Intranet Home | Intranet at Shoreline Community College



Shoreline Community College

Technology Support Services

Systems and Network

Infrastructure Replacement

and Maintenance Plan

October 2001

[pic]

Introduction

Shoreline Community College relies heavily on computer systems and networks in support of business and academic functions. If our technology systems fail our business is immediately impacted. Technology based systems have limited useful lifespans. All components of these systems are subject to change, right down to the cabling within the walls. As an educational institution it is imperative for the college to provide the best and newest technologies for our students. In order to make this happen our technicians must trained and outfitted with the best tools. This document is intended to establish the maintenance and replacement standards for these systems and to provide a baseline for a budget to do so. This plan encompasses all computer systems and software that provide essential services, all electronic network components, all cabling (both copper and fiber-optic), cabling pathways, junction boxes, conduits, terminations and communications closets.

[pic]

Systems and Servers

Server Hardware

Computer systems that provide services should be of a class that is appropriate for the volume and critical nature of the services that they provide. Modern “server class” computers include redundant, “hot-swappable” components and internal monitoring features that alert system administrators of impending problems. If appropriately scaled, these systems are upgradeable and expandable. Administration of these systems is greatly simplified by standardizing on a single manufacturer[1]. This gives us a consistent management interface and reduces training costs. Rack mount configurations make more efficient use of valuable floor space, are easier to maintain and they consolidate resources.

Individual disk storage systems are tedious to manage and are limited in growth potential. A “Storage Area Network” or SAN consolidates magnetic disk storage, optical media and backup systems into a single, highly redundant subsystem. An appropriately configured SAN system has substantial growth capacity and offers a much more flexible way of allocating disk space between servers.

Standard Configuration

A consistent system configuration is more manageable and easier maintain[2]. The operating system should be loaded in a consistent way to simplify disaster recover. All server systems should have a standby power source and a standard suite of utility software installed.

Support

Hardware Maintenance

New servers should be purchased with a maintenance contract. The service level agreement should coincide with the critical nature of the system’s intended purpose. Three year, same day or next business day contracts are typically available from the manufacturer for a minimal cost. This carries the system to the end of its’ expected useful life as a production server at which time it should be replaced by a new server and moved to a less critical role in the system.

Software Maintenance

Whenever available, software maintenance agreements should be purchased for mission critical applications. This assures that we will always have the latest version of the product. It is less costly than an out-right purchase of the latest version and it is much easier to include into the budgeting process. This is absolutely crucial for our enterprise backup software. Backup software is very sensitive to even minor operating system upgrades, service packs and patches.

Software Support

Computer operating systems and applications are becoming increasingly complex. Many of the problems that arise are as a result of “bugs” that the manufacturer is aware off. Unfortunately, the manufacturers charge for access to information regarding these problems and the associated fixes. In fact many problems can be averted by first checking with the manufacturer in regards to the proposed implementation. Software support agreements can be purchased either per product or per incident. A support agreement should be available to our technicians for all operating systems and critical applications.

Training

Technicians must be trained to effectively support new technology. A typical operating system course will cost from $3,000 to $6,000 per technician and each course can take up to six months to complete. Completing one of these courses requires a tremendous commitment for the employee in both time and money. Compensation in the form of release time should be considered for class and study time. A reimbursement agreement for exam fees, pending successful certification, should also be considered. A minimum of four technicians must be trained on all aspects of the new system and a significant number of other Technology Support Services staff members will require related training.

Testing Environment and Staffing

The community depends on its’ colleges to provide training for it’s’ inhabitants. Technology related training is of particular interest. Students expect to be trained on the newest technologies on the best equipment. One of the more demanding technologies that we must periodically update is the computer operating system. The complexity of migrating to a new operating system is enormous. All aspects of the implementation must be thoroughly tested and re-tested. The new operating system must integrate into our existing environment. User profiles, group policies and login scripts must be rewritten. In order to effectively test an operating system or enterprise wide application there must exist an adequate testing environment or lab. This “testing lab” must be isolated from the existing network but must contain replications of the real components. Testing of such implementations takes a considerable amount of time and research. An adequate budget for overtime and additional hourly staff must accompany any significant “roll-out”.

