03Org-NA-APP-04
5
4
Microsoft Windows Server 2003, EE

CommVault Galaxy iDataAgent
Internal Scale-Up SQL Server ClusterOrg-NA-SQLU-01Org-NA-SQLU-02
10
1
Windows Server 2003, Datacenter Edition
Microsoft SQL Server 2000 EE
CommVault Galaxy iDataAgentEMC SAN Software

Storage Area Networking Devices
Device
Qty
Operating System
Extension Software
HP Enterprise Virtual Array
1
HP Virtual Controller Software v2.002
Business Copy EVA 5000 8TB LIC2.1
HP Open View San Management Appliance
1

HP StorageWorks EVA FC Drives - 72GB 10KRPM dual-port 2 Gb FC-AL 1-inch
96

EMC CX600
2
EMC Navisphere 6.2
EMC SAN ManagerEMC ADMSnap 2.0EMC Solutions Enabler 5.0.2
EMC 72GB 10K RPM HDD
60

Network file system

File share SERVER located in the main MDFs
Applications - \volume\apps
Users Home folders - \volume\users\
Group / Shared folders \volume\shared\
IT files - \volume\archive
\backup, \documentation,
\download, \install

Drive Mappings c:\ d:\ network installs of network operating system
E:\=Admin
F:\ = Apps file storage
G:\ software distribution
H:\ = Home folders
J:\ k:\\ backup / mirrors
S:\ = Shared and Students
Raid 1-5 Distributed File systemsfile systems will be used to provide for better redundancies

Deployment and analysis

The choice of directory server was made by intense evaluation amongst vendor’s offerings. In the final analysis, this organization made its product choice based on
Best performance and scalability
Security
Flexible, powerful access controls
Good support for data
Comprehensive management tools
Objectives
To prove the NETWORK design
Become familiar with the directory software
Determine the level of effort required for rollout
Determine the level of effort to maintain production environment
Also added
Email routing and delivery
Workflow application
Employee phone book supporting anonymous lookups
Employee self care functionality
Obtain feedback from users and system administrators
Automation of routine admin tasks
Backups
Service monitoring
Creation of entries for new employees
Deletion of outgoing employees
The directory services required a significant amount of maintenance
Constantly new applications being integrated
Monthly testing of functionality
Nightly backup of masters
Off-site storage fortnightly
Automatic backup procedures
Outsourced disaster recovery - cold sites maintained
E-mails to system administrators of error reports and status reports

ACTIVE DIRECTORY

An Organizational Unit (OU) is the container to use to create structure within a domain. The following characteristics of OUs are important to consider when creating structure in a domain.
OUs can be nested. An OU can contain child OUs, enabling the creation of hierarchical tree structures inside a domain.
OUs can be used to delegate administration and control access to directory objects. Using a combination of OU nesting and access control lists, administration of objects in the directory can be delegated in a very granular manner. For example, we could grant a group of supporters the right to reset passwords for a specific set of users, but not the right to create users or modify any other attribute of a user object.
OUs are not security principals. OUs cannot be members of security groups, nor can users be granted permission to a resource because they reside in a particular OU. OUs are used for delegation of administration, i.e. the parent OU of a user object indicates who manages the user object, and it does not indicate the resources a user can access.
Group Policy can be associated with an OU. Group Policy enables the definition of desktop configurations for users and computers. Group Policy can be associated with sites, domains, and OUs. Defining Group Policy on an OU basis allows the use of different policies within the same domain. For more information about Group Policy
OU Planning Process
The steps to creating an OU structure plan for a domain are:
Create OUs to delegate administration.
Create OUs to hide objects.
Create OUs for Group Policy.
Understand the impact of changing OU structures after deployment.
Delegating Administration
The administrators of the one domain have full control over all objects. Ideally, domain administrators should only be responsible for:
Creating the initial OU structure.
Repairing mistakes.Domain administrators not only have full control by default, they also have the right to take ownership of any object in the domain. Using this right, domain administrators can gain full control over any object in the domain, regardless of the permissions that have been set on the object.
Creating additional domain controllers.Only members of the domain administrators group can create additional domain controllers for a domain.
With Windows 2003, you use Group Policy to define user and computer configurations, and then associate those policies with sites, domains or OUs. Whether or not we will need to create additional OUs to support the detailed application of Group Policy depends on the policies created and the implementation options selected. To successfully leverage the full power of Windows 2003AD, a detailed understanding of Group Policy is required; however, it is difficult to foresee all the possible applications of group policy at this moment in time, which makes designing the OU structure somewhat difficult.

Summary: Active Directory is the directory service included in Windows 2003 Server. Active Directory includes the directory, which stores information about network resources, as well as all the services that make the information available and useful. The information about user data, printers, servers, databases, groups, computers, and security policies stored in the directory, is organised into objects. Active Directory gives network users access to resources anywhere on the network using a single logon process, provided the users are permitted to use these resources. It also provides network administrators with an intuitive hierarchical view of the network and enables delegation of administration for all network objects

A Forest is essentially a collection of Windows 2003 domains, which implicitly trust each other and share a single schema and global catalogue. The schema is most simply described as a set of templates to describe all the entities in the directory. As a schema applies forest wide, this 'forest planning' stage will also include any plans to modify the directory schema. This document outlines why the University of Bath should apply a simple single-forest model, why some schema modifications will be useful to make the generic directory more relevant
Windows 2003 and Active Directory has the potential to radically alter the way a typical IT supporter works. Some of the common procedures currently undertaken by IT supporters are detailed below. Although the directory itself will not address all of the problems currently faced, it does form a central hub, which enables further emerging technologies. Some of the most relevant of the new features currently or imminently available are listed below with an indication of how they may change patterns of work.
Currently mostly derived from my own experience, a typical IT supporter’s time might be spent doing the following tasks: (bona fide IT supporters are encouraged to complain/comment/contribute!)

Adding new users
Depending on the migration of the current set-up, we may have to maintain a database of usernames, passwords, access rights etc.
By ensuring that there is, only one Active Directory the creation and maintenance of users can be done automatically from a central point. This ensures consistency and accuracy of data and reduces any unnecessary administration. The centralization means any user has the potential to be given access to any resource and single sign-on can be achieved across campus.

Arranging permissions
If Dave mcdade decides that Jim Smith now needs access to some file space or facility, usually the IT supporter will need to cater for this in some way. This may be as simple as adding them to a group or may mean searching through file permissions and manually altering them.
With Active Directory, the most administration that is likely to be required would be adding the user to a group. The delegation of administration in Active Directory can be controlled to a fine degree. Given sufficient information about a user in the source, data (staff, student databases etc.) users can be added to appropriate groups at registration and it may be that no intervention is necessary at all.

DHCP
Click start, click programs, click administrative tools, and then click dhcp.Note you must be logged on to the server with an account that is a member of the enterprise administrators group.
In the console tree of the dhcp snap-in, select the new dhcp server. If there is a red arrow in the bottom-right corner of the server object, the server has not yet been authorized.
Click start, click programs, point to administrative tools, and then click dhcp.Note in the console tree; select the dhcp server on which you want to create the new dhcp scope.
Right-click the server and then click new scope. In the new scope wizard, click next, and then type a name and description for the scope. This can be any name that you choose, but it should be descriptive enough to identify the purpose of the scope on your network. For example, you might use administration building client addresses.
Type the range of addresses that can be leased as part of this scope, for example, a starting ip address of 172.168.100.1 to an ending address of 172.168.100.100. Because these addresses are given to clients, they should all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click next.
Type any ip addresses that you want to exclude from the range you entered. This includes any addresses that may have already been statically assigned to various computers in your organization. Click next.
Type the number of days, hours, and minutes before an ip address lease from this scope expires. This determines the length of time that a client can hold a leased address without renewing it. Click next to select yes, I want to configure these options now, and then extend the wizard to include settings for the most common dhcp options. Click next.
Type in the ip address for the default gateway that should be used by clients that obtain an ip address from this scope. Click adds to place the default gateway address into the list, and then click next.Note when dns servers already exist on your network, type your organization’s domain name in parent domain. Type the name of your dns server, and then click resolve to ensure that your dhcp server can contact the dns server and determine its address. Then click add to include that server in the list of dns servers that are assigned to the dhcp clients. Click next.
Click yes, I want to activate this scope now, to activate the scope and allow clients to obtain leases from it, and then click next. Click finish.

Troubleshooting
Clients are unable to obtain an ip addressif a dhcp client does not have a configured ip address; it generally means that the client has not been able to contact a dhcp server. This is either because of a network problem or because the dhcp server is unavailable. If the dhcp server has started and other clients have been able to obtain a valid address, verify that the client has a valid network connection and that all related client hardware devices (including cables and network adapters) are working properly.
The dhcp server is unavailablewhen a dhcp server does not provide leased addresses to clients; it is often because the dhcp service has failed to start. If this is the case, the server may not have been authorized to operate on the network. If you were previously able to start the dhcp service, but it has since stopped, use event viewer to check the system log for any entries that may explain the cause.To restart the dhcp service, click start, click run, type cmd, and then press enter. Type net start dhcpserver, and then press enter.
Static DHCP Address

The dhcp server is set up with a static address as is the default router and exchange server dhcp forwarding to be enabled on all routers to maintain continuity of address throughout the network ip dhcp excluded-address 172.16.19.33ip dhcp excluded-address 172.16.19.34!Ip dhcp pool Networks network 172.16.19.32 255.255.255.240 domain-name theorg.org default-router 172.16.19.33 netbios-name-server 172.16.19.250 dns-server 172.16.19.250!ip dhcp pool Printer host 172.16.19.35 255.255.255.240 client-identifier 0014.22b7.9aad client-name IT-Server domain-name theorg.org default-router 172.16.19.33 netbios-name-server 172.16.19.250 dns-server 172.16.19.250 netbios-node-type h-dhcp

DHCP Server Name: DHCPSERVER

DHCP Server Roll (Primary)

Lease Time = 3days

Internal DHCP Scope = 172.16.0.50 – 172.16.120.222

DHCP Exclusion (Static Addresses) ip phones
10.99.99.x = Device Name tied to MAC address

DHCP static
Option # Option Setting
main Router 172.16.19.1
main Name Servers 172.16.20.2;1.2.3.4

Location inside IP Scheme
NET: 172.16.0.0; SUBNET MASK: 255.255.0.0;
GATEWAY: 172.16.0.1
3rd Octet Assignment:
172.16.1.x = Infrastructure Equipment
172.16.2.x = Servers
172.16.3.x = Workstations (Static Assignments)
172.16.4.x = Peripherals / Print Servers / Printing device
172.16.10.x = DHCP Scope 1
172.16.11.x = DHCP Scope 2
192.168.2.x Linux and cisco labs
172.16.20.x ip phones and network management
Document all Static IP Addresses for routers servers and switches running the Vlan’s
Right-click the server and then click authorize.
After a few moments, right-click the server again and then click refresh. The server should display a green arrow in the bottom-right corner to indicate that the server has been authorized.

