1

UNTHI NK ABLE

Creative

Innovative

With the constant and rapid changes in

technology, fast paced minds are

required to keep up with the slew of

equipment changes for multiple types

of businesses.

706 Moore Street

King of Prussia, Pennsylvania19406

Phone: 610-444-5555 Fax: 618-444-5556

www.ICUconsultants.com

ICU CONSULTANTS

A complete and thorough evaluation of

your floor plan will be assessed in order

for our team of designers to create the

best design that caters to the needs of

your business .

Reputed knowledge and planning

goes into the delivery of every single

intricate design by our team of

experts.

Our team of experts will devise the

most effective and efficient design for

your business.

We will find the most effectual tools

essential for your business in order to

keep up with the evolving changes of

our fast paced world.

2

INDEX 1. Hardware overview (Ron)

a. Current hardware

b. Proposed hardware

2. Software overview (Ron)

a. Current software

b. Proposed software

3. LAN overview (David)

a. Current LAN

b. Proposed LAN design

4. WAN overview (David)

a. Current WAN

b. Proposed WAN

5. Main office design/network services (Jacob)

6. Ip addressing design/scheme (David)

7. Internet connectivity design (Elias)

8. Network Security (Rick)

a. Physical security

b. Logical security

c. Data security

9. Project coat (Rick)

a. HR cost

b. Hardware cost

c. Software cost

d. Implementation cost

e. Testing/training cost

10. Testing (Nate)

a. Hardware configuration

b. Software configuration

c. Bandwidth

d. Infrastructure

11. Project schedule (Elias)

12. Project conclusion (Kay)

3

KOP MEDICAL ASSOCIATES

IMPLEMENTATION AND UPGRADE TO NETWORK DESIGN AND INFRASTRUCTURE FOR KOP MEDICAL ASSOCIATES

A COMPREHENSIVE NETWORK DEVELOPMENT PROJECT

SUBMITTED TO THE

IT/COMPUTER NETWORK SYSTEMS PROGRAM

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS

FOR THE ASSOCIATE DEGREE

by

NICK DATTILO

KAY LAI

JACOB MARTEL

ELIAS ALVAREZ

RICHARD DABNEY

RONDALD DUNN JR

NATHANIEL DUFFY

ADVISOR-MR. NNOKO

ITT TECHNICAL INSTITUTE

KING OF PRUSSIA, PENNSYLVANIA

AUGUST, 2010

4

Week 4 Hardware Selection and Cost (Ron) IP Addressing (Dave) LAN and WAN Diagrams (Dave) Internet, Phone, Cabling selections (Elias) Week 5 Hardware Finalize (Ron) Software Selection and Licensing (Ron) Network Services Finalize (Jacob) Security Finalize (Rich) Disaster Recovery Requirements (Nate) Week 6 Software Finalize (Ron) Internet, Phone, Cabling Finalize (Elias) Project Plan Start (Elias) Cost Finalize (Rich)

LAN and WAN Finalize (Dave)

Week 7

Disaster Recovery Finalize

Testing Finalize

Project Plan Finalize

Project Overview Finalize

Project Conclusion Finalize

Week 8-11

Actual installs

5

As primary care centers King of Prussia Medical Associates strives to provide excellent medical services and convenience for all of our patients. From their in-house pharmacies to x-ray and other lab testing services, to minor surgeries, The Doctor's Office can diagnose and care for you and your family at any of their five convenient Philadelphia, Pennsylvania locations. Their office hours are (7 a.m. - 9 p.m.) depending on what doctors are in which location.

Such domains have at least a Primary Domain Controller (PDC), and will often have one or more Backup Domain Controllers (BDCs). the first Windows NT Server in the domain is configured as a PDC. The User Manager for Domains utility is used to maintain user and group information for the domain using the domain security database on the primary controller. The PDC has the master copy of the user accounts database that it can access and modify, called Active Directory. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network for load balancing. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC. Our PDC will be on a server running Windows Server 2008 in the Main Office. Each satellite office will host a BDC, also on a Windows Server 2008 machine.