Utilities

The maintenance of a college lab computer is extremely challenging. In no other industry do you have multiple users using one machine. In no other industry do you see so many machines that are either unintentionally or intentionally altered on a daily basis. Computer hardware and software manufacturers don’t typically take the unique problems faced by the education industry into account when designing their products. We must use third party products to secure and maintain our lab computers. Additionally we must consider the trade-offs between locking down the software and providing a “real world” feel for the user. Our technicians and clients require the best utilities for securing, repairing and maintaining the computer labs. Utilities must be acquired and updated to keep up with the latest technologies and innovations. Such utilities save time and provide a stable, consistent learning platform.

Client disk images, utilities and application programs are the tools of the trade. Technicians require considerable disk and optical media resources to support client workstations. A “utility server” equipped with an optical library system is necessary to efficiently support a campus operation. A server that is dedicated for this purpose assures that there will be adequate support resources and it removes a substantial load from production servers.

Backup Systems

Computer disks will fail. The question is not if, but when. A modern, high capacity, high-speed backup system is a necessity. A Backup system consists of hardware, software and media. By integrating a backup system into a storage area network the process becomes much more efficient since no network bandwidth is required for the operation. It is mandatory that the backup system be periodically upgraded to keep up with increasing disk space requirements. There must be sufficient media to backup all critical data within a reasonable amount of time on a schedule that will minimize loss. Our backup system must be able to backup more data in a shorter time period. The “backup window” must be small enough to allow for other system maintenance procedures to complete without disrupting business operations. The backup media must be of sufficient capacity to minimize operator intervention. A high capacity, multi-drive tape library should be implemented and updated at least every three years. The backup media should be replaced according to the manufacturer’s recommendations, typically annually. A complete backup plan includes off site rotation of the backup media to a secure location.

System Security

Securing networked computer systems is an on-going task. New treats are discovered on a daily basis. Common security threats include computer virues, worms, Trojan horse programs and “buggy” server software programs. Most of these problems are discovered by diligently monitoring security information services and they are typically resolved by the implementation of a patch[3] or work-around[4]. Any computer that is connected to the Internet is subject to attack. Would-be “hackers” randomly scan the Internet looking for potential victims. Port-scanning software is a common tool that is used to identify vulnerable systems across a network. It is important to not only detect these foreign scans but also to conduct our own scans in order to detect and repair weaknesses within our network before someone else finds them.

Physical security is an important element of a complete system security plan. It is often a trivial matter to compromise a server system if there is access to the console. Server systems should be secured in a locked environmentally controlled room. Access to the server room should be strictly limited to essential Technology Support Services and facilities personnel.

[pic]

Network and Infrastructure

Network Hardware

Networking technology is constantly changing, as are the applications that utilize it. There is always faster and more flexibly technology available. It is not cost effective nor is it necessary to replace all of the college’s networking infrastructure at once. Most administrative areas for example don’t need as much network bandwidth as an instructional area of the network that must handle large multimedia files. We should purchase the best technology available, within reason, whenever we do purchase new equipment. There must also be budget structure in place that will assure the steady migration from old equipment to new. New equipment will be integrated into areas of the network that have the greatest demand. The best of any equipment that is displaced will be used to replace the oldest equipment or it can be used as backup equipment to reduce the cost of maintenance contracts. The oldest equipment will then be either sold as surplus or used as trade-in for new equipment. Standardization on a single vendor saves money in training, maintenance contracts, and volume purchases. Many network equipment manufactures include useful but preparatory technologies that cannot be utilized in a mixed environment.[5]

Backbone Equipment

The network backbone equipment is the center of Shoreline Community College’s network. Our network configuration, known as a collapsed backbone, resembles a star of fiber optic strands that emanate from a central device. The capability of the backbone equipment establishes the total throughput capacity of our network. This equipment must be periodically replaced as our bandwidth requirements exceed the technology. Replacement backbone equipment must be comprised of the best available technology and configured in such a manor that it can be upgraded in order to maximize its’ useful lifespan.

Closet Equipment

Closet equipment includes hubs, switches, transceivers and media converters that are used to distribute the campus network to workstations. The bandwidth requirements of each closet vary based on the client machines that are connect through it. New equipment will be installed in the highest demand closets. Any equipment that is displaced will be relocated or surplused as appropriate. Equipment that serves high bandwidth client applications should be replaced on a three-year cycle. Student labs are of the highest priority. Although labs require a considerable amount of bandwidth for instructional purposes, the highest load is generated by maintenance procedures such as disk image distribution. The ability to distribute disk images at a high rate of speed to a large number of workstations is crucial.

