Introduction - Network for Learning



Technical Site Audit v2.0IntroductionAudit Purpose and ScopeThe primary purpose of this audit document is to determine the current services used by the school and what services will need to be provisioned on the managed router that will be installed by N4L. This would include how the router should be configured to ensure a successful transition to N4L. This audit document will need to detail the existing services that are used over the current internet circuit.N4L require information on the following key areas;Existing internet connection Location, space and power availability to install the Managed RouterNumber of public IP addresses currently in useFirewall rulesNAT rulesInternal LAN informationAdditional services that use the internet such as;Remote Access (VPN)Video ConferencingVoice over IPReadiness of the physical environment needs to be confirmed and whether any additional cabling or power points are required for the Managed Router installation. Post Audit Change NotificationsN4L request that any changes implemented POST Audit be notified to provisioning@n4l.co.nz in order to address any design changes.Audit CompletionTo ensure accuracy of information captured from the site audit, N4L request that the person completing this document is the same person who audited the schools network. General DetailsSoW Reference Number<N4L Complete>MoE School ID<N4L Complete>School Name<N4L Complete>Main Phone Number<N4L Complete>Website URL<N4L Complete>Address <N4L Complete>Site Audit Completed by: NameCompanyPhone NumberMobile NumberEmail Address School IT Contact NameJob TitlePhone NumberMobile NumberEmail Address School Primary Contact NameJob TitlePhone NumberMobile NumberEmail AddressExisting Network and ServicesThis section describes an overview of the schools existing network topology, public and private IP addressing presently in use, and what devices/interfaces these addresses relate to. It provides the design team with an overview and adds context to the configuration items described later in the work OverviewIn the area provided below or on a separate page, please draw and label each device between your internet connection and your Local Area Network (LAN). An additional area has been provided below for any additional comments not covered.Please sketch your Existing NetworkThe following diagram is an example. Please delete and replace as required.*Please label each device, interface and IP address of each device Brief Summary (optional):Current Public IP AddressesPlease list the current Public IP range/s that has been allocated to the schoolPublic RangeDevice Allocated toDescriptione.g. 1.1.1.0/29Internet RouterUsed as 1-1 NAT to School FirewallHow many Public IP Addresses are currently in use by the school: ____________If the school is using multiple Public IP Addresses, please define the use of each Public IP address in the table belowPublic IP addressDescriptione.g. 1.1.1.1School Mail Servere.g. 1.1.1.2Video Conferencing – Polycome.g. 1.1.1.3Remote Access to School (RDP)Current School LAN addressesIn the table below, please provide details of all networks on your existing LANVLANNetwork/MaskGateway IPGateway DeviceDescriptione.g. 110.0.0.0/1610.0.01FirewallSchool LAN, BYOD etcExisting Internet Router and Connection DetailsDescribe the set-up of the schools existing internet router. Connection DetailsPlease provide details of the existing internet connections. (* Copy table for additional connections)Does the school have a dedicated internet router FORMCHECKBOX No. FORMCHECKBOX YesType of Connection FORMCHECKBOX ADSL: FORMCHECKBOX Fibre: FORMCHECKBOX Wireless: Other: ________Are you keeping this connection after connection to N4L. (ie.This could be a circuit used for VoIP) FORMCHECKBOX No. FORMCHECKBOX Yes. This connection is still requiredCurrent ISP (If known)Current Speed (If known)Current Purpose of the connection: FORMCHECKBOX Primary: FORMCHECKBOX Secondary:Other: ________Current Internet Router Details(* Copy table for additional routers)Make/ModelExisting LAN interface Details**For additional LAN Ports please copy and paste this sectionPort ID: _____Speed/Duplex: FORMCHECKBOX Auto FORMCHECKBOX 10M FORMCHECKBOX 100M FORMCHECKBOX 1000MConnected to (Device and Port):________________ FORMCHECKBOX Access Port – Please complete address detailsIP Address:Mask: FORMCHECKBOX Trunk PortVLAN ID:_________IP Address:Mask:VLAN ID: _________IP Address:Mask:Does this router provide NAT/PAT for the School FORMCHECKBOX Yes: - Please complete NAT/PAT section 3.3 FORMCHECKBOX No:Does this router provide DHCP for the School FORMCHECKBOX Yes: - Please complete DHCP section 3.4 FORMCHECKBOX No:Does this router provide Firewalling for the School FORMCHECKBOX Yes: - Please complete Firewalling section 3.5 FORMCHECKBOX No:WAN Interface detailsPort ID: _____ e.g. Gi0/0IP Address:Mask:Gateway:Who manages the routerCompany:Name:Phone Number:Email:Notes/Comments: Inbound NAT/PAT - Existing Internet RouterPlease complete the following section if NAT is been used on the existing internet router. **Skip this section if not required Public IPOriginal PortDestination IPDestination PortProtocolDescriptione.g.