Without DHCP
With DHCP
In manual configuration, you must assign an address at every workstation on the network. Users will need to call you for an IP address since you do not want to depend on them to configure their own IP addresses.
The DHCP server automatically leases IP addresses to users when they log on. You only need to specify the scope of addresses that can be leased at the server. You are no longer burdened by calls from users who need an IP address, or worse, the need to go on-site and configure the address.
Configuring a large number of addresses may lead to errors that are difficult to track down and may cause errors in communication on the network.
DHCP automatically manages IP addresses and eliminates errors that might disrupt communication. It automatically reassigns unused addresses.
You will eventually run out of IP addresses for a subnet of the network or for the entire network if you do not carefully manage the assigned addresses.
DHCP leases addresses for a period of time, which means that addresses are made available to assign to other systems. You are less likely to run out of available addresses.
You must change the IP address in a workstation if it moves to another subnet.
DHCP automatically assigns an IP address that is appropriate for the subnetwork to which the workstation attaches.
Mobiles users that move from one location to another will need to change the IP addresses of their computers if they connect with a different subnet of the network.
As above, DHCP automatically assigns IP addresses to mobile users at the subnet where they attach. Mobile computing becomes more of a reality as management headaches are reduced.

Software installation
This would seem to be another common task for IT supporters. Tools such as Ghost or other cloning technologies are often used to create a standard image, which can then be applied to a computer. These cloned images are nearly always hardware specific, so, to give a brief example, if a new computer with a different graphics card is purchased, the image will need to be tweaked, or a new image will need to be built. In addition, it is not unusual for some amount of customisation to be done after the image is applied, and should the PC need to be rebuilt for any reason all this customization will need to be reapplied after the PC is cloned
Security
Installing windows 2003
When you run the Windows Server 2003 Setup program, you must provide information about how to install and configure the operating system. Thorough planning can make your installation of Windows Server 2003 more efficient by helping you to avoid potential problems during installation. An understanding of the configuration options will also help to ensure that you have properly configured your system.
But here are some of the most important things you should take into consideration when planning for your Windows Server 2003 installation:
· Check System Requirements
· Check Hardware and Software Compatibility
· Determine Disk Partitioning Options
· Choose the Appropriate File System: FAT, FAT32, NTFS
· Decide on a Workgroup or Domain Installation
· Complete a Pre-Installation Checklist
After you made sure you can go on, start the installation process.
Step #2: Beginning the installation process
You can install Windows Server 2003 in several methods - all are valid and good, it all depends upon your needs and your limitations.
For example, you can install directly from a CD by booting your computer with the CD, or you can also copy the I386 folder from a CD and run the setup process by going into the I386 folder and using the WINNT or WINNT32 command (depending upon your existing operating system).
It doesn't matter how you run the setup process, but the moment it runs - all setup methods look alike.
Step #3: The text-based portion of the Setup program
The setup process begins loading a blue-looking text screen (not GUI). In that phase, you will be asked to accept the EULA and choose a partition on which to install 2003, and if that partition is new, you'll be asked to format it by using FAT, FAT32 or NTFS.
1. Start the computer from the CD.

2. You can press F6 if you need to install additional SCSI adapters or other mass-storage devices. If you do, you will be asked to supply a floppy disk with the drivers and you CANNOT browse it (or a CD for that matter). Make sure you have one handy.

3. If you want, you can press F2 to run the ASR sequence. For that, you need a good backup created by the Windows Server 2003 backup program, and the ASR floppy disk. If you plan to install a new copy of 2003 - don't do anything.
4. Setup will load all the needed files and drivers.
5. Select To Setup Windows Server 2003 Now. If you want, and if you have a previous installation of the OS, you can try to fix it by pressing R. If not, just press ENTER.
6. Read and accept the licensing agreement and press F8 if you accept it.
7. Select or create the partition on which you will install Windows Server 2003. Depending upon your existing disk configuration choose one of the following:
· If the hard disk is unpartitioned, you can create and size the partition on which you will install Windows Server 2003.
· If the hard disk is already partitioned, but has enough unpartitioned disk space, you can create an additional partition in the unpartitioned space.
· If the hard disk already has a partition that is large enough, you can install Windows Server 2003 on that partition. If the partition has an existing operating system, you will overwrite that operating system if you accept the default installation path. However, files other than the operating system files, such as program files and data files, will not be overwritten.
· If the hard disk has an existing partition, you can delete it to create more unpartitioned space for the new partition. Deleting an existing partition erases all data on that partition.
If you select a new partition during Setup, create and size only the partition on which you will install Windows Server 2003. After installation, use Disk Management to partition the remaining space on the hard disk.
8. Select a file system for the installation partition. After you create the partition on which you will install Windows Server 2003, you can use Setup to select the file system with which to format the partition. Windows Server 2003 supports the NTFS file system in addition to the file allocation table (FAT) and FAT32 file systems. Windows Server 2003, Windows XP Professional, Windows 2000, and Windows NT are the only Microsoft operating systems that you can use to gain access to data on a local hard disk that is formatted with NTFS. If you plan to gain access to files that are on a local Windows Server 2003 partition with the Microsoft Windows 95 or Windows 98 operating systems, you should format the partition with a FAT or FAT32 file system. We will use NTFS.

9. Setup will then begin copying necessary files from the installation point (CD, local I386 or network share).
10. Note: If you began the installation process from an MS-DOS floppy, make sure you have and run SMARTDRV from the floppy, otherwise the copying process will probably last more than an hour, perhaps even more. With SMARTDRV (or if setup was run by booting from CD) the copying will probably last a few minutes, no more than five max.
11. The computer will restart in graphical mode, and the installation will continue.
Step #4: The GUI-based portion of the Setup program
The setup process reboots and loads a GUI mode phase.
It will then begin to load device drivers based upon what it finds on your computer. You don't need to do anything at this stage.
1. Click Customize to change regional settings, if necessary.
· Current System Locale - Affects how programs display dates, times, currency, and numbers. Choose the locale that matches your location, for example, French (Canada).
· Current Keyboard Layout - Accommodates the special characters and symbols used in different languages. Your keyboard layout determines which characters appear when you press keys on the keyboard.
If you don't need to make any change just press next.
If you do need to make changes press Customize and add your System Locale etc.
2. Type your name and organization.
3. Type the product key.
4. Enter the appropriate license type and number of purchased licenses.
5. Type the computer name and a password for the local Administrator account. The local Administrator account resides in the SAM of the computer, not in Active Directory. If you will be installing in a domain, you need either a pre-assigned computer name for which a domain account has been created, or the right to create a computer account within the domain.
6. If you enter a password that is blank or does not match the required complexity settings, you will get a warning message.
7. Select the date, time, and time zone settings.
6. Setup will now install the networking components.
After a few seconds, you will receive the Networking Settings window. BTW, if you have a NIC that is not in the HCL (see the What's the HCL? page) and Windows Server 2003 cannot detect it, or if you don't have a NIC at all, setup will skip this step and you will immediately go to the final phase of the setup process.
Press Next to accept the typical settings option if you have one of the following situations:
· You have a functional DHCP on your network.
· You have a computer running Internet Connection Sharing (ICS).
· You're in a workgroup environment and do not plan to have any other servers or Active Directory at all, and all other workgroup members are configured in the same manner.
Otherwise, select Custom Settings and press next to customize your network settings.
7. Highlight the TCP/IP selection and press Properties.
In the General tab, enter the required information. You must specify the IP address of the computer, and if you don't know what the Subnet Mask entry should be - you can simply place your mouse pointer over the empty area in the Subnet Mask box and click it. The OS will automatically select the value it thinks is good for the IP address you provided.
If you don't know what these values mean, or if you don't know what to write in them, press cancel and select the Typical Settings option. You can easily change these values later.
9. In the Workgroup or Domain window, enter the name of your workgroup or domain.
· A workgroup is a small group of computers on a network that enables users to work together and does not support centralized administration.
· A domain is a logical grouping of computers on a network that has a central security database for storing security information. Centralized security and administration are important for computers in a domain because they enable an administrator to easily manage computers that are geographically distant from each other. A domain is administered as a unit with common rules and procedures. Each domain has a unique name, and each computer within a domain has a unique name.
If you're a stand-alone computer, or if you don't know what to enter, or if you don't have the sufficient rights to join a domain - leave the default entry selected and press Next.
If you want to join a domain (NT 4.0 domain of W2K/2003 Active Directory domain) enter the domain's name in the "Yes, make this computer a member of the following domain" box.
To successfully join a domain you need the following:
· The person performing the installation must have a user account in Active Directory. This account does not need to be the domain Administrator account.
and
· The computer must have an existing computer account in the Active Directory database of the domain that the computer is joining, and the computer must be named exactly as its domain account is named.
or
· The person performing the installation must have appropriate permission to create a domain account for the computer during installation.
Also, you need to have connectivity to the domain's domain controllers (only to the PDC if on an NT 4.0 domain) and a fully functional DNS server (only in AD domains). Read the Joining a Domain in Windows XP Pro and Requirements when Joining a Domain pages for more on this issue.
Enter the Active Directory domain name (in the form of xxx.yyy, for example: DPETRI.NET) or the NetBIOS name of the NT 4.0 domain (in the form of xxx, for example: DPETRI). Press Next.
Note: If you provide a wrong domain name or do not have the correct connectivity to the domain's DNS server you will get an error message.
A username/password window will appear. Enter the name and password of the domain's administrator (or your own if you're the administrator on the target domain).
Note: Providing a wrong username or password will cause this phase to fail.
10. Next, the setup process will finish copying files and configuring the setup. You do not need to do anything.
11. After the copying and configuring phase is finished, if Windows Server 2003 finds that you have a badly configured screen resolution it will advise you to change it and ask you if you see the new settings right.
BTW, the minimum supported screen resolution in 2003 is 800X600.
12. Setup finishes and boots Windows Server 2003.
15. That's it! You’re done!

