Upload
icuconsultants
View
360
Download
0
Tags:
Embed Size (px)
Citation preview
1
UNTHI NK ABLE
Creative
Innovative
With the constant and rapid
changes in technology, fast paced
minds are required to keep up with
the slew of equipment changes for
multiple types of businesses.
706 Moore Street
King of Prussia, Pennsylvania19406
Phone: 610-444-5555 Fax: 618-444-5556
www.ICUconsultants.com
ICU CONSULTANTS
A complete and thorough evaluation of
your floor plan will be assessed in
order for our team of designers to
create the best design that caters to
the needs of your business .
Reputed knowledge and planning
goes into the delivery of every single
intricate design by our team of
experts.
Our team of experts will devise the
most effective and efficient design
for your business.
We will find the most effectual tools
essential for your business in order to
keep up with the evolving changes of
our fast paced world.
2
INDEX 1. Hardware overview (Ron)
a. Current hardware
b. Proposed hardware
2. Software overview (Ron)
a. Current software
b. Proposed software
3. LAN overview (David)
a. Current LAN
b. Proposed LAN design
4. WAN overview (David)
a. Current WAN
b. Proposed WAN
5. Main office design/network services (Jacob)
6. Ip addressing design/scheme (David)
7. Internet connectivity design (Elias)
8. Network Security (Rick)
a. Physical security
b. Logical security
c. Data security
9. Project coat (Rick)
a. HR cost
b. Hardware cost
c. Software cost
d. Implementation cost
e. Testing/training cost
10. Testing (Nate)
a. Hardware configuration
b. Software configuration
c. Bandwidth
d. Infrastructure
11. Project schedule (Elias)
12. Project conclusion (Kay)
3
IMPLEMENTATION AND UPGRADE TO NETWORK DESIGN AND INFRASTRUCTURE FOR KOP MEDICAL ASSOCIATES
A COMPREHENSIVE NETWORK DEVELOPMENT PROJECT
SUBMITTED TO THE
IT/COMPUTER NETWORK SYSTEMS PROGRAM
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE ASSOCIATE DEGREE
by
NICK DATTILO
KAY LAI
JACOB MARTEL
ELIAS ALVAREZ
RICHARD DABNEY
RONDALD DUNN JR
NATHANIEL DUFFY
ADVISOR-MR. NNOKO
ITT TECHNICAL INSTITUTE
KING OF PRUSSIA, PENNSYLVANIA
AUGUST, 2010
4
Week 4 Hardware Selection and Cost (Ron) IP Addressing (Dave) LAN and WAN Diagrams (Dave) Internet, Phone, Cabling selections (Elias) Week 5 Hardware Finalize (Ron) Software Selection and Licensing (Ron) Network Services Finalize (Jacob) Security Finalize (Rich) Disaster Recovery Requirements (Nate) Week 6 Software Finalize (Ron) Internet, Phone, Cabling Finalize (Elias) Project Plan Start (Elias) Cost Finalize (Rich)
LAN and WAN Finalize (Dave)
Week 7
Disaster Recovery Finalize
Testing Finalize
Project Plan Finalize
Project Overview Finalize
Project Conclusion Finalize
Week 8-11
Actual installs
5
HARDWARE
6
Current Hardware
The current hardware is dated
legacy that is running Windows
95 software. It can not handle
the requirements demanded of
it. It runs slow and leaves the
system open to hacking.
7
HP COMPAQ 6005 PRO
We propose upgrading 45 of the
current computers in the offices with
the HP Compaq 6005 Pro at $599.99
per unit. The proposed towers will be
faster and more reliable.
¨With:
¡AMD Athlon II X2 2.8ghz processor
¡4GB DDR3 RAM
¡160GB of storage
¡Windows 7 Professional
8
ACER V173 DJB LCD MONITORS
To go along with the new towers we
propose getting 45 new Acer V173 Djb
LCD Monitor’s at 119.69 per unit.
