capstone week 4
TRANSCRIPT
1
UNTHI NK ABLE
Creative
Innovative
With the constant and rapid changes in
technology, fast paced minds are
required to keep up with the slew of
equipment changes for multiple types
of businesses.
706 Moore Street
King of Prussia, Pennsylvania19406
Phone: 610-444-5555 Fax: 618-444-5556
www.ICUconsultants.com
ICU CONSULTANTS
A complete and thorough evaluation of
your floor plan will be assessed in order
for our team of designers to create the
best design that caters to the needs of
your business .
Reputed knowledge and planning
goes into the delivery of every single
intricate design by our team of
experts.
Our team of experts will devise the
most effective and efficient design for
your business.
We will find the most effectual tools
essential for your business in order to
keep up with the evolving changes of
our fast paced world.
2
INDEX 1. Hardware overview (Ron)
a. Current hardware
b. Proposed hardware
2. Software overview (Ron)
a. Current software
b. Proposed software
3. LAN overview (David)
a. Current LAN
b. Proposed LAN design
4. WAN overview (David)
a. Current WAN
b. Proposed WAN
5. Main office design/network services (Jacob)
6. Ip addressing design/scheme (David)
7. Internet connectivity design (Elias)
8. Network Security (Rick)
a. Physical security
b. Logical security
c. Data security
9. Project coat (Rick)
a. HR cost
b. Hardware cost
c. Software cost
d. Implementation cost
e. Testing/training cost
10. Testing (Nate)
a. Hardware configuration
b. Software configuration
c. Bandwidth
d. Infrastructure
11. Project schedule (Elias)
12. Project conclusion (Kay)
3
KOP MEDICAL ASSOCIATES
IMPLEMENTATION AND UPGRADE TO NETWORK DESIGN AND INFRASTRUCTURE FOR KOP MEDICAL ASSOCIATES
A COMPREHENSIVE NETWORK DEVELOPMENT PROJECT
SUBMITTED TO THE
IT/COMPUTER NETWORK SYSTEMS PROGRAM
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE ASSOCIATE DEGREE
by
NICK DATTILO
KAY LAI
JACOB MARTEL
ELIAS ALVAREZ
RICHARD DABNEY
RONDALD DUNN JR
NATHANIEL DUFFY
ADVISOR-MR. NNOKO
ITT TECHNICAL INSTITUTE
KING OF PRUSSIA, PENNSYLVANIA
AUGUST, 2010
4
Week 4 Hardware Selection and Cost (Ron) IP Addressing (Dave) LAN and WAN Diagrams (Dave) Internet, Phone, Cabling selections (Elias) Week 5 Hardware Finalize (Ron) Software Selection and Licensing (Ron) Network Services Finalize (Jacob) Security Finalize (Rich) Disaster Recovery Requirements (Nate) Week 6 Software Finalize (Ron) Internet, Phone, Cabling Finalize (Elias) Project Plan Start (Elias) Cost Finalize (Rich)
LAN and WAN Finalize (Dave)
Week 7
Disaster Recovery Finalize
Testing Finalize
Project Plan Finalize
Project Overview Finalize
Project Conclusion Finalize
Week 8-11
Actual installs
5
As primary care centers King of Prussia Medical Associates strives to provide excellent medical services and convenience for all of our patients. From their in-house pharmacies to x-ray and other lab testing services, to minor surgeries, The Doctor's Office can diagnose and care for you and your family at any of their five convenient Philadelphia, Pennsylvania locations. Their office hours are (7 a.m. - 9 p.m.) depending on what doctors are in which location.
Such domains have at least a Primary Domain Controller (PDC), and will often have one or more Backup Domain Controllers (BDCs). the first Windows NT Server in the domain is configured as a PDC. The User Manager for Domains utility is used to maintain user and group information for the domain using the domain security database on the primary controller. The PDC has the master copy of the user accounts database that it can access and modify, called Active Directory. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network for load balancing. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC. Our PDC will be on a server running Windows Server 2008 in the Main Office. Each satellite office will host a BDC, also on a Windows Server 2008 machine.
