1

UNTHI NK ABLE

Creative

Innovative

With the constant and rapid

changes in technology, fast paced

minds are required to keep up with

the slew of equipment changes for

multiple types of businesses.

706 Moore Street

King of Prussia, Pennsylvania19406

Phone: 610-444-5555 Fax: 618-444-5556

www.ICUconsultants.com

ICU CONSULTANTS

A complete and thorough evaluation of

your floor plan will be assessed in

order for our team of designers to

create the best design that caters to

the needs of your business .

Reputed knowledge and planning

goes into the delivery of every single

intricate design by our team of

experts.

Our team of experts will devise the

most effective and efficient design

for your business.

We will find the most effectual tools

essential for your business in order to

keep up with the evolving changes of

our fast paced world.

2

INDEX 1. Hardware overview (Ron)

a. Current hardware

b. Proposed hardware

2. Software overview (Ron)

a. Current software

b. Proposed software

3. LAN overview (David)

a. Current LAN

b. Proposed LAN design

4. WAN overview (David)

a. Current WAN

b. Proposed WAN

5. Main office design/network services (Jacob)

6. Ip addressing design/scheme (David)

7. Internet connectivity design (Elias)

8. Network Security (Rick)

a. Physical security

b. Logical security

c. Data security

9. Project coat (Rick)

a. HR cost

b. Hardware cost

c. Software cost

d. Implementation cost

e. Testing/training cost

10. Testing (Nate)

a. Hardware configuration

b. Software configuration

c. Bandwidth

d. Infrastructure

11. Project schedule (Elias)

12. Project conclusion (Kay)

3

IMPLEMENTATION AND UPGRADE TO NETWORK DESIGN AND INFRASTRUCTURE FOR KOP MEDICAL ASSOCIATES

A COMPREHENSIVE NETWORK DEVELOPMENT PROJECT

SUBMITTED TO THE

IT/COMPUTER NETWORK SYSTEMS PROGRAM

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS

FOR THE ASSOCIATE DEGREE

by

NICK DATTILO

KAY LAI

JACOB MARTEL

ELIAS ALVAREZ

RICHARD DABNEY

RONDALD DUNN JR

NATHANIEL DUFFY

ADVISOR-MR. NNOKO

ITT TECHNICAL INSTITUTE

KING OF PRUSSIA, PENNSYLVANIA

AUGUST, 2010

4

Week 4 Hardware Selection and Cost (Ron) IP Addressing (Dave) LAN and WAN Diagrams (Dave) Internet, Phone, Cabling selections (Elias) Week 5 Hardware Finalize (Ron) Software Selection and Licensing (Ron) Network Services Finalize (Jacob) Security Finalize (Rich) Disaster Recovery Requirements (Nate) Week 6 Software Finalize (Ron) Internet, Phone, Cabling Finalize (Elias) Project Plan Start (Elias) Cost Finalize (Rich)

LAN and WAN Finalize (Dave)

Week 7

Disaster Recovery Finalize

Testing Finalize

Project Plan Finalize

Project Overview Finalize

Project Conclusion Finalize

Week 8-11

Actual installs

5

HARDWARE

6

Current Hardware

The current hardware is dated

legacy that is running Windows

95 software. It can not handle

the requirements demanded of

it. It runs slow and leaves the

system open to hacking.

7

HP COMPAQ 6005 PRO

We propose upgrading 45 of the

current computers in the offices with

the HP Compaq 6005 Pro at $599.99

per unit. The proposed towers will be

faster and more reliable.

¨With:

¡AMD Athlon II X2 2.8ghz processor

¡4GB DDR3 RAM

¡160GB of storage

¡Windows 7 Professional

8

ACER V173 DJB LCD MONITORS

To go along with the new towers we

propose getting 45 new Acer V173 Djb

LCD Monitor’s at 119.69 per unit.

With:

17 in LCD display

1280 x 1024 Maxim Resolution

9

LOGITECH DESKTOP MK120 With the new towers and monitors we propose all

new mice and keyboards, with the Logitech

Desktop MK120 combo pack at 29.92 per unit.