With:
17 in LCD display
1280 x 1024 Maxim Resolution
9
LOGITECH DESKTOP MK120 With the new towers and monitors we propose all
new mice and keyboards, with the Logitech
Desktop MK120 combo pack at 29.92 per unit.
¨With: A durable duo that brings comfort, style and
simplicity together. You'll be comfortable with the
keyboard thanks to the low-profile, whisper-quiet
keys and standard layout with full-size F-keys and
number pad. With its thin profile, spill-resistant
design, durable keys that can withstand up to 10
million keystrokes and sturdy, adjustable tilt legs,
this sleek keyboard not only looks and feels good -
it's built to last. Plus, it's got easy-to-read keys. The
high-definition optical mouse puts comfort and
control in your hands with smooth, accurate
tracking and a comfortable, ambidextrous shape.
10
HP COMPAQ 515
For the doctors we propose using the HP
Compaq 515 laptop. So they will have all
the access of the network but in a portable
form. At $499.99 per unit, it comes with a:
Athlon X2 QL-66 2.2 GHz processor, - 3
GB of RAM - 320 GB Hard Drive,
DVD±RW Drive, and Windows 7 operating
system.
11
HP xb4 Notebook Media
Docking Station
To go along with the laptops
when the doctors are in the
office we opted for docking
stations for ease of use.
12
For nurses,
rather than using smart phones, we
chose tablet PCs as they would be
better to access patient records on the
move.
Atom N450 / 1.66 GHz
RAM 1 GB
HDD 160 GB
WLAN : 802.11b/g/n
Windows 7 Starter
10.1" Widescreen TFT 1024 x 600
M&A TOUCH 10
13
14
HP PROLIANT BL2X220C G6
For the servers for various doctors officers,
we decided the HP ProLiant BL2x220c G6
at $9947 per unit.
2 x Xeon E5530 / 2.4 GHz
RAM 24 GB
HDD 1 x 250 GB
Gigabit Ethernet
15
CISCO SMALL BUSINESS PRO
SR 520-T1
For routing purposes we decided
to go with the Cisco Small
Business Pro SR 520-T1 for
$1119.99
T1 Secure Router
Router
Ethernet
Fast Ethernet
16
Cisco Catalyst 2960G-24TC For the switches in the five doctors
offices we have decided to go with
several models of the Cisco Catalyst
2960G-24TC at $1526.99 per unit.
24TC
24 ports
Ethernet Fast
Ethernet Gigabit Ethernet
10Base-T
100Base-TX
1000Base-T + 4 x shared SFP
(empty)1Urefurbishedrack-
mountable
17
Cisco 521 Wireless Express
Access Point
For the laptops and to be able to access
the internet in the buildings we have
chosen the Cisco 521 Wireless Express
Access Point, at $339.99 per unit.
A single-band 802.11g access point with
integrated antennas that offers business-
class features.
18
Aastra 9116
All the offices will need phones, so we have
chosen the Aastra 9116 Single Line Analog
Telephone. At $59.99 per unit, The 9116
offers great value combining all the great
features in to a sleek design with 8 one-touch
memory calling.
19
HP LJ M2727nf MFP
For all the printing and faxing
needs of the offices we have
chosen the HP LJ M2727nf MFP.
At $598.99 per unit, featuring:
Laser
Up to 27 ppm
Up to 1200 dpi
10/100 Base-T wired Ethernet
network port
Hi-Speed USB 2.0
20
SOFTWARE
21
The 5 doctors offices were running old and out dated
software. As a group we decided to go with all state of
the software. The need to upgrade will not come up
for a long time.
OLD SOFTWARE
22
Windows Small Business Server 2008
Standard 20-User Client Access License
For the servers we chose
Windows Small Business Server
2008 Standard. At $1540.00 it will
be the backbone of the network.
23
Windows 7 For the client computers we choose to
use the windows 7. With Windows 7,
fewer walls stand between you and
your success. You can run many
Windows XP productivity programs in
Windows XP Mode and recover data
easily with automatic backups to your
home or business network. You can
also connect to company networks
effortlessly and more securely with
Domain Join.
