UMUC Frederick MD Network Proposal
UMUC Frederick MD Network Proposal
The network IP addressing scheme for the Frederick MD building should be designed to ease network management. A well thought out network subnet design enables administrators to quickly locate computers by IP address by building floor and room, and whether the computer is a server, a student computer, staff computer or instructor’s computer. A proper subnet design will also minimize broadcast traffic that decreases network performance, by reducing the total number of computers allowed in each broadcast domain. A proper subnet design will also provide for efficient use of IP addresses by including only the number of IP addresses in each subnet necessary to support current computers plus a few additional IP addresses for immediate expansion when required.
To differentiate subnets by IP address, student subnets start with a “1” in the third octet, staff subnets start with a “2” in the third octet where “10” in the second and third digits designates the location to be floor 1, “12” designates the location to be floors 1 and 2, “10” designates the location to be floor 1, “20” designates the location to be floor 2, and a second digit of “4” designates office staff and a second digit of “5” designates Admissions staff. The broadcast and network numbers have been removed from the IP address ranges below.
UMUC IP Subnets
Computer Lab 1 student subnet and range – First Floor – 10.15.112.1- 30/27 Computer Lab 2 student subnet and range – First Floor – 10.15.112.33 – 63/27 Computer Lab 3 student subnet and range – First Floor – 10.15.112.66-96/27 Computer Lab 4 student subnet and range – First Floor – 10.15.112.99-129/27 Computer Lab 5 student subnet and range – First Floor – 10.1515.112.132-162/27 Computer Lab Instructors subnet and range – 10.15.212.1-14/28 (second floor assigned host addresses 10-15) Student Computer Lab subnet and range – 10.15.120.1-62/26 Library Student computer subnet and range – 10.15.110.1-14/28 Library Staff computer subnet and range – 10.15.210.1-6/29
Lecture Classroom Instructors subnet and range – 10.15.212.17-32/28 Office
Staff computer subnet and range – 10.15.242.1-6/29
Admissions Office Staff computer subnet and range- 10.15.250.1-6/29 Wireless computer subnet and range – 10.15.230.1-14/28 (ACLs applied to the VLAN for security)
CAT6 UTP will be installed in a star topology because a star topology is less expensive to manage and is lower cost than a ring (using Token Ring Protocol) and bus (using RG6 and RG58 coax cable). The Admissions Office and Classroom directly above the Admissions office is over 300 feet (the Ethernet limit) from the server room and a diagonal pull through the ceiling (258 feet plus a 30 foot drop best case) could be complicated by power line interference and possible obstructions), so these two rooms will require fiber optic cabling rather than CAT 6 UTP. Wireless media access will be protected using WPA2 security with AES 256 encryption and a pre-shared key to prevent eaves dropping. The network will use the Hewlett Packard Procurve switches because of their high performance, low cost relative to other brands (such as Cisco) and their lifetime warranty. The Hewlett Packard E5406zl switches are can support up to 144 gigabit network connections (10/100/1000baseT Ethernet) and one will be installed on each floor in their repective Server Rooms.
The switches will be configured with a VLAN (Virtual Local Area Networks) for each subnet. The network access will be secured using Active Directory single sign-on, and IP addresses centrally managed using DHCP (with DHCP relay enabled on the switches). An HP Procurve E3500yl 24 port switch will be installed as the network core to which the HP 5406zl switches on each floor will be connected. All switches will be configured to use the OSPF (Open Shortest Path First) protocol to facilitate routing traffic between VLANs, and STP (Spanning Tree Protocol) will be enabled to prevent network loops, which can cause poor performance and/or disable the network. The switches will be connected in a partial mesh to minimize single points of network failure. An HP E-802.11N series wireless access point will connect into the HP network, providing VLAN support and 104 Mbps network access speed. A Cisco 5505 ASA firewall security appliance will be installed to protect the private network from the Internet and provide IPSec VPN connectivity to the main UMUC office.
Dell PowerEdge T310 server hardware with the Windows Server 2008 operating system will be installed for the Active Directory and Microsoft Exchange servers and as dedicated file servers for each lab. This hardware includes a RAID 5 fault tolerant, hot swappable disk array that will continue to operate even if one drive in the array fails. The Dell PowerEdge T310 is also equipped with dual hot swappable power supplies so that the server will continue to operate if a single power supply fails, and failed power supplies can be replaced without incurring downtime. Each Dell server is also equipped with a UPS (Uninterruptible Power Supply) to filter power line surges and enable graceful shutdown in the event of a power outage to protect data from corruption.
The primary Active Directory domain controller will reside on the first floor and a backup domain controller on the second floor to maintain network access if the primary domain controller fails. The Microsoft Exchange server will reside on a dedicated first floor server platform installed inside a DMZ and configured on the firewall and will synchronize with the main UMUC office through VPN (for data security) over the T1 WAN. Hewlett Packard Z400 Workstations equipped with an Intel 2.66 Ghz Xeon processor, 4Gigabytes of memory, a 500 Gigabyte hard drive, Windows 7 Professional, and Microsoft Security Essentials (free anti-virus) will be installed in the computer labs, classrooms and offices.
Using the same hardware for all workstations enables UMUC to take advantage of volume purchasing, parts and support to lower pricing. Each office and lab will also be equipped with an HP Officejet Pro 8500 Premier AiO – A909n printer that includes printing, scanning, copying, faxing and direct network connectivity.
Please refer to the diagram below for a visualization of how the network design will appear.
Cisco, 2010, Cisco ASA 5505 Data Sheet, http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html Dell, 2010, PowerEdge T310 Tower Server, http://www.dell.com/us/business/p/poweredge-t310/pd Hewlett Packard, 2010, HP E3500yl Switch Series Overview, http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/12883-12883-4172267-4172302-417