The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Similarly to the Domain Controllers, our primary DNS server will exist on the same machine as the PDC, and each BDC will also provide DNS services.
In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
6
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information.DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking.DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Our DHCP server will sit on the PDC machine at the main site.
FTP is usually used to send files from computers to hosting web servers when creating a website. It can also be used as a means of "downloading" files from other servers. FTP is sometimes used to send files from one computer directly to another. It most commonly uses ports 20 and 21. We will use FTP to allow doctors and nurses access to electronic patient records via Patient Management software.
In computer networking, network address translation (NAT) is the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another.
The term web are applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows its users to interact with each other as contributors to the website's content, in contrast to websites where users are limited to the passive viewing of information that is provided to them. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites. We will host a few different web applications that will be backed by a SQL Server database. Users will interact with the database via html pages.
7
Communication is very important in the business world--especially when it comes to business email. Gone are the days when communication was solely done through paper and pencil and then delivered through snail mail. Electronic messaging is now a very important part of businesses. Due to the volume of business trades around the world, a faster and more efficient system that would handle exchange of messages and manage communication between servers is a necessity. Business email needs to travel quickly and efficiently to its recipient. This is where exchange servers come into play. You may be wondering, "How does an exchange server work?" Let's discuss more about these email servers. Here's how to understand an email server.
An Exchange Server is an application intended to handle a corporate messaging system. The email server system supports both internal and external electronic messages. The Exchange Server processes the messages into four basic steps.
1. First, the client who will be sending a message shall connect to the exchange servers and then send the message. 2. The server then processes the message by storing it in the appropriate location in the messaging database. 3. After which, the server informs the recipient of the message's arrival. 4. The recipient of the message then connects to the server to retrieve the message.
8
To process the messages, the Exchange Server has four core components that make exchanges of communication happen. These four core components of these email servers assist to organize, distribute and receive messages from other processes and operations.
1. Information Store 2. System Attendant 3. Simple Mail Transfer Protocol (SMTP) 4. Active Directory Service.
9
In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the filter validates the request, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.
5. A proxy server has a large variety of potential purposes, including: 6. To keep machines behind it anonymous (mainly for security). 7. To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web
server. 8. To apply access policy to network services or content, e.g. to block undesired sites. 9. To log / audit usage, i.e. to provide company employee Internet usage reporting. 10. To bypass security/ parental controls. 11. To scan transmitted content for malware before delivery. 12. To scan outbound content, e.g., for data leak protection. 13. To circumvent regional restrictions.
10
ICU consultants strive to be a dependable and elite organization that takes pride in every aspect of our day to day
activities. Network security is by far the most important when building or in this case restructuring a network. The
provisions set forth in this computer network infrastructure will protect the network and the networks accessible
resources from unauthorized access. While strategically protecting the network itself, ICU will also be responsible
for protecting the physical aspect of every facility incorporated by KOP Medical Associates. Therefore, ICU
Consultants will be responsible for restructuring KOP Medical Associates. physical, logical, and data security.
Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or
information stored at a physical location/sight. There will be a complete upgrade to KOP Medical Associates
physical security system to protect against intrusion when the office is closed as well as during the companies
normal business hours. During the evening hours ICU will implement an alarm system monitored and installed by
ADT. The ADT Premise Pro electronic security system will help protect each of KOP Medical Associates five
locations from burglary and intrusion. ICU specifically chose this system because it is designed to provide a small
business with effective, affordable security.