24
For the staff to type up documents we chose
Office Professional 2010. Microsoft Office 2010 is
an industry standard offering our latest,
innovative tools to make your documents richer
and more informative. Professional includes 2010
versions of Word, Excel, PowerPoint, OneNote,
Outlook, Publisher and Access.
Office Professional 2010
25
SQL Server 2008 Standard Edition
For the database for the patients
information we choose to make them
their very own with SQL Server 2008
Standard Edition.
26
Exchange Server 2010
Standard Edition
For the in office mail we have
chosen to use Exchange Server
2010 Standard Edition.
27
AVG
For the anti-virus system, we have
chosen to go with the free version of
AVG.
28
Spybot Search and Destroy
For anti-spyware for the network we have
chosen Spybot Search and Destroy. It is a
very reliable free system to help protect the
network.
29
LAN
30
LAN
Our Design identifies 5 different locations Center City, North Office,
East Office, South Office, and West Office. Each location will represent
a WAN. The following networking devices will be in each location Cisco
521 Access point, SR 520-T1 Cisco Router, Cisco Catalyst 2960G-24TC
24 port Switch, and Hp Laser Jet Multi function printers. Two Cisco 521
access points will help provide wireless activity in each location. A SR
520-T1 router will be directly connected to each office to provide a VPN.
Through this router A Cisco 2960 24-port switch to which all hosts in that
location will be connected using Star topology. A HP all in one printer will
be connected and shared as a network printer to which can print locally.
The type of cable used will be twisted pair (UTP) Cat 6. The reason we
are using Cat 6 is because it prevents cross talk and interruptions in
data.
31
WAN
Each of the 5 locations will be linked together in a WAN. Each ABR
router will connect to another to create a WAN. Each ABR router
interfaces will be configured and routing tables configured dynamically
using a routing protocol. Our design calls for EIGRP because it is
efficient and easily configured to meet the needs for the WAN.
Office F 0/0 S 0/0 S 0/1
Main City Office 172.32.02 172.32.5.2 172.32.6.3
North Office 172.32.1.2 172.32.9.2 172.32.5.3
East Office 172.32.2.2 172.32.6.2 172.32.7.3
South Office 172.32.3.2 172.32.7.2 172.32.8.3
West Office 172.32.4.2 172.32.8.2 172.32.9.3
32
OFFICE DESIGN
33
As primary care centers KOP Medical Associates strives to provide excellent medical services and convenience for all of our patients. From their in-house pharmacies to x-ray and other lab testing services, to minor surgeries, The Doctor's Office can diagnose and care for you and your family at any of their five convenient Philadelphia, Pennsylvania locations. Their office hours are (7 a.m. - 9 p.m.) depending on what doctors are in which location.
In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. Our design calls for the implementation of Windows 2008 domain called Doctors office .net. This domain will have five sites City North, City South, City East, and City West. Each location will have identical networking services which include the following; (1) Domain Controllers: These are Windows 2008 Servers to which for authenticating Doctors, Nurses and other Doctors office employees. Domain Controller also will make available Doctors office Domain resources. Our design calls for at least two Domain Controller per site making a total number of 10.
34
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Our DHCP server will sit on the PDC machine at the main site. We will implement one DHCP Server in each of the sites to avoid leasing across a slow WAN link.
FTP is usually used to send files from computers to hosting web servers when creating a website. It can also be used as a means of "downloading" files from other servers. FTP is sometimes used to send files from one computer directly to another. It most commonly uses ports 20 and 21. We will use FTP to allow doctors and nurses access to electronic patient records via Patient Management software. Our design calls for the implementation of one FTP server installed and configured on Windows 2008 Server located on the DMZ between the Internet and the internal Doctors office network.
35
In computer networking, network address translation (NAT) is the
process of modifying network address information in datagram (IP)
packet headers while in transit across a traffic routing device for the
purpose of remapping one IP address space into another. Our design
calls for the implementation of one NAT device at the center office
location. This NAT device will allow outbound connections to the Internet
for all Doctors office Internet users.
