16716-voice & data system

7/27/2019 16716-Voice & Data System

1/13

SECTION 16716

IT CONVERGED NETWORK SYSTEM

(ACTIVE COMPONENTS)

PART 1 GENERAL

1.1 DESCRIPTION

A. The work shall consist of all active equipment, software, servers to operate all theconverged project services.

B. The active network equipment shall support high-speed standards based10/100/1000 Mbps and 10 Gbps switched, multi-protocol, Ethernet network,providing converged IP services based on ANSI/TIA/EIA and ISO standards.

C. Full redundancy shall be provided at all levels of the network infrastructure (Coreand Edge layers)

D. All network end-points and outlets shall support minimum of 10/100/1000 Mbpsoperation and Power Over Ethernet.

E. Network cabling is covered in Section 16715 (VOICE AND DATA CABLING). ITcontractor shall coordinate , check and approve the cabling system to make sure itcan fulfill all IT requirement

F. The network topology shall be a two-tier model with Edge and Core Layers. All

switch interconnections shall be dual 10 Gbps.

G. Supplemental LAN coverage shall be provided via 802.11a/b/g/n Wireless AccessPoint (WAP) devices within specific areas.

H. Incoming services are provided by an outside carrier (STC), including, voice, data,internet, video & IPTV.

I. Global Services for Mobility (GSM) are provided by STC, Mobily.

1.2 REFERENCES

A. IEEE - Institute of Electrical and Electronic Engineers

IEEE 802.1 LAN Bridging and Management

IEEE 802.1S

IEEE 802.1W

IEEE 802.1X

IEEE 802.1D

IEEE 802.1P

ITCC in RiyadhResidential ComplexJ10-13300

16716-1 Converged Network System


2/13

IEEE 802.1Q

IEEE 802.3 Ethernet, CSMA/ CD Access Method

IEEE 802.3AD

IEEE 802.3AF

IEEE 802.3X

IEEE 802.3U

IEEE 802.3ABZ

IEEE 802.3AN 10 GBASE T Standards 2006

IEEE802.11 Wireless LANs

IEEE802.11a

IEEE802.11b

IEEE802.11g

IEEE802.11n

1.3 Basic Criteria:

A. Communication systems within the hotel will be required to support the business

needs of the operations, namely Information Technology, Telecommunicationsand Electronic Systems using a common backbone and unified structured cablingsystem.A managed IP based Ethernet switching system will be utilized with core activeequipment located in the main telecommunication Room at basement floor andedge active equipment located in deferent communication rooms at all floor.

Hotel shall have a complete LAN system based on fiber optic and UTP CAT 6acables using TCP/IP. All the communication system shall be IP based followingthe latest trend in the world market.

The communication systems can be considered as three separate components of

an integrated system:-

The Physical Layer: The Fiber Optic Backbone, Structured Cabling System andassociated Equipment rooms and spaces.The Transport layer: The Active Network Hardware, Switches and Routers.The Application Layer: The Software Applications such as the Hotel PMS Systemand as per IHG specs.

The system shall include, but not limited to:

Transport layer (core switches, edge switches, VLANS)

Network security Network management




3/13

Wi-Fi

Servers and Software

B. Transport Layer

The Transport layer is a term used to describe the active components of the datanetwork.

The design of the active network is based on a layer 3 cores and edge distributiontopology.

Core

The core Ethernet switch equipment will be located in the main telecomRoom. The core switch backplanes will in turn be connected via dual 10Gb vertical fiber channel optical cabling to the communication roomslocated on each floor. The core switch will be provided in a dual redundant

configuration.

Edge

Dual redundant vertical fiber channel cables will be terminated to10/100/1000Mbps Ethernet edge switches located in each comm. Room.The edge switch ports will in turn be connected via 10/100/1000Mbpscategory 6A UTP horizontal cabling to individual data outlets on that floor.Edge switches will be provided in a dual configuration of standard ports orPower over Ethernet (POE) ports as required for equipment such as Voiceover IP telephony end points and Wi-Fi transmitters that derive their powerfrom the data network.

