Maxitech Electrical Services

LAN User Requirements Document:

General Requirements 

The school district is in the process of implementing an enterprise-wide network which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites.

Access to the Internet from any site in the school district is also an integral part of this implementation. Once the network is in place, the school district will implement a series of servers to facilitate online automation of all of the district's administrative and many of the curricular functions.

Since this network implementation will have to continue to be functional for a minimum of 7-10 years, all design considerations should include a minimum of 100x (times) growth in the LAN throughput, 2x (times) growth in the WAN core throughput, and 10x (times) growth in the District Internet Connection throughput. The minimum requirement for initial implementation design will be 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network. Only two OSI layer 3&4 protocols will be allowed to be implemented in this network, they are TCP/IP and Novell IPX.


SECTION 1 - WIDE AREA NETWORK 

The Washington School District Wide Area Network (WAN) will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will be based on a two-layer hierarchical model. Three (3) regional Hubs will be established at the District Office/Data Center, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations will be connected into the WAN core Hub locations based on proximity to the Hub. 

TCP/IP and Novell IPX will be the only networking protocols that will be acceptable to traverse the district WAN. All other protocols will be filtered at the individual school sites using access routers. High-end, powerful routers will also be installed at each WAN core location. Access to the Internet or any other outside network connections will be provided through the District Office/Data Center through a Frame Relay WAN link. For security purposes, no other connections will be permitted.


SECTION 2 - LOCAL AREA NETWORK & WIRING SCHEME 

Two Local Area Network (LAN) segments will be implemented in each school and the District Office. The transport speeds will be Ethernet 10BASE-T, 100BASE-TX, and 100BASE-FX. Horizontal cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity (be tested) to accommodate 100 Mbps. Vertical (Backbone) cabling shall be CAT5 UTP or fiber optic multi-mode cable. The cabling infrastructure shall comply with TIA/EIA-568-A and TIA/EIA-569 standards.

One LAN will be designated for student / curriculum usage and the other will be designated for administration usage (see: SECURITY SECTION). The LAN infrastructure will be based on Ethernet LAN switching. This will allow for a migration to faster speeds (more bandwidth) to the individual computers and between MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications.

In each location a Main Distribution Facility (MDF) room will be established as the central point to which all LAN cabling will be terminated and will also be the point of presence (POP) for the Wide Area Network connection. All major electronic components for the network, such as the routers and LAN switches, will be housed in this location. In some cases an Intermediate Distribution Facility (IDF) room will be established, where horizontal cabling lengths exceed TIA/EIA-568-A recommended distances or where site conditions dictate. In such cases, the IDF will service its geographical area and the IDF will be connected directly to the MDF in a STAR or EXTENDED STAR topology.

Each room requiring connection to network will be able to support 24 workstations and be supplied with four (4) CAT 5 UTP runs for data, with one run terminated at the teacher's workstation. These cable runs will be terminated in the closest MDF or IDF. All CAT 5 UTP cable runs will be tested end-to-end for 100 Mbps bandwidth capacity. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; i.e. data hubs and switches. From this location data services will be distributed within the room via decorative wire molding. Network 1 will be allocated for general curriculum usage and network 2 will allocated for administrative usage.


SECTION 3 - DISTRICT SUPPLIED SERVERS AND FUNCTIONS 

All file servers will be categorized as Enterprise or Workgroup type services, and then placed on the network topology according to function and anticipated traffic patterns of users.

DOMAIN NAMES SERVICE and EMAIL SERVICES

Domain Name Services (DNS) and e-mail delivery will be implemented in a hierarchical fashion with all services located on the master server at the district office. Each District Hub location will contain a DNS server to support the individual schools serviced out of that location. Each school site will also contain a host for DNS and e-mail services (local post office) that will maintain a complete directory of all staff personnel and student population for that location. The school host will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual school server to the Hub server and to the district server. All regional servers will have the capability to communicate between themselves, thus building redundancy in the system in the event that the District master server is unavailable. Should the District master server require a partial or complete restore of data, the ability to query any or all of the regional servers to acquire the needed information will be provided.

ADMINISTRATIVE SERVER

The school district is moving towards a totally automated server based administration system. Each school location will contain an Administration server which will house the student tracking, attendance, grading and other administration functions. This server will be running TCP/IP as its OSI layer 3&4 protocols and will only be made available to teachers and staff.

LIBRARY SERVER

The school district is implementing an automated library information and retrieval system, which will house an online library for curricular research purposes. This server will be running TCP/IP as its OSI layer 3&4 protocols and will made available to anyone at the school site.

APPLICATION SERVER

All computer applications will be housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint , etc are requested by users these applications will be retrieved from the application server. This will provide district support staff with a easy and efficient method for upgrading applications without having to reload new software on each computer in the district network. This server will use TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the school site.

OTHER SERVERS

Any other servers implemented at the school sites will be considered departmental (workgroup) servers and will be placed according to user group access needs. Prior to implementation of other servers a requirements analysis must be submitted for the purpose of determining placement of the server on the district network.

