LAN User Requirements

The Washington Elementary School District of Phoenix, Arizona will implement an enterprise-wide network in order to provide data connectivity between all individual school sites and administrative offices with the district office. Implementation of the network design will meet all requirements and objectives.

General Requirements

  • Local Area Network (LAN) at each site.
  • Wide Area Network (WAN) to provide connectivity between all sites.
  • Internet access from any site in the school district.
  • Implementation of servers that will provide services to facilitate online automation of all the districts administrative and many of the curricular functions.
  • Network design implementation shall provide a minimum of 7-10 years continuous functionality.
  • Network design considerations shall provide a minimum of 100x growth in the LAN throughput, 2x growth of the WAN core throughput, and 10x growth in the district internet connection throughput.
  • Network design implementation shall provide a minimum of 100 Mbps to any host computer and 1 Gbps to any server computer.
  • TCP/IP and Novell IPX will be the only OSI layer 3 and 4 routing protocols implemented.

Wide Area Network (WAN) Requirements

  • WAN will connect all school sites and administrative offices with the district office for the purpose of delivering data.
  • WAN will be based on a two-layer hierarchical model with the following locations acting as Regional Hubs for the purpose of forming a fast WAN core network..
    • Regional Hub I: District Office/Data Center Phoenix N.W.C.O.
    • Regional Hub II: Service Center Greenway C.O.
    • Regional Hub III: Shaw Butte School Sunnyslope C.O.]

    • The above Regional Hubs will provide WAN connectivity to school sites. School sites will connect based on proximity to the Regional Hubs.

  • Point-to-Point connectivity between each of the three Regional Hubs will be provided by (4) T1 data lines between each Hub.
  • Point-to-point connectivity between Regional Hubs and each school site will be provided by a singe T1 line between the Hub and each individual site, excluding the Community School site assigned to Regional Hub III. The Community School site will access the district WAN via a ISDN connection.
  • Internet access or any other outside network connection will be provided to all sites via (1) T1-speed data Frame Relay connection centrally located at the Regional Hub I. For security purposes no other connections will be permitted.
  • All Regional Hubs will have powerful, high-end routers installed. All site routers will provide modem connectivity to Regional Hub I and Regional Hub II for ease of router maintenance and enforcement of district wide network administration policies.
  • TCP/IP and Novell IPX will be the only routing protocols allowed to utilize the district WAN. All other network protocols will be filtered via access routers at the individual school sites.

Local Area Network (LAN) and Wiring Requirements

  • LAN infrastructure will be based on the Ethernet LAN switching technology to allow for migration to faster speeds, and higher bandwidth capabilities to individual host computers, servers, and between MDFs and IDFs without having to implement a new physical wiring scheme to accommodate future applications.
  • Each school site LAN and the Regional Hub I LAN will be divided into two network segments. Segmentation will be accomplished with the utilization of VLAN switching technology. Network 1 will be designated for student/curriculum usage and Network 2 will be designated for administrative usage.
  • LAN transport speeds will be Ethernet 10BASE-T, 100BASE-TX, and 100BASE-FX.
  • LAN cabling infrastructure shall comply with TIA/EIA-568A and TIA/EIA-569 standards.
  • Horizontal cabling shall be CAT5e UTP and will be tested to have the capacity to accommodate 100 Mbps.
  • Vertical (Backbone) cabling shall be CAT5e UTP or fiber optic multi-mode cable.
  • Each site will have a Main Distribution Facility (MDF) room that will serve as the central point to which all LAN cable runs will terminate. The MDF will also provide the point of presence (POP) for the WAN connection.
  • Routers, LAN switches, and other major network components will be located in the MDF room.
  • Intermediate Distribution Facility (IDF) rooms will be established in locations where the horizontal cable lengths exceed TIA/EIA-568A recommended distance (100m) or where site conditions warrant.
  • IDFs will be connected to the MDF in a Star or Extended Star topology.
  • At each site all rooms requiring a network connection (indicated by a 1 on the site drawings) adequate layer 1 media runs are needed to be able to accommodate up to (25) workstations per room. (1) workstation to be utilized by the teacher and (24) workstations to be utilized by the students.
  • All CAT5e UTP cable runs will be tested end to end for 100 Mbps bandwidth capability.
  • All cable runs will be contained within cable trays above the drop ceilings.

District Supplied Servers and Functions Requirements

All servers will be categorized as either providing Enterprise or Workgroup type services, and then placed on the network based upon the service provided and user traffic patterns. The following are the required services that servers placed on the network must provide.

    Domain Names Service (DNS) and Email Service

  • Implemented in a hierarchical fashion with all services located on the master server at the Regional Hub I.
  • Each Regional Hub site will contain a DNS server to support the individual school sites serviced out of that location.
  • Each school site will have a server for DNS and Email (local post office and will store email messages) that will maintain a complete listing of all staff and students for that location.
  • DNS replication will flow from the individual school server to the Regional Hub server to the master server located at the Regional Hub I.
  • All Regional Hub servers will have the capacity to communicate between themselves to provide fault tolerance in the event that the master server should fail.

    Administrative Server

  • Implemented at each school site which will provide student tracking services such as attendance, grading, and other administration functions.
  • TCP/IP will be utilized as its OSI layer 3 and 4 protocol.
  • Only teachers and staff will utilize.

    Library Server

  • Novell platform.
  • Will provide online library for curricular research purposes.
  • SPX/IPX will be utilized as its OSI layer 3 and 4 protocol.
  • Utilization available to anyone at the school site.

    Application Server

  • Each school site will centrally store computer applications such as Word, Excel, and PowerPoint.
  • Applications will be retrieved from the server at user's request.
  • Provides district support staff with an easy and efficient method for upgrading applications and loading new software on the district network.
  • TCP/IP will be utilized as its OSI layer 3 and 4 protocol.
  • Utilization available to anyone at the school site.

    Dynamic Host Configuration Protocol (DHCP)

  • Each site will maintain a server running DHCP service to provide dynamic IP addressing to student workstations.

    Proxy/Cache Server

  • Each site will maintain a server that provides caching services.

    File and Print Server

  • Each site will maintain a server that provides file and print services.

    Other Servers

  • Any other servers implemented at school sites will be classified as a workgroup server and will be placed on the appropriate LAN segment according to user access needs.
  • A requirements analysis must be submitted for placement purposes on the district network prior to server implementation.
Addressing and Network Management Requirements
  • TCP/IP and naming convention scheme for all hosts, servers, and network interconnection devices will be developed and administered by the District Office.
  • Implementation of unauthorized addresses on the district network will be prohibited.
  • TCP/IP addressing design scheme should consider various implementations such as Class A, Class B, and Class C addresses with appropriate subnetting, Network Address Translation (NAT), and Private Network Numbers.
  • Each school site will have a DHCP server and use only addresses consistent with the overall district addressing scheme.
  • All workstations located on Network 1 (student/curriculum) segment will obtain IP addresses via DHCP service. All workstations located on Network 2 (administrative) will have statically assigned IP addresses.
  • A master network management host will be established at the District Office and will have total management rights over all devices on the network. It will also serve as the router configuration host and will maintain the current configurations of all routers on the network.
  • All routers will be pointed to the master network management host for the purpose of downloading new or existing configurations.
  • The District Office will maintain the super user passwords for all network devices and configuration changes on these devices will be authorized from the District Office.
  • Each Regional Hub location will house a regional