By filtering broadcasts, Vlan’s impose a certain level of security similar to that normally associated with routed subnets. Consider the case of a network analyser that is plugged into a particular switch port. If this port is assigned to a particular VLAN then the analyser will only detect broadcasts associated with that VLAN rather than for the entire LAN. Security policies can also be configured on the router that controls the inter-VLAN communication just as for conventional LAN segmentInstall and configure a dhcp server
Installing the dhcp service
You can install dhcp either during or after the initial installation of windows vista server, although there must be a working dns in the environment. To validate your dns server, click start, click run, type cmd, press enter, type ping friendly name of an existing dns server in your environment, and then press enter. An unsuccessful reply generates an “unknown host my dns server name” message.To install the dhcp service on an existing windows server:
Click start, click settings, and then click control panel.
Double-click add/remove programs, and then click add/remove windows components.
In the windows component wizard, click networking services in the components box, and then click details.
Click to select the dynamic host configuration protocol (dhcp) check box if it is not already selected, and then click ok.
In the windows components wizard, click next to start windows setup. Insert the windows 2003 server cd-rom into the cd-rom drive if you are prompted to do so. Setup copies the dhcp server and tool files to your computer.
When setup is complete, click finish.

Configuring the DHCP service
After you install and start the dhcp service, you must create a scope (a range of valid ip addresses that are available for lease to the dhcp clients). Each dhcp server in your environment should have at least one scope that does not overlap with any other dhcp server scope in your environment. In windows, dhcp servers within an active directory domain environment must be authorized to prevent rogue dhcp servers from coming online and authorizing a dhcp server.When you install and configure the dhcp service on a domain controller, the server is typically authorized the first time that you add the server to the dhcp console. However, when you install and configure the dhcp service on a member server, you need to authorize the dhcp server.DHCP
Note a stand-alone dhcp server cannot be authorized against an existing windows active directory. To authorize a dhcp server:

Exchange server

Pre-Installation
Make sure the server is a member of the domain the Exchange server is supposed to operate within.
Ensure that the Operating System is completely up to date and all updates / patches have been applied.
Ensure that the SMTP, NNTP & ASP.net Windows Server components are installed.
Ensure that the Windows Server Support Tools have been installed – these are on the Windows 2003 CD - \Support\Tools\suptools.msi.
Exchange Server Installation – Preparing the Forest & Domain
Log into the server using a domain administrator account that has Enterprise & Schema admin rights.
Place the Exchange CD in the drive. Autorun will launch with a splash screen for Resources & Deployment Tools. Select Deployment Tools.
Click on Deploy the First Exchange 2003 Server.
Click on New Exchange 2003 Installation.
Ensure that the server is operating properly and meets all of the Exchange requirements:
The first three requirements should be met - check these off.
Run dcdiag to ensure properly connectivity to the domain controller. The syntax to run this via a command prompt is dcdiag /s:DCNAME /f:dcdiag.txt – once run, review the dcdiag.txt file and ensure all tested were passed. If tests did not pass, correct the problem and re-run dcdiag before moving on. If everything looks good, check off this box and move on.
Run netdiag. The syntax is netdiag /l – this will print the results to netdiag.log – review this log for any errors. If errors appear, correct them and then re-run the test. If everything looks good, check off this box and move on.
Your Active Directory Forest must now be prepared so that it can support Exchange. Note that Forestprep should be run only once per AD Forest! Click on the Run Forestprep link.
If a compatibility-warning message appears, click Continue.
Click Next.
Make sure you read the entire licensing agreement and memorize it – you will be tested on this later. If you agree to the agreement, click I Agree and then Next.
If prompted, enter your 25-digit CD key and then click next.
The Component Installation screen should appear and it should say Forestprep under Action next to Microsoft Exchange.
Choose a different file location if you need to (use Browse).
Then click next.
You will then be asked to provide an account to manage Exchange & delegate permissions with. It is recommended to leave the default administrator account here, click next, and allow forestprep to run. Note that this will take some time and you should just leave the server alone. You do not want to interrupt this!
Click Finish when your forest preparation has completed. You can then check off this box in the pre-installation list.
You now have to run Domainprep in any domain that will host Exchange servers or Exchange users. Click the Run Forestprep Link.
If a compatibility-warning message appears, click Continue.
Click Next. You may at this point or soon after be prompted with a message about the ‘Pre-Windows 2000 Compatible Access Security Group’ – basically, Exchange is warning you that you should make sure no users or groups are members of this group. Therefore, you can either check out this group now and remove any users or do it later – it will not stop you from installing Exchange.
The licensing agreement is presented again - click I Agree and then Next.
If prompted, enter your 25-digit CD key and then click next.
The Component Installation screen should appear and it should say Domainprep under Action next to Microsoft Exchange.
Choose a different file location if you need to (use Browse).
Then click next.
Domainprep will then run – it’s quick, and once it has completed, click Finish to continue.
Congratulations! Your forest, domain & server are prepared for Exchange server to now be installed. You can then check off this box in the pre-installation checklist, leaving you with only the last step unchecked.
Exchange Server Installation
In the pre-installation checklist, click the Run Setup Now link.
Click Next.
The licensing agreement is presented again - click I Agree and then Next.
If prompted, enter your 25-digit CD key and then click next.
You will then be presented with the Component Installation Screen. Make sure the following appears:
Action: Typical for Component: Microsoft Exchange Server.
Action: Install for Component: Microsoft Exchange Messaging and Collaboration Services.
Action: Install for Component: Microsoft Exchange System Management Tools.
You can then change the installation path if needed. Note that once Exchange is up and running, you can move and separate your data & log files from one another on to different drives. Once everything is setup properly, click next.
Select Create a New Exchange Organization and click next.
Now type the name of the Exchange Organization that you chose. Make sure you choose the appropriate organization name – even in Exchange 2003 native mode, you can’t just rename the organization like any other object! Once you type the name, click next.
Once again, you need to click I Agree to the licensing agreement and click next.
You will then be presented with an installation summary. If everything looks good, click next. The installation of the server will then run.
Once the installation has completed, click Finish. Guess what – you now have your very own Exchange Server setup and running!
Post-Installation Tasks
-Install the Latest Exchange Service Pack (SP2)
http://www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/sp2/download.mspx
When installing SP2, make sure you review the release notes!
-Move Your Data / Streaming Files / Transaction Logs
Setup Recipient Policy to receive mail for specific domains
Turn on Message Tracking and Mailbox Management
. Launch Exchange System Manager.
. Expand the Servers folder.
. Right click on your server and click Properties.
. Under the General tab, check Enable Message Tracking. You can also configure it to remove log files associated with message tracking after a certain number of days.
. Choose the Mailbox Management tab.
. Choose when you want mailbox management to run and how to report.
. Click Apply & Okay.
Disable Unused Protocols
. Launch Exchange System Manager.
. Expand the Servers folder.
. Expand the tree under your server and expand the Protocols folder.
Under each protocol folder, right click on the protocols you wish to disable and click Stop. It is recommended to disable POP3 / NNTP / IMAP4.

Apache server and local intranet site

By adding an apache server to the network the organisation will be able to host there own intranet site web site and user shares this could also prove very useful to computing staff as a training aid in the networking lab if hosted on their Linux server

What to use it for
Inexpensive to implement
Easy to use, just point and click
Saves time and money, better information faster
Based on open standards
Scaleable and flexible
Connects across disparate platforms
Puts users in control of their data
Improved decision-making
Empowered users
Builds a culture of sharing and collaboration
Facilitates organizational learning
Breaks down bureaucracy
Improved quality of life at work
Improved productivity
Employee handbook
Telephone/E-mail directory
Interactive benefits information
Employee surveys
Recruiting/job listings
Candidate screening applications
Organizational charts
Newsletters
New employee training
Employee personalized home pages
Product demos and scripts
Pricing charts
Sales forecasts and reports
Sales contact management
Sales lead management
Market research/search engines
Sales feedback
Prospecting
Press releases
Sales team collaboration
Calendars
Sales multimedia training
Competitor research
Software and applications development and delivery
User documentation
Technical support and help desk
Network management
Information and knowledge repositories
Internet resources
Resource scheduling
Technical/security polices and procedures
Multimedia-based training
Intranet FAQs, publishing guides
Web paging or communications systems
Internal departmental information
External partnering information
Meeting minutes
Internal departmental information
Stock Market analysis/ Stock market tracking
Business investigation and analysis
Tax and legal research
Business metrics
On line calendars to track personal daily activities
Groupware applications that a company uses with its outside consultants and/or strategic partners to collaborate on a particular project or product
Private newsgroups that strategic partners use to share ideas and discuss plans
Personalized site with links, weather and traffic
Customer information entry and update
Order entry and tracking
Online information database