Management

The campus network is comprised of numerous devices and servers. These components are scattered across campus in a complex hybrid star topology. Technology Support Services has standardized on manageable components in order to efficiently monitor and troubleshoot our network. All network devices and servers run SNMP[6] agent software. This agent software is configured to communicate only with designated management stations. The management station polls the status of each device regularly throughout the day. The devices are configured to send alarms known as “traps” to the management station whenever an anomaly is detected or a threshold is reach. This process is active twenty-four hours a day, seven days a week. Software support and maintenance contracts are maintained on the network management software. This assures that we will always have the latest version and that we can call the manufacturer for support with these complex software packages. The network management station must be periodically upgraded or replaced to keep up with the requirements of the software.

Wireless Technology

Wireless networking technology has and continues to make great strides. In doing so however the useful life of this equipment is typically very short. It is the intention of Technology Support Services to implement this technology when it is deemed necessary for a specific application rather than just because it exists. Whenever appropriate, adequate supporting infrastructure will be included in construction and remodel projects to allow for possible future implementations of wireless technology. Anticipated future uses of this technology are to support laptop and PDA (Personal Digital Assistant) devices. Many of these devices will likely be privately owned. We cannot expect users to purchase specific devices or accessories in order to be compatible with our system. In this case it is important to standardize on a technology that is widely supported.

Cabling

The advances in electronics that have led to high-speed networking have pushed the limits of cable manufacturing technology. It is to be expected that along with the hardware, our cabling infrastructure also has a limited useful lifespan. The standards committees make some effort to develop specifications that will work on the large installed base of older cabling systems but these parallel standards are not typically cost effective. The special hardware that is developed to utilize the older cabling systems is considerably more expensive thereby out weighing the savings realized by not replacing the cabling. The cost of the cable is negligible compared to the cost of the installation labor. It is therefore best practice to install an ample quantity of the best cable available at the time of installation.

Network Security

Technology Support Services has implemented a screening router configuration with interconnected public and private networks. The public area of the network in this configuration is commonly referred to as a demilitarized zone or “DMZ”. All network services that are intended to be accessed from outside of our campus network must be approved and must reside on the public DMZ network. Software filters are implemented on the router between the public and private networks both to protect systems on the internal network and to prevent rouge services. Additional filters may be implemented as deemed necessary to protect the integrity of our campus network or to control bandwidth usage. Technology Support Services constantly monitors the campus network for foreign port-scans and routinely conducts internal port scans for unauthorized server services. Unauthorized server services can consist of intentional or unintentional host services that are installed by campus users as well as Trojan horse backdoor programs.

Physical security is of particular concern at Shoreline Community College. The buildings pre-date computer networks and they are spread out over a wide area. The data and telecommunications facilities most often share space with janitorial supplies and staff. Equipment in these closets is susceptible to water damage and short circuits from misplace mop handles. The remoteness of the data distribution closets make them idea candidate for a cable tap intrusion. Although intrusions of this type are very rare the repercussions from such an intrusion would be catastrophic.

[pic]

Appendix

Appendix 1 – Standard Server Configuration

Hardware

• Manufacturer - Dell Computer Corporation

• Rack mountable server class systems

• Uninterruptible Power Supply

• Redundant disk subsystem

• A minimum three-year, on site, next business day service agreement is included at the time of purchase for all servers.

• A three-year, on site, four-hour-response service agreement is included at the time of purchase for servers that are deemed to be “mission critical”

Software

• Microsoft Windows NT Version 4.0 Service Pack 6

• Microsoft SNMP Agent

• Dell OpenManage IT Assistant

• ArcServe Backup Agent

• Network Associates anti-virus engine

• Security auditing scripts

Partition Map

• Configure RAID 5

• Insert Dell Server Assistant CD into CD-Rom drive and boot the system from the CD-Rom drive, install Dell Partition (1st partition) (Aprox. 16MB)

• Remove the CD and insert DOS (Windows 95) boot disk into floppy drive and boot from the floppy, create 1 GB FAT16 (never FAT32) DOS partition (2nd partition)

• Reboot the system from the floppy, format (format c: /s) 2nd partition and copy basic DOS commands (attrib, format, fdisk...) into directory C:\Command

• Remove the floppy and reboot the system into DOS (Windows 95)

• Install NT 4.0 on the DOS partition and apply service pack 6a

• Boot into Windows NT and start Disk Management and create 2 partitions (3rd and 4th partition), 3rd partition 4GB and 4th partition the whole left over space, format both as NTFS file system

• Install another NT on 3rd partition

• Edit boot.ini file and make 3rd partition default operation system.