The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Similarly to the Domain Controllers, our primary DNS server will exist on the same machine as the PDC, and each BDC will also provide DNS services.

In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.

6

The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information.DHCP uses a client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking.DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Our DHCP server will sit on the PDC machine at the main site.

FTP is usually used to send files from computers to hosting web servers when creating a website. It can also be used as a means of "downloading" files from other servers. FTP is sometimes used to send files from one computer directly to another. It most commonly uses ports 20 and 21. We will use FTP to allow doctors and nurses access to electronic patient records via Patient Management software.

In computer networking, network address translation (NAT) is the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another.

The term web are applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. A Web 2.0 site allows its users to interact with each other as contributors to the website's content, in contrast to websites where users are limited to the passive viewing of information that is provided to them. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites. We will host a few different web applications that will be backed by a SQL Server database. Users will interact with the database via html pages.

7

Communication is very important in the business world--especially when it comes to business email. Gone are the days when communication was solely done through paper and pencil and then delivered through snail mail. Electronic messaging is now a very important part of businesses. Due to the volume of business trades around the world, a faster and more efficient system that would handle exchange of messages and manage communication between servers is a necessity. Business email needs to travel quickly and efficiently to its recipient. This is where exchange servers come into play. You may be wondering, "How does an exchange server work?" Let's discuss more about these email servers. Here's how to understand an email server.

An Exchange Server is an application intended to handle a corporate messaging system. The email server system supports both internal and external electronic messages. The Exchange Server processes the messages into four basic steps.

1. First, the client who will be sending a message shall connect to the exchange servers and then send the message. 2. The server then processes the message by storing it in the appropriate location in the messaging database. 3. After which, the server informs the recipient of the message's arrival. 4. The recipient of the message then connects to the server to retrieve the message.

8

To process the messages, the Exchange Server has four core components that make exchanges of communication happen. These four core components of these email servers assist to organize, distribute and receive messages from other processes and operations.

1. Information Store 2. System Attendant 3. Simple Mail Transfer Protocol (SMTP) 4. Active Directory Service.

9

In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the filter validates the request, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.

5. A proxy server has a large variety of potential purposes, including: 6. To keep machines behind it anonymous (mainly for security). 7. To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web

server. 8. To apply access policy to network services or content, e.g. to block undesired sites. 9. To log / audit usage, i.e. to provide company employee Internet usage reporting. 10. To bypass security/ parental controls. 11. To scan transmitted content for malware before delivery. 12. To scan outbound content, e.g., for data leak protection. 13. To circumvent regional restrictions.

10

ICU consultants strive to be a dependable and elite organization that takes pride in every aspect of our day to day

activities. Network security is by far the most important when building or in this case restructuring a network. The

provisions set forth in this computer network infrastructure will protect the network and the networks accessible

resources from unauthorized access. While strategically protecting the network itself, ICU will also be responsible

for protecting the physical aspect of every facility incorporated by KOP Medical Associates. Therefore, ICU

Consultants will be responsible for restructuring KOP Medical Associates. physical, logical, and data security.

Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or

information stored at a physical location/sight. There will be a complete upgrade to KOP Medical Associates

physical security system to protect against intrusion when the office is closed as well as during the companies

normal business hours. During the evening hours ICU will implement an alarm system monitored and installed by

ADT. The ADT Premise Pro electronic security system will help protect each of KOP Medical Associates five

locations from burglary and intrusion. ICU specifically chose this system because it is designed to provide a small

business with effective, affordable security.

