What is a network?
A network can be defined as two or more computers which are linked together to share resources. These resources can include internet access, printers, software and files. The ‘heart’ of a network is called the server, and its function is to contain all the software and services which the network and its users depend on.
Figure 1: Example of a basic network
The server is operated by personnel called Network or System Administrators, and it’s their responsibility to ensure the smooth running of the network so it is working as efficiently as possible. This is achieved through the use of a dedicated operating system called Windows Server 2003 – this gives the network administrator complete control over the network functions.
Advantages for a network
Because networked computers can share the same resources, costs can be dramatically reduced. For example, if there are ten computers in a room each needing access to a printer – it is far cheaper to route all ten computers to a single, shared printer than it is to purchase ten printers; one for each computer. In this example, the saving would also include the cost of ink cartridges (you would only need to purchase one set of cartridges instead of ten).
Software can be purchased and installed in a similar cost effective way. Most popular software is able to be bought and installed on a server, and anyone who requires to use it will only need to purchase a license (the legal rights to use it, usually in the form of a certificate). These licenses are far cheaper than buying the software for each user. This method also means that it isn’t necessary for an I.T Technician to install the software on every computer; only one install on the server is needed. Another benefit to this approach is when the software requires an update. If it is server based, only the software on the server would need to be updated. All the users would benefit from the update as soon as it has been installed. If each user had a copy on their computer, I.T Technicians would need to update each one. This could become time consuming, expensive and complicated. The software that this could apply to, includes most Microsoft software and Anti-virus software.
Security is a vital element in any business. In a network, security is enhanced both internally (security within the network) and externally. Users are given a username and password to access their files and all the programs, hardware etc that they have been given access to. When a user saves a file, it is saved to the server and not the computer that he/she is working on. If that user wants to retrieve that file, it can be done on any computer on the network, and not just on the computer that was originally used. This data can be accessed, monitored and backed up by the Network Administrator at any time.
Each department can have their own ‘identity’ on the server, which allows them to have access to files, applications and resources which would be relevant to their requirements. For example, the Accounts department may need to have access to invoicing software (e.g. Sage and Excel), whereas Sales may only require software to monitor and forecast sales over a period of time (e.g. Excel). Accounts may not want other departments accessing their software due to security or confidentiality reasons.
Internet security is tighter for both users accessing the internet, and external threats when a network is set up. All the computers can share a single access point to the internet, which makes it easier to monitor internet usage, help reduce hacking and other external threats trying to access data on the network.
Another feature which can be applied by the system administrator is Encryption. Data within a folder/subfolder can be encrypted to prevent unauthorized access to data if other security measures have been breached. Typically, only system administrators will be given the ‘recovery key’ to be able to decrypt data incase of system failure or other unforeseen situations.
Disadvantages for a network
Expensive to install
The initial cost of setting up a network can be expensive, with hardware like the server, router, cabling, backup equipment, network printers and server software. Also, dedicated personnel must be hired to keep the server running efficiently and to resolve any server/network issues.
Having all of the data in one place means that data could be lost in the event of a system failure. Regular backups of the server are highly recommended (daily, weekly and monthly) to help to keep data safe. But if the server goes down in between backups then all the recent data will be lost.
The server’s performance can become reduced as the network expands or as its workload increases through the working day. A server must have as much memory and processing power as possible to help minimise the reduction in performance.
Network Topology is the description of how a network is laid out, the devices (server, routers, printers etc) attached to it and the direction which data flows. A network can be described as either Logical Topology (the way data flows in a network) or as a Physical Topology (how a network is physically laid out) There are six main topologies, Bus, Ring, Star, Extended Star, Hierarchical, and Mesh.
This can be both a Physical and Logical, in a local area network (LAN), each device is connected by a single cable. This single cable is also referred to as the ‘backbone’ of the network. A terminator must be on either side of the cable to prevent the data signal from bouncing back down it. The Bus Topology was widely used in early networks using standard Co-ax cables. It was an economical solution for networking as only one main cable was needed. The disadvantage to this was if this cable failed, the whole network would go down.