VLANS

VLANS (Virtual LAN) are utilized within the switch software configuration inorder to segregate services and increase security between users. Theprimary security consideration is to completely segregate the Guestnetwork from the Administration network.

Additionally, separate V-LANS will be configured for individual networks asfollows:-

Administration LAN / P.O.S. / WiFiGuest WiFiGuest VoIPIPTV / HiTV

C. Network Security

A layered approach to Network Security shall be adopted as follows:-

Perimeter

Individual network zones shall be firewalled and protected via software

antivirus and intrusion detection applications. End point security shall beprovided so as to validate and authorize wired or wireless connectivity.




4/13

CoreNetwork access control shall be provided incorporating Host ID and MACbased filtering to ensure that unauthorized communication is disconnected

D. Network Management

A centralized Network Management System shall be provided in order to managethe network configuration as well as providing wired and wireless deviceinformation, system manageability and system wide awareness of changes in thenetwork.

The Network Management System shall provide the following capabilities:-

Discovery of network devices and calculate Layer 2 relationships to

provide views of the network by different views includingLAN edge view and a general Layer 2 view.Topology maps to indicate the discovery and Simple NetworkManagement Protocol (SNMP) status of network devices.Tools for creating, deleting and editing VLANs.User tracking functions to correlate MAC address and IP address to switchports.Path analysis tools to perform path analysis for Layer 2 and Layer 3devices using the device host name or IP address.Change monitoring log recording users and applications which are activeon the network.

E. Wi-Fi

Full Wi-Fi Coverage according to wireless standard IEEE 802.11 shall be providedin all public areas, lobbies and lounges, food & beverage outlets, meeting rooms,administration areas barking areas and all guest rooms.Voice over Wi-Fi shall be used to provide staff and customers with mobiletelephone service.Security segregation between wireless networks shall be provided via VLAN andSSID (Service Set Identifier) allocation.All wireless access points shall be password protected and only accessiblethrough Secure Sockets Layer (SSL) connection.Wi-Fi access points will in many cases be located above ceilings and it should be

noted that access panels will be required for service and maintenance.The Wi-Fi distribution will employ a minimum of three channels and will bedesigned so as to avoid overlap.

F. Server and Software

Servers

All servers shall be in the server room within cabinets

Servers shall have the latest operating system patches installed.

Access to server must be controlled by a user logon and password

Servers must be backed up as per operator standards




5/13

Software

Software applications shall run over the data network for deferent businessapplications as per operator requirements and standards

Anti-virus software will be used on all servers, desktop and laptops

Anti-virus definition will be updated on a daily basis

All software running on servers, desktop and laptops must be licensed

A detailed manual must be available showing the emergency plan case of

system failure

The emergency plan must be tested and updated as per operator

standards to ensure accuracy

1.4 SUBMITTALS:

A. Product Data: Include data on features, ratings, and performance for eachcomponent specified.

B. Shop Drawings: Include dimensioned plan and elevation views of each individualcomponent. Show equipment assemblies, method of field assembly, workspacerequirements, and access for cable connections.

C. Wiring Diagrams: Show typical wiring schematics including workstation outlets,jack and jack assemblies, patch cords, patch panels, fiber-optic boxes and otherequipments.

D. Samples: For workstation outlets (TO), jacks, jack assemblies, and faceplates forcolor selection and evaluation of technical features.

E. Switches specification and data sheet (if applicable).

1.5 TRANSPORTATION, HANDLING AND STORAGE:

A. Deliver equipment and components in factory-fabricated containers or wrappings,which properly protect equipment from damage.

B. Store equipment and components in original packaging. Store inside in a well-ventilated space protected from weather, moisture, soiling, humidity, and extreme

temperatures.

C. Handle equipment and components carefully to prevent damage, breaking, andscoring of finishes. Do not install damaged units or components; replace with new.