The term web are applications that facilitate interactive information
sharing, interoperability, user-centered design, and collaboration on the
World Wide Web. A Web 2.0 site allows its users to interact with each
other as contributors to the website's content, in contrast to websites
where users are limited to the passive viewing of information that is
provided to them. Examples of Web 2.0 include web-based communities,
hosted services, web applications, social-networking sites, video-sharing
sites. We will host a few different web applications that will be backed by
a SQL Server database. Users will interact with the database via html
pages.Our design includes the of 1 Web Server which will be placed in
the DMZ.
36
A database consists of an organized collection of data for one or more uses,
typically in digital form. One way of classifying databases involves the type of
their contents, for example: bibliographic, document-text, statistical. Digital
databases are managed using database management systems, which store
database contents, allowing data creation and maintenance, and search and
other access. In our design the Database will hold all of the patient’s information
necessary for the office to locate. It will contain patients social security number,
address, phone number, patient account number, email address, first name and
last name.
The Domain Name System distributes the responsibility of assigning domain
names and mapping those names to IP addresses by designating authoritative
name servers for each domain. In our design DNS will be used for assigning
each office location from an IP address to a name for each location in the forest.
The Distributed File System is used to build a hierarchical view of multiple file
servers and shares on the network. Instead of having to think of a specific
machine name for each set of files, the user will only have to remember one
name; which will be the 'key' to a list of shares found on multiple servers on the
network. In our network we will use DFS to manage file server resources
efficiently while keeping them available and secure for users.
37
IP ADDRESSING
38
IP Addressing
Our design will be a Private class B address space of 172.32.0.0 /24 and
subnet it for 254 subnets. The sub-netted subnet mask for 254 subnets
is 255.255.255.0. Our subnets are as follows
Office Sub-netted IP
Center City Office 172.32.0.1
North Office 172.32.1.1
East Office 172.32.2.1
South Office 172.32.3.1
West Office 172.32.4.1
The design also calls for exclusion of the first 254-block IP address in
each subnet. These Ip addresses will be manually configured for
servers, printers and router interfaces. Other IP addresses assignments
will be DHCP server. Our design calls for the placement of a DHCP
server in each location to prevent over the WAN link IP address request.
39
INTERNET CONNECTIVITY DESIGN
40
Our design calls for the implementation of a Single Point of connection to the Internet. As per the doctor’s request, center city will be designed as our point of connection to the internet. We will implement a single Network Address Translation (NAT). A technique in which a router or firewall rewrites the source and/or destination Internet address in a packet as it passes through, typically to allow multiple hosts to connect to the internet via single external IP address. NAT keeps track of outbound connections and distributes incoming packets to the correct machine.
All internal devices will be configured with private IP addresses. To access the internet a Public IP Address is required. Here NAT is used to translate Private to Public IP address so that Doctors office hosts can access the Internet.
Other Technologies to be implemented include Tunnell vpn. This will allow users from one location to connect security to another location.
A Demilitarized Zone (DMZ) is a component of this project, a middle ground between an organization’s trusted internal network and not trusted, external network such as the Internet. Also called a “perimeter network,” the DMZ is a sub network that may sit between firewalls of off one leg of a firewall.
Finally the Internet Service Provider (ISP) will provide Internet connections and services to individuals and the organization. ISPs provide computer users with a connection to their site, as well as a log-in name and password. They may also provide software packages, e-mail accounts or home page.
41
SECURITY
42
ICU consultants strive to be a dependable and elite organization
that takes pride in every aspect of our day-to-day activities. Network
security is by far the most important when building or in this case
restructuring a network. The provisions set forth in this computer
network infrastructure will protect the network and the networks
accessible resources from unauthorized access. While strategically
protecting the network itself, ICU will also be responsible for protecting
the physical aspect of every facility incorporated by KOP Medical
Associates. Therefore, ICU Consultants will be responsible for
restructuring KOP Medical Associates physical, logical, and data
security. There will be DMZ implemented for the web as well as the ftp
server. For employees accessing the network will be using the
companies Virtual Private Network (VPN), which will also be
implemented in this upgrade. To ensure the integrity of this network a
strong password policy will be enforced and to further protect an
account lockout policy will back up the strong password policy.
