From Interlock Rochester Wiki

Revision as of 19:19, 8 December 2009 (view source) Cmd3187 (Talk | contribs) m (→Network: cleaning up table placement) ← Older edit		Revision as of 19:20, 8 December 2009 (view source) Cmd3187 (Talk | contribs) m (→Network: Fixed network table) Newer edit →
Line 28:		Line 28:
	=Network=		=Network=
		+	In order to meet the demands of the group over time, the network will be segregated into 3 main segments:
		+	* <span style="color: green">Production</span>
		+	* <span style="color: red">Warzone</span>
		+	* <span style="color: gold">Playground</span>
		+
		+	Each main segment will have an associated color code for its jacks (as is seen above), both on the walls, as well as near the network equipment. Category 6 cabling would be preferred for the environment. Each wall plate should be 6 feet apart, and should contain at least 1 of each colored jacks. Every jack should had 2 drops associated with it.
-	{| class="wikitable" border="1" align="right"	+	{| class="wikitable" border="1"
	|-		|-
	! Network/Mask  !! Name            !! Description		! Network/Mask  !! Name            !! Description
Line 50:		Line 56:
	|}		|}
-	In order to meet the demands of the group over time, the network will be segregated into 3 main segments:
-	* <span style="color: green">Production</span>
-	* <span style="color: red">Warzone</span>
-	* <span style="color: gold">Playground</span>
-
-	Each main segment will have an associated color code for its jacks (as is seen above), both on the walls, as well as near the network equipment. Category 6 cabling would be preferred for the environment. Each wall plate should be 6 feet apart, and should contain at least 1 of each colored jacks. Every jack should had 2 drops associated with it.
	== Internet ==		== Internet ==

---

Revision as of 19:20, 8 December 2009

NOTE: This page contains information with regard to network/server setup for the final space, not the temporary one. For the temp space, power distribution can be done with extension cords, while network access will be ad-hoc in nature.

Sub-group	Lead
Power
Environment
Security	Mark Manning
Network	Ben Woodruff

Contents 1 Power 2 Environmental 3 Network 3.1 Internet 3.1.1 Time Warner Cable 3.2 Production 3.3 Warzone 3.4 Playground 3.5 References 4 Physical Security 5 Audio-Visual System

Power

Overhead cord reels are a solution, but they must not remain plugged in at their source when not in use in order to comply with fire code. Cable trays are not a good solution for power. (They are a pain in the ass.)

Environmental

The space will need to have environmental controls in the event that servers will be kept in location. The general operating temperature of servers and network equipment should be around 75F. In order to ensure this, the purchase of an AC system will be necessary.

Things we may need to acquire:

• Heater <-- Heat is included
• Air Conditioner
• Dehumidifier
• Thermostat/Thermometer <-- Usually bundled with AC

Network

In order to meet the demands of the group over time, the network will be segregated into 3 main segments:

• Production
• Warzone
• Playground

Each main segment will have an associated color code for its jacks (as is seen above), both on the walls, as well as near the network equipment. Category 6 cabling would be preferred for the environment. Each wall plate should be 6 feet apart, and should contain at least 1 of each colored jacks. Every jack should had 2 drops associated with it.

Network/Mask	Name	Description
172.20.0.0/16	Production	Supernet slice for all production networks
172.20.0.0/24	Core	Core Equipment (routers, switches, etc)
172.20.10.0/24	Servers	Servers (LDAP, DHCP, DNS, etc - assuming not provided by router)
172.20.20.0/24	Wired Hosts	Shared workstations
172.20.30.0/24	Wireless Hosts	Registered Member laptops
172.20.50.0/24	Wireless Guests	Event Participants, Class registrants, etc - May be partitioned into a separate network, see below
172.25.0.0/16	Playground	Network specific for individual projects. Should be sliced further to /24 and /26 networks as needed
172.30.0.0/16	Warzone	A place where invasive network attacks can occur. Will be a stub network

Internet

Time Warner Cable

Most of these packages are only available in residential neighborhoods, oddly enough

Package	Download	Upload	Price
Teleworker	10	1.5	$89.95
Home Business	15	2	$109.95

Production

• Change management - agreement of whatever group is going to be responsible for maintenance before making major changes
• Access to core equipment limited to small group of network managers
• No probing / pen testing
• Reliable node-to-node and internet connectivity
• Robust internally hosted network services (DHCP, DNS, SFTP, Images (RIS, Ghost), LDAP)
  • Central LDAP host that contains authentication information for all members and is linked up with Google Apps
  • Possibly a web server to host the wiki, website, etc
  • Possibly light-weight co-lo boxes (offsite backup, etc) not intended to host production / high bandwidth websites (we will likely only have 1 external IP...)
• AirPort Express wireless AP (connected to stereo system for streaming music via AirTunes?)
  • Production network should have a more robust AP... maybe a Meru or Cisco?
    • I agree, the problem is cost. I didn't see any mentions of a better AP on the donations page, so we may be stuck with what I've got for the time being. We will also probably want to offer guest wireless access at some point, through a different SSID, which will require an additional/different AP (the new Apple equipment can do it, but this one can't)
  • I have a Meru AP100 that I will be donating --Fvox13 18:23, 8 December 2009 (UTC)
  • Can also act as a USB print server if we have a printer donated (USB is not the best option... we should consider an ethernet-enabled printer (maybe someone can donate?))
  • Authentication through RADIUS + LDAP?
• No unauthorized devices (APs, infected boxes, traffic sniffing tools, etc)
  • Device registration system, like RIT's start.rit.edu ?
• We have the ability to provide VPN access to this network. We will have to decide as a group if this is desirable and if it will be open to everyone or just the network management group

Warzone

• 172.30.x.y
• No expectation of reliability
• Relatively open access to equipment / no change management
• No expectation of structure, very dynamic depending on project use etc, may use different IP address schemes if it doesn't connect to the other two networks in any way
• Expect to have equipment probed / pen tested
• No internet connectivity? Expect machines to be exploited / infected?
• "Rogue" access points allowed (maybe include DHCP message that states you'd better be sure you want to connect to this network - want to be friendly with our neighbors)

Playground

• 172.25.x.y
  • Each project should claim an address space (ie 172.25.15.y) so we can tell what traffic is coming from which projects
• Temporary, dynamic, but more static and stable than the warzone
• Change management much more loose than production network but there should be some expectation of reliability so please at least check with someone unless you're very sure of what you're doing
• Access to the internet
• Area to play with an test new technologies (for example, play with VOIP/SIP)

References

• NEC 210.52

Physical Security

• We need to be able to "deactivate" keys, for non-payment etc
• Multi-factor authentication (ie, fob + PIN)
• Biometric stuff is really cool. Can we afford? Schlage Biometric systems
• Audit logging (twitter, website, dot matrix paper trail, etc)

Audio-Visual System

Audio

• Public Address system array across the ceiling
• Two speakers rigged to the top corners of the room
• Surround sound rigged to the top of the room
• Inputs to an audio mixer/home receiver
• Sources: Microphone, CD/DVD, computers

Video

• Ceiling mounted projection
• Screen
• Sources: DVD, computers