<WAN Int>80192.168.0.180TCP“PAT” HTTP (IIS Server)e.g.<WAN IP #2>25192.168.0.125TCP“PAT” SMTP (Mail Server)e.g.<WAN IP>Any192.168.0.2AnyIP“NAT Example”DHCP - Existing Internet RouterIf you currently have DHCP enabled on the existing internet router, please complete the following table. **Skip this section if not required DescriptionVLAN IDDHCP Range and MaskExcluded IP AddressNotes: Specific Options, Reservation time etce.g. BYOD1010.0.0.0/2410.0.0.240-254Lease 7 Dayse.g.Teachers510.0.2.0/2410.0.2.240-254Option 150 – TFTP server for voiceFirewall Rules - Existing Internet RouterIf the existing internet router is providing firewalling for the school, please define the rules below. **Skip this section if not required DirectionSourceDestinationProtocolPortActionDescriptione.g.Outbound192.168.0.0/24AnyTCP80PermitHTTP traffic for Outbounde.g.Outbound192.168.0.0/24AnyTCP443PermitHTTPs traffic for Outbounde.g.Outbound192.168.0.0/24AnyICMPAnyPermitICMP Echo RequestsStatic Routes - Existing Internet RouterIf the existing internet router has any specific static routes then please define these in the following table. This would generally be used if the school does not have their own firewall and subnets exist behind a layer 3 switch.Address/MaskNext Hop IPDescriptione.g. 10.0.0.0/16192.168.1.1School LANSchool Firewall DetailsDescribe the set-up of the schools existing Firewall. The information provided contributes towards a compatible configuration on the N4L router.Does the School currently have a Firewall FORMCHECKBOX Yes: - (Is this school owned Yes: FORMCHECKBOX No: FORMCHECKBOX ) FORMCHECKBOX No: What are the WAN Interface detailsIf multiple VLAN’s are in use, please copy and multiply the IP Address section.Port ID: __________Speed: FORMCHECKBOX Auto FORMCHECKBOX 10M FORMCHECKBOX 100M FORMCHECKBOX 1000M FORMCHECKBOX Access PortIP Address:Mask:Gateway: FORMCHECKBOX Trunk Port (**complete VLAN info below)VLAN ID:_________IP Address:Mask:Gateway:VLAN ID: _________IP Address:Mask:Gateway:LAN Interface detailsPlease complete the table below with the LAN interface details. This has been broken into two tables: (Physical and Logical)Port IDTrunk or AccessSpeed/DuplexDevice Connected to and portDescription/CommentLAN1e.g. AccessAuto/AutoCore switch - port 5LAN2e.g. Trunk100/FullCore switch - port 6Physical Interface DetailsPort IDVLAN IDIP Address and MaskDescriptione.g. LAN1Access192.168.0.10/24Transport networke.g. LAN2100172.16.1.0/24Staff Wirelesse.g. LAN2101172.16.2.0/24Student WirelessLogical Interface DetailsWho manages the FirewallCompany:Name:Phone Number:Email:Does the firewall provide Inbound NAT/PAT from the Internet to Internal Servers/Services (SMTP, RDP, HTTP etc) FORMCHECKBOX Yes: - Please complete table below FORMCHECKBOX No: If the firewall is providing NAT/PAT functions then please detail this below. WAN IPOriginal PortDestination IPDestination PortProtocolDescriptione.g.192.168.0.18010.0.0.180TCPHTTP (IIS Server)e.g.192.168.0.12510.0.0.225TCPSMTP (Mail Server)e.g.192.168.0.1222210.0.0.222TCPSSH (Jump Host)Content filteringPlease provide an overview of how many content filtering policies are configured. Also how filtering policies are applied for your school. An additional section (Comments) is provided to add anything extra that should be considered regarding the schools filtering.Please describe the schools existing content ?filtering service/s (ie Watchdog, UTM firewall, Schoolzone, pfSense)Does the school provide user/group level filtering or one policy for the whole school FORMCHECKBOX Single Policy: FORMCHECKBOX Multiple Policies: (select Type below) FORMCHECKBOX Source IP FORMCHECKBOX Directory Integration FORMCHECKBOX BothComments/Notes(ie Using local filtering and also Watchdog)DNS The following section is required to capture the DNS information relating to the school.Detail the DNS addresses assigned to devices on the school LANPrimary IP Address:Secondary IP Address:Contact details of the who manages your external DNS records(i.e. MX and A records)Company:Name:Phone Number:Email:EmailThe following information is required for N4L to understand what is required during the transition to N4L and ensure no interruption to mail service. Please describe