option 1 phase 4 of it infrastructure for a small firm
TRANSCRIPT
Running head: IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 1
IT Infrastructure Implementation for Spec-D Studios
Adam Fisher
09/29/2016
Colorado State University Global Campus
Introduction to Computer-Based Systems
Fall16-B-8-ITS310-2
Stuart Gold
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 2
Introduction
Spec-D Studios is a startup company providing graphical material for the entertainment
industry. Being a new company, they are in need of assistance in setting up their office so that
the team can work quickly and efficiently to meet the high demand of the industry. Since the new
network will be built from the ground up, this allows for flexibility with the office’s hardware
components. However, as with anything new, certain challenges need to be overcome. A
network of desktops and laptops needs to be created so that employees can collaborate and share
data effectively, ultimately leading to Spec-D being profitable. Being involved in heavy graphic
creation, Spec-D has requested their systems be able to handle the workload with minimal
hardware lag, be able to share files amongst themselves, and have quick accessibility options to
files locally. Cynology Communications has been retained to implement all phases of
installment, from PC/Laptops being built and chosen software installed, to network setup and
security protocols enacted. With CC spearheading this project, Spec-D will be able to function as
a successful VFX design house.
Project Deliverables
Desktops and Laptops
Starting with overall processing power, Spec-D’s CPU requirements would need to be at
least 3 GHz minimum. Having chosen the Intel Core i7-6700 (clocked at 3.4GHz) with its quad
cores, it will enable the system to endure heavy multitasking without consistent lag. This
working in conjunction with 16GB of G.Skill Ripjaws RAM will ensure a smooth operation. The
OS and graphic software will be installed on a Samsung 850 EVO-Series solid state drive as it is
faster than a regular hard drive. Storage capacity of this drive is only 250GB and is nowhere near
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 3
enough capacity to store large multimedia files, therefore a Seagate Barracuda 2TB HDD has
been selected to act as extra storage. Obviously since graphics are involved, the GPU needs to be
a very powerful one. MSI’s GeForce GTX 1070 GPU has a whopping 1531 MHz clock speed
and 8GB of GDDR5 SDRAM that will guarantee a seamless experience when operating in 3D
environments. The other benefit of this GPU is the ability to connect multiple monitors, allowing
to streamline the amount of information the viewer sees at once, therefore improving
productivity. The monitor (or monitors) that will connect to the GPU is an Asus VG248QE 24”
LCD monitor. Displaying in full HD at 144Hz, these monitors will be able to showcase the
power of the GTX 1070. All the above hardware will be mated to an ASUS Z170-A LGA 1151
Intel Z170 ATX motherboard. The board was chosen due to its upgradability options. While the
customer only requires 16GB of RAM initially, this board can handle up to 64GB if so needed in
the future. Also it is capable of handling two GPUs in SLI if the customer feels the need for more
graphics power. Since Spec-D specified that the desktops would only connect via hardline, this
board already has an Intel LAN Chipset capable of running at 10/100/1000Mbps depending on
the bandwidth limitations provided by their ISP. With 2xUSB 3.1, 2xUSB3.0, and 2xUSB 2.0
ports on the rear panel, it will allow a substantial amount of peripheral devices to be attached.
Four internal USB connectors allows even more options, including USB support for the front
ports of the selected desktop case. The case itself will be a Fractal Design Define R4 Black Silent
ATX Midtower. Sporting 4 USB ports on the front, it will take full advantage of the
aforementioned internal I/O connectors. Sporting 8 internal 3.5” drive bays and 3 external drive
bays will aid in future need for storage expansion. One front 140mm intake fan and one 140mm
exhaust fan will allow for good airflow throughout the case, however due to the amount of work
each desktop will be subjected to, it has been recommended that 2 more 140mm fans be mounted
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 4
to the top and side to ensure heat is dissipated properly. This whole setup will be powered by an
EVGA 750W 80+ Gold Certified Fully-Modular ATX Power Supply. 750W might be considered
a little overkill, but it allows more wiggle room when it comes to connecting more devices that
consume power. Peripherals include a standard Logitech MK200 USB keyboard and mouse and
a Wacom Intuos Pro pen tablet that will connect via one of the rear USB 3.0 ports. As far as
printing device goes, a HP Color LaserJet Pro M252dw wireless printer will be connected to the
network via CAT5e cable. This will allow wired desktops to print and wireless laptops to print. It
has been brought to our attention that Spec-D also requires a 2nd printer to handle the black and
white printing as the originally suggested printer HP Color LaserJet Pro M252dw would cause
the company more money when it comes to black ink cartridges. Therefore another HP printer
HP LaserJet Pro MFP M426fdw has been suggested. Like the color version, it has the ability to
connect to the network via Gigabit Ethernet and Wireless 802.11b/g/n.