• Reboot the system, configure the server to connect the network and join the domain (TCP/IP, SNMP...), apply service pack 6a and other hot fixes

• Reboot the system and install necessary applications (Antivirus, Dell server management....), any application, which requires bigger data space, should be install on 4th partition, IIS and SQL should be installed on 4th partition for some security matter

Appendix 2 – Strategic Goals

• Unified login

• Automated version management and software distribution to client computers

• Roaming profiles

• Public access points to the network for portable computing devices

• Secure remote access in support of telecommuting

• Scripted server installations

• Centralized data storage and backup system

• Three year replacement cycle for all mission critical equipment

o Campus enterprise file and application servers

▪ Database server

▪ Mail server

▪ Web server

▪ Courseware server

▪ Utility server

▪ Network management station

o Backup System

o Backbone Equipment

o High-demand closet equipment

Appendix 3 – Network Equipment Standards

• Cisco corporation devices running enterprise level software

o 2900 and 3500 Series switches with gigabit uplink

• Transition technologies transceivers and media converters

• Hewlett Packard Jet Direct print server devices

• Four drops per office one drop per lab workstation

o Top two jacks are reserved for voice and used left to right

o Bottom two jacks are reserved for data and used left to right

• AMP modular connectors

• Avaya Systimax GigaSPEED structured cabling system

Appendix 4 – Network Management Standards

• All network devices must be manageable and support SNMP.

• Time synchronization across all capable devices

• Centralized logging across all capable devices

• All manageable devices will be configured and “locked down”

• Hewlett Packard’s OpenView, Network Node Manager

• Cisco Corporation’s, Cisco Works

• Dell IT Assistant management console and agents

• E Policy Orchestrator for Network Associates Antivirus

• APC PowerShoot plus management console and agents

Appendix 5 – Security Procedures and Tools

• Linux workstations are used to develop security monitoring and testing tools

o Many tools are available in the public domain on the Linux operation system

o Most of the available tools compile and run on Linux without modification

• A modified version of the public domain program “Multi-scan” is used to conduct internal port scans.

• The public domain program “Port Sentry” is used to detect external port scans of our network.

• Log auditing scripts run on our NT servers to detect attacks and alert appropriate staff members.

• Unix systems log to a remote host. Logs are reviewed daily.

• NT systems are regularly scanned for patch deficiencies.

• Linux systems use automated system update utilities to keep patches up to date.