1.6 WARRANTY:

A. The manufacturer must guarantee to the End User that the products referencedwithin the specific Warranty Modules (Class E System) when correctly installed inaccordance with installation guidelines:

1. Will be free from product defects in materials and workmanship

2. Are guaranteed to exceed the Class E Channel and Permanent Linkrequirements as specified in ISO/IEC 11801:2002




6/13

3. Supports the following application (not limited):

10BASE T Ethernet 100BASET Fast Ethernet 1000BASE TX Gigabit Ethernet 10GBASE-T 155Mbit ATM 1000Mbit ATM (CB1G) 10GBASE-T

4. For a duration of 20 years

B. All components including the patch cords have to be produced by the samecabling system manufacturer to ensure warranted performances and applicationsagainst the standards.

1.7 QUALITY ASSURANCE:

A. Manufacturer's Qualifications: The items provided under this contract will be frommanufacturers that have a minimum of 5 years experience in producing the typesof systems and equipment specified.

B. Installer Qualifications: Specialist subcontractor with at least 5 years of successfulinstallation experience with projects utilizing data system similar to that required forthis project. Subcontractor shall be subject to approval of Engineer.

C. Materials and installation shall comply with the specified Codes and Standards.

D. Single Source Responsibility: All components and accessories shall be product of

single manufacturer except for cables.

1.8 ENVIRONMENTAL REQUIREMENTS:

A. Connecting hardware shall be rated for operation under ambient conditions of 0 to60 degrees C and in the range of 0 to 95 percent relative humidity, non-condensing.

PART 2 PRODUCTS

2.1 GENERAL REQUIREMENTS

A. All Data equipment shall be rack mounted in standard 19-inch racks within racksand cabinets. Contractor is responsible for providing fans, shelves, drawers,special power wiring, earth connections, surge suppression, patch panels, patchcords, cables, connectors, appurtenances, and adapters of any kind necessary toaccommodate the system installation, operation, testing, or maintenance.Contractor shall provide the appropriate factory or custom rack mount adapters forall equipment installed in the equipment rack, whether specifically itemized or not.Contractor shall cover unused slots using blank panels.

1. Each active device shall be accessible from a network console or auxiliaryRS-232 port.




7/13

2. Each active device shall be capable of generating Simple NetworkManagement Protocol SNMP and SNMPv2 alarms.

3. Multimedia and multicast support shall be provided through use of InternetGroup Management Protocol (IGMP).

4. Virtual Local Area Network (VLAN) creation shall be provided based onboth port and MAC addresses.

5. Support port mirroring shall be provided.

6. All software for the interconnectivity of LAN devises shall be provided.

7. A Network Management system shall be provided.

2.2 NETWORK MANAGEMENT SOFTWARE

A. A central network management system shall be provided in order to enablesystem wide administration and monitoring of the network. The system shall be anindustry standard operating system. The application shall be provided, pre loadedonto a 1 GHz single CPU server running Windows 2008 or higher. The NetworkManagement system shall provide the following minimum level of features:-

1. Discovery of all connected network devices and calculation of Layer 2relationships

2. Network views including LAN edge view, and Layer 2 view.

3. Simple Network Management Protocol (SNMP) status of all network

devices

4. Layer 2 and Layer 3 device path-analysis and map or table

5. Automated fault detection

6. Creation, editing and deletion of network VLANS

7. Mapping of device MAC, IP address and user ID to switch ports

8. Monitoring and log file creation

9. Device reporting to include software versions, memory availability, slotavailability and Boot ROM

10. Scheduling of software and configuration updates to selected devices.

2.3 CORE SWITCHES

A. Individual dual redundant Core Switches shall be provided for the guest andadministration networks and installed in MDF room locations as indicated in thedrawings.

B. It is essential that the Core Switches fully support the TVoIP, Digital Signage andNPVR multimedia applications and are capable of Protocol Independent Multicast




8/13

(PIM), Source-Specific Multicast (SSM), Pragmatic General Multicast (PGM), FastLeave / Fast Join and IGMP V1 & V2 Snooping protocols.

C. Contractor shall be entirely responsible for complete compatibility between thenetwork equipment and the services that are required to run on the network.