Laptops on the other hand will be prebuilt by MSI. Specifically model WT72 6QM. The
WT72 Mobile Workstation provides a 2.6Ghz Intel Core I7 Quad-Core CPU that will be able to
handle most tasks aside from heavy rendering. Similarly to the desktop build, it also comes with
16 GB of DDR4 RAM and is also expandable to 64GB. Its Full HD 17.3 inch screen will be
helpful while on the go, however its NVIDIA Quadro M2000M with 4GB GDDR5 RAM allows
for multi monitor connections via HDMI, DisplayPort (via Thunderbolt), and mini DisplayPort
while in office. Storage is similar to the desktops as well using a 128GB SSD and a 1TB HDD.
The laptops will have a wired Ethernet port as well, however more emphasis on network
connection has been placed on its wireless capabilities. Therefore it comes with a Dual-Band
802.11ac wireless card (WT72 6QM | MSI Global | Workstation - The best laptop for CAD &
3D modeling, n.d.). With these laptops and the desktop setup, Spec-D will be able to meet their
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 5
occupational goals without having to worry about performance issues from their machines. Per
the suggestion from a colleague, an Anker Dual display docking station will be deployed to
every laptop so that while in office the employees can connect to a dual monitor display like the
desktops use. This will help with creativity as workers aren’t trying to produce graphical material
on a small 15” screen.
Operating System
Windows 10 Pro 64-bit will be installed on the desktops as opposed to sticking with
Windows 7 because it will save time in the future having to upgrade to Windows 10. Not to
mention it is the latest and greatest OS which will add a “cutting edge” feel to the company.
Being a small business, Spec-D needs its employees to be able to share data amongst each other
quickly. While the network is a LAN, Windows provides the ability to assign workgroups that
allow employees to share pre-defined folders and the files therein via the P2P (peer-to-peer)
protocol (Andrews, 2008), which is just another option for sharing their data. Other advantages
to using Windows 10 is being able to access files quickly in multiple ways. From doing a file
name search in the start menu, to adding consistently accessed folders under favorites, Windows
10 allows users to organize their files for quick access. Access to programs is also streamlined
with the ability to pin programs to the taskbar and add shortcuts to the desktop. From a business
standpoint, speed and efficiency is a key component in completing ones workload and Windows
10 offers the best solution in this regard.
Network Hardware
One of the first hardware options for setting up a network is determining what router is
best for the intended use. Since Spec-D is small business comprised of 20 employees who will
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 6
all be using a large amount of bandwidth, the wireless Netgear Nighthawk X8-AC5300 router
has been selected. The Nighthawk is a tri-band router (2 5GHz bands and 1 2.4GHz band) that
has a total speed capacity of 5300 Mbps and the ability to accommodate 30 simultaneous
connections. This router ensures that everyone connected can obtain high transfer speeds
whether it’s just sharing data over the office Intranet, or over the Internet. Making use of its 1.4
GHz dual core processor, this router will ensure the best performance during high bandwidth
usage (Tyler, 2016). A Cisco SG220-26P switch will connect to the router to provide the number
of RJ-45 ports needed for the hardwired PCs to access the network. The switch provides 26 ports
which is overkill for the current configuration, but allows for more wired setups to be added in
the future. Also connected to the router will be a Dell PowerEdge T130 Tower Server.
Considered a mini-tower, this server will be in charge of data storage that is accessible to all the
employees connected to the network. It will also act as an email server for the entire office. With
4 expandable 3.5 inch drive bays, the server will provide adequate storage to meet the demands
of media storage. The server, router, switch and desktops will be connected using CAT5e cables
because of bandwidth rates up to 1000Mbp/s. Since laptops will connect wirelessly, they
obviously won’t need to be taken into consideration when it comes to cabling. Figure 1 in the
“models” section shows the proposed physical setup. The logical topology for the setup will use
the popular “star” topology. The wired desktops connect through the switch which is connected
to the router. The laptops, connecting wirelessly to the router will be able to share data between
the all desktops and with the server and printer. The server will assign IP addresses by running
DHCPv6 to assign IPv6 IPs with the range 2001:DB8::64 /126 to 2001:DB8::C0 /125 (Routhier,
2014). Being a brand new network, it makes sense to use the IPv6 protocol as IPv4 has run out of
addresses. However, since IPv4 is still widely used, it has been suggested that IPv4 still be used
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 7
in tandem so there is no loss of access. IPv6 also has other perks, such as better packet security
with IPSec baked in. This will ensure the transmission of data is secure and prevent
eavesdropping and modification (Das, n.d.). Most businesses will have to eventually upgrade, so
by getting ahead of the game there won’t be any down time when upgrading later after Spec-D is
operational. Windows server 2016 will be released by the end of the month and will act as the
networks domain controller.