43
Physical security describes both measures that prevent or deter
attackers from accessing a facility, resource, or information stored at a
physical location/sight. There will be a complete upgrade to KOP
Medical Associates physical security system to protect against intrusion
when the office is closed as well as during the companies normal
business hours. During the evening hours ICU will implement an alarm
system monitored and installed by ADT. The ADT Premise Pro
electronic security system will help protect each of KOP Medical
Associates five locations from burglary and intrusion. ICU specifically
chose this system because it is designed to provide a small business
with effective, affordable security. Technology is why ICU Consultants
exist; therefore KOP Medical Associates will be going keyless to gain
access to each facility. Each visiting patient will have to be buzzed in to
gain access to the facility to ensure a more secure environment. Every
employee will be given an access card to gain entry, this will also give
upper management the ability to monitor all who enters and leaves each
facility.
44
The next measure of physical security ICU will be implementing to ensure
the safety of KOP Medical Associates facilities will be the installation of
surveillance cameras. There will be two cameras installed per five
locations, thus bringing the total in entirety to ten for all of KOP Medical
Associates facilities. The cameras will monitor the office during normal
business hours plus adds an additional measure of security during the
hours the business is closed. ICU will be installing the Panasonic I – Pro
color fixed mini dome IP Security Camera. This equipment comes
complete with viewing software that will be linked to the application server
and a pc will be designated for viewing and recording. The final upgrade
to KOP Medical Associates physical security will be fingerprint door locks
to be installed on the IT/Telecom room as well as the storage area.
There will be an elite chosen few to gain access to these two areas.
There will be a total of ten to complete the upgrade, two per facility. The
device chosen by ICU Consultants is the Tocahome e key. This is
another measure ICU Consultants takes to ensure the integrity of our
network security.
45
Logical Security consists of software safeguards for an organization’s
systems, including user Identification and password access, authentication,
access rights and authority levels. These measures are to ensure that only
authorized users are able to perform actions or access information in a
network or a workstation. The logical security of KOP Medical Associates
needs considerable improvement. There will be several upgrades
implemented to provide top-notch security of the networks infrastructure.
For starters ICU will apply and implement several scopes on every server
starting with the DHCP Server. The resources on the network and who
actually needs to access them will determine the configuration of the
necessary scopes and group policy to also determine who can access and
modify. IIS will also be configured for this network.
46
There will also be ASP.NET and exchange 2010 that will be configured
and will require username and password to access. Every possible
avenue on KOP Medical Associates network will be road blocked with
username, password, authentication, and biometrics. All of these
measures are taken to log onto the network, this ensures that the
authorized user can access only what they are permitted. To further
protect the network there will be hardware encryption software installed
as well as database encryption software. To protect all of KOP Medical
Associates wireless capabilities there will be Mac Address filtering along
with router security configured so that there will be no broadcast of the
networks SSID.
47
Finally the most important part of protecting a business’s network
resources is protecting the resources central location. For us at ICU
Consultants the server room is where it all begins and is the most
guarded area when we are called upon to upgrade or install a network
system. Therefore ICU Consultants enforce a very strict server room
policy and server room security is implemented in every location. This
protects the network and all of its resources. Server rooms are full of
equipment, such as servers, routers switches, server racks etc., these
machines run constantly and can potentially overheat. ICU will be
installing network monitoring and server monitoring software. This will
keep a close eye on the temperature of the server room and all
equipment in use in that designated area. Every server room in all five
of KOP Medical Associates facilities will implement this security standard
and monitoring software. By implementing such a vigorous security
process ICU stands firm and confident in protecting the confidentiality of
KOP Medical Associates patients and all resources that reside on their
network.