11
Technology is why ICU Consultants exist; therefore KOP Medical Associates will be going keyless to gain access to
each facility. Each visiting patient will have to be buzzed in to gain access to the facility to ensure a more secure
environment. Every employee will be given an access card to gain entry, this will also give upper management the
ability to monitor who enters and leaves each facility. The next measure of physical security ICU will be
implementing to ensure the safety of KOP Medical Associates facilities will be the installation of surveillance
cameras. There will be two cameras installed per five locations, thus bringing the total in entirety to ten for all of
KOP Medical Associates facilities. The cameras will monitor the office during normal business hours plus adds an
additional measure of security during the hours the business is closed. ICU will be installing the Panasonic I – Pro
color fixed mini dome IP Security Camera. This equipment comes complete with viewing software that will be
linked to the application server and a pc will be designated for viewing and recording. The final upgrade to KOP
Medical Associates physical security will be fingerprint door locks to be installed on the IT/Telecom room as well as
the storage area. There will be an elite chosen few to gain access to these two areas. There will be a total of ten to
complete the upgrade, two per facility. The device chosen by ICU Consultants is the Tocahome e key. This is
another measure ICU Consultants takes to ensure the integrity of our network security.
12
Logical Security consists of software safeguards for an organization’s systems, including user Identification and password access, authentication, access rights and authority levels. These measures are to
ensure that only authorized users are able to perform actions or access information in a network or a workstation. The logical security of KOP Medical Associates needs considerable improvement. There will be several upgrades implemented to provide top notch security of the networks infrastructure. For starters ICU will apply and implement several scopes on every server starting with the DHCP Server. Configuring the necessary scopes and configuring group policy to determine who can access and modify will be determined by the resources on the network and who actually needs to access them. IIs will also be configured for this network. There will also be ASP.NET and exchange 2010 that will be configured and will require username and password to access.
Every possible avenue on KOP Medical Associates network will be road blocked with username, password,
authentication, and biometrics. All of these measures are taken to log onto the network, this ensures that the
authorized user can access only what they are permitted. To further protect the network there will be hardware
encryption software installed as well as database encryption software. To protect all of KOP Medical Associates
wireless capabilities there will be Mac Address filtering along with router security configured so that there will be
no broadcast of the networks SSID.
13
Finally the most important part of protecting a business’s network resources is protecting
the resources central location. For us at ICU Consultants the server room is where it all
begins and is the most guarded area when we are called upon to upgrade or install a
network system. Therefore ICU Consultants enforce a very strict server room policy and
server room security is implemented in every location. This protects the network and all
of its resources. Server rooms are full of equipment, such as servers, routers switches,
server racks etc., these machines run constantly and can potentially overheat. ICU will be
installing network monitoring and server monitoring software. This will keep a close eye
on the temperature of the server room and all equipment in use in that designated area.
Every server room in all five of KOP Medical Associates facilities will implement this
security standard and monitoring software. By implementing such a vigorous security
process ICU stands firm and confident in protecting the confidentiality of KOP Medical
Associates patients and all resources that reside on their network
14
15
16
17
18
19
20
21
22
23
24
25
Megapixel Super Dynamic Vandal Resistant Fixed Dome Network Camera
WV-NW502S
3 Megapixel Vandal Resistant Day/Night Network Camera featuring Super Dynamic and
Megapixel real time transmission by H.264 high profile
Megapixel Super Dynamic at 1,280 x 960 image
H.264 High Profile 1,280 x 960 image at 30 ips real time video
2.6 million pixels CCD 2,048 x 1,536 high resolution image
High sensitivity: 1.0 lux (Color), 0.08 lux (B/W) at F1.4
Multi-streaming including H.264, MPEG-4 and JPEG
Vandal and Weather resistant
26
Megapixel Network Camera featuring H.264 High Profile and Super Dynamic.
In 2002 Panasonic first introduced i-Pro Network cameras to the surveillance industry, that have been well accepted in the market. In
2009, with the market proven knowledge and experience, Panasonic proudly introduces new i-Pro, Mega SD Network Cameras,
WV-NP502 standard model and WV-NW502S Vandal resistant fixed dome model.. It is equipped with a 2.6 million pixels CCD,
Super Dynamic DSP and UniPhier LSI. These compornents made MEGA SD camera an unique and outstanding network camera,
enabling Megapixel Super Dynamic, 2048x 1556 high resolution image and 1280x960 H.264 30 ips real time transmission.
27
Megapixel Super Dynamic
Megapixel Super Dynamic delivers 1280 x 960 image with
superior dynamic range by fusion of 2.6 million pixels CCD
and Super Dynamic DSP. It can reproduce more natural
dark gradation and visibility around motion area.
