IT Infrastructure Project: Designing LAN Networks

Project Phase 1 Friendly Care – Radiology Department - LAN Refresh

Sam Towne IT Infrastructure BMIS 520

Project Phase I

Contents Friendly Care LAN Current State............................................................................................................2

Upgrade Workstations to Gigabit............................................................................................................. 2

Add Gigabit Routers................................................................................................................................ 3

OSPF Router Configuration....................................................................................................................3

Upgrade Servers...................................................................................................................................... 3

VLANS................................................................................................................................................... 4

Upgrade Links to Gigabit........................................................................................................................ 4

Virtual Desktop Infrastructure.................................................................................................................4

Redundancy and Resiliency..................................................................................................................... 5

Structured Cabling................................................................................................................................... 5

Future Vision: Data Security and Recovery Plan.....................................................................................5

Future Vision: Virtualization and Containerization..................................................................................5

Appendix................................................................................................................................................. 6

Original Network Results....................................................................................................................6

Project Re-Design results....................................................................................................................9

Bibliography.......................................................................................................................................... 13

1

Project Phase I

Friendly Care LAN Current State

Friendly Care’s radiology department has network challenges to overcome. The core functions

are to provide the users with http, ftp, email, and the custom radiology image application. Doctors are

complaining that the radiology images load slowly during peak times. After performing a network audit, it

has been determined that there are hardware, software, and network architecture improvements that the

department needs to consider. The modeler shows that these changes increase the availability of the core

services, eliminate the network congestion during peak time and create a solid foundation for continued

growth and application deployment. These recommendations are outlined as follows:

1. Upgrade Workstations to Gigabit 2. Upgrade Switches 3. Upgrade Servers 4. Add Gigabit Routers 5. OSPF Router Configuration 6. VLANS Switch Configuration 7. Upgrade Links to Gigabit 8. Virtual desktop infrastructure 9. Redundancy & Resiliency 10. Structured Cabling 11. Future Vision: Data Security and Recovery Plan 12. Future Vision: Virtualization and Containerization

Upgrade Workstations to Gigabit

In the modeler, all workstation nodes were upgraded from fast ethernet to gigabit Ethernet (IEEE

802.3-2008). Gigabit ethernet is 10 times faster than fast ethernet. In the original model, the fast ethernet

was contributing to the network congestion. With this upgrade, this limitation is removed. It is

recommended that any Cat5 or below rated structured cabling between workstations and core services are

replaced with Cat5e infrastructure or better (Gordon, 2013) . The result is that there are is no more

queuing or slow upload and download response times. The first and second floor switches will be reused.

2

Project Phase I

Add Gigabit Routers

We recommend adding two gigabit routers between the switches and the servers. This will enable the

radiology department to incorporate layer 3 routing features such as OSPF and link aggregation. This also

fixes some of the network congestion points. This would greatly improve the link between the two servers

and the rest of the LAN. In addition to this, making the floor switches slave to layer 3 routers greatly

increases the capacity and efficiency of the communication flow between floors. Essentially, adding these

routers makes all internal network services more available to the requesting party. In addition to this,

upgrading the switches allows for OSPF and Redundancy on the server side.

OSPF Router Configuration

With the new routers the radiology department can take advantage of OSPF’s shortest path

routing capabilities to mitigate network bottlenecks and increase resiliency. OSPF finds the shortest path

to route the packets in real time (Cisco, 2017) . It also incorporates resiliency features that allow for

detecting failure points and rerouting data in real time (Cisco, 2015).

Upgrade Servers

The servers were upgraded. The new servers are 1000MHz and run Win2000. They also support

OSPF and have 4 gigabit ethernet connections. The primary reason for this upgrade is to increase service

availability, redundancy, and allow for a future virtual desktop infrastructure. OSPF compatibility

increases the resiliency and availability of the requested applications. The extra gigabit ethernet ports

allow for redundant connections from each server to each router and increased throughput.

3

Project Phase I

VLANS

VLANs reduce broadcast traffic, simplify security management and improve fault isolation

(Mitchell, 2017) . The first and second floors have been divided into two virtual local area networks.

These are VLAN_10 and VLAN_20.