User Hardware
Class Workstations
Dell GX520 Mainstream Business Desktop
Processor
Intel® Pentium® 4 Processor 630 with HT Technology (3.00GHz, 2MB L2 Cache, 800MHz FSB)
Operating system
Genuine Windows® XP Professional
Memory
1024MB 533MHz DDR2 SDRAM (2 x 512MB)
Hard drive
160GB SATA Hard Drive (7,200rpm
Monitor
Dell 19" E196FP Flat Panel--
Network Card
Integrated Broadcom Gigabit LOM on PCI-E bus
Graphic Card
Intel® Graphics Media Accelerator 950
Optical Drive
48x DVD-ROM/CD-RW Combo Drive
There will be twenty two workstations priced at £579 each
£579
Printers
Dell Laser Printer 1710n
Microsoft Windows® XP, 2K, 98SE, ME, NT 4.0, Windows Server 2003. WHQL certified. DOS via Windows command prompt. XP 64 bit driver. Linux® Drivers available for Red Hat® Enterprise - 3.0, SuSE Enterprise Linux® - 8.0, 9.0, SuSE Linux® 9.1, 9.2, 9.3 Mac 9.2, 10.2 or better Drivers available for download (PostScript only) Novell® NetWare® 5.x, 6.x (TCP/IP only), Citrix support (NT 4.0, Windows 2000 and 2003 Server running Terminal Services with Citrix MF 1.8 or XP 1.0). SAP certification.
Up to 26 A4 pages per minute (ppm)
24 x 7 online Technical Support:12 months Next Business Day Onsite service
£159 Price exc. VAT & Del

itemised
Integrated Stack for Linux Enterprise
BLADES
Now Dell IBM and Novell, along with Centeris, make it easy to move File/Print or Web /Database Application workloads to Linux, saving you thousands on license and support fees. ISSLE is designed to easily integrate these workloads into existing Windows and Active Directory environments. It allows customers to manage these Linux servers as if they were Windows servers, using familiar Windows-based management utilities.
The Integrated Stack for Linux Enterprise is a software bundle that contains SUSE Linux Enterprise Server from Novell with DB2 Express-C and WebSphere® Application Server Community Edition from IBM, along with Likewise™ Management Suite from Centeris, all tailored for IBM system x or IBM BladeCenter servers. The bundle is ideal for small and medium businesses, as well as various organizations within larger enterprises, for file and print serving, web and database serving, and application development. All software components of the Integrated Stack for SUSE Linux Enterprise are integrated in a seamless installation process and can be installed in one single effort, either by IBM and Novell channel partners or by customers.

Blade server cabinet component view
The components available at the rear of this 13 EIA unit high (13U) server are
• Two hot swap N+1 power supplies
• Two hot swap N+1 fan modules (hidden behind the rear panel display)
• Eighteen individual CompactPCI slots supporting defined configurations for 1 slot and 2 slot PCAs.
Blade server cabinet component view The components available at the rear of this 13 EIA unit high (13U) server are
• Two hot swap N+1-power supplies
• Two hot swap N+1-fan modules (hidden behind the rear panel display)
• Eighteen individual Compact PCI slots supporting defined configurations for one slot and two slot PCAs.
• One rear LCD display panel
• Rear cable management bracket (not shown) case cost £74.22 blade cost £919.00
With the additional space saved by using blade servers for all the server tasks future expantion of the network would just be as simple as plugging another blade into the box
At a cost of £ 50,38 per unit

10 of these blades cost £9,190.00 that is 919.00 each

Network overview diagram

Server setup

Example Security Zones

A typical server

Data Back up
Introduction
Regular backup of servers and local hard disks prevents data loss and damage caused by disk-drive failures, power outages, virus infection, and other potential network disasters. Backup operations based on careful planning and reliable equipment makes file recovery a relatively painless process. There are different types of back up methods- Full backup, incremental back up and differential backup I will give the advantages and disadvantages and conclude by choosing the best backup method for my network
DIFFERENT TYPES of BACKUP
FULL BACKUP;
A full backup is when you backup every file on the system. Users can choose to update archive attributes if they choose to do incremental or differential backups.
· Advantages of Full Backup: - This type provides a complete copy of all data; this procedure makes it easy to locate files which need restoring.
· Disadvantages of Full Backup: - It is very time consuming. It also takes up a lot of space on the media i.e. if a file has not been modified since the last backup; the same data gets backed up again.
INCREMENTAL BACKUP;
An incremental backup backs up only the files, which have been modified since the last backup. When running an incremental backup, users need to update the archive attribute while backing up only modified files. Often the incremental backups are appended to the full backup set. The result is a tape with the changes that occurred daily. This type of backup is useful if the user wishes to have an audit trail of file usage activity on their system. This will enable them to restore a specific day’s work without restoring any changes made since that point in time. To do a full restore 5 days after a full backup, you must restore the full backup and all five data sets after it.
· Advantages of Incremental Backup - This saves space and time as only those files modified since the last backup are copied. You can backup several versions of the same file.
· Disadvantages of Incremental Backup: - It can make the job of restoring any files tricky, as you have to reinstall the last full backup first. Then all other incremental backups in the correct order. It’s also difficult to locate a certain file in the backup set.
DIFFERENTIAL BACKUP;
A differential Backup is a backup of changes made since the last full backup. A differential backup modifies the files only and does not update the archive attribute. The list of files is added to each day waiting for the next full backup to be performed, clearing the archive attributes. This enables the user to restore all the files changed since the last full backup in one go. Once a files archive attribute is set it will be backed up each day until after the full backup resets its attribute bit.

· Advantages of Differential Backup: - This kind of backup takes up less time and space than a full backup. It’s also more efficient at restoring data than incremental backups.
· Disadvantages of Differential Backup: - Unfortunately, redundant information is stored as each backup stores all of the same information plus all of the latest information, which has been added or created since the last full backup.
Conclusion
The backup methods I will choose are Differential Backup & full backup.
I have select differential as a daily backup method as it will save time on backing up the full system (Incremental) which can be time consuming and requires at least 3 different backups, i.e. Child, Parent and Grandparent. Nevertheless, a full back will be done on a weekly basis at a time when the network is least being used such as a weekend night

Future expansion possibilities
Moving to the future the annex sites could be connected by wireless
WWAN technologies are designed to enable wireless connections over public or private networks that are distributed over large geographical areas, such as cities or countries. The WWAN technologies, currently available, are collectively known as second-generation (2G) technologies (first generation was analog cellular) and include global system for mobile communications (GSM), code division multiple access (CDMA), and time division multiple access (TDMA). The connectivity speed for these networks ranges from 9.6 Kbps for GSM networks to 115 Kbps for General Packet Radio Service (GPRS). These limited connection speeds have, for the most part, restricted the adoption of these technologies to cellular phones and PDAs.
However, third generation (3G) technologies that provide greater bandwidth (up to 2 Mbps for fixed locations) are becoming available. The significant increase in connection speed should lead to a much wider adoption of the technology

Test plan
SYSTEM DOCUMENTATION
TEST PLAN
TEST NO
PURPOSE OF TEST
Area 1

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15

Area 2

2.1
2.2
2.3
2.4

Area 3

3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10

Server Operations (MDF)

Ensure Server Main Start-ups
Ensure Server WWW Start-up
Confirm Administrator Log On
Confirm DNS operational
Confirm DHCP operation
Ensure User can Log on at Workstation
Check Home Folders
Check Shared Drives
Test Roaming Profiles
Test admin get access to shared folders
Test users get access to shared folder
test Logon Scripts
check the file server is joined to Domain
Ensure file server start up
Ensure all Machines starts up

Server and Workstation (4rth FLOOR)

Check Virtual PC installed and working
Check Workstations connected to domain
Check Linux and Microsoft Core starts up
software can be accessed from all machines

Physical Network (As built)

Test Cables between Servers and Switches
Test Cables between 4rth floor Server and Switches
Test Cables between client Machine and Switch
Wall Sockets pat testing
Keyboard works properly
Mouse works properly
Speakers work properly
Data Switch (can switch between machines)
Switch and vLans
Printer print test page

CONCLUSION
In conclusion, with the addition of expandable blade server’s newer client units and UN interrupted power capabilities along with extra storage designated to particular roles (e.g. Backup and Student Storage)
The scope to grow the network will be increased administering the system will be more centralised
Efficiency of the system will be improved with the added redundancy created and provided by the backend servers in the fourth floor blade cabinet will provide a seamless system capable of withstanding system failures. With ease it will be possible to increase the expandability of the network by adding additional blades to the system and as time passes convert from Ethernet extended star topology to a fibre patch topology

Bibliography

Information contained provided by
www.ibm.com
www.dell.com
www.google.com
www.wikipedia.com
www.microsoft.com
www.Ubuntu.com
www.linux.org
www.hp.com
www.ask.com
www.about.com
www.acer.com
www.sony.com
www.cisco.com
www.blade.org
http://www.ibh.de/netglossary/

Appendix
Networking class design

Standard cabinet layout

BUILDING AND PLANS
The building and plans
To Outside World

HOW IT ALL COMES TOGETHER

Glossary of Networking Terms

10Base-T -- An IEEE standard (802.3) for operating 10 Mbps Ethernet networks with twisted-pair cabling and a wiring hub, referred to as a 10Base-T hub.
3.1 KHz audio bearer service -- A bearer service provided by some telephone companies that sends data calls over voice trunks. The switches should turn off echo cancellators on the trunks handling this type of call. Echo cancellation corrupts data transmitted on voice trunks. 3.1 KHz audio bearer service is sometimes referred to as data-over-voice. Note: Currently, parameter settings for "digital/data" in Ascend units does not differentiate between data bearer and 3.1 KHz audio bearer services. The "voice" setting means only true voice service and does not include 3.1 KHz audio bearer service.
3PC -- Third Party Connect Protocol
A1S -- All Ones
ACR -- Abandon Call and Retry
AIM -- Ascend Inverse Multiplexing. An in-band protocol used to manage the interconnection of two remotely located inverse multiplexers. AIM is a feature-rich, widely used inverse multiplexing protocol developed and supported by Ascend Communications.
ALU -- Average Line Utilization
analog data -- Data that can have any value in a range and that can change continuously; the time of day represented by clock hands, or the temperature represented by a liquid thermometer are examples of analog data.
analog signal -- A type of signal that encodes data transmitted over wire or through the air, and is commonly represented as an oscillating wave. An analog signal can take any value in a range, and changes smoothly between values.
An analog signal can transmit analog or digital data. For example, a radio station sends analog music data using analog signals, while a modem transmits digital data using analog signals.
ANI (Automatic Number Identification) -- Automatic Number Identification is also known as CLID. ANI is a mechanism that informs the called party of the phone number identification of the calling party. Though ANI is thought of as an ISDN feature, it is actually distinct from ISDN, and is a part of Signalling System 7.
APP -- Ascend Password Protocol
APP server -- The APP Server utility lets users respond to token password challenges received from a remote network access server (NAS). Network access servers offer a complex security algorithm that forces a user to have possession of a security card that can generate a password. When a user on the LAN starts an application that requires a connection to a host on a secure network, the Pipeline initiates the call, and after the initial session negotiation, the remote NAS returns a password challenge. The user has 60 seconds to obtain and enter the current dynamic password from the security card.
AppleTalk call filter -- An AppleTalk call filter can instruct the Pipeline to place a call and reset the Idle Timer based on AppleTalk activity on the LAN, and can prevent inbound packets or AppleTalk Echo (AEP) packets from resetting the idle timer or initiating a call.