• Senior technicians monitor security email lists

• CGI support is limited to widely distributed and supported programs

o CGI programs are periodically audited for known security weaknesses

Appendix 6 – Server Inventory

|Server |Purpose |

|Extend maintenance agreement for FOZZIE |$1,400 |

|Extend maintenance agreement for RIZZO |$1,250 |

|Extend maintenance agreement for OVERLORD |$1,000 |

|Upgrade ONLINE |$1,350 |

|Upgrade RIZZO Disks |$1,737 |

Fiscal Year 2002-2003

|Extend maintenance agreement for ARCSERV2 |$1,350 |

|Extend maintenance agreement for COOKIES |$1,450 |

|Extend maintenance agreement for ELMO |$1,350 |

|Extend maintenance agreement for JOBS |$1,250 |

|Extend maintenance agreement for ONLINE |$1,350 |

|Extend maintenance agreement for SPOILER |$1,000 |

Fiscal Year 2003-2004

|Replace FOZZIE |**$17,000 |

|Replace RIZZO |$12,000 |

|Replace OVERLORD |$4,500 |

|Replace OSCAR |$10,000 |

|Extend maintenance agreement for SQL-DS |$1,400 |

|Extend maintenance agreement for Webauth |$1,300 |

|Extend maintenance agreement for SHORECC_ENGINE |$1,300 |

Fiscal Year 2004-2005

|Replace ARCSERV2 | |

|Replace COOKIES |**$12,000 |

|Replace ELMO |$12,000 |

|Replace JOBS |obsolete |

|Replace ONLINE |$12,000 |

|Replace SPOILER |$4,500 |

|Replace Backup system | |

Fiscal Year 2005-2006

|Replace Backup system | |

| | |

Appendix 8 - Enhancement Plan

Fiscal Year 2001-2002

|Upgrade student open lab switches |**$25,000 |

|Upgrade K-20 router Ethernet interface |$1,800 |

| | |

| | |

| | |

| | |

Fiscal Year 2002-2003

|Add 2x8 Gigabit boards to backbone switch |$20,000 |

|Upgrade switches on east end of 5000 building |$25,000 |

|Implement high capacity tape library system |$130,000 |

|Misc. utility software |$10,000 |

|Misc. Software support packs |$5,000 |

Fiscal Year 2002-2003

|Upgrade switches on west end of 5000 building | |

|Implement Storage Area Network base system |$120,000 |

|Misc. Software support packs |$5,000 |

| | |

| | |

| | |

Appendix 9 – Ongoing Software & Maintenance Costs

Fiscal Year 2001-2002

|Renew Verisign Certificate for oscar | |

|Renew Sniffer license |$20,362 |

|Register shorelinecommunitycollege.edu DNS name | |

|Register DNS name | |

|Renew Openview support and maintenance contract | |

|Renew CiscoWorks support and maintenance contract |$3,500 |

|Hewlett Packard support and maintenance contract | |

|Cisco hardware maintenance |$8,200 |

|Renew Antivirus software agreement |$8,100 |

|Wide area circuit charges | |

Fiscal Year 2002-2003

|Renew Verisign Certificate for oscar | |

|Sniffer maintenance and support |$2937 |

|Renew shorelinecommunitycollege.edu DNS registration | |

|Renew DNS registration | |

|Renew Openview support and maintenance contract | |

|Renew CiscoWorks support and maintenance contract |$3,850 |

|Hewlett Packard support and maintenance contract | |

|Cisco hardware maintenance |$11,000 |

|Renew Antivirus software agreement |$14,300 |

|Internet Circuits |$8770 |

Fiscal Year 2003-2004

|Renew Verisign Certificate for oscar | |

|Sniffer maintenance and support |$2937 |

|Renew shorelinecommunitycollege.edu DNS registration | |

|Renew DNS registration | |

|Renew Openview support and maintenance contract | |

|Renew CiscoWorks support and maintenance contract |$4,200 |

|Hewlett Packard support and maintenance contract | |

|Cisco hardware maintenance |$13,500 |

|Renew Antivirus software agreement |$9,300 |

|Internet Circuits |$8770 |

Fiscal Year 2004-2005

|Renew Verisign Certificate for oscar | |

|Sniffer maintenance and support |$2937 |

|Renew shorelinecommunitycollege.edu DNS registration | |

|Renew DNS registration | |

|Renew Openview support and maintenance contract | |

|Renew CiscoWorks support and maintenance contract | |

|Hewlett Packard support and maintenance contract | |

|Cisco hardware maintenance |$16,000 |

|Renew Antivirus software agreement |$15,900 |

|Internet Circuits |$8770 |

Fiscal Year 2005-2006

|Renew Verisign Certificate for oscar | |

|Sniffer maintenance and support |$2937 |

|Renew shorelinecommunitycollege.edu DNS registration | |

|Renew DNS registration | |

|Renew Openview support and maintenance contract | |

|Renew CiscoWorks support and maintenance contract | |

|Hewlett Packard support and maintenance contract | |

|Cisco hardware maintenance |$19,000 |

|Renew Antivirus software agreement |$10,400 |

|Internet Circuits |$8770 |

-----------------------

[1] See Appendix 1 – Standard Server Configuration

[2] See Appendix 1 – Standard Server Configuration

[3] Patch – Replacement software that has been rewritten to remove a programming flaw.

[4] Work-around – A procedure to modify the operation or to disable a specific feature in a program in the absence of a patch.

[5] See Appendix 3 – Network Equipment Standards

[6] Simple Network Management Protocol – An industry standard protocol for managing network devices

** Student Funds

** Student Funds

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download