1. The Core Switches shall provide the following minimum performance andfeatures:-

a) Dual with redundant power supplies

b) Passive backplane architecture

c) 9-slot (minimum) modular Chassis.

d) Minimum 720-Gbps architecture.

e) Minimum hardware based forwarding rate on Layers 2, 3 and 4 of350 Mpps.

f) RIP, OSPF and BGP routing protocol Support

g) IPv6 hardware support

h) MPLS hardware support

i) Support of multicast and broadcast suppression

j) Support of minimum 500,000 IPv4 routes

2. The Core Switches shall provide the following minimum QoS features:-

a) QoS configurable per port.

b) Support for eight queues per port.

c) Strict priority queuing.

d) IP differentiated services code point (DSCP).

e) Classification and marking based on IP Type of Service (ToS) or

DSCP.

f) Classification and marking based on full Layer 3 and Layer 4headers.

g) Input and output policing based on Layer 3 and Layer 4 headers.

3. The Core Switches shall provide support for the following protocols:-

a) Layer 2 switch ports and VLAN trunks.

b) IEEE 802.1Q VLAN encapsulation.

c) Support for 1900 VLANs per switch.




9/13

d) IGMP Snooping v1 and v2.

e) Link aggregation across line cards.

f) Link Aggregation Control Protocol (LACP).

g) Jumbo Frames (up to 9216 bytes).

4. The Core Switches shall provide support for the following SecurityFeatures:-

a) F TACACS+ or RADIUS, to enable centralized control of the switchand restrict unauthorized users from altering the configuration.

b) Standard and extended Access Control Lists (ACL) on all ports.

c) 802.1x user authentication (with VLAN assignment, voice VLAN,port security, and user VLAN extensions).

d) 802.1x accounting.

e) VLAN ACL (VACL).

f) Port ACL (PACL).

g) Port security

h) SSHv1 and SSHv2

5. The Core Switches shall be Cisco Catalyst 6500 Series, ExtremeNetworks or equal and approved alternative.

2.4 EDGE SWITCHES

A. Edge Switches shall be provided and installed in IDF room locations as indicatedin the drawings.

B. The Edge Switches shall be enterprise class supporting 802.3af (Power overEthernet on all ports).

C. It is essential that the Edge Switches fully support the TVoIP, Digital Signage andNPVR multimedia applications and conform to are capable of ProtocolIndependent Multicast (PIM), Source-Specific Multicast (SSM), Pragmatic GeneralMulticast (PGM), Fast Leave / Fast Join and IGMP V1 & V2 Snooping protocols.

1. The Edge Switches shall provide the following minimum performance andfeatures:-

a) Minimum hardware based forwarding rate of 320 Mpps.

b) 5 G Switch fabric.

c) Dual 1 GB Ethernet ports on Single mode fiber.




10/13

d) Minimum 16,000 MAC address.

e) Link aggregation.

f) Redundant power supply.

2. The Edge Switches shall provide support for the following protocols:-

a) Layer 2 switch ports and VLAN trunks.

b) IEEE 802.1Q VLAN encapsulation

c) Minimum 256 VLAN per switch

d) Per-VLAN Spanning Tree (PVST).

e) Spanning-tree fast port startup.

f) 802.1s, 802.1w and 802.3ad support.

3. The Edge Switches shall provide the following minimum QoS features:-

a) Traffic Management.

b) Support for eight queues per port

c) Strict priority queuing

d) DSCP (IP Differentiated Services Code Point)

e) Classification type of service (ToS) or DSCP.

f) Per port and per VLAN QoS configuration

4. The Edge Switches shall be Cisco Catalyst 3750 Series, ExtremeNetworks or equal and approved alternative.

2.5 WIRELESS ACCESS POINTS

A. The wireless access points shall be IEEE 802.11a/b/g/n compliant and derive theirpower from the network.

B. The points shall provide both AES and TKIP encryption protocols shall be lowprofile and unobtrusive with built in antennae.

C. Note: Wireless coverage shall be provided for all areas including back of house,back of house corridors and administration offices.