ARP (Address Resolution Protocol) -- Address Resolution Protocol. This portion of the TCP/IP protocol maps an IP address to the physical address (Ethernet Address) of the PC that it is on, helping to identify PCs on an Ethernet LAN. See also Ethernet, TCP/IP, and proxy ARP.
ASN.1 -- Abstract Syntax Notation One
asynchronous PPP -- One of the modes in which the point-to-point protocol is utilized. Asynchronous means that the characters, which form data packets, are sent at irregular intervals. There is no clocking signal to time transmission. Asynchronous PPP is commonly used in lower-speed transmission and less-expensive transmission systems.
asynchronous transmission -- A mode in which the sending and receiving serial hosts know where a character begins and ends because each byte is framed with additional bits, called a start bit and a stop bit. A start bit indicates the beginning of a new character; it is always 0 (zero). A stop bit marks the end of the character. It appears after the parity bit, if one is in use.
ATM -- Asynchronous Transfer Mode
AUI (Autonomous Unit Interface or Auxiliary Unit Interface) -- This refers to the 15-pin D connector and cables that connect single and multiple channel equipment in an Ethernet transceiver.
authentication -- Authentication is a procedure that establishes the legitimacy of users and defines the parameters of the sessions they establish. As such, authentication can be thought of as a security measure that controls and defines network access. It is always the first part of a session; the range of authentication parameters that can be set depend upon the specific authentication system employed.
auto-reconnect -- An automatic reconnection of a link that has been lost. The software used to manage the connection notes the lost connection and re-establishes it.
BECN -- Backward Explicit Congestion Notification
Bit -- Binary digit. The smallest unit of information a computer can process, representing one of two states (usually indicated by "1" and "0").
BONDING (Bandwidth ON Demand Interoperability Group) -- A consortium of over 40 data communications equipment vendors and service providers who joined together to create a standardized inverse multiplexing protocol so that inverse multiplexers from different vendors could interoperate. Also refers to the resultant specification, sometimes known as the "BONDING specification."
BPS -- Bits per second. Actually a nested acronym, meaning binary digits per second.
BRI (Basic Rate Interface) -- An ISDN subscriber line, consisting of two 64 kbit/s B channels, or "bearer" channels, and one 16 kbit/s D channel, used for both data and signalling purposes.
Bridge -- A device or setup that connects and passes data, voice, or video between two network segments based on the destination field in the packet header. Ascend units are learning bridges, because they pass all packets to the next network segment (the ISDN line) and build a table identifying the destination addresses that are local and remote. After learning the addresses on both sides of a network, the bridge passes only packets for the remote network. (See router.)
bridge table -- A bridging table identifies destination addresses known to exist in a network.