¨With: A durable duo that brings comfort, style and

simplicity together. You'll be comfortable with the

keyboard thanks to the low-profile, whisper-quiet

keys and standard layout with full-size F-keys and

number pad. With its thin profile, spill-resistant

design, durable keys that can withstand up to 10

million keystrokes and sturdy, adjustable tilt legs,

this sleek keyboard not only looks and feels good -

it's built to last. Plus, it's got easy-to-read keys. The

high-definition optical mouse puts comfort and

control in your hands with smooth, accurate

tracking and a comfortable, ambidextrous shape.

10

HP COMPAQ 515

For the doctors we propose using the HP

Compaq 515 laptop. So they will have all

the access of the network but in a portable

form. At $499.99 per unit, it comes with a:

Athlon X2 QL-66 2.2 GHz processor, - 3

GB of RAM - 320 GB Hard Drive,

DVD±RW Drive, and Windows 7 operating

system.

11

HP xb4 Notebook Media

Docking Station

To go along with the laptops

when the doctors are in the

office we opted for docking

stations for ease of use.

12

For nurses,

rather than using smart phones, we

chose tablet PCs as they would be

better to access patient records on the

move.

Atom N450 / 1.66 GHz

RAM 1 GB

HDD 160 GB

WLAN : 802.11b/g/n

Windows 7 Starter

10.1" Widescreen TFT 1024 x 600

M&A TOUCH 10

13

14

HP PROLIANT BL2X220C G6

For the servers for various doctors officers,

we decided the HP ProLiant BL2x220c G6

at $9947 per unit.

2 x Xeon E5530 / 2.4 GHz

RAM 24 GB

HDD 1 x 250 GB

Gigabit Ethernet

15

CISCO SMALL BUSINESS PRO

SR 520-T1

For routing purposes we decided

to go with the Cisco Small

Business Pro SR 520-T1 for

$1119.99

T1 Secure Router

Router

Ethernet

Fast Ethernet

16

Cisco Catalyst 2960G-24TC For the switches in the five doctors

offices we have decided to go with

several models of the Cisco Catalyst

2960G-24TC at $1526.99 per unit.

24TC

24 ports

Ethernet Fast

Ethernet Gigabit Ethernet

10Base-T

100Base-TX

1000Base-T + 4 x shared SFP

(empty)1Urefurbishedrack-

mountable

17

Cisco 521 Wireless Express

Access Point

For the laptops and to be able to access

the internet in the buildings we have

chosen the Cisco 521 Wireless Express

Access Point, at $339.99 per unit.

A single-band 802.11g access point with

integrated antennas that offers business-

class features.

18

Aastra 9116

All the offices will need phones, so we have

chosen the Aastra 9116 Single Line Analog

Telephone. At $59.99 per unit, The 9116

offers great value combining all the great

features in to a sleek design with 8 one-touch

memory calling.

19

HP LJ M2727nf MFP

For all the printing and faxing

needs of the offices we have

chosen the HP LJ M2727nf MFP.

At $598.99 per unit, featuring:

Laser

Up to 27 ppm

Up to 1200 dpi

10/100 Base-T wired Ethernet

network port

Hi-Speed USB 2.0

20

SOFTWARE

21

The 5 doctors offices were running old and out dated

software. As a group we decided to go with all state of

the software. The need to upgrade will not come up

for a long time.

OLD SOFTWARE

22

Windows Small Business Server 2008

Standard 20-User Client Access License

For the servers we chose

Windows Small Business Server

2008 Standard. At $1540.00 it will

be the backbone of the network.

23

Windows 7 For the client computers we choose to

use the windows 7. With Windows 7,

fewer walls stand between you and

your success. You can run many

Windows XP productivity programs in

Windows XP Mode and recover data

easily with automatic backups to your

home or business network. You can

also connect to company networks

effortlessly and more securely with

Domain Join.

24

For the staff to type up documents we chose

Office Professional 2010. Microsoft Office 2010 is

an industry standard offering our latest,

innovative tools to make your documents richer

and more informative. Professional includes 2010

versions of Word, Excel, PowerPoint, OneNote,

Outlook, Publisher and Access.