11

Technology is why ICU Consultants exist; therefore KOP Medical Associates will be going keyless to gain access to

each facility. Each visiting patient will have to be buzzed in to gain access to the facility to ensure a more secure

environment. Every employee will be given an access card to gain entry, this will also give upper management the

ability to monitor who enters and leaves each facility. The next measure of physical security ICU will be

implementing to ensure the safety of KOP Medical Associates facilities will be the installation of surveillance

cameras. There will be two cameras installed per five locations, thus bringing the total in entirety to ten for all of

KOP Medical Associates facilities. The cameras will monitor the office during normal business hours plus adds an

additional measure of security during the hours the business is closed. ICU will be installing the Panasonic I – Pro

color fixed mini dome IP Security Camera. This equipment comes complete with viewing software that will be

linked to the application server and a pc will be designated for viewing and recording. The final upgrade to KOP

Medical Associates physical security will be fingerprint door locks to be installed on the IT/Telecom room as well as

the storage area. There will be an elite chosen few to gain access to these two areas. There will be a total of ten to

complete the upgrade, two per facility. The device chosen by ICU Consultants is the Tocahome e key. This is

another measure ICU Consultants takes to ensure the integrity of our network security.

12

Logical Security consists of software safeguards for an organization’s systems, including user Identification and password access, authentication, access rights and authority levels. These measures are to

ensure that only authorized users are able to perform actions or access information in a network or a workstation. The logical security of KOP Medical Associates needs considerable improvement. There will be several upgrades implemented to provide top notch security of the networks infrastructure. For starters ICU will apply and implement several scopes on every server starting with the DHCP Server. Configuring the necessary scopes and configuring group policy to determine who can access and modify will be determined by the resources on the network and who actually needs to access them. IIs will also be configured for this network. There will also be ASP.NET and exchange 2010 that will be configured and will require username and password to access.

Every possible avenue on KOP Medical Associates network will be road blocked with username, password,

authentication, and biometrics. All of these measures are taken to log onto the network, this ensures that the

authorized user can access only what they are permitted. To further protect the network there will be hardware

encryption software installed as well as database encryption software. To protect all of KOP Medical Associates

wireless capabilities there will be Mac Address filtering along with router security configured so that there will be

no broadcast of the networks SSID.

13

Finally the most important part of protecting a business’s network resources is protecting

the resources central location. For us at ICU Consultants the server room is where it all

begins and is the most guarded area when we are called upon to upgrade or install a

network system. Therefore ICU Consultants enforce a very strict server room policy and

server room security is implemented in every location. This protects the network and all

of its resources. Server rooms are full of equipment, such as servers, routers switches,

server racks etc., these machines run constantly and can potentially overheat. ICU will be

installing network monitoring and server monitoring software. This will keep a close eye

on the temperature of the server room and all equipment in use in that designated area.

Every server room in all five of KOP Medical Associates facilities will implement this

security standard and monitoring software. By implementing such a vigorous security

process ICU stands firm and confident in protecting the confidentiality of KOP Medical

Associates patients and all resources that reside on their network

14

15

16

17

18

19

20

21

22

23

24

25

Megapixel Super Dynamic Vandal Resistant Fixed Dome Network Camera

WV-NW502S

3 Megapixel Vandal Resistant Day/Night Network Camera featuring Super Dynamic and

Megapixel real time transmission by H.264 high profile

Megapixel Super Dynamic at 1,280 x 960 image

H.264 High Profile 1,280 x 960 image at 30 ips real time video

2.6 million pixels CCD 2,048 x 1,536 high resolution image

High sensitivity: 1.0 lux (Color), 0.08 lux (B/W) at F1.4

Multi-streaming including H.264, MPEG-4 and JPEG

Vandal and Weather resistant

26

Megapixel Network Camera featuring H.264 High Profile and Super Dynamic.

In 2002 Panasonic first introduced i-Pro Network cameras to the surveillance industry, that have been well accepted in the market. In

2009, with the market proven knowledge and experience, Panasonic proudly introduces new i-Pro, Mega SD Network Cameras,

WV-NP502 standard model and WV-NW502S Vandal resistant fixed dome model.. It is equipped with a 2.6 million pixels CCD,

Super Dynamic DSP and UniPhier LSI. These compornents made MEGA SD camera an unique and outstanding network camera,

enabling Megapixel Super Dynamic, 2048x 1556 high resolution image and 1280x960 H.264 30 ips real time transmission.

27

Megapixel Super Dynamic

Megapixel Super Dynamic delivers 1280 x 960 image with

superior dynamic range by fusion of 2.6 million pixels CCD

and Super Dynamic DSP. It can reproduce more natural

dark gradation and visibility around motion area.