call filters -- Call filters help you manage the cost of having a Pipeline connected to your PC or network. The Pipeline has an Idle Timer option that can be set in the Connection Profile and again in the Answer Profile. Call filters let you define which packets will not restart the Idle Timer, so only valid traffic keeps a connection up. Packets defined in a call filter cannot restart the Idle Timer or initiate a call.
For example, in some networks, packets are broadcast every 60 seconds to make sure all routers and bridges know about available services. You can filter these packets out of the stream of traffic to prevent calls from being initiated or to prevent calls from staying connected unnecessarily.
callback security -- Call-back security is a mechanism used to verify that the access attempt is made by a recognized, legitimate caller. The caller's number is checked against a database of users.
called number -- The called number is the intended destination of an authorization attempt.
caller ID -- Caller ID describes a service offered by local telephone companies that displays the calling party's number on a special display device.
CCITT -- Consultative Committee on International Telegraphy and Telephony
CD -- Carrier Detect
CDR (Call Detail Reporting) -- Call Detail Reporting is a feature that provides a database of information about each call, including date, time, duration, called number, calling number, call direction, service type, and associated inverse multiplexing
CHAP -- Challenge Handshake Authentication Protocol. This security protocol allows access between data communications systems prior to and during data transmission. CHAP uses challenges to verify that a user has access to a system.
circuit -- A connection between endpoints over a physical medium.
circuit-level inverse multiplexing -- A method of inverse multiplexing in which the inverse mux slices the data stream into equal portions, and transmits each portion over an available circuit. The receiving end adjusts for network-induced delay and reassembles the data packets into their proper order. The AIM and BONDING protocols define how circuit-level inverse multiplexing works. Applications that require transparent digital circuits, such as videoconferencing, nailed-up backup and overflow, and bulk file transfer applications, use circuit-level multiplexing.
CLID -- Calling Line ID, synonymous with ANI.
CO -- Central Office
codec (COder/DECoder) -- A device that encodes analog data into a digital signal for transmission over a digital medium.
compression -- Compression is a technique that reduces the quantity of bandwidth or bits required to encode a block of information. Compression saves transmission time and capacity, and can free up storage space on in-demand data lines. Compressed data can be compromised in quality, but the advantages of bandwidth savings are frequently worth the trade-off. Compression is not yet standardized. Ascend equipment can perform high compression rates with its own equipment at both ends of a call, using its own brand of compression.
connection profile -- Information about a remote network you are authorized to connect to by dialling out. Connection profiles contain all the information the Pipeline needs to manage authentication and data transfers. Answer profiles contain incoming connection details.
cost management -- See call filters.
CPE (Customer Premises Equipment) -- Terminal equipment located on the customer premises which connects to the telephone network.
CPHB -- Computer Protocol Heart Beat
CPU -- Central Processing Unit
crossover cable -- A cable with wires that "cross over," so the terminating ends of the cable have opposite wire assignments. (Contrast with straight-through cable).
CSU (Channel Service Unit) -- Channel Service Unit. A device used to connect a digital phone line coming in from the phone company to network access equipment located on the customer premises. A CSU may also be built into the network interface of the network access equipment.
CTS -- Clear To Send
D channel -- A channel that carries WAN synchronization information on a line using ISDN D-channel signalling. For information on ISDN D-channel signalling, see the entry for ISDN D-channel signalling.
data encryption -- Encrypting data is accomplished by applying a special scrambling code that makes the data unreadable to anyone who does not have a decryption key. Authorized personnel with access to this key can unscramble it. Data encryption is a useful tool against network snoopers.
data filters -- A data filter is a filter that applies to the actual data stream. It can be set to drop packets addressed to particular hosts or to prevent packets from going across the WAN.
data link layer protocols -- The second layer of the Open Systems Interconnection (OSI) reference model created by the International Standards Organization (ISO). The data link layer assembles messages and coordinates their flow. The term can also be used to refer to a connection between two computers over a telephone.
data over voice -- Sending digital data over telephone trunks conditioned for voice. Data over voice is sometimes used to mean sending data using voice bearer service or 3.1 KHz audio bearer service.
data service -- A service provided over a WAN line and characterized by the unit measure of its bandwidth. A data service can transmit either data or digitized voice.
DBA -- Dynamic Bandwidth Allocation
DBA (Dynamic Bandwidth Allocation) -- Adding or subtracting bandwidth from a switched connection in real time without terminating the link. MPP and AIM support Dynamic Bandwidth Allocation based upon a set of parameters you specify.
Ascend unit’s use the historical time period specified by the Sec History parameter as the basis for calculating average line usage (ALU). It then compares ALU to the amount specified in the Target Util parameter. When ALU exceeds the threshold defined by Target Util for a period of time greater than the value of the Add Pers parameter, the Ascend unit attempts to add the number of channels specified by the Inc Ch Count parameter. When ALU falls below the threshold defined by Target Util for a period of time greater than the value of the Sub Pers parameter, the Ascend unit attempts to remove the number of channels specified by the Dec Ch Count parameter.
If you use a circuit between two locations to capacity 24 hours per day, using a nailed-up line is more cost effective than using a switched line. However, if you need the circuit only sporadically, or if the circuit is sometimes underutilized, it often makes more sense to lease a smaller amount of nailed-up bandwidth and then supplement it with additional switched bandwidth as traffic requirements dictate.
For example, you might establish some connections only when you need to transfer data, and a single circuit can accommodate low traffic levels. However, if traffic levels grow beyond the capacity of the circuit (such as during a large file transfer), DBA automatically adds additional switched channels. When traffic levels subside, DBA automatically removes the channels from the connection. The bandwidth and connection costs are thereby reduced. You pay only for bandwidth when you need it.
DCE (Data Circuit-Terminating Equipment) -- As defined in the RS-232 specification, equipment to which DTE (Data Terminal Equipment) is connected, often to enable access to network facilities. A DCE converts the format of the data coming from the DTE into a signal suitable to the communications channel. DCE often refers to equipment such as network access equipment, and DTE refers to application equipment, such as a videoconference terminal.
DDP -- Datagram Delivery Protocol
DE -- Discard Eligibility
default gateway -- When setting up the PC to operate with a Pipeline, the gateway setting (in the Network settings) must be set to the IP address of the Pipeline. Using the IP address of the Pipeline as the gateway lets your computer know that you will use the Pipeline to access remote networks.
DGP -- Dissimilar Gateway Protocol
DHCP (Dynamic Host Configuration Protocol) -- DHCP is a standards-based protocol for dynamically allocating and managing IP addresses. DHCP runs between individual computers and a DHCP server to allocate and assign IP addresses to the computers as well as limit the time for which the computer can use the address. When the time expires on the use of the IP address, the computer must contact the DHCP server again to obtain an address.
DHCP spoofing -- There are some cases where the DHCP server is on a remote network, and an IP address is required to access the network, but since the DHCP server supplies the IP address, the requester is at an impasse. To supply access to the network, when the Pipeline receives a DHCP Discover packet (a request for an IP address from a PC on the network), it responds with a DHCP Offer packet containing the configured (spoofed) IP address and a renewal time, which is set to a few seconds. The requester then has access to the DHCP server and gets a real IP address. (Other variations exist in environments where the APP server utility is running.)
dial query -- Dial query is a parameter of a connection profile that tells the Pipeline to initiate the connection when a local NetWare client queries a remote server and the Pipeline routing table is empty. (A routing table is a list of destinations known to the Pipeline.)
digital data -- Data that can have only a limited number of separate values. The time of day represented by a digital clock, or the temperature represented by a digital thermometer are examples of digital data; the digital values do not change continuously, but remain at one discrete value and then change to another, discrete value.
digital modem -- An internal device in the MAX that enables it to communicate over a digital line (such as a T1 PRI line)
DLCI (Data Link Connection Indicator) -- In a Frame Relay network, DLCIs uniquely identify each virtual circuit. In most circumstances, DLCIs have strictly local significance at each Frame Relay interface.
DLO -- Data Line Occupied
DNS (Domain Name System) -- A TCP/IP service that enables you to specify a symbolic name instead of an IP address. A symbolic name consists of a user name and a domain name in the format user name@domain name. The user name corresponds to the host number in the IP address.
DNS maintains a database of network numbers and corresponding domain names. When you use a symbolic name, DNS translates the domain name into an IP address, and sends it over the network. When the Internet service provider receives the message, it uses its own database to look up the user name corresponding to the host number.
domain identifier -- The portion of a domain name that appears last and specifies the type of organization to which the host belongs.
DOSBS -- Data Over Subscriber Bearer Service. This is the same as 3.1 KHz audio bearer service.
DSR -- Data Set Ready
DSU (Data Service Unit) -- A digital service unit, tasked to convert terminal interfaces such as RS-2323 connections to DSX-1 interfaces. Increasingly, the functions of these DSUs are incorporated into sophisticated remote access devices located at the central site.
DTE (Data Terminal Equipment) -- As defined in the RS-232 specification, equipment to which DCE (Data Communications Equipment) is connected, such as personal computers or data terminals. DTE often refers to application equipment, such as a videoconference terminal or LAN bridge or router, while DCE refers to equipment such as network access equipment.
DTMF -- Dual-Tone Multifrequency
DTR -- Data Transmit Ready
dual-port call -- A call in which the serial host (such as a video codec) performs inverse multiplexing on two channels so that the call can achieve twice the bandwidth of a single channel.
EEPROM -- Electronically Erasable Programmable Read-Only Memory
EGP -- Exterior Gateway Protocol
encapsulation -- Encapsulating data is a technique used by layered protocols in which a low level protocol accepts a message from a higher level protocol, then places it in the data portion of the lower-level frame. The logistics of encapsulation require that packets travelling over physical network contain a sequence of headers. The first header derives from the physical network frame, the second from the IP frame, the third from the physical network frame, and so on. Encapsulation enables the transmission of data over different network portions based on differing protocols.
ENIGMA -- ENIGMA is an important provider of network security applications. Safe Word AStm is a software authentication server that identifies users with dynamic passwords prior to the granting of access. This UNIX-based program identifies users at the point of connection to a TCP/IP network, and utilizes standard network authentication protocols.
ETHERIP -- Ethernet-within-IP Encapsulation
Ethernet -- A local area network that connects devices like computers, printers, and terminals. Ethernet operates over twisted-pair or coaxial cable at speeds at 10 or 100 Mbps.
FDL -- Facilities Data Link
FECN -- Forward Explicit Congestion Notification
filter -- A set of rules that define what packets may pass through a network. Filters can use destinations, sources or protocols to determine what to do with packets. One of the packet's headers must contain information that matches the information in the rules or the packet filter will discard it. See also Firewall, Secure Access Firewall, and Secure Access Manager.
filtering -- One type of filtering transmits a selected range of energy to suppress unwanted frequencies or noise. Another type of filtering removes specific characters received in a data communications channel. Filtering in a network is the assignment of parameters to block transmissions from one LAN to another. See Filter.
firewall -- A hardware/software tool that allows a network administrator to determine what type of users can access the resources on the network. The firewall provides a mechanism to monitor and funnel data from authorized users (only) through the firewall to and from the network. A firewall may be a software program that runs on a UNIX or other platforms or it may be a part of a proprietary operating system. A firewall by itself does not perform the routing function. See also Filter, Secure Access Firewall, and Secure Access Manager.
FR (Frame Relay) -- A form of packet switching, but using smaller packets and less error checking than traditional forms of packet switching (such as X.25). Now a new international standard for efficiently handling high-speed, bursty data over wide area networks.
fractional T1 line -- A T1 line that contains both switched and nailed-up channels. T1 PRI and ISDN BRI lines can also be fractional T1 lines.
framing -- At the physical and data link layers of the OSI model, bits are fit into units called frames. Frames contain source and destination information, flags to designate the start and end of the frame, plus information about the integrity of the frame. All other information, such as network protocols, and the actual payload of data, is encapsulated in a packet, which is encapsulated in the frame.
FTP -- File Transfer Protocol
Gateway -- Gateways are points of entrance to and exit from a communications network. Viewed as a physical entity, a gateway is that node that translates between two otherwise incompatible networks or network segments. Gateways perform code and protocol conversion to facilitate traffic between data highways of differing architecture. In OSI terms, a gateway is a device that provides mapping at all seven layers of the OSI model. A gateway can be thought of as a function within a system that enables communications with the outside world.
Generic Filters -- When creating filters, you can specify the Type of filter as Generic or IP. Generic filters define bits and bytes within a packet and can apply to any packet type, including TCP or IP. (IP filters relate to the TCP/IP/UDP protocol suite only.)
GGP -- Gateway-to-Gateway Protocol
GRE -- Generic Routing Encapsulation
HDLC (High-level Data Link Control) -- A synchronous, bit-oriented Link Layer protocol for data transmission. Frame Relay is an example of an HDLC-based packet protocol.
HMP -- Host Monitoring Protocol
Host -- A computer on a network.
Hybrid LAN -- A hybrid network is one in which some links are capable of sending and receiving only analog signals while others handle digital signals only. Another definition is the division of a network into public and private sections.
ICMP (Internet Control Message Protocol) -- The Internet Control Message Protocol, ICMP is an error reporting mechanism that is an integral part of the IP suite. Gateways and hosts use ICMP to send reports of datagram problems back to the sender. ICMP also includes an echo request/reply function that tests whether a destination is reachable and responding. See also Ping.
IDPR -- Inter-Domain Policy Routing Protocol
IDRP -- Inter-Domain Routing Protocol
IEEE -- Institute of Electrical and Electronics Engineers. An organization that maintains the standards for 10BaseT and other communications standards.
IGMP -- Internet Group Management Protocol
IGP -- Interior Gateway Protocol
inband signalling -- A type of signalling in which a line uses 8 kbps of each 64 kbps channel for WAN synchronization and signalling. The remaining 56 kbps handle the transmission of user data. Another term for inband signalling is robbed-bit signalling. Robbed-bit refers to the 8 kbps of each channel used for signalling. T1 access lines containing one or more switched channels and Switched-56 lines use inband signalling.
inverse multiplexer -- Equipment that performs inverse multiplexing at each end of a connection. An inverse multiplexer is also known as an inverse mux.
IP -- Internet Protocol
IP address -- An address that uniquely identifies each host on a network
IP filters -- When defining filters, you can set the Type of filter to Generic or IP. If you set the type to IP, the filter can examine TCP/IP/UDP data packets' source addresses, destination addresses, IP protocol type, port, or any combination of these.
IP subnet -- Internet Protocol subnet. An IP subnet or subnet mask is a way to subdivide a network into smaller networks, so you can have a greater number of computers on a network with a single IP address. The IP subnet is a number that you append to the IP address. For example, 195.112.56.75/14, 195.112.56.75/15, and 195.112.56.75/16 are all IP addresses with subnets of 14, 15, and 16.
IPCP (Internet Protocol Control Protocol) -- Internet Protocol Control Protocol is responsible for configuring, enabling and disabling the IP protocol modules on both ends of a point-to-point link. The IP Control Protocol is tied to PPP, and is activated only when PPP reaches the network layer protocol phase. If IPCP packets are received prior to this phase, they should be discarded. Elements of IPCP include packet encapsulation, code fields and timeouts.
IPCU -- Internet Packet Core Utility
IPIP -- IP-within-IP Encapsulation Protocol
IPPC -- Internet Pluribus Packet Core
IPX (Internet Packet Exchange) -- Internet Packet exchange , the NetWare LAN communications protocol used to move data between servers and workstation programs running on various network nodes. IPX packets are encapsulated and carried by Ethernet packet and Token Ring frames as appropriate.
IPXCP -- Fulfils the same function as IPCP, but for IPX routing. See IPCP.
IPXWAN -- The WAN version of NetWare's IPX protocol.
IRTP -- Internet Reliable Transport Protocol
ISDN (Integrated Services Digital Network) -- Integrated Services Digital Network. A system that provides simultaneous voice and high-speed data transmission through a single channel to the user's premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signalling.
ISDN BRI line -- An ISDN Basic Rate Interface line that uses two B channels for user data, and one 16-kbps D channel for ISDN D-channel signalling. B channels can be switched, both channels can be nailed up, or one channel can be switched and the other nailed up. BRI stands for Basic Rate Interface. A line of this type can connect to standard voice service, Switched-56 data service, or Switched-64 data service.
ISDN D-channel signalling -- A type of signalling in which a D channel handles WAN synchronization and signalling, and the B channels carry the user data. Another term for ISDN D-channel signalling is out-of-band signalling. T1 PRI, E1 PRI, and ISDN BRI lines use ISDN D-channel signalling.
ISO 9001 -- ISO is the International Standards Organization, and is devoted to the definition of standards for international and national data communications. (The U.S. representative to the ISO is ANSI.3.) 9001 is the current set of ISO standards. Companies whose products are ISO certified reflect a high quality of consistency and quality.
ISO-IP -- International Standards Organization Internet Protocol
ISO-TP4 -- International Standards Organization Transport Protocol Class 4
ISP (Internet Service Provider) -- An Internet Service Provider is a company that provides access to the Internet..
IXC -- Interexchange Carrier
kbps -- kilobits per second
LAN (Local Area Network) -- A network that interconnects devices over a geographically small area,
LAN/WAN connectivity -- This is the practical set of tools, from OS layer protocols to support services, that make a remote access device an effective link between LANs and WANs. An effective remote access server must include a host of communications and translation protocols to fulfil this function.
LARP -- Locus Address Resolution Protocol
leased lines -- A circuit rented for exclusive use twenty-four hours a day, seven days a week from a telephone company. The connection exists between two predetermined points and cannot be switched to other locations.
LEC -- Local Exchange Carrier
line -- A physical interface to the WAN.
LLB -- Line Loopback
LLC -- Logical Link Control
loopback -- A test that enables the Ascend unit to place a call to itself over the WAN, and to send a user-specified number of packets over the connection. The loopback tests the Ascend unit's ability to initiate and receive calls, and diagnoses whether the connection over the digital access line and the WAN is sound. A local loopback can test whether the connection to local devices is sound.
LQM (Line Quality Monitoring) -- A feature that enables the Ascend unit to monitor the quality of a link.
LQM counts the number of packets sent across the link and periodically asks the remote end how many packets it has received. Discrepancies are evidence of packet loss and indicate link quality problems. The Ascend unit can tear down and re-establish a call if the problems on the link exceed a specified threshold.
MAC (Media Access Control) -- A system of rules used to move data from one physical medium to another.
MB -- megabytes
Mbps -- megabits per second
MHRP -- Mobile Host Routing Protocol
MIB -- Management Information Base
MICP -- Mobile Internetworking Control Protocol
MIF -- Machine-to-Machine Interface Format
modem (MOdulator/DEModulator) -- A DCE (Data Circuit-Terminating Equipment) installed between a DTE (Data Terminal Equipment) and an analog transmission channel, such as a telephone line.
MP (Multilink PPP) -- A proposed standard for inverse multiplexing, a method of combining individually dialed channels into a single, higher-speed data stream. MP is an extension of PPP that supports the ordering of data packets across multiple channels.
MPP (Multichannel Point-to-Point Protocol) -- A protocol that extends the capabilities of MP to support inverse multiplexing, session management, and bandwidth management. MPP allows you to combine up to 30 individual channels into a single high-speed connection.
MPP consists of two components: low-level channel identification, error monitoring, and error recovery mechanism, and a session management level for supporting bandwidth modifications and diagnostics. MPP enables the Ascend unit to add or remove channels from a connection, as bandwidth needs change without disconnecting the link. This capability is called Dynamic Bandwidth Allocation, or DBA.
Both the dialling side and the answering side of the link must support MPP. If only one side supports MPP, the connection uses MP or standard single-channel PPP.
MPP calls cannot combine an ISDN BRI channel with a channel on a T1 access line or a T1 PRI line.
MRU -- Maximum Receive Unit
MTP -- Multicast Transport Protocol
MTU -- Maximum Transfer Unit
MultiRate -- A data service consisting of a single circuit whose bandwidth is a multiple of 64 kbps. This circuit consists of one or more B channels. For example, a user can dial a first call at 384 kbps (using 6 B channels), and then dial at second call at 512 kbps (using 8 B channels). This service is available over T1 PRI lines only. MultiRate is also known as Switched Nx64 data service.
nailed line -- A permanent connection between endpoints over which two parties exchange data. A nailed line is also known as a private line or a leased line.
NAS -- Network Access Server
NetWare call filter -- A NetWare call filter is used to prevent Service Advertising Protocol (SAP) packets originating on the local IPX network from resetting the idle timer or initiating a call.
NFAS -- Non-Facility Associated Signalling
NFAS (Non-Facility Associated Signalling) -- A special case of ISDN signalling in which two or more T1 PRI lines use the same D channel, and you can add a backup D channel. NFAS is required for Switched-1536 data service; because all 24 channels of the T1 PRI line carry user data, the D channel must be on another line.
NFS -- Network File System
NHRP -- Next Hop Resolution Protocol
NIC -- Network Information Centre
NIS -- Network Information Service
NSFNET-IGP -- National Science Foundation Network Interior Gateway Protocol
NT1 (Network Terminator Type 1) -- An ISDN BRI line terminating device at the subscriber's location that provides line maintenance access, timing, and echo cancellation. NT1s may be built into other pieces of equipment or stand-alone.
NVP-II -- Network Voice Protocol II
NVT ASCII -- Network Virtual Terminal ASCII
Octet -- Eight data bits.
OSI -- Open Systems Interconnection. A reference model used to describe layers of a network and the types of functions expected at each layer. The OSI model is used as a standard, letting developers of networks and communication systems rely on the presence of certain functions at certain places in a standard system.
Top to bottom, the seven layers are:
application
presentation
session
transport
network
data link
physical
The physical and data link layers have to do with hardware, wires, signals on wires, and basic addressing functions, such as media access control (MAC). In the network layer, information from different networking protocols is distinguished, which is where the internet protocol (IP) functions. In the transport layer, data is packaged for transport in a size and organization appropriate for its intended environment. This is where transport control protocol (TCP) works. The session, presentation, and application layers keep information streaming in and convert it to a usable format.
OSPF -- Open Shortest Path First
PBX (Private Branch Exchange) -- An internal telephone network, such as those used in large offices, in which one incoming number directs calls to various extensions and from one office to another.
PCM -- Pulse Coded Modulation
PDU -- Protocol Data Unit
Ping -- This is the command invoked on many systems to send ICMP echo requests. Ping has several versions. The most sophisticated Pings send a series of ICMP echo requests, capture responses, and corollary statistics regarding data packet loss. The user can determine the length of the ICMP request and designate an interval between tries.
PLL -- Permanent Logical Link
PND -- Present Next Digit
Point-to-Point link -- See Point-to-Point protocol (PPP).
POP (Point of Presence) -- This is a point-of-presence of an Internet service provider, used to facilitate remote users' access to the range of applications and IP addresses in the internetwork.
POST (Power-On Self Test) -- A diagnostic test the Ascend unit performs when it first starts up or after a system reset. While the yellow FAULT LED on the front panel remains solidly lit, the Ascend unit checks system memory, configuration, installed modules, and the T1 connections. If the Ascend unit fails any of these tests, the AFAULT (or CON) LED remains lit or blinks.