Office Professional 2010

25

SQL Server 2008 Standard Edition

For the database for the patients

information we choose to make them

their very own with SQL Server 2008

Standard Edition.

26

Exchange Server 2010

Standard Edition

For the in office mail we have

chosen to use Exchange Server

2010 Standard Edition.

27

AVG

For the anti-virus system, we have

chosen to go with the free version of

AVG.

28

Spybot Search and Destroy

For anti-spyware for the network we have

chosen Spybot Search and Destroy. It is a

very reliable free system to help protect the

network.

29

LAN

30

LAN

Our Design identifies 5 different locations Center City, North Office,

East Office, South Office, and West Office. Each location will represent

a WAN. The following networking devices will be in each location Cisco

521 Access point, SR 520-T1 Cisco Router, Cisco Catalyst 2960G-24TC

24 port Switch, and Hp Laser Jet Multi function printers. Two Cisco 521

access points will help provide wireless activity in each location. A SR

520-T1 router will be directly connected to each office to provide a VPN.

Through this router A Cisco 2960 24-port switch to which all hosts in that

location will be connected using Star topology. A HP all in one printer will

be connected and shared as a network printer to which can print locally.

The type of cable used will be twisted pair (UTP) Cat 6. The reason we

are using Cat 6 is because it prevents cross talk and interruptions in

data.

31

WAN

Each of the 5 locations will be linked together in a WAN. Each ABR

router will connect to another to create a WAN. Each ABR router

interfaces will be configured and routing tables configured dynamically

using a routing protocol. Our design calls for EIGRP because it is

efficient and easily configured to meet the needs for the WAN.

Office F 0/0 S 0/0 S 0/1

Main City Office 172.32.02 172.32.5.2 172.32.6.3

North Office 172.32.1.2 172.32.9.2 172.32.5.3

East Office 172.32.2.2 172.32.6.2 172.32.7.3

South Office 172.32.3.2 172.32.7.2 172.32.8.3

West Office 172.32.4.2 172.32.8.2 172.32.9.3

32

OFFICE DESIGN

33

As primary care centers KOP Medical Associates strives to provide excellent medical services and convenience for all of our patients. From their in-house pharmacies to x-ray and other lab testing services, to minor surgeries, The Doctor's Office can diagnose and care for you and your family at any of their five convenient Philadelphia, Pennsylvania locations. Their office hours are (7 a.m. - 9 p.m.) depending on what doctors are in which location.

In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. Our design calls for the implementation of Windows 2008 domain called Doctors office .net. This domain will have five sites City North, City South, City East, and City West. Each location will have identical networking services which include the following; (1) Domain Controllers: These are Windows 2008 Servers to which for authenticating Doctors, Nurses and other Doctors office employees. Domain Controller also will make available Doctors office Domain resources. Our design calls for at least two Domain Controller per site making a total number of 10.

34

The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts (DHCP clients) to retrieve IP address assignments and other configuration information. DHCP uses client-server architecture. The client sends a broadcast request for configuration information. The DHCP server receives the request and responds with configuration information from its configuration database. In the absence of DHCP, all hosts on a network must be manually configured individually - a time-consuming and often error-prone undertaking. DHCP is popular with ISP's because it allows a host to obtain a temporary IP address. Our DHCP server will sit on the PDC machine at the main site. We will implement one DHCP Server in each of the sites to avoid leasing across a slow WAN link.

FTP is usually used to send files from computers to hosting web servers when creating a website. It can also be used as a means of "downloading" files from other servers. FTP is sometimes used to send files from one computer directly to another. It most commonly uses ports 20 and 21. We will use FTP to allow doctors and nurses access to electronic patient records via Patient Management software. Our design calls for the implementation of one FTP server installed and configured on Windows 2008 Server located on the DMZ between the Internet and the internal Doctors office network.

35

In computer networking, network address translation (NAT) is the

process of modifying network address information in datagram (IP)

packet headers while in transit across a traffic routing device for the

purpose of remapping one IP address space into another. Our design

calls for the implementation of one NAT device at the center office

location. This NAT device will allow outbound connections to the Internet

for all Doctors office Internet users.