48
COST
49
50
TESTING/ROUTERCONFIGURATIONS
51
Router Configuration
To ease the setup, it makes sense to rename the routers something
that will uniquely identify them:
Enter configuration mode
Router>enable
Router#config t
Router(config)#
Rename the router to "Center"
Router(config)#hostnameCenter
Center(config)#end
Center#copyrun start
52
WAN Router Configuration
There are five sites, one router per site. The routers are set up with
these addresses:
Center North South East West
DTE Serial
172.16.16.1/20 172.16.32.1/20 172.16.48.1/20 172.16.64.1/20 172.16.80.1/20
DCE Serial
172.16.80.2/20 172.16.16.2/20 172.16.32.2/20 172.16.48.2/20 172.16.64.2/20
Fast Ethernet
172.16.96.1/20 172.16.112.1/20 172.16.128.1/20 172.16.144.1/20 172.16.160.1/20
53
Configure Center's DTE Serial Interface w/ IP to connect to East
North(config)#ints0/0
Center(config-if)#ip addr 172.16.16.1 255.255.240.0
Center(config-if)#no shut
Center(config-if)#exit
Configure Center's DCE Serial Interface w/ IP & clock rate to connect to Center
Center(config)#ints1/0
Center(config-if)#ip addr 172.16.80.2 255.255.240.0
Center(config-if)#clock rate 64000
Center(config-if)#no shut
Configure Center's Fast Ethernet Interface w/ IP to connect to it's LAN
Center(config)#intfa2/0
Center(config-if)#ip addr172.16.96.1 255.255.240.0
Center(configif)#no shut
54
Enable EIGRP on Center with an AS of 200 *EIGRP cannot be used;
Skip this step
Center(config)#router eigrp 200
Center(config-router)#network 172.16.16.0 255.255.240.0
Center(config-router)#network 172.16.80.0 255.255.240.0
Center(config-router)#network 172.16.96.0 255.255.240.0
Enable RIPv2 on Center with an AS of 200
Center(config)#router rip
Center(config-router)#network 172.16.16.0
Center(config-router)#network 172.16.80.0
Center(config-router)#network 172.16.96.0
55
WAN Security Securing the WAN network is essential. There are a variety of passwords that can be used to protect the routers from unauthorized access & configuration:
Set the enable password to "password1"
Router(config)#enable password password1
Set the enable secret password to "secret1". This password overrides enable password
Router(config)#enable secret secret1
Set console password to "console1"
Center(config)#linecon 0
Center(config-line)#login
Center(config-line)#passwordconsole1
Set telnet password to "telnet1"
Center(config)#linevty 0 4
Center(config-line)#login
Center(config-line)#passwordtelnet1
56
PROJECT SCHEDULING
57
\
Our design calls for the implementation of a Single Point of connection to the Internet. As per the doctor’s request, center city will be designed as our point of connection to the Internet. We will implement a single Network Address Translation (NAT). A technique in which a router or firewall rewrites the source and/or destination Internet address in a packet as it passes through, typically to allow multiple hosts to connect to the internet via single external IP address. NAT keeps track of outbound connections and distributes incoming packets to the correct machine.
All internal devices will be configured with private IP addresses. To access the Internet a Public IP Address is required. Here NAT is used to translate Private to Public IP address so that Doctors office hosts can access the Internet.
Other Technologies to be implemented include Tunnel VPN. This will allow users from one location to connect security to another location.
A Demilitarized Zone (DMZ) is a component of this project, a middle ground between an organization’s trusted internal network and not trusted, external network such as the Internet. Also called a “perimeter network,” the DMZ is a sub network that may sit between firewalls of off one leg of a firewall.
Finally the Internet Service Provider (ISP) will provide Internet connections and services to individuals and the organization. ISPs provide computer users with a connection to their site, as well as a login name and password. They may also provide software packages, e-mail accounts or home page.
58
CONCLUSION
59
Conclusion
After careful evaluation of the current system and floor plan, our team of skilled
engineers and technical experts implemented the best equipment apposite for the
facility.
The design has been implemented to provide information and communication
services for the new partnership with all necessary security and disaster planning
to meet HIPPA requirements.
Each solution and change has been documented with detailed configurations and
instructions for ease of use.