1. The wireless access point shall provide the following minimum features:-

a) Dual 802.11a, 802.11g and 802.11n operation

b) Support for Voice Over WiFi

c) Provision of up to 300 Mbps




11/13

d) Backward compatibility with legacy 802.11b clients.

e) Support of up to s 15 non overlapping Channels

f) Low profile design with integrated antenna

g) Hardware-Assisted AES Encryption

h) IEEE 802.11i-

i) WPA2 Certification

j) WPA Certification

k) Support for PoE to IEEE 802.3af

2. The Wireless Access Points shall be Cisco Aironet Series or equal andapproved alternative.

2.6 INTERNET GATEWAY

A. Broadband Internet access Gateway is typically provided by the Internet serviceprovider (ISP). In the case where the provider does not supply such equipment,an internet Gateway with the following features is required:

1. 2 x 0/100 LAN interfaces

2. 2 x ADSL interfaces

3. Advanced routing, security and QoS services

4. Integrated Firewall with NAT / PAT functionality

2.7 HIGH SPEED INTERNET ACCESS

A. All Hotel guest rooms shall be provided with high speed internet access via aVLAN on the building LAN.

B. Physical connection shall be via a dedicated network outlet port located adjacentto the guest room desk.

C. Access to HSIA shall be made available in all Hotel and Mall public areas, lobbiesand lounges via the wireless LAN.

D. The system shall auto configure on connection and require zero configurationfrom the user.

E. The system shall be configurable as a free service or a billable service. Paymentmethods will include the use of pre paid cards, on line credit card payment oraddition to guest folio.

F. The billing system shall support the following facilities:-

1. Support for billing via Micros-Fidelio




12/13

2. RADIUS authentication and authorization

2.8 FIREWALL SECURITY DEVICE

A. Contractor shall provide individual Firewall Security Devices for the Mall and Hotelin order to provide the respective networks with secure connectivity, protectionfrom malware and malicious attack and to enable the establishment andenforcement of an application policy within the development.

B. The specification of the Firewall Security Device shall be as follows:-

1. Support of multiple 10/100 Ethernet interfaces.

2. Support of VLAN.

3. Support of VPN

4. Support of Client VPN Services

5. Support of Site to Site VPN

6. Support of throughput up to 100 Mbps

7. Support of 3 DES throughput up to 10 Mbps

8. Support of active/active or active/standby failover.

C. The Firewall Security Device shall be the Cisco PIX 515 Series or equal and

approved alternative.

2.9 DMZ

A. A DMZ (perimeter network) shall be provided and located between the internalnetwork and the internet access gateway such that secure connections from theinternal network (e-mail, web and DNS servers) and the external network to theDMZ are permitted, whereas connections from the DMZ are only permitted to theexternal network.

B. The DMZ shall be configured using two firewalls such that the DMZ is connectedto firewalls, one firewall connected to the internal network and the other firewall

connected to the external network.

2.10 INTRUSION PROTECTION

A. An Intrusion Protection module shall be supplied. The IP module shall detect,classify, and stop malicious traffic.

B. The specification of the Intrusion Protection module shall be as follows:-

1. Minimum 100 Mbps traffic throughput

2. Multiple 10/100 monitoring interfaces.

3. IDS and IPS service




13/13

4. Embedded web based management / administrative software tool.

C. The Intrusion Protection Module shall be the Cisco Catalyst IDSM Series or equaland approved alternative.

PART 3 - EXECUTION

3.1 INSTALLATION:

A. The entire system shall be installed by specialist subcontractor approved by theEngineer.

B. Installation shall be in accordance with the approved drawings and manufacturer'swritten instructions.

C. Check that all test for Section 16715 (Voice and data cabling) has been carried outas specified.

D. Check certification and guarantees and test reports of section 16715 are provided.

E. All systems on this project are using the same infrastructures and unified IT network.IT contractor to coordinate with all system supplier/contractors to provide thenecessary services and check compatibility of all system to the IT network.

F. Test all the security of the system as per security software/hardware manufacturer.

3.2 TESTING

A. General: After installation of entire system and prior to acceptance of work,manufacturers standard tests to be conducted in the presence of the Engineer toshow proper Operation of each equipment and the system entirely.

B. All test certificates shall be prepared and submitted officially before theacceptance.

END OF SECTION



16716-voice & data system

Documents