The term web are applications that facilitate interactive information

sharing, interoperability, user-centered design, and collaboration on the

World Wide Web. A Web 2.0 site allows its users to interact with each

other as contributors to the website's content, in contrast to websites

where users are limited to the passive viewing of information that is

provided to them. Examples of Web 2.0 include web-based communities,

hosted services, web applications, social-networking sites, video-sharing

sites. We will host a few different web applications that will be backed by

a SQL Server database. Users will interact with the database via html

pages.Our design includes the of 1 Web Server which will be placed in

the DMZ.

36

A database consists of an organized collection of data for one or more uses,

typically in digital form. One way of classifying databases involves the type of

their contents, for example: bibliographic, document-text, statistical. Digital

databases are managed using database management systems, which store

database contents, allowing data creation and maintenance, and search and

other access. In our design the Database will hold all of the patient’s information

necessary for the office to locate. It will contain patients social security number,

address, phone number, patient account number, email address, first name and

last name.

The Domain Name System distributes the responsibility of assigning domain

names and mapping those names to IP addresses by designating authoritative

name servers for each domain. In our design DNS will be used for assigning

each office location from an IP address to a name for each location in the forest.

The Distributed File System is used to build a hierarchical view of multiple file

servers and shares on the network. Instead of having to think of a specific

machine name for each set of files, the user will only have to remember one

name; which will be the 'key' to a list of shares found on multiple servers on the

network. In our network we will use DFS to manage file server resources

efficiently while keeping them available and secure for users.

37

IP ADDRESSING

38

IP Addressing

Our design will be a Private class B address space of 172.32.0.0 /24 and

subnet it for 254 subnets. The sub-netted subnet mask for 254 subnets

is 255.255.255.0. Our subnets are as follows

Office Sub-netted IP

Center City Office 172.32.0.1

North Office 172.32.1.1

East Office 172.32.2.1

South Office 172.32.3.1

West Office 172.32.4.1

The design also calls for exclusion of the first 254-block IP address in

each subnet. These Ip addresses will be manually configured for

servers, printers and router interfaces. Other IP addresses assignments

will be DHCP server. Our design calls for the placement of a DHCP

server in each location to prevent over the WAN link IP address request.

39

INTERNET CONNECTIVITY DESIGN

40

Our design calls for the implementation of a Single Point of connection to the Internet. As per the doctor’s request, center city will be designed as our point of connection to the internet. We will implement a single Network Address Translation (NAT). A technique in which a router or firewall rewrites the source and/or destination Internet address in a packet as it passes through, typically to allow multiple hosts to connect to the internet via single external IP address. NAT keeps track of outbound connections and distributes incoming packets to the correct machine.

All internal devices will be configured with private IP addresses. To access the internet a Public IP Address is required. Here NAT is used to translate Private to Public IP address so that Doctors office hosts can access the Internet.

Other Technologies to be implemented include Tunnell vpn. This will allow users from one location to connect security to another location.

A Demilitarized Zone (DMZ) is a component of this project, a middle ground between an organization’s trusted internal network and not trusted, external network such as the Internet. Also called a “perimeter network,” the DMZ is a sub network that may sit between firewalls of off one leg of a firewall.

Finally the Internet Service Provider (ISP) will provide Internet connections and services to individuals and the organization. ISPs provide computer users with a connection to their site, as well as a log-in name and password. They may also provide software packages, e-mail accounts or home page.

41

SECURITY

42

ICU consultants strive to be a dependable and elite organization

that takes pride in every aspect of our day-to-day activities. Network

security is by far the most important when building or in this case

restructuring a network. The provisions set forth in this computer

network infrastructure will protect the network and the networks

accessible resources from unauthorized access. While strategically

protecting the network itself, ICU will also be responsible for protecting

the physical aspect of every facility incorporated by KOP Medical

Associates. Therefore, ICU Consultants will be responsible for

restructuring KOP Medical Associates physical, logical, and data

security. There will be DMZ implemented for the web as well as the ftp

server. For employees accessing the network will be using the

companies Virtual Private Network (VPN), which will also be

implemented in this upgrade. To ensure the integrity of this network a

strong password policy will be enforced and to further protect an

account lockout policy will back up the strong password policy.