Megapixel Image
2.6 million pixels CCD and Uniphier platform delivers 2048
x 1538 outstanding image quality, allowing precise
identification. It can provides 10 times more precise image
than the conventional VGA CCDs. Alternatively it can
capture an area 10 times larger while maintaining the
same image quality of conventional VGA cameras
28
H.264 High Profile
H.264 High profile encoding with Panasonic Uniphier LSI
enables 1280 x 960 real time video stream with smaller data
size.
Progressive Video Output ensures clear images with less
motion blur and no tearing even when the subject is
moving.
Progressive Video Output
29
High Sensitivity
High sensitivity 1.0 lux allows color images even when the lighting is dim. When the situation is too dark,
Electronic Sensitivity Enhansment and Day/Night feature further enhances the low light capability, ideal for 24-
hour surveillance.
Day/Night feature automatically switches the
camera from color to B/W depending on the
illumination. ABF automatically adjusts back
focus, allowing easy installation and
accurate focus in both color and B/W mode.
With moving IR cut filter and ABF, both high
sensitivity and accurate focus are ensured.
30
2D-DNR for motion area and 3D-DNR
for static area are effectively combined,
realizing a clear low noise image with
less motion blur and resolution
deterioration.
Three different type of streaming modes
including JPEG and H.264(2ch) or
MPEG4(2ch) can be transmitted
simultaneously, enabling both real time
monitoring and high quality recording.
31
When the network experiences a problem, images
can automatically be backed up in the SD/SDHC
memory card. Images recorded in the SD/SDHC
memory during a network failure can be transferred to
the recorder automatically or manually when the
recorder is in non-recording status.
i-Pro cameras can send motion meta data
when used with WJ-ND400 so that motions
in the specified area in the recorded images
can quickly be searched. Sensitivity depends
on the VMD setup of the camera.
32
Various alarm sources and actions are available for flexible alarm control. Alarm sources including 3 terminal inputs,
VMD and Panasonic alarm command can trigger actions such as SD/SDHC memory recording, Image quality change
(JPEG). FTP image transfer, E-mail notification, Indication on browser, Terminal output, and Panasonic alarm command
output.
FTP client function enables periodic live image
transfer or recorded image transfer in response
to an alarm.
33
Up to two streams can be prioritized when
multiple devices are accessing, allowing
to maintain the frame rate of the recording
or specific clients.
Frame Rate Priority Mode dynamically
controls bit rate and image quality depending
on the subject to maintain the frame rate.
34
Up to 16 cameras can be displayed on 4x Quad screens or 16 split screen. Pan/Tilt control is available in the Quad screens.
Full duplex bi-directional audio allows interactive communication between camera site and monitoring site.
35
Internet Connectivity
Service Tier Price $ High- Download / Upload speed 1mbps=1000kbps 99.95/month 22 mbps / 5 mbps Static IPs 1- 14.95 5- 19.95 13- 34.95 Equipment Included IP Gateway with Firewall & Router Web Hosting Included domain name & 3 page website, 10MB storage, site-builder software Applications Included Norton Business Suite (up to 25 PCs/MACs) Included Microsoft Communications Services Windows SharePoint
- 1 site per company - 2 GB total storage Shared documents and files
Email Microsoft Outlook 2007 with both desktop and web access -Shared and synchronized email, calendar and task lists -2, 4, or 8 email box (depends on package) -2 GB storage Mobile Support Support for mobile devices with Microsoft ActiveSync + iPhone Point-to-point
This type of network consists of many connections between individual pairs of machines. To go from the source to the destination, a
packet of information on this type of network may have to first visit one or more intermediate machines. Often multiple routes, of
different length are possible, so routing algorithms play an important role in point-to-point networks