SECTION 4 - ADDRESSING AND NETWORK MANAGEMENT 

A complete TCP/IP addressing and naming convention scheme for all hosts, servers, and network interconnection devices will be developed and administered by the District Office. The implementation of unauthorized addresses will be prohibited. The District Addressing Scheme can be implemented in a number of ways. Ideas you should consider are Class A, B, and C Addresses with appropriate subnetting, Network Address Translation (NAT), and Private Network Numbers.

All computers located on the administrative networks will have static addresses, curriculum computers will obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP). Each site should have a server running DHCP and use only addresses consistent with the overall District Addressing Scheme. A master network management host will be established at the District Office and will have total management rights over all devices in the network. This host will also serve as the router configuration host and maintain the current configurations of all routers in the network. Each region location (Hub) will house a regional network management host to support its area. The management scheme for the data portion of the network will be based on the Simple Network Management Protocol (SNMP) standards. All routers will be pointed to the master Network Management host for the purpose of downloading new or existing configurations. The District Office will maintain the super user passwords for all network devices and configuration changes on these devices will be authorized from the District Office: i.e., Routers and LAN Switches. 

SECTION 5 - SECURITY 

External Threats - Internet Connectivity shall utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. In this implementation all connections initiated from the Internet into the schools private network will be refused. In the district security model the network will be divided into three (3) logical network classifications, Administrative, curriculum and external with secured interconnections between them. 

This model will dictate that two physical LAN infrastructures be installed at all schools and the District Office, with one designated administrative and the other curriculum. Every computer and file server will be categorized according to its function and placed on the appropriate LAN segment. At the schools, each LAN segment will have a file server. All applications will be categorized and placed on the appropriate server. By utilizing Access Control Lists (ACLs) on the routers, all traffic from the curriculum LANs will be prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as E-Mail and Directory services will be allowed to pass freely since they pose no risk. A user ID and Password Policy will be published and strictly enforced on all computers in the District. All computers in the District network will have full access to the Internet. All ACLs will be controlled at the district office and exceptions to the ACLs will be reviewed prior to implementation. 

SECTION 6 - INTERNET CONNECTIVITY 

All Internet connectivity will be supplied through the District Office with the District Office being the single point of contact for all schools and organizations within the district. This connection will be highly controlled and capacity (bandwidth) upgraded as usage dictates. The Internet connection will utilize double firewall implementation with a public network (Ethernet backbone) established for services that will be exposed to the Internet such as master E-mail, Domain Name Services (DNS) and a World Wide Web server. All connectivity that is initiated from the Internet to the internal District network will be protected via Access Control Lists (ACLs) on the routers that make up the double firewall architecture. Any connectivity initiated from the District to the Internet will be permitted to communicate freely. E-mail and DNS services will communicate freely in both directions since these applications poses no security threat. A Web server will be located on the public backbone and partitioned to allow any school to install a Web home page on the Internet. Individual Web servers that need total exposure to the Internet will not be permitted on the internal District network. If schools require an independent web server host, this host will be placed on the public network backbone. 

SECTION 7 - USER COUNTS 

Threaded Case Study -- User Counts at each site

Elementary School District Addressing 
You need to assume there will be 250 computers in each school for student/Curriculum (C) usage and 75 computers in each school for teacher/Administration usage (A). This would be the maximum number in any given school. Also keep in mind that at each location (indicated by a 1 on the site drawing) the layer 1 wiring needs to be designed to accommodate up to 25 computers: 1 run for the teachers/Admin computer (A) and 3 runs for up to 24 student/Curriculum computers (C). 

Washington Elementary School District 
Regional Hub I: One District Office/Data Center [75 (A)] and 11 schools [250(C) & 75(A): per school] 
Regional Hub II: One Service Center [75 (A)] and 11 schools [250(C) & 75(A): per school] 
Regional Hub III: 11 schools [250(C) & 75(A): per school] and one community school 

I. District Office/Data Center (Admin)

Desert Slope 
Sunnyslope 
Mountain View 
Road Runner 
Washington 
Lake View 
John Jacobs 
Iron Wood 
Desert Foothills 
Chaparral 
Cholla 

II. Service Center (Admin)

Sunset 
Acacia 
Mountain Sky 
Tumbleweed 
Sweetwater 
Sunburst 
Sahuaro 
Blue Sky 
Moon Mountain 
Lookout Mountain 
Abraham Lincoln 

III. Shaw Butte (School)

Richard E. Miller 
Royal Palm 
Alta Vista 
Cactus Wren 
Manzanita 
Maryland 
Ocotillo 
Orangewood 
Palo Verde 
Arroyo 
* Community School 

Notes: 

4 T1 data lines will provide Point-to-Point connectivity between each of the three Regional Hubs 
(I. Data Center - II. Service Center - III. Shaw Butte School) 
One T1data line will provide Point-to-Point connectivity from each Regional Hub to each connected site. 
One T1-speed data (Frame Relay) line will connect all sites to the Internet. This connection will occur at the District Office/Data Center, from the firewall routers to the Frame Relay "cloud." 
One site (Community school) will access the district WAN via ISDN. 
All site routers will have modem connectivity to the Data Center and Service Center for ease of router maintenance and enforcement of district-wide network administration policies.
 

Send mail to 24hs@electricalservices.com.au  with questions or comments about this web site.