Megapixel Image

2.6 million pixels CCD and Uniphier platform delivers 2048

x 1538 outstanding image quality, allowing precise

identification. It can provides 10 times more precise image

than the conventional VGA CCDs. Alternatively it can

capture an area 10 times larger while maintaining the

same image quality of conventional VGA cameras

28

H.264 High Profile

H.264 High profile encoding with Panasonic Uniphier LSI

enables 1280 x 960 real time video stream with smaller data

size.

Progressive Video Output ensures clear images with less

motion blur and no tearing even when the subject is

moving.

Progressive Video Output

29

High Sensitivity

High sensitivity 1.0 lux allows color images even when the lighting is dim. When the situation is too dark,

Electronic Sensitivity Enhansment and Day/Night feature further enhances the low light capability, ideal for 24-

hour surveillance.

Day/Night feature automatically switches the

camera from color to B/W depending on the

illumination. ABF automatically adjusts back

focus, allowing easy installation and

accurate focus in both color and B/W mode.

With moving IR cut filter and ABF, both high

sensitivity and accurate focus are ensured.

30

2D-DNR for motion area and 3D-DNR

for static area are effectively combined,

realizing a clear low noise image with

less motion blur and resolution

deterioration.

Three different type of streaming modes

including JPEG and H.264(2ch) or

MPEG4(2ch) can be transmitted

simultaneously, enabling both real time

monitoring and high quality recording.

31

When the network experiences a problem, images

can automatically be backed up in the SD/SDHC

memory card. Images recorded in the SD/SDHC

memory during a network failure can be transferred to

the recorder automatically or manually when the

recorder is in non-recording status.

i-Pro cameras can send motion meta data

when used with WJ-ND400 so that motions

in the specified area in the recorded images

can quickly be searched. Sensitivity depends

on the VMD setup of the camera.

32

Various alarm sources and actions are available for flexible alarm control. Alarm sources including 3 terminal inputs,

VMD and Panasonic alarm command can trigger actions such as SD/SDHC memory recording, Image quality change

(JPEG). FTP image transfer, E-mail notification, Indication on browser, Terminal output, and Panasonic alarm command

output.

FTP client function enables periodic live image

transfer or recorded image transfer in response

to an alarm.

33

Up to two streams can be prioritized when

multiple devices are accessing, allowing

to maintain the frame rate of the recording

or specific clients.

Frame Rate Priority Mode dynamically

controls bit rate and image quality depending

on the subject to maintain the frame rate.

34

Up to 16 cameras can be displayed on 4x Quad screens or 16 split screen. Pan/Tilt control is available in the Quad screens.

Full duplex bi-directional audio allows interactive communication between camera site and monitoring site.

35

Internet Connectivity

Service Tier Price $ High- Download / Upload speed 1mbps=1000kbps 99.95/month 22 mbps / 5 mbps Static IPs 1- 14.95 5- 19.95 13- 34.95 Equipment Included IP Gateway with Firewall & Router Web Hosting Included domain name & 3 page website, 10MB storage, site-builder software Applications Included Norton Business Suite (up to 25 PCs/MACs) Included Microsoft Communications Services Windows SharePoint

- 1 site per company - 2 GB total storage Shared documents and files

Email Microsoft Outlook 2007 with both desktop and web access -Shared and synchronized email, calendar and task lists -2, 4, or 8 email box (depends on package) -2 GB storage Mobile Support Support for mobile devices with Microsoft ActiveSync + iPhone Point-to-point

This type of network consists of many connections between individual pairs of machines. To go from the source to the destination, a

packet of information on this type of network may have to first visit one or more intermediate machines. Often multiple routes, of

different length are possible, so routing algorithms play an important role in point-to-point networks