43

Physical security describes both measures that prevent or deter

attackers from accessing a facility, resource, or information stored at a

physical location/sight. There will be a complete upgrade to KOP

Medical Associates physical security system to protect against intrusion

when the office is closed as well as during the companies normal

business hours. During the evening hours ICU will implement an alarm

system monitored and installed by ADT. The ADT Premise Pro

electronic security system will help protect each of KOP Medical

Associates five locations from burglary and intrusion. ICU specifically

chose this system because it is designed to provide a small business

with effective, affordable security. Technology is why ICU Consultants

exist; therefore KOP Medical Associates will be going keyless to gain

access to each facility. Each visiting patient will have to be buzzed in to

gain access to the facility to ensure a more secure environment. Every

employee will be given an access card to gain entry, this will also give

upper management the ability to monitor all who enters and leaves each

facility.

44

The next measure of physical security ICU will be implementing to ensure

the safety of KOP Medical Associates facilities will be the installation of

surveillance cameras. There will be two cameras installed per five

locations, thus bringing the total in entirety to ten for all of KOP Medical

Associates facilities. The cameras will monitor the office during normal

business hours plus adds an additional measure of security during the

hours the business is closed. ICU will be installing the Panasonic I – Pro

color fixed mini dome IP Security Camera. This equipment comes

complete with viewing software that will be linked to the application server

and a pc will be designated for viewing and recording. The final upgrade

to KOP Medical Associates physical security will be fingerprint door locks

to be installed on the IT/Telecom room as well as the storage area.

There will be an elite chosen few to gain access to these two areas.

There will be a total of ten to complete the upgrade, two per facility. The

device chosen by ICU Consultants is the Tocahome e key. This is

another measure ICU Consultants takes to ensure the integrity of our

network security.

45

Logical Security consists of software safeguards for an organization’s

systems, including user Identification and password access, authentication,

access rights and authority levels. These measures are to ensure that only

authorized users are able to perform actions or access information in a

network or a workstation. The logical security of KOP Medical Associates

needs considerable improvement. There will be several upgrades

implemented to provide top-notch security of the networks infrastructure.

For starters ICU will apply and implement several scopes on every server

starting with the DHCP Server. The resources on the network and who

actually needs to access them will determine the configuration of the

necessary scopes and group policy to also determine who can access and

modify. IIS will also be configured for this network.

46

There will also be ASP.NET and exchange 2010 that will be configured

and will require username and password to access. Every possible

avenue on KOP Medical Associates network will be road blocked with

username, password, authentication, and biometrics. All of these

measures are taken to log onto the network, this ensures that the

authorized user can access only what they are permitted. To further

protect the network there will be hardware encryption software installed

as well as database encryption software. To protect all of KOP Medical

Associates wireless capabilities there will be Mac Address filtering along

with router security configured so that there will be no broadcast of the

networks SSID.

47

Finally the most important part of protecting a business’s network

resources is protecting the resources central location. For us at ICU

Consultants the server room is where it all begins and is the most

guarded area when we are called upon to upgrade or install a network

system. Therefore ICU Consultants enforce a very strict server room

policy and server room security is implemented in every location. This

protects the network and all of its resources. Server rooms are full of

equipment, such as servers, routers switches, server racks etc., these

machines run constantly and can potentially overheat. ICU will be

installing network monitoring and server monitoring software. This will

keep a close eye on the temperature of the server room and all

equipment in use in that designated area. Every server room in all five

of KOP Medical Associates facilities will implement this security standard

and monitoring software. By implementing such a vigorous security

process ICU stands firm and confident in protecting the confidentiality of

KOP Medical Associates patients and all resources that reside on their

network.