In a Ring Topology (also known as IBM Ring Token), each computer (node) is connected to each other in a closed loop. Each computer has its own unique identity on the network. When data is transmitted from one node to the other, the data will include the destination’s identity and will pass through each node until it reaches the destination. This type of topology has two main disadvantages; only one computer can transmit data on the network at a time and if a computer fails the whole network will go down.
There is a slight variation to this; the Duel Ring Topology
The second ring within the network provides a backup connection, so if there is a failure within the network, the secondary connection will keep the network connected. This is expensive as more cabling is required.
The most common type is called a Star Topology. Each device is connected to a dedicated central hub. All the data on the network flows through the network via the central hub. These types of networks tend to be small, as data could be degraded or lost on a large network. The main advantages to this is that it is easy to setup and easy to add new devices to the network. But if the central hub fails, the whole network goes down.
Similar to the Star Topology, but instead computers are grouped together and connected to a local hub, which in turn is connected to a central hub. This is widely used in large networks where the network may be in a large building, and each group of computers may represent each department. There are more points of failure on this network, but if a local hub fails, then the rest of the network will not be affected.
Hierarchical or Tree Topology
This is very similar to a Ring Topology, but computers are attached to the central hub in layers. While the structure looks different, this still has the main disadvantage of network failure if the top device goes down.
All the above topologies suffer from the same problem. If one device fails on the network, the whole network goes down. The only solution is to connect each device with each other and remove the need for a server. This is the Mesh Topology and has two main advantages; If a device fails, the network will still work and the network doesn’t need to rely on the processing power, bandwidth etc from a server as it is supplied from each computer. The disadvantage to this is the high cost of connecting each device to each other, so this would not be suitable on a large network. This type of topology is also referred to as Peer-to-Peer whereas the other topologies are considered to be Client/Server based.
A comprise between cost and connectivity would be the Partial Connected Topology.
Devices are connected to more than one node on the network, so if one fails the network can still work. This is more cost effective than Mesh Topology as less cabling is required.
As it stands, the structure of the current network is a Hierarchical or Tree Topology. The network uses two different switches to connect the Domain Controller to the 24 computers. These are from two manufacturers; CISCO and 3Com and this offers 100Mb and 10Mb speeds respectively. This is a disadvantage because one ‘group’ of computers has a quicker data transfer rate than the other.
The network does not have a disaster recovery plan should the Domain Controller fail. This has the potential for putting the whole network at risk from permanent data loss. The network also shares a single printer which is attached to the Domain Controller, 10 of the computers are connected to it through the slower 3Com 10Mb switch. This means all 24 computers print via the Domain Controller (which is currently overloaded) and 10 computers send data at a slower rate than the rest of the network.
My first recommendation would be to replace both switches with a single CISCO 100Mb 48 port switch (£631.99 from MISCO website). This would provide a standard, quicker data transfer speed throughout the network and allow for the network to expand. There are a total of 24 computers, and this switch would enable a further 24 devices to be added to the network e.g. additional computers, printers etc. This would allow the network to expand whilst maintaining a fast data transfer speed.
With the new switch in place, my next recommendation would be to replace the HP Laserjet III (USB connection only) with a newer, network-ready printer like the HP Laserjet 2055DN or P2030 which costs £319 and £160 from HP website. By replacing it with a newer model, printing could be completed quicker, quieter and more cost effectively e.g. more reliable printing, more energy efficient, lower consumable costs etc. Also, sharing the workload throughout a faster network is more efficient than channelling all the printing requirements of the network to an older single printer on a slow 10Mb switch via the Domain Controller. This will also help reduce the workload to the Domain Controller.
While the Domain Controller’s workload can be reduced by the addition of a network-ready printer, other options could be to increase the specifications (e.g greater hard drive space, more memory etc). Ensuring the controller has the latest software updates will ensure both the running efficiency and increase the network security. This will help prevent unauthorised access (hacking) to the network.
My final recommendation is add disaster recovery and remote working within the network, By regularly backing up data on a daily/weekly/monthly basis, this will ensure the network can be restored in case of total data loss. To assist learning or to prevent students from accidentally causing errors/problems within the network, remote working should be enabled.