your current email solutioni.e. onsite exchange server, Gmail, Office 365 FORMCHECKBOX Google FORMCHECKBOX Office 365 FORMCHECKBOX Schoolzone FORMCHECKBOX Other: Please SpecifyDo you have an onsite mail server FORMCHECKBOX No FORMCHECKBOX Yes How many Mailboxes: Mail Server IP Address: SMTP Relay URL/IP: Does the school currently use inbound mail filtering from the current ISP. FORMCHECKBOX Yes What is the inbound MX Record: FORMCHECKBOX NoPlease specify current outbound SMTP mail relay settings (i.e. example may be to check a Photocopier/Scanner onsite)Contact details of the company/person that currently manages your email serverCompany:Name:Phone Number:Email:Additional ServicesThis section captures information regarding any additional services presently in use by the school. Knowledge of these services ensures that they are taken into consideration for design. This is required to ensure Video, Voice and any remote access in use by the school continues to function after transition.Video ConferencingDoes the school use Video Conferencing FORMCHECKBOX Yes Who is the provider: FORMCHECKBOX No – Please continue to next section Please describe the existing Video Conferencing solution (i.e. Currently use Asnet with Polycom Video conference units)How many dedicated Video Conferencing units does the school haveTotal Number: Description and LocationIP AddressContact details of the Video Conference ProviderCompany:Name:Phone Number:Email:Voice over IPDoes the school use VoIP for the telephones FORMCHECKBOX YesIf yes, do you have onsite PBX: Yes: FORMCHECKBOX No: FORMCHECKBOX FORMCHECKBOX No – Please continue to next sectionPlease describe the existing VoIP solution(i.e. Onsite PBX with SIP trunks to Callplus over a dedicated ADSL circuit)Does the VoIP Solution have a dedicated connection or is this shared with the current Internet connection FORMCHECKBOX Dedicated Connection FORMCHECKBOX Shared Internet ConnectionPlease detail IP Address Details of the onsite PBX (If possible)Interface 1: (i.e. WAN)IP Address:Mask:Gateway:Interface 2: (i.e. LAN)IP Address:Mask:Gateway:Contact details of the VoIP ProviderCompany:Name:Phone Number:Email:Remote AccessDoes the school currently have a remote access solution FORMCHECKBOX Yes FORMCHECKBOX No - Please continue to next sectionPlease describe the current remote access solution. FORMCHECKBOX VPN FORMCHECKBOX PPTP FORMCHECKBOX SSL FORMCHECKBOX IPSEC FORMCHECKBOX RDP Public IP/DNS Entry: Server IP: FORMCHECKBOX Other Please specify:Please specify terminating device for the VPN FORMCHECKBOX Existing School Firewall FORMCHECKBOX Existing Internet Router FORMCHECKBOX School Server FORMCHECKBOX Other: Please Specify:Additional InformationPlease define any other services that are dependent on your existing Internet connection that has not been covered above.<This section could include hosted services that are offered by the school, or alternatively information on schools which are part of a loop and receive hosted services>Router Installation DetailsPlease provide details where the N4L managed router is going to be installed, this will need to be as close to ONT (Optical Network Terminal) as possible.Router DimensionsManaged Router Dimension : 88.9mm x 438.2mm x 469.9 mm (2U height)Managed Router Weight : 15.5kgIs the Rack Free Standing or Wall Mounted FORMCHECKBOX Free Standing FORMCHECKBOX Wall MountedComments:Is there 4U rack space available for Managed Router installation<may require space above and below router>Please specify in the comments section if no space is available and proposed location where the router could be installed FORMCHECKBOX Yes FORMCHECKBOX NoIf Not, is there a minimum of 2U available: FORMCHECKBOX Yes FORMCHECKBOX No Comments:Is the rack deep enough for the Managed Router (550mm) FORMCHECKBOX Yes FORMCHECKBOX No Comments:Is there an available power outlet in the Rack and is the power outlet protected FORMCHECKBOX Yes FORMCHECKBOX UPS FORMCHECKBOX Surge Protected FORMCHECKBOX Not Protected FORMCHECKBOX No Comments:Is there a spare port on the switch/firewall for the Managed Router to plug into FORMCHECKBOX Yes Device and Port ID: FORMCHECKBOX No Is there structured cabling between the ONT and proposed Managed Router location FORMCHECKBOX Yes FORMCHECKBOX NoPlease specify the cabling distance between ONT and proposed Managed Router locationEnsure cabling does not run along the floor or hanging above the ground and provide trip hazard.Patch Cable Length (Meters):1. Please provide a photo of the Server Room. If possible show ONT and Cabinet in the shot.2. Please provide a photo of the rack location where the router is to be installed ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download