36

Workstations need 45 for safety and replacement

1. HP Compaq 6005 Pro (has hd, ram, windows 7 on it already)

Laptops 15

1. HP Compaq 515 - Athlon X2 QL-66 2.2 GHz

Tablets 45

1. M&A Companion Touch 10 (cheap portable and will cover the needs for the laptop and pda)

Servers needed 13 for redundancy

1. HP ProLiant BL2x220c G6 ( has hd more than needed ram )

Keyboard/mice needed 100 for replacement

1. Logitech Desktop MK120 (cheap and dose the job needed)

1. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)

37

Workstations need 45 for safety and replacement

2. HP Compaq 6005 Pro (has hd, ram, windows 7 on it already)

Laptops 15

2. HP Compaq 515 - Athlon X2 QL-66 2.2 GHz

Tablets 45

2. M&A Companion Touch 10 (cheap portable and will cover the needs for the laptop and pda)

Servers needed 13 for redundancy

2. HP ProLiant BL2x220c G6 ( has hd more than needed ram )

Keyboard/mice needed 100 for replacement

2. Logitech Desktop MK120 (cheap and dose the job needed)

2. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)

38

Monitors needed 45 for replacement

3. Acer V173 DJb LCD Monitor (cheap, good name brand. Will allow them to see the medical pictures the needed)

Docking stations 15

1. HP xb4 Notebook Media Docking Station

Network phones 100

1. Aastra 9116 Single Line Analog Telephone Charcoal

Cameras

1. Panasonic i-Pro Network Color Dome Camera

Networking

1. Wireless access points Cisco 521 Wireless Express Access Point (Cisco IOS Software Standalone mode 2. Routers Cisco Small Business Pro SR 520-T1 Secure Router

3. Switches Cisco Catalyst 2960G-24TC 24 port Switch

Printers / fax

1. HP LJ M2727nf MFP

39

Week 4

Software

Server OS

1. Windows Small Business Server 2008 Standard 20-User Client Access License $1540.00

Security

1. Virus – AVG free

2. Spyware – Spybot Search and Destroy

Microsoft office

1. Office-Professional-2010 $514.94

Exchange

1. Exchange Server 2010 Standard Edition $699.00

SQL server 2

1. SQL-Server-2008-Standard-Edition $5999.00

40

41

42

43

44

45

46

Router Configuration

To ease the setup, it makes sense to rename the routers something that will uniquely identify them:

Enter configuration mode

Router>enable

Router#config t

Router(config)#

Rename the router to "Center"

Router(config)#hostnameCenter

Center(config)#end

Center#copyrun start

47

Securing the WAN network is essential. There are a variety of passwords that can be used to protect the routers from

unauthorized access & configuration:

Set the enable password to "password1"

Router(config)#enable password password1

Set the enable secret password to "secret1". This password overrides enable password

Router(config)#enable secret secret1

Set console password to "console1"

Center(config)#linecon 0

Center(config-line)#login

Center(config-line)#passwordconsole1

Set telnet password to "telnet1"

Center(config)#linevty 0 4

Center(config-line)#login

Center(config-line)#passwordtelnet1

48

WAN Router Configuration

There are five sites, one router per site. The routers are set up with these addresses:

Center East South West North

DTE Serial 172.32.5.2/24

172.32.6.2/24

172.32.7.2/24

172.32.8.2/24

172.32.9.2/24

DCE Serial 172.32.6.3/24

172.32.7.3/24

172.32.8.3/24

172.32.9.3/24

172.32.5.3/24

Configure Center's DTE Serial Interface w/ IP to connect to East

North(config)#ints0/0

Center(config-if)#ip addr 172.32.5.2 255.255.255.0

Center(config-if)#no shut

Center(config-if)#exit

Configure Center's DCE Serial Interface w/ IP & clock rate to connect to Center

Center(config)#ints1/0

Center(config-if)#ip addr 172.32.6.3 255.255.255.0

Center(config-if)#clock rate 64000

Center(config-if)#no shut

49

Conclusion

After careful evaluation of the current system and floor plan,

our team of skilled engineers and technical experts

implemented the best equipment apposite for the facility.

The design has been implemented to provide information

and communication services for the new partnership with all

necessary security and disaster planning to meet HIPPA

requirements.

Each solution and change has been documented with

detailed configurations and instructions for ease of use.

50