PPP (Point-to-Point Protocol) -- Provides a standard means of encapsulating data packets sent over a single-channel WAN link. It is the standard WAN encapsulation protocol for the interoperability of bridges and routers. PPP is also supported in workstations, allowing direct dial-up access from a personal computer to a corporate LAN or ISP. Using PPP ensures basic compatibility with non-Ascend devices. Both the dialling side and the answering side of the link must support PPP.
PRI -- Primary Rate Interface
PRM -- Packet Radio Measurement
promiscuous mode -- A Bridging parameter mode that determines that the Ethernet controller in the Ascend unit accepts all packets and passes them up the protocol stack for a higher-level decision on whether to route, bridge, or reject them. This mode is appropriate if you are using the Ascend unit as a bridge.
protocol -- A set of rules governing message exchange over a network or internetwork. Examples of commonly used protocols are TCP/IP (Transmission Control Protocol/Internet Protocol), PPP (Point-to-Point Protocol), and IPX (Internet Packet Exchange).
PVC -- Permanent Virtual Circuit
PVC -- Protocol Version Control
PVP -- Packet Video Protocol
RADIUS (Remote Access Dialup User Service) -- A protocol by which users can have access to secure networks through a centrally managed server. RADIUS provides authentication for a variety of services, such as login, dialback, SLIP, and PPP.
RARP -- Reverse Address Resolution Protocol
RDP -- Reliable Data Protocol
Remote LAN Access -- The process of allowing branch offices, telecommuters, and travelling computer users to access the corporate LAN backbone over dedicated or dialed, digital or analog lines.
remote management -- A management feature that uses bandwidth between sites over the management sub channel established by the AIM (Ascend Inverse Multiplexing) protocol. Any Ascend unit can control, configure, and obtain statistical and diagnostic information about any other Ascend unit; multi-level security assures that unauthorized personnel do not have access to remote management functions.
RI -- Ring Indicate
RIP (Routing Information Protocol) -- Routing information protocol teaches routers on a wide area network which routers have access to which addresses. This information is kept in a routing table on each router. As routers communicate with each other, they all update their routing tables to include each other’s routing table information. In a large network environment, this exchange of information can keep the network connections up unnecessarily, and can result in very large routing tables on each router. You can apply a call filter to ignore RIP updates. You can also control how route information is propagated.
Router -- An interconnection device that can connect individual LANs. Unlike bridges, which logically connect at OSI layer 2, routers provide logical paths at OSI layer 3. Like bridges, remote sites can be connected using routers over dedicated or switched lines to create WANs.
Routing -- A device or setup that finds the best route between any two networks, even if there are several networks to traverse. (Contrast with bridge).
routing table -- A list of destinations known to the router. Routing tables are built and used based on three protocols:
RIP - which continuously broadcasts routing updates every 30 seconds?
ICMP - which can dynamically redirect packets to a more efficient route?
ARP - which enables the Pipeline to respond to address queries with its own physical address?
RPC -- Remote Procedure Call
RPM -- Remote Port Module
RS-# -- Recommended Service #
RS-232 -- A set of EIA standards specifying various electrical and mechanical characteristics for interfaces between DTE and DCE data communications devices. The standard applies to both synchronous and asynchronous binary data transmission at rates below 64 kbit/s.
RSVP -- Reservation Protocol
RTS -- Request To Send
Rubber Bandwidth -- A term used to describe a communications channel whose bandwidth can be increased or decreased without terminating and re-establishing the channel. Typically used with inverse multiplexing.
RVD -- MIT Remote Virtual Disk Protocol
S interface -- See S/T interface.
S/T interface -- n. The electrical interface between a network terminator (NT1) device and one or more ISDN communications devices that do not contain their own NT1s.
S/T-interface -- adj. Specifies an ISDN communications device that connects to an external network terminator (NT1).
SAM (Secure Access Manager) -- Secure Access Manager gives network administrators granular control over the security functions of the entire network directly from the central site.
SAP -- Service Access Point
SAP filters -- See NetWare call filters.
SDRP -- Source Demand Routing Protocol
Secure Access Firewalls -- Secure Access Firewall is a software option for Ascend units that offers a fully integrated firewall security for remote networking.
Secure ID -- A proprietary brand of security card (about the size of a credit card) that generates a code based on the user's ID, password, and information in the card. When the user attempts to log on to a secure network, a code is requested that must have been generated within the previous 60 seconds.
SEP -- Sequential Exchange Protocol
serial communication -- Communication through the serial port of your computer. For Windows 3.1, the maximum speed of the serial port is 19,200. For Windows 95, the COM port limit on the settings drop-down list is 921,600. These limitations are subject to change as development of a faster serial bus design is implemented.
SIP -- Simple Internet Protocol
SLIP (Serial Line IP) -- A protocol that enables your computer to send and receive IP packets over a serial link.
SMDS -- Switched Multimegabit Data Service. A packet-based network service allowing the creation of high-speed data networks (up to 45 Mbit/s). Now in the testing and initial implementation phases.
SMTP -- Simple Mail Transfer Protocol
SNAP -- SubNetwork Access Protocol
SNMP (Simple Network Management Protocol) -- A standard way for computers to share networking information. -- In SNMP, two types of communicating devices exist: agents and managers. An agent provides networking information to a manager application running on another computer. The agents and managers share a database of information, called the Management Information Base (MIB). An agent can use a message called a traps-PDU to send unsolicited information to the manager.
SPID (Service Profile Identifier) -- Service Profile Identifier. Your ISDN service provider (telephone company) uses this number at the Central Office switch to identify services on your ISDN line. This number is derived from a telephone number.
straight-through cable -- A cable with wires that have terminating ends with the same wire assignments.
SWIPE -- IP with Encryption
switched circuit -- A temporary connection between endpoints, established for the duration of a call, over which two parties exchange data. The circuit is disconnected when the call ends.
Switched-1536 -- A data service consisting of a single 1536 kbps circuit, called an H11 channel. The H11 channel is comprised of all 24 channels on the line. You must use two T1 PRI lines to access Switched-1536. One line carries the user data, and the other line contains the D-channel. NFAS is required for this data service because the D channel must be on a separate line. This service is available over T1 PRI lines only. Switched-1536 is also known as H11 data service.
Switched-384 -- A data service consisting of a single 384 kbps circuit, called an H0 channel. The H0 channel is comprised of 6 B channels. This service is available over T1 PRI lines only. Switched-384 is also known as H0 data service.
Switched-56 -- A data service consisting of a single 56 kbps channel. This service is available over any type of line. It is the only service available to T1 access lines and Switched-56 lines.
Because Switched-56 was the first available data service, both the service itself and the lines that accessed it were called Switched-56. However, any type of line can now access Switched-56 data service, and there are other new services in addition to Switched-56.
Switched-56 line -- A line that provides a single 56 kbps data channel with inband signalling.
Switched-64 -- A data service consisting of a single 64 kbps channel. This service is available over T1 PRI and ISDN BRI lines only.
symbolic name -- A name used in place of an IP address. A symbolic name consists of a user name and a domain name in the format user name@domain name.
T1 access line -- A 1.544 mbps T1 line that provides 24 56 kbps data channels and uses inband signalling.
T1 line -- A line that consists of 24 64 kbps channels. Two types of T1 lines are available: T1 access lines and T1 PRI lines.
T3 -- A digital transmission link with a capacity of 45 Mbit/s, or 28 T1 lines.
TA -- Terminal Adapter
TACACS (Terminal Access Concentrator Access Control Server) -- A very simple query/response protocol that enables the MAX to check a user's password, and enable or prevent access. A TACACS server supports only the basic password exchanges that PAP uses; it does not support CHAP.
TCP -- Transmission Control Protocol
TCP/IP (Transmission Control Protocol/Internet Protocol) -- A family of protocols that defines the format of data packets sent across a network, and is the communications standard for data transmission between different platforms. The TCP/IP family consists of the following protocols and services.
Transport protocols - these protocols control data transmission between computers:
TCP (Transmission Control Protocol)
UDP (User Datagram Protocol)
Routing protocols - these protocols control addressing and packet assembly, and determine the best route for a packet to take to arrive at its destination:
IP (Internet Protocol)
ICMP (Internet Control Message Protocol)
RIP (Routing Information Protocol)
OSPF (Open Shortest Path First)
Gateway protocols - these protocols enable networks to share routing and status information:
EGP (Exterior Gateway Protocol)
GGP (Gateway-to-Gateway Protocol)
IGP (Interior Gateway Protocol)
Network address services and protocols - these services and protocols handle the way that each computer on a network is identified:
DNS (Domain Name System)
ARP (Address Resolution Protocol)
RARP (Reverse Address Resolution Protocol)
User services - these services provide applications a computer can use:
BOOTP (Boot Protocol)
FTP (File Transfer Protocol)
Telnet
Miscellaneous services
NFS (Network File System)
NIS (Network Information Service)
RPC (Remote Procedure Call)
SMTP (Simple Mail Transfer Protocol)
SNMP (Simple Network Management Protocol)
TE -- Terminal Equipment
Terminal server session -- An end-to-end connection between a terminal and a terminal server. Usually, the terminal server session begins when the call goes on line and ends when the call disconnects.
Thick Ethernet -- A term that describes a type of Ethernet cable. Thick Ethernet, or thicknet, is .4" diameter coaxial cable for Ethernet networks.
Thin Ethernet -- A term that describes a type of Ethernet cable. Thin Ethernet, or thinnet, is .2" diameter coaxial cable for Ethernet networks.
U interface -- The electrical interface between an ISDN telephone line and a network terminator (NT1) device.
UDP -- User Datagram Protocol
U-interface -- adj. Specifies an ISDN communications device that connects directly to an ISDN telephone line. A U-interface device contains its own network terminator (NT1).
UTP -- Unshielded Twisted Pair
UTP cable -- Unshielded Twisted Pair cable. Two paired wires with wire twisted two or more times per inch to help cancel out noise.
Videoconferencing -- The use of digital video transmission systems to communicate between sites using video and voice. Digital video transmission systems typically consist of camera, codec (coder-decoder), network access equipment, network, and audio system.
VT-100 -- An ASCII character data terminal, consisting of screen and keyboard. Manufactured by Digital Equipment Corporation (DEC), the VT-100 has become an industry standard data terminal. VT-100 emulation software allows a standard PC to act as a VT-100 terminal.
WAN -- Wide Area Network
Wide Area Network -- A data network typically extending a LAN outside a building or beyond a campus, over IXC or LEC lines to link to other LANs at remote sites. Typically created by using bridges or routers to connect geographically separated LANs.
WINS (Windows Internet Name Service) -- Windows Internet Name Service (WINS) is a Microsoft product that manages the mapping between resource names (in the form of easy-to-remember nicknames) and IP addresses. The DNS service used on the Internet cannot map between IP addresses and local resource names dynamically. However, through dynamic database updates, WINS lets users access network resources via more user-friendly names instead of IP addresses.
WSN -- Wang Span Network
X.21 -- A set of CCITT specifications for an interface between DTE and DCE for synchronous operation on public data networks.. Includes connector, electrical, and dialling specifications.

INDEX
A
ACTIVE DIRECTORY, 44
Analyze, 5
Apache server, 58
Appendix, 67
B
Back up, 65
Bandwidth and security, 22
Bibliography, 66
BUDGET, 35
BUILDING AND PLANS, 69
C
Cable Termination Standards, 18
Choosing a HostnameS, 23
CONCLUSION, 66
CONTENTS, 2
D
Defining Network Segments, 21
Deployment, 44
Develop LAN Topology, 6
Development, 25
Devices, 31
E
Exchange server, 56
F
Fiber Optic Cable Connections, 14
G
Glossary, 72
H
HOW IT ALL COMES TOGETHER
DIAGRAM, 71
I
INDEX, 87
Install and configure a dhcp server, 54
Installing windows 2003, 50
Introduction, 4
N
Network file system, 43
Network Infrastructure, 31
O
Option 1, 27
Option 2—Use IPv6 for IP Addressing, 27
P
Patch panel colour scheme, 18
PLANNING, 20
Project prerequisites, 5
S
Servers and their location, 37
Software installation, 50
T
The Project Brief and Analysis, 8
U
Understanding client-server traffic flow, 12
User Hardware, 60
V
VLAN Planning, 29

retraining for a new career ????

where have i been

There is life after Stow

hnd project