The network IP addressing scheme for the MD building is designed to ease network management. It have to protect students and employees data as well as any intellectual property that UMUC has on the servers and computers. The IPS with Application Level Gateway Firewall security appliance will be installed to secure the private network from the Internet and provide IPSec VPN connectivity to the main UMUC office. The Intrusion Protection System (IPS) is able to inspect network traffic, examine and filter based on information contained within the data portion of a packet.
It help the IT personnel monitor, log, and detect security breaches. It could use to send security breach alerts, terminate security breaches, and terminate or restart processes. The network will use the Ethernet, 24 RJ-45 ports, Power over Ethernet (P0E) switch series because of their high performance. The switches are can support up to 144 gigabit network connections (10/100/1000baseT Ethernet) and one will be installed on each floor in the Server Room. The switches will be configured with a tagged VLAN (Virtual Local Area Networks) for each subnet.
The network will be secured using Active Directory single sign-on and IP addresses centrally managed using DHCP with DHCP relay enabled on the switches to forward DHCP broadcast traffic as unicast transmissions across VLAN boundaries. The switches also will be installed in each office or room which have more than four workstations. The switches will be connected in a partial mesh that ensures no single point of network failure. A Wireless Access Point, 802.n11b/g/n Wireless, 100Base TX Ethernet series will integrate seamlessly into the network with VLAN support and provide 104 Mbps network access speed. Wireless media access will be protected using WPA2 security with AES 256 encryption and authentication using user credentials and 802. 1x integrated into Active Directory via Radius(ACLs applied to the VLAN for security). The servers in server rooms with the Windows Server operating system will be installed for the Active Directory and Microsoft Exchange servers and as dedicated file servers.
This hardware includes a RAID 5 fault tolerant, hot swappable disk array that will continue to operate even if one drive in the array fails. Each server is also equipped with a UPS (Uninterruptible Power Supply) that filters power line surges and enables graceful shutdown in the event of a power outage to protect data from corruption. The primary Active Directory domain controller will reside on the first floor and a backup domain controller on the second floor to maintain network access if the primary domain controller fails and share the load.
The servers in each lab (six class room computer labs and a student computer lab) with the Windows Server operating system will be installed for the Active Directory and Microsoft Exchange servers and as dedicated file servers to support each special lab need. Each server will have two network interface card (NIC) and could be configuration to be a small network. Each floor will also be equipped with an network printing scanning, copying for Administrative and Instructional networks. The Administrative printers will be in the front of server room each floor.
The Instructional printer will be in the front of library and student computer lab. CAT6 UTP (plenum rated where required) will be installed in a star topology because is less expensive and provides higher performance than ring (using Token Ring Protocol) and bus (using RG6 and RG58 coax cable). However the distance from the server room on each floor to the last room is over 300 feet (the Ethernet limit) and a diagonal pull through the ceiling (240 feet length, 95 feet width plus a 30 feet drop).
We have to install switches 150 feet from the server rooms to manage the far four rooms in each floor. The network subnet layout enables administrators to quickly locate computers by IP address by building floor and room, and whether the computer is a server, staff computer or instructor’s computer. The subnet layout minimized the broadcast traffic that can reduce network performance by limiting the number of computers in each broadcast domain.
The subnet layout also provides for efficient use of IP addresses by including only the number of IP addresses in each subnet necessary to support current computers plus a few additional IP addresses for immediate expansion when required. For security reasons and to differentiate subnets, The first digit in the third octet designates to the floors ( 1 for the first floor and 2 for the second floor). The second digit designates to the group ( 1 for Instructional, 2 for Administrative network and 3 for the Wi-Fi)