Upgrade Links to Gigabit

Each network link has been upgraded to Gigabit speed. This mainly affected the links between

the switches and the workstation nodes. Although the network hardware now supports gigabit speed it is

recommended to have the station cabling tested for throughput. It is recommended that the ANSI

standards for structured cabling are maintained (Rosenberg, 2012). Over time, structured cabling can

become damaged and certain areas can have DB loss or interference problems. A routine maintenance and

documentation of the existing wired infrastructure is recommended.

Virtual Desktop Infrastructure

The Custom Radiology Image Application clients can be local to the Image Server so that the

image files stay in the same physical machine. With this design, a doctor would remote into a virtual

desktop location to use the Custom Radiology Application client . The client would reside in the same

server cluster as the Radiology Image file, and thus, not limited by the external network constraints

(Harbaugh, 2012). The virtual desktop traffic would be less than transferring the images to the

workstation side of the network. There is a long term financial advantage of VDI as it can allow for older

hardware to use newer software and operating systems (Brewer, 2017).

4

Project Phase I

Redundancy and Resiliency

The new model has redundant links between each router and each server. OSPF allows the data to

be routed efficiently and provides resiliency across the redundant links (CiscoPress, 2013).

Structured Cabling

Labels should be added to the patch panels and station cabling that align with the names of the

servers, switches, routers and workstations. Any Cat5 cable can limit speed to 100mbps. The links

between the servers and routers should be updated to Cat5e or above to enable gigabit.

Future Vision: Data Security and Recovery Plan

In 2017 the Identity Theft Research Center reported that there were over 900 breaches in the first

seven months of the year with millions of records stolen (DataBreachReport, 2017) . It is recommended

that health care companies have a proactive approach to data security (Brown, 2017). Microsoft, amongst

others, encourage Multi-Factor Authentication and Role Based Access Control (Microsoft, 2018) . Many

organizations pay to have professionals educate them on security best practices. Some of these include

safe internet browsing, using secure network connections, locking devices, and managing passwords

properly (InfoSec, 2017). SANS institute provides comprehensive cyber security training for employees

(Sans, 2018) . We recommend having the internal radiology IT department trained on best practices, and

that new hires are trained. In addition to this, there should be a company-wide security meeting to keep

everyone trained and up to date.

Future Vision: Virtualization and Containerization

Virtualization and Containerization allow for business function automation and agile and portable

application deployment. Moving forward, the department should make plans to virtualize the server

5

Project Phase I

applications and implement virtual desktop infrastructure. The minimum requirements for VMWare

vCenter Server are multiple 2Ghz cores, 3 GB RAM, and 2 GB disk storage (Vmware, 2017) . My plan

was to make custom objects in the modeler to accommodate virtualization, but I had great difficulty

getting them functioning in the modeler. Ideally the workstation nodes would also be upgraded to multi

core with processors that can handle virtualization.

Appendix

Original Network Results

MIN MAX AVG Email Download 0.006898321305 20.381327752631 1.165028954 (of all

6

Project Phase I

Response Time data points) Email Upload Response Time

0.007208831073 24.660064385855 1.090239462 (of all data points)

FTP Download Response Time

0.055899132483 49.034173956505 4.698146108 (of all data points)

FTP Upload Response Time

0.069323356021 1.34200447614 0.179989832 (of all data points)

MIN MAX AVG HTTP Page Response Time

0.019279374319 119.511958646045 2.426351047 (of all data points)

Custom App Response Time

1.38156431487 207.723969936046 13.07865 (of all data points)

Question #1 Which links have more than 60% maximum utilization?

1st_Floor_Switch <-> 2nd_Floor_Switch [0] -->

node_1 <-> 1st_Floor_Switch [0] <--

7

Project Phase I

node_7 <-> 1st_Floor_Switch [0] <--

2nd_Floor_Switch <-> Radiology_Imaging_Server [0] <--

1st_Floor_Switch <-> 2nd_Floor_Switch [0] <--

8

Project Phase I

Network Summary

The network has bottle neck points where capacity is being reached, and this is causing slow upload and

download speeds during peak traffic times. There are multiple Point to Point bottlenecks and link

saturation. The point to point between the first and second floor reaches capacity. The point to point

between the second floor and the radiology imaging server reaches capacity. The congestion causes

queuing to happen. 5 links have more than 60% maximum utilization. These problems were fixed by

upgrading the network to gigabit speed and adding two routers running OSPF. Redundant links were

added to increase service availability, and this did not add much traffic to the network. Here are the new

modeler results:

Project Re-Design results

Here are the results of the modeling. The results are summarized at the end.