User accounts can be easy created in Active Directory though the use of a standard template. Templates could be set up for both students and tutors, so all of the common properties of the accounts are already established. When a new user account is required, the administrator will only need to complete the fields that require unique values (eg, name, address, telephone number, course details etc). Once the users have been created within the Active Directory, they can be placed into Organisational Units (OU’s). This will group together users, so in this situation students could be placed in OU’s which represent their course.
When the OU’s are established, the users’ configuration settings can be applied through the Group Policy Management Console (GPMC). It holds hundreds of user configuration settings, security options and user event logs, all which can be applied as required by the college administrators.
Figure 2: Example of the Group Policy Management Console (GPMC)
By using Group Policies effectively, the administrator can control and manage exactly what users can and cannot do whilst logged onto the domain. Administrators are able to control how the desktop appears, the icons that are available and the ability to configure the task bar etc by applying the Desktop setting found within the ‘User Configuration’ in the GPMC. This could be useful if the college policy states that all users must have the Llandrillo College logo as their wallpaper, and various required icons are in place and users to have access to various programs via the ‘start’ menu.
To improve password security, administrators are able to increase the effectiveness of the passwords that users apply to protect their identity on the network. The password options can be found within the ‘Password Policy’ within the ‘Computer Configuration section of the GPMC. These options include the ability to reuse old passwords, to apply complexed passwords (eg. more than 6 characters, using upper, lower case letters and digits 0-9). In the example, a programmer has created a random word generator to create passwords. Group policy could be configured so when they log on for the first time, users input the randomly generated password and then they must input their own password using a complexed password. If the user ever forgets the password at any time, administrators are able to reset it through the ‘Active Directory Users & Computers’ tool.
Figure 3: Example of Password Policy within GPMC
To prevent users from using too much disk space on the network, administrators are able to allocate limited disk space to users and by applying prompts when this space is nearly used up. By putting this in place, administrators can calculate how many users will be on the system multiplied by how much hard disk space each user will be allocated. This total will be the minimum amount of disk space required for all users in each new academic year. Administrators will be able to ensure the server can physically hold all the users data without completely running out or running low of disk space.
To achieve this, administrators will need to locate the allocated hard drive and apply a quota, limiting users on how much space they can use. Individual users can have separate entries in the quota, allowing them to have a lesser or a greater share of disk space. This would be useful for tutors who may need greater disk space to store course material etc.
When the network is running, administrators may be required to monitor the networks resources to ensure it exceeds the users demands. The tool required is called the ‘Performance Console’ which is found under Administrative Tools. This tool appears in the form of a graph although it has three counters as a default (Memory:Pages/Second, PhysicalDisk: Average Disk Queue Length and Processor: % Processor Time), additional counters can be easily added or removed accordingly. A college administrator may add counters to monitor network bandwidth, server utilisation (memory, cpu performance, disk performance etc).
To help administrators monitor the server, counter logs and alerts can be applied. This can enable administrators to proactively identify when system resources run too low or to identify possible hardware failures/malfunctions. Any one of these problems could result in a degraded performance or total server failure.
Figure 5: Example of the Performance Console
The college network may be required to support remote users, allowing them to access the college network whilst being in a different location eg working from home, from another campus etc. This can be achieved through the use of a Virtual Private Network (VPN). The user will be able to access the college’s network through the use of the internet whilst achieving the required security and data encryption. The network’s firewall must have exceptions to allow authenticated users to access the network whilst preventing unauthorised access.
Once the network is running effectively, the next challenge administrators will face is maintaining the security and the efficiency of the network. This can be achieved by deploying server updates and hotfixes as provided by Microsoft. The server can be updated with the use of ‘Automatic Updates’, which can be found within the ‘All Programs’ menu under the start button. Updates can be downloaded either straight away or scheduled to download at a certain day/time. This could be configured to download when the network is at its quietest time (eg 10pm). This would ensure that the update would not effect the overall performance during busy periods.
Also, updates for the users computers may be required. Instead of administrators physically installing them on every computer on the network, this could be downloaded on the server as an *msi file and automatically installed via a group policy. So the next time users within the network log onto the network, they will automatically be downloaded & installing the updates from the server with no intervention required.