36
Workstations need 45 for safety and replacement
1. HP Compaq 6005 Pro (has hd, ram, windows 7 on it already)
Laptops 15
1. HP Compaq 515 - Athlon X2 QL-66 2.2 GHz
Tablets 45
1. M&A Companion Touch 10 (cheap portable and will cover the needs for the laptop and pda)
Servers needed 13 for redundancy
1. HP ProLiant BL2x220c G6 ( has hd more than needed ram )
Keyboard/mice needed 100 for replacement
1. Logitech Desktop MK120 (cheap and dose the job needed)
1. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)
37
Workstations need 45 for safety and replacement
2. HP Compaq 6005 Pro (has hd, ram, windows 7 on it already)
Laptops 15
2. HP Compaq 515 - Athlon X2 QL-66 2.2 GHz
Tablets 45
2. M&A Companion Touch 10 (cheap portable and will cover the needs for the laptop and pda)
Servers needed 13 for redundancy
2. HP ProLiant BL2x220c G6 ( has hd more than needed ram )
Keyboard/mice needed 100 for replacement
2. Logitech Desktop MK120 (cheap and dose the job needed)
2. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)
38
Monitors needed 45 for replacement
3. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)
Docking stations 15
1. HP xb4 Notebook Media Docking Station
Network phones 100
1. Aastra 9116 Single Line Analog Telephone Charcoal
Cameras
1. Panasonic i-Pro Network Color Dome Camera
Networking
1. Wireless access points Cisco 521 Wireless Express Access Point (Cisco IOS Software Standalone mode 2. Routers Cisco Small Business Pro SR 520-T1 Secure Router
3. Switches Cisco Catalyst 2960G-24TC 24 port Switch
Printers / fax
1. HP LJ M2727nf MFP
39
Week 4
Software
Server OS
1. Windows Small Business Server 2008 Standard 20-User Client Access License $1540.00
Security
1. Virus – AVG free
2. Spyware – Spybot Search and Destroy
Microsoft office
1. Office-Professional-2010 $514.94
Exchange
1. Exchange Server 2010 Standard Edition $699.00
SQL server 2
1. SQL-Server-2008-Standard-Edition $5999.00
40
41
42
43
44
45
46
Router Configuration
To ease the setup, it makes sense to rename the routers something that will uniquely identify them:
Enter configuration mode
Router>enable
Router#config t
Router(config)#
Rename the router to "Center"
Router(config)#hostnameCenter
Center(config)#end
Center#copyrun start
47
Securing the WAN network is essential. There are a variety of passwords that can be used to protect the routers from
unauthorized access & configuration:
Set the enable password to "password1"
Router(config)#enable password password1
Set the enable secret password to "secret1". This password overrides enable password
Router(config)#enable secret secret1
Set console password to "console1"
Center(config)#linecon 0
Center(config-line)#login
Center(config-line)#passwordconsole1
Set telnet password to "telnet1"
Center(config)#linevty 0 4
Center(config-line)#login
Center(config-line)#passwordtelnet1
48
WAN Router Configuration
There are five sites, one router per site. The routers are set up with these addresses:
Center East South West North
DTE Serial 172.32.5.2/24
172.32.6.2/24
172.32.7.2/24
172.32.8.2/24
172.32.9.2/24
DCE Serial 172.32.6.3/24
172.32.7.3/24
172.32.8.3/24
172.32.9.3/24
172.32.5.3/24
Configure Center's DTE Serial Interface w/ IP to connect to East
North(config)#ints0/0
Center(config-if)#ip addr 172.32.5.2 255.255.255.0
Center(config-if)#no shut
Center(config-if)#exit
Configure Center's DCE Serial Interface w/ IP & clock rate to connect to Center
Center(config)#ints1/0
Center(config-if)#ip addr 172.32.6.3 255.255.255.0
Center(config-if)#clock rate 64000
Center(config-if)#no shut
49
Conclusion
After careful evaluation of the current system and floor plan,
our team of skilled engineers and technical experts
implemented the best equipment apposite for the facility.
The design has been implemented to provide information
and communication services for the new partnership with all
necessary security and disaster planning to meet HIPPA
requirements.
Each solution and change has been documented with
detailed configurations and instructions for ease of use.
50