48

COST

49

50

TESTING/ROUTERCONFIGURATIONS

51

Router Configuration

To ease the setup, it makes sense to rename the routers something

that will uniquely identify them:

Enter configuration mode

Router>enable

Router#config t

Router(config)#

Rename the router to "Center"

Router(config)#hostnameCenter

Center(config)#end

Center#copyrun start

52

WAN Router Configuration

There are five sites, one router per site. The routers are set up with

these addresses:

Center North South East West

DTE Serial

172.16.16.1/20 172.16.32.1/20 172.16.48.1/20 172.16.64.1/20 172.16.80.1/20

DCE Serial

172.16.80.2/20 172.16.16.2/20 172.16.32.2/20 172.16.48.2/20 172.16.64.2/20

Fast Ethernet

172.16.96.1/20 172.16.112.1/20 172.16.128.1/20 172.16.144.1/20 172.16.160.1/20

53

Configure Center's DTE Serial Interface w/ IP to connect to East

North(config)#ints0/0

Center(config-if)#ip addr 172.16.16.1 255.255.240.0

Center(config-if)#no shut

Center(config-if)#exit

Configure Center's DCE Serial Interface w/ IP & clock rate to connect to Center

Center(config)#ints1/0

Center(config-if)#ip addr 172.16.80.2 255.255.240.0

Center(config-if)#clock rate 64000

Center(config-if)#no shut

Configure Center's Fast Ethernet Interface w/ IP to connect to it's LAN

Center(config)#intfa2/0

Center(config-if)#ip addr172.16.96.1 255.255.240.0

Center(configif)#no shut

54

Enable EIGRP on Center with an AS of 200 *EIGRP cannot be used;

Skip this step

Center(config)#router eigrp 200

Center(config-router)#network 172.16.16.0 255.255.240.0

Center(config-router)#network 172.16.80.0 255.255.240.0

Center(config-router)#network 172.16.96.0 255.255.240.0

Enable RIPv2 on Center with an AS of 200

Center(config)#router rip

Center(config-router)#network 172.16.16.0

Center(config-router)#network 172.16.80.0

Center(config-router)#network 172.16.96.0

55

WAN Security Securing the WAN network is essential. There are a variety of passwords that can be used to protect the routers from unauthorized access & configuration:

Set the enable password to "password1"

Router(config)#enable password password1

Set the enable secret password to "secret1". This password overrides enable password

Router(config)#enable secret secret1

Set console password to "console1"

Center(config)#linecon 0

Center(config-line)#login

Center(config-line)#passwordconsole1

Set telnet password to "telnet1"

Center(config)#linevty 0 4

Center(config-line)#login

Center(config-line)#passwordtelnet1

56

PROJECT SCHEDULING

57

\

Our design calls for the implementation of a Single Point of connection to the Internet. As per the doctor’s request, center city will be designed as our point of connection to the Internet. We will implement a single Network Address Translation (NAT). A technique in which a router or firewall rewrites the source and/or destination Internet address in a packet as it passes through, typically to allow multiple hosts to connect to the internet via single external IP address. NAT keeps track of outbound connections and distributes incoming packets to the correct machine.

All internal devices will be configured with private IP addresses. To access the Internet a Public IP Address is required. Here NAT is used to translate Private to Public IP address so that Doctors office hosts can access the Internet.

Other Technologies to be implemented include Tunnel VPN. This will allow users from one location to connect security to another location.

A Demilitarized Zone (DMZ) is a component of this project, a middle ground between an organization’s trusted internal network and not trusted, external network such as the Internet. Also called a “perimeter network,” the DMZ is a sub network that may sit between firewalls of off one leg of a firewall.

Finally the Internet Service Provider (ISP) will provide Internet connections and services to individuals and the organization. ISPs provide computer users with a connection to their site, as well as a login name and password. They may also provide software packages, e-mail accounts or home page.

58

CONCLUSION

59

Conclusion

After careful evaluation of the current system and floor plan, our team of skilled

engineers and technical experts implemented the best equipment apposite for the

facility.

The design has been implemented to provide information and communication

services for the new partnership with all necessary security and disaster planning

to meet HIPPA requirements.

Each solution and change has been documented with detailed configurations and

instructions for ease of use.