Network Security
Starting at the hardware level, a Cisco ASA 5505 Firewall will be deployed on the
network to fend off attacks from the outside. This in conjunction with enabling Windows
Firewall on each desktop and laptop will allow Spec-D to have the sense of security that every
business needs. The Windows Firewall will be configured to block all connections that aren’t on
the list of allowed programs, thus rendering any application trying to execute without user
permission useless. Notification of when a program is blocked will be enabled so that IT can
investigate the validity of the program, and if it is needed for daily use, can add it to the allowed
programs list. McAfee Network Security Platform, an intrusion prevention system, will also be
deployed on the network to sniff out attacks originating from inside the network. McAfee uses
state of the art signature and anomaly-based detection systems to analyze network traffic for
suspicious incidents and logs them, or alerts a member of the IT department (McAfee Network
Security Platform, n.d.). Intrusion detection systems are used by virtually every organization
today (Scarfone, 2007), and Spec-D has emphasized their desire to have this technology
deployed on their network. McAfee Small Business Security antivirus will be installed on every
machine to add a layer of protection at the host level against malware, spam, and phishing
attacks. With the introduction of Windows 10, many new security features were added.
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 8
Virtualization-based security (VBS) uses software- and hardware-enforced mechanisms to create
an isolated, hypervisor-restricted, specialized subsystem for storing, securing, transferring, and
operating other sensitive subsystems and data (Grimes, 2016). In other words, it makes it hard
for malicious users to edit the essential elements of the operating system. Secure boot is another
feature that prevents rootkits and other malware from going active as soon as the system boots.
The McAfee antivirus software to be installed on every machine will work in tandem with this
feature using Windows 10’s ELAM capability. The Early Launch Antimalware feature makes
sure that McAfee antivirus launches before any malware can start. AppLocker combined with
Device Guard helps ensure only approved applications can be executed on the system. The
Enterprise Data Protection feature allows IT to define policies in regards to a programs access to
protected data (Grimes, 2016). With the implementation of hardware firewalls, Windows
firewall, McAfee Network Security Platform, McAfee Small Business Security, and Windows 10
security features, Spec-D’s network and data will be effectively protected.
Network Security Practices
Firstly security policies need to be established that address various aspects of appropriate
use on the network:
Policies:
General Use and Property Rights Policy
1. Spec-D’s information stored on electronic and computing devices
whether owned or borrowed by Spec-D, the employee, other parties,
remains the sole property of Spec-D.
2. Employees have a responsibility to immediately report the theft, loss or
unintended access of Spec-D’s information.
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 9
3. Employees may access, use or share Spec-D’s information as long as
authorization has been given and is necessary in the completion of company
work.
4. Employees are responsible for using good judgment in regards to personal
use. Individual departments are responsible for creating guidelines
concerning personal use of Internet/Intranet systems.
5. For security and network maintenance, authorized employees
within Spec-D may monitor equipment, systems and network traffic at any
time.
6. Spec-D reserves the right to review network and system data to
ensure employees are adhering to this policy.
It is important that employees are made aware that their actions can either help or hinder security
procedures designed to protect company data, and that any violation may result in repercussions
against said employee.
Password policies will include the following:
1. Employees will be required to logon to Windows whenever the system is
started, wake from sleep, wake from screen saver.
2. To logon, users will have to press CTRL+ALT+DEL
3. Time allotment before system locks will be set to 15 minutes.
4. Employees will be required to reset their password once a month to ensure
passwords have not been compromised.
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 10
5. Complex passwords will be enabled for password creation. 8 character
passwords using a combination of upper/lower case letters, numbers and
symbols will be required.
6. User accounts will be locked after 3 failed password attempts
7. Locked accounts will be restored after 1 hour, or by contacting an
administrator.
8. IT will enable the BIOS password feature to prevent circumvention of
Windows logons and enable the drive lock password feature to prevent drives
from being accessed when installed in another system.
9. Wireless access to router will require a password using the above password
length/characters parameters. The router will be set to use the latest Wi-Fi
encryption standard, WPA2-PSK (AES).
Local group polices will be edited to allow only one user per machine. Being a small business
where every individual has his/her own computer, being able to have multiple user access is not
necessary. The policy will also enable the “Audit logon failure” feature and be set to record only
failed logon attempts so IT can analyze if the failures are legitimate or if a hacker is attempting
brute forcing methods of access. Every hard drive will be encrypted using Bitlocker Encryption
available in Windows since both desktops and laptops come equipped with a TPM chip. This
will help ensure that Spec-D’s data on these drives is inaccessible if stolen and placed in another
machine with the intent of accessing it. As far as data destruction goes, a hard drive shredder
would be the best option in cases where a drive is inoperable, yet still harbors sensitive data that
could theoretically be recovered, but they can run into the thousands of dollars. Therefore, using
a software based file/drive eraser such as Active KillDisk Pro will allow IT to securely erase
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 11
sensitive information on Spec-D’s hard drives. With features such as user defined erase methods
that can create custom patterns for each pass (even hexadecimal values), wipes unused space,
support for fixed disks, floppies, zip drives, USB Flash Cards and USB/USB3 external devices,
logging and certificate of successful wipe (Hard Disk Erasing Features, n.d.), Killdisk will add
another layer of security when it comes to unwanted data access. Finally, employee training
needs to be done every 3 months on the topic of Social Engineering. Attackers will likely use
methods such as phishing, baiting, scareware to try to glean information from them, whether it’s
by email, phone, or in person. It’s important for employees to know what to look for and how to
deal with the situation appropriately Training 4 times a year will help keep the topic fresh in their
minds and provide Spec-D with an informed worker base.
Beneficiaries
In order for Spec-D to function as a business, supervisors and artists alike will require
their computers and other devices to communicate with each other seamlessly on the network.
Cynology Communications will be deploying the proper hardware and the software that runs on
them so users will be able to share files between their systems as well as use a shared storage
server to access LAN content quickly and efficiently. This benefits every employee as, to use the
cliché “time is money”, and the quicker and easier it is to access the data needed for project
collaboration, the more business the team can take on. By using high speed hardware, employees
can also access data on the Internet, be it stored on cloud servers, or just a normal web server.
Adding IPv6 capability alongside the traditional IPv4 protocol will ensure enough addresses are
available to the network, as well as provide better security whether sharing data inside or out of
the local network. Cynology Communications will also be deploying a technician to work onsite
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 12
for a pre-specified amount of time in order to ensure the network is running smooth and to iron
out any unforeseen issues.
Assumptions and Constraints
As with every new project, a certain amount of assumptions and constraints are involved
from the planning phase to the deployment of resources and Spec-D’s office infrastructure is no
different. The office space has already been selected and sectioned off with one large main room
in which 19 open cubicles occupy the space for artists to work and collaborate. There will be one
closed office space that the Art Director will occupy (see Figure 2 in diagrams section). While
the total square footage and other building technical specs have not yet been provided to
Cynology Communications, it is assumed that there shouldn’t be any wireless interference
between the Netgear Nighthawk X8-AC5300 router and laptops connecting wirelessly. However,
if this situation presents itself, the placement of the router will need to be re-evaluated. There
will be a small room with a keycard accessible door that will house the modem, router, Dell
server, and switch. One constraint that needs to be addressed with the setup is the running of the
CAT5e cables to the desktop machines. While the office is supplied with power outlets in the
floors, there are no Ethernet floor plates. Spec-D is trying to avoid the cost of hiring a contractor
to install these ports if possible. The only viable alternative would be to run the CAT5e cables
along the floor using a cable cover. This would not be aesthetically pleasing but short of Spec-D
agreeing to the installation of floor ports, would be the best way to get the cables to the PCs. As
with most businesses, budget comes into play and can constrain how the development of the
project proceeds. Spec-D is no different and there is a possibility that Cynology will have to
adjust hardware and software recommendations to fit the final projected budget. Phase 4 will
address this issue when more information has been obtained.
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 13
Timeline
Project Risks
As with any project, there are always risks associated with meeting deadlines. The
possibility of getting behind schedule is there and it will be a good idea for the deployment team
to discuss options for certain situations. For example, since 10 desktops will be custom built by
CC and therefore hardware will need to be ordered, the possibility for a piece of hardware being
DOA is a situation that would require an immediate return to vendor and expedited shipment of a
new part. This is not expected, however the number of hardware components being ordered
increases the probabilities. If this situation occurs and it is time to move on the next phase, one
team member will be assigned the duty of finishing the hardware install, while the others start
the next phase. Projects of this scale can sometimes have overlooked details that need to be
hashed out. This is why a week of finalizing and performing a walk-through with Spec-D
management has been allocated in order to cover any minor blips in the deployment process.
Expenses
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 14
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 15
Spec-D has informed Cynology that they have a working budget of no more than
$100,000. There will be a team of three technicians. The lead technician has an hourly rate of
$25/hr and the other two have $20/hr. Ten hours of overtime have been allocated for each
employee to cover unexpectedly longer hours if a situation calls for it. If all goes well, these
hours won’t be needed and will not be billed to Spec-D. The technicians will be deploying the
network over the course of a month and a half. Cynology is still in discussions with Spec-D
about having the lead technician stay on an additional two weeks to make sure no hiccups occur
after completion. If Spec-D agrees to this, an additional $2000.00 need adding to the final project
expense to cover salary. Initial budget breakdowns per hardware device and software licenses
has been created and that combined with personnel salary projections uses a total project expense
of $90,561.88. Items marked in red represent initial budgets that didn’t cover actual cost of the
item(s). However using funds from other categories that were over the projected cost, these
shorted budgets will be covered.
Qualifications
Cynology technicians are some of the most knowledgeable individuals in the field of
Information Technology. Their extensive expertise in hardware and software configuration, as
well as excellence in networking systems has fostered high esteem amongst the IT community
and garnered respect from former and current clients alike. Combined with a sense of urgency
and dedication to quality, Cynology is equipped to provide the best service to any organization
whether it’s deploying a new network entirely, or upgrading an existing one.
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 16
Conclusion
By creating a fast, efficient network, Cynology Communication will be providing Spec-
D studios with the network infrastructure needed to finish projects in a timely manner. Everyone
in the office will benefit from the setup by being able to collaborate easily, have confidence that
their data is protected using the latest protocols, and relish in the fact that they are using the latest
and greatest hardware that those working in the graphics arena have grown to expect.
Models:
Figure 1 Adam Fisher 2016
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 17
Figure 2, Adam Fisher 2016
References
Andrews, J. (2008). A guide to managing and maintaining your PC (8th ed.). Boston, MA:
Course Technology/Cengage Learning.
Barker, I. (2016, August 09). North American businesses reluctant to adopt Windows 10.
Retrieved August 22, 2016, from http://betanews.com/2016/08/12/business-reluctant-
windows-10/
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 18
Das, K. (n.d.). IPv6.com - IPv6 and IPSec - Securing the Next Generation Internet. Retrieved
September 4, 2016, from http://ipv6.com/articles/security/IPsec.htm
Grimes, R. A. (2016). The best new security features of Windows 10. Retrieved September 18,
2016, from http://www.infoworld.com/article/3044089/security/the-best-new-security-
features-of-windows-10.html
Hard Disk Eraser Features. (n.d.). Retrieved September 18, 2016, from
http://www.killdisk.com/features.htm
McAfee Network Security Platform. (n.d.). Retrieved September 19, 2016, from
http://www.mcafee.com/us/products/network-security-platform.aspx
Routhier, S. (2014, July 1). Specifying Address Ranges in IPv6 | Internet Systems Consortium
Knowledge Base. Retrieved September 4, 2016, from https://kb.isc.org/article/AA-
01168/0/Specifying-Address-Ranges-in-IPv6.html
Scarfone, K. (February 2007). "Guide to Intrusion Detection and Prevention
Systems (IDPS)" (PDF). Computer Security Resource Center. National Institute of
Standards and Technology (800–94). Retrieved September 19, 2016.
Tyler (2016, January 25). 2016: Best Small Business Routers. Retrieved September 04, 2016,
from http://www.goboomtown.com/blog/2016-best-small-business-routers/
WT72 6QM | MSI Global | Workstation - The best laptop for CAD & 3D modeling. (n.d.).
Retrieved August 22, 2016, from https://www.msi.com/Workstation/WT72-
6QM.html#hero-specification
IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 19