option 1 phase 4 of it infrastructure for a small firm

Running head: IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 1

IT Infrastructure Implementation for Spec-D Studios

Adam Fisher

09/29/2016

Colorado State University Global Campus

Introduction to Computer-Based Systems

Fall16-B-8-ITS310-2

Stuart Gold

IT INFRASTRUCTURE IMPLEMENTION FOR SPEC-D 2

Introduction

Spec-D Studios is a startup company providing graphical material for the entertainment

industry. Being a new company, they are in need of assistance in setting up their office so that

the team can work quickly and efficiently to meet the high demand of the industry. Since the new

network will be built from the ground up, this allows for flexibility with the office’s hardware

components. However, as with anything new, certain challenges need to be overcome. A

network of desktops and laptops needs to be created so that employees can collaborate and share

data effectively, ultimately leading to Spec-D being profitable. Being involved in heavy graphic

creation, Spec-D has requested their systems be able to handle the workload with minimal

hardware lag, be able to share files amongst themselves, and have quick accessibility options to

files locally. Cynology Communications has been retained to implement all phases of

installment, from PC/Laptops being built and chosen software installed, to network setup and

security protocols enacted. With CC spearheading this project, Spec-D will be able to function as

a successful VFX design house.

Project Deliverables

Desktops and Laptops

Starting with overall processing power, Spec-D’s CPU requirements would need to be at

least 3 GHz minimum. Having chosen the Intel Core i7-6700 (clocked at 3.4GHz) with its quad

cores, it will enable the system to endure heavy multitasking without consistent lag. This

working in conjunction with 16GB of G.Skill Ripjaws RAM will ensure a smooth operation. The

OS and graphic software will be installed on a Samsung 850 EVO-Series solid state drive as it is

faster than a regular hard drive. Storage capacity of this drive is only 250GB and is nowhere near


enough capacity to store large multimedia files, therefore a Seagate Barracuda 2TB HDD has

been selected to act as extra storage. Obviously since graphics are involved, the GPU needs to be

a very powerful one. MSI’s GeForce GTX 1070 GPU has a whopping 1531 MHz clock speed

and 8GB of GDDR5 SDRAM that will guarantee a seamless experience when operating in 3D

environments. The other benefit of this GPU is the ability to connect multiple monitors, allowing

to streamline the amount of information the viewer sees at once, therefore improving

productivity. The monitor (or monitors) that will connect to the GPU is an Asus VG248QE 24”

LCD monitor. Displaying in full HD at 144Hz, these monitors will be able to showcase the

power of the GTX 1070. All the above hardware will be mated to an ASUS Z170-A LGA 1151

Intel Z170 ATX motherboard. The board was chosen due to its upgradability options. While the

customer only requires 16GB of RAM initially, this board can handle up to 64GB if so needed in

the future. Also it is capable of handling two GPUs in SLI if the customer feels the need for more

graphics power. Since Spec-D specified that the desktops would only connect via hardline, this

board already has an Intel LAN Chipset capable of running at 10/100/1000Mbps depending on

the bandwidth limitations provided by their ISP. With 2xUSB 3.1, 2xUSB3.0, and 2xUSB 2.0

ports on the rear panel, it will allow a substantial amount of peripheral devices to be attached.

Four internal USB connectors allows even more options, including USB support for the front

ports of the selected desktop case. The case itself will be a Fractal Design Define R4 Black Silent

ATX Midtower. Sporting 4 USB ports on the front, it will take full advantage of the

aforementioned internal I/O connectors. Sporting 8 internal 3.5” drive bays and 3 external drive

bays will aid in future need for storage expansion. One front 140mm intake fan and one 140mm

exhaust fan will allow for good airflow throughout the case, however due to the amount of work

each desktop will be subjected to, it has been recommended that 2 more 140mm fans be mounted


to the top and side to ensure heat is dissipated properly. This whole setup will be powered by an

EVGA 750W 80+ Gold Certified Fully-Modular ATX Power Supply. 750W might be considered

a little overkill, but it allows more wiggle room when it comes to connecting more devices that

consume power. Peripherals include a standard Logitech MK200 USB keyboard and mouse and

a Wacom Intuos Pro pen tablet that will connect via one of the rear USB 3.0 ports. As far as

printing device goes, a HP Color LaserJet Pro M252dw wireless printer will be connected to the

network via CAT5e cable. This will allow wired desktops to print and wireless laptops to print. It

has been brought to our attention that Spec-D also requires a 2nd printer to handle the black and

white printing as the originally suggested printer HP Color LaserJet Pro M252dw would cause

the company more money when it comes to black ink cartridges. Therefore another HP printer

HP LaserJet Pro MFP M426fdw has been suggested. Like the color version, it has the ability to

connect to the network via Gigabit Ethernet and Wireless 802.11b/g/n.

Laptops on the other hand will be prebuilt by MSI. Specifically model WT72 6QM. The

WT72 Mobile Workstation provides a 2.6Ghz Intel Core I7 Quad-Core CPU that will be able to

handle most tasks aside from heavy rendering. Similarly to the desktop build, it also comes with

16 GB of DDR4 RAM and is also expandable to 64GB. Its Full HD 17.3 inch screen will be

helpful while on the go, however its NVIDIA Quadro M2000M with 4GB GDDR5 RAM allows

for multi monitor connections via HDMI, DisplayPort (via Thunderbolt), and mini DisplayPort

while in office. Storage is similar to the desktops as well using a 128GB SSD and a 1TB HDD.

The laptops will have a wired Ethernet port as well, however more emphasis on network

connection has been placed on its wireless capabilities. Therefore it comes with a Dual-Band

802.11ac wireless card (WT72 6QM | MSI Global | Workstation - The best laptop for CAD &

3D modeling, n.d.). With these laptops and the desktop setup, Spec-D will be able to meet their


occupational goals without having to worry about performance issues from their machines. Per

the suggestion from a colleague, an Anker Dual display docking station will be deployed to

every laptop so that while in office the employees can connect to a dual monitor display like the

desktops use. This will help with creativity as workers aren’t trying to produce graphical material

on a small 15” screen.

Operating System

Windows 10 Pro 64-bit will be installed on the desktops as opposed to sticking with

Windows 7 because it will save time in the future having to upgrade to Windows 10. Not to

mention it is the latest and greatest OS which will add a “cutting edge” feel to the company.

Being a small business, Spec-D needs its employees to be able to share data amongst each other

quickly. While the network is a LAN, Windows provides the ability to assign workgroups that

allow employees to share pre-defined folders and the files therein via the P2P (peer-to-peer)

protocol (Andrews, 2008), which is just another option for sharing their data. Other advantages

to using Windows 10 is being able to access files quickly in multiple ways. From doing a file

name search in the start menu, to adding consistently accessed folders under favorites, Windows

10 allows users to organize their files for quick access. Access to programs is also streamlined

with the ability to pin programs to the taskbar and add shortcuts to the desktop. From a business

standpoint, speed and efficiency is a key component in completing ones workload and Windows

10 offers the best solution in this regard.

Network Hardware

One of the first hardware options for setting up a network is determining what router is

best for the intended use. Since Spec-D is small business comprised of 20 employees who will


all be using a large amount of bandwidth, the wireless Netgear Nighthawk X8-AC5300 router

has been selected. The Nighthawk is a tri-band router (2 5GHz bands and 1 2.4GHz band) that

has a total speed capacity of 5300 Mbps and the ability to accommodate 30 simultaneous

connections. This router ensures that everyone connected can obtain high transfer speeds

whether it’s just sharing data over the office Intranet, or over the Internet. Making use of its 1.4

GHz dual core processor, this router will ensure the best performance during high bandwidth

usage (Tyler, 2016). A Cisco SG220-26P switch will connect to the router to provide the number

of RJ-45 ports needed for the hardwired PCs to access the network. The switch provides 26 ports

which is overkill for the current configuration, but allows for more wired setups to be added in

the future. Also connected to the router will be a Dell PowerEdge T130 Tower Server.

Considered a mini-tower, this server will be in charge of data storage that is accessible to all the

employees connected to the network. It will also act as an email server for the entire office. With

4 expandable 3.5 inch drive bays, the server will provide adequate storage to meet the demands

of media storage. The server, router, switch and desktops will be connected using CAT5e cables

because of bandwidth rates up to 1000Mbp/s. Since laptops will connect wirelessly, they

obviously won’t need to be taken into consideration when it comes to cabling. Figure 1 in the

“models” section shows the proposed physical setup. The logical topology for the setup will use

the popular “star” topology. The wired desktops connect through the switch which is connected

to the router. The laptops, connecting wirelessly to the router will be able to share data between

the all desktops and with the server and printer. The server will assign IP addresses by running

DHCPv6 to assign IPv6 IPs with the range 2001:DB8::64 /126 to 2001:DB8::C0 /125 (Routhier,

2014). Being a brand new network, it makes sense to use the IPv6 protocol as IPv4 has run out of

addresses. However, since IPv4 is still widely used, it has been suggested that IPv4 still be used


in tandem so there is no loss of access. IPv6 also has other perks, such as better packet security

with IPSec baked in. This will ensure the transmission of data is secure and prevent

eavesdropping and modification (Das, n.d.). Most businesses will have to eventually upgrade, so

by getting ahead of the game there won’t be any down time when upgrading later after Spec-D is

operational. Windows server 2016 will be released by the end of the month and will act as the

networks domain controller.

Network Security

Starting at the hardware level, a Cisco ASA 5505 Firewall will be deployed on the

network to fend off attacks from the outside. This in conjunction with enabling Windows

Firewall on each desktop and laptop will allow Spec-D to have the sense of security that every

business needs. The Windows Firewall will be configured to block all connections that aren’t on

the list of allowed programs, thus rendering any application trying to execute without user

permission useless. Notification of when a program is blocked will be enabled so that IT can

investigate the validity of the program, and if it is needed for daily use, can add it to the allowed

programs list. McAfee Network Security Platform, an intrusion prevention system, will also be

deployed on the network to sniff out attacks originating from inside the network. McAfee uses

state of the art signature and anomaly-based detection systems to analyze network traffic for

suspicious incidents and logs them, or alerts a member of the IT department (McAfee Network

Security Platform, n.d.). Intrusion detection systems are used by virtually every organization

today (Scarfone, 2007), and Spec-D has emphasized their desire to have this technology

deployed on their network. McAfee Small Business Security antivirus will be installed on every

machine to add a layer of protection at the host level against malware, spam, and phishing

attacks. With the introduction of Windows 10, many new security features were added.


Virtualization-based security (VBS) uses software- and hardware-enforced mechanisms to create

an isolated, hypervisor-restricted, specialized subsystem for storing, securing, transferring, and

operating other sensitive subsystems and data (Grimes, 2016). In other words, it makes it hard

for malicious users to edit the essential elements of the operating system. Secure boot is another

feature that prevents rootkits and other malware from going active as soon as the system boots.

The McAfee antivirus software to be installed on every machine will work in tandem with this

feature using Windows 10’s ELAM capability. The Early Launch Antimalware feature makes

sure that McAfee antivirus launches before any malware can start. AppLocker combined with

Device Guard helps ensure only approved applications can be executed on the system. The

Enterprise Data Protection feature allows IT to define policies in regards to a programs access to

protected data (Grimes, 2016). With the implementation of hardware firewalls, Windows

firewall, McAfee Network Security Platform, McAfee Small Business Security, and Windows 10

security features, Spec-D’s network and data will be effectively protected.

Network Security Practices

Firstly security policies need to be established that address various aspects of appropriate

use on the network:

Policies:

General Use and Property Rights Policy

1. Spec-D’s information stored on electronic and computing devices

whether owned or borrowed by Spec-D, the employee, other parties,

remains the sole property of Spec-D.

2. Employees have a responsibility to immediately report the theft, loss or

unintended access of Spec-D’s information.


3. Employees may access, use or share Spec-D’s information as long as

authorization has been given and is necessary in the completion of company

work.

4. Employees are responsible for using good judgment in regards to personal

use. Individual departments are responsible for creating guidelines

concerning personal use of Internet/Intranet systems.

5. For security and network maintenance, authorized employees

within Spec-D may monitor equipment, systems and network traffic at any

time.

6. Spec-D reserves the right to review network and system data to

ensure employees are adhering to this policy.

It is important that employees are made aware that their actions can either help or hinder security

procedures designed to protect company data, and that any violation may result in repercussions

against said employee.

Password policies will include the following:

1. Employees will be required to logon to Windows whenever the system is

started, wake from sleep, wake from screen saver.

2. To logon, users will have to press CTRL+ALT+DEL

3. Time allotment before system locks will be set to 15 minutes.

4. Employees will be required to reset their password once a month to ensure

passwords have not been compromised.


5. Complex passwords will be enabled for password creation. 8 character

passwords using a combination of upper/lower case letters, numbers and

symbols will be required.

6. User accounts will be locked after 3 failed password attempts

7. Locked accounts will be restored after 1 hour, or by contacting an

administrator.

8. IT will enable the BIOS password feature to prevent circumvention of

Windows logons and enable the drive lock password feature to prevent drives

from being accessed when installed in another system.

9. Wireless access to router will require a password using the above password

length/characters parameters. The router will be set to use the latest Wi-Fi

encryption standard, WPA2-PSK (AES).

Local group polices will be edited to allow only one user per machine. Being a small business

where every individual has his/her own computer, being able to have multiple user access is not

necessary. The policy will also enable the “Audit logon failure” feature and be set to record only

failed logon attempts so IT can analyze if the failures are legitimate or if a hacker is attempting

brute forcing methods of access. Every hard drive will be encrypted using Bitlocker Encryption

available in Windows since both desktops and laptops come equipped with a TPM chip. This

will help ensure that Spec-D’s data on these drives is inaccessible if stolen and placed in another

machine with the intent of accessing it. As far as data destruction goes, a hard drive shredder

would be the best option in cases where a drive is inoperable, yet still harbors sensitive data that

could theoretically be recovered, but they can run into the thousands of dollars. Therefore, using

a software based file/drive eraser such as Active KillDisk Pro will allow IT to securely erase


sensitive information on Spec-D’s hard drives. With features such as user defined erase methods

that can create custom patterns for each pass (even hexadecimal values), wipes unused space,

support for fixed disks, floppies, zip drives, USB Flash Cards and USB/USB3 external devices,

logging and certificate of successful wipe (Hard Disk Erasing Features, n.d.), Killdisk will add

another layer of security when it comes to unwanted data access. Finally, employee training

needs to be done every 3 months on the topic of Social Engineering. Attackers will likely use

methods such as phishing, baiting, scareware to try to glean information from them, whether it’s

by email, phone, or in person. It’s important for employees to know what to look for and how to

deal with the situation appropriately Training 4 times a year will help keep the topic fresh in their

minds and provide Spec-D with an informed worker base.

Beneficiaries

In order for Spec-D to function as a business, supervisors and artists alike will require

their computers and other devices to communicate with each other seamlessly on the network.

Cynology Communications will be deploying the proper hardware and the software that runs on

them so users will be able to share files between their systems as well as use a shared storage

server to access LAN content quickly and efficiently. This benefits every employee as, to use the

cliché “time is money”, and the quicker and easier it is to access the data needed for project

collaboration, the more business the team can take on. By using high speed hardware, employees

can also access data on the Internet, be it stored on cloud servers, or just a normal web server.

Adding IPv6 capability alongside the traditional IPv4 protocol will ensure enough addresses are

available to the network, as well as provide better security whether sharing data inside or out of

the local network. Cynology Communications will also be deploying a technician to work onsite


for a pre-specified amount of time in order to ensure the network is running smooth and to iron

out any unforeseen issues.

Assumptions and Constraints

As with every new project, a certain amount of assumptions and constraints are involved

from the planning phase to the deployment of resources and Spec-D’s office infrastructure is no

different. The office space has already been selected and sectioned off with one large main room

in which 19 open cubicles occupy the space for artists to work and collaborate. There will be one

closed office space that the Art Director will occupy (see Figure 2 in diagrams section). While

the total square footage and other building technical specs have not yet been provided to

Cynology Communications, it is assumed that there shouldn’t be any wireless interference

between the Netgear Nighthawk X8-AC5300 router and laptops connecting wirelessly. However,

if this situation presents itself, the placement of the router will need to be re-evaluated. There

will be a small room with a keycard accessible door that will house the modem, router, Dell

server, and switch. One constraint that needs to be addressed with the setup is the running of the

CAT5e cables to the desktop machines. While the office is supplied with power outlets in the

floors, there are no Ethernet floor plates. Spec-D is trying to avoid the cost of hiring a contractor

to install these ports if possible. The only viable alternative would be to run the CAT5e cables

along the floor using a cable cover. This would not be aesthetically pleasing but short of Spec-D

agreeing to the installation of floor ports, would be the best way to get the cables to the PCs. As

with most businesses, budget comes into play and can constrain how the development of the

project proceeds. Spec-D is no different and there is a possibility that Cynology will have to

adjust hardware and software recommendations to fit the final projected budget. Phase 4 will

address this issue when more information has been obtained.


Timeline

Project Risks

As with any project, there are always risks associated with meeting deadlines. The

possibility of getting behind schedule is there and it will be a good idea for the deployment team

to discuss options for certain situations. For example, since 10 desktops will be custom built by

CC and therefore hardware will need to be ordered, the possibility for a piece of hardware being

DOA is a situation that would require an immediate return to vendor and expedited shipment of a

new part. This is not expected, however the number of hardware components being ordered

increases the probabilities. If this situation occurs and it is time to move on the next phase, one

team member will be assigned the duty of finishing the hardware install, while the others start

the next phase. Projects of this scale can sometimes have overlooked details that need to be

hashed out. This is why a week of finalizing and performing a walk-through with Spec-D

management has been allocated in order to cover any minor blips in the deployment process.

Expenses


Spec-D has informed Cynology that they have a working budget of no more than

$100,000. There will be a team of three technicians. The lead technician has an hourly rate of

$25/hr and the other two have $20/hr. Ten hours of overtime have been allocated for each

employee to cover unexpectedly longer hours if a situation calls for it. If all goes well, these

hours won’t be needed and will not be billed to Spec-D. The technicians will be deploying the

network over the course of a month and a half. Cynology is still in discussions with Spec-D

about having the lead technician stay on an additional two weeks to make sure no hiccups occur

after completion. If Spec-D agrees to this, an additional $2000.00 need adding to the final project

expense to cover salary. Initial budget breakdowns per hardware device and software licenses

has been created and that combined with personnel salary projections uses a total project expense

of $90,561.88. Items marked in red represent initial budgets that didn’t cover actual cost of the

item(s). However using funds from other categories that were over the projected cost, these

shorted budgets will be covered.

Qualifications

Cynology technicians are some of the most knowledgeable individuals in the field of

Information Technology. Their extensive expertise in hardware and software configuration, as

well as excellence in networking systems has fostered high esteem amongst the IT community

and garnered respect from former and current clients alike. Combined with a sense of urgency

and dedication to quality, Cynology is equipped to provide the best service to any organization

whether it’s deploying a new network entirely, or upgrading an existing one.


Conclusion

By creating a fast, efficient network, Cynology Communication will be providing Spec-

D studios with the network infrastructure needed to finish projects in a timely manner. Everyone

in the office will benefit from the setup by being able to collaborate easily, have confidence that

their data is protected using the latest protocols, and relish in the fact that they are using the latest

and greatest hardware that those working in the graphics arena have grown to expect.

Models:

Figure 1 Adam Fisher 2016


Figure 2, Adam Fisher 2016

References

Andrews, J. (2008). A guide to managing and maintaining your PC (8th ed.). Boston, MA:

Course Technology/Cengage Learning.

Barker, I. (2016, August 09). North American businesses reluctant to adopt Windows 10.

Retrieved August 22, 2016, from http://betanews.com/2016/08/12/business-reluctant-

windows-10/


Das, K. (n.d.). IPv6.com - IPv6 and IPSec - Securing the Next Generation Internet. Retrieved

September 4, 2016, from http://ipv6.com/articles/security/IPsec.htm

Grimes, R. A. (2016). The best new security features of Windows 10. Retrieved September 18,

2016, from http://www.infoworld.com/article/3044089/security/the-best-new-security-

features-of-windows-10.html

Hard Disk Eraser Features. (n.d.). Retrieved September 18, 2016, from

http://www.killdisk.com/features.htm

McAfee Network Security Platform. (n.d.). Retrieved September 19, 2016, from

http://www.mcafee.com/us/products/network-security-platform.aspx

Routhier, S. (2014, July 1). Specifying Address Ranges in IPv6 | Internet Systems Consortium

Knowledge Base. Retrieved September 4, 2016, from https://kb.isc.org/article/AA-

01168/0/Specifying-Address-Ranges-in-IPv6.html

Scarfone, K. (February 2007). "Guide to Intrusion Detection and Prevention

Systems (IDPS)" (PDF). Computer Security Resource Center. National Institute of

Standards and Technology (800–94). Retrieved September 19, 2016.

Tyler (2016, January 25). 2016: Best Small Business Routers. Retrieved September 04, 2016,

from http://www.goboomtown.com/blog/2016-best-small-business-routers/

WT72 6QM | MSI Global | Workstation - The best laptop for CAD & 3D modeling. (n.d.).

Retrieved August 22, 2016, from https://www.msi.com/Workstation/WT72-

6QM.html#hero-specification

option 1 phase 4 of it infrastructure for a small firm

Documents