9

Project Phase I

MIN MAX AVG Email Download Response Time

0.006153668462 0.007700541998 .006925

Email Upload Response Time

0.112888253692 0.145485322762 .12918

FTP Download Response Time

0.050701961809 0.050809593574 .05075

FTP Upload Response Time

0.122814898036 0.189426036548 .15611

10

Project Phase I

MIN MAX AVG HTTP Page Response Time

0.052919459262 0.398705859652 .22581

Custom App Response Time

2.476514072223 7.06652820755 4.7715

11

Project Phase I

12

Project Phase I

Conclusion: Re-Design Summary

The new network performs better. It is consistent in its delivery and does not have bottle necks or

link saturation. The average response times and maximum values of the new LAN are lower. The custom

application response time decreased from 13.078 to 4.175 on average and the max value decreased from

207.723 to 7.066. The HTTP Max response time decreased from 119.511 to .398. The FTP Download

Max response time decreased from 49.034 to .051 and the average response time dropped from 4.698 to .

051. The email upload response time max dropped from 24.66 to .145. The average email download

response time dropped from 1.165 to .0069. Five links on the old network had over 60% utilization. None

of the links have more than 60% utilization on the new network.

Bibliography

10 Crucial End User Security Tips. (2017, November 30). Retrieved February 23, 2018, from

http://resources.infosecinstitute.com/10-crucial-end-user-security-tips/#gref

Brown, C. (2017, September 05). Best Practices For A Data Security Plan. Retrieved February 23,

2018, from https://www.forbes.com/sites/forbestechcouncil/2017/09/05/best-practices-for-a-data-

security-plan/#e2584015c0e0

Cisco Globally Resilient IP: Overview and Applications. (2015, March 19). Retrieved February 23,

2018, from https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/grip/GRIP_ovr.html

Cisco Press. (2013, December 19). Retrieved February 23, 2018, from

http://www.ciscopress.com/articles/article.asp?p=474236&seqNum=4

13

Project Phase I

Data Breach Report. (n.d.). Retrieved from

http://www.idtheftcenter.org/images/breach/2017Breaches/DataBreachReport_2017.pdf

Y. (n.d.). Data Security and Encryption Best Practices. Retrieved February 23, 2018, from

https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices

Difference between Fast Ethernet and Gigabit Ethernet. (2016, November 07). Retrieved February

23, 2018, from https://www.differencebtw.com/difference-between-fast-ethernet-and-gigabit-

ethernet

End User Training. (n.d.). Retrieved February 23, 2018, from https://www.sans.org/security-

awareness-training/products/end-user

Gordon, W. (2013, April 10). Ask LH: What's The Difference Between Cat5, Cat5e And Cat6

Ethernet Cables? Retrieved February 23, 2018, from https://www.lifehacker.com.au/2013/04/ask-

lh-whats-the-difference-between-cat5-cat5e-and-cat6-cables/

Mitchell, B. (n.d.). What Is a Layer 3 Switch? Retrieved February 23, 2018, from

https://www.lifewire.com/layer-3-switch-817583

Open Shortest Path First (OSPF). (2017, September 26). Retrieved February 23, 2018, from

https://www.cisco.com/c/en/us/products/ios-nx-os-software/open-shortest-path-first-

ospf/index.html

Paul Rosenberg | Apr 01, 2000. (2012, December 10). The Basics of Structured Cabling. Retrieved

February 23, 2018, from http://www.ecmweb.com/basics/basics-structured-cabling

Tech AuditBy Logan Harbaugh,PCWorld|Mar 22, 2012 8:30 AMPTAbout | Real tech solutions for

real small businesses., & Logan Harbaugh,PCWorld|Mar 22, 2012 8:30 AMPT. (2012, March

14

Project Phase I

22). The Pros and Cons of Using Virtual Desktop Infrastructure. Retrieved February 23, 2018,

from

https://www.pcworld.com/article/252314/the_pros_and_cons_of_using_virtual_desktop_infrastr

ucture.html

Virtual desktop infrastructure (VDI): The benefits when combined with unified communications.

(n.d.). Retrieved February 23, 2018, from http://www.computerweekly.com/tip/Virtual-desktop-

infrastructure-VDI-The-benefits-when-combined-with-unified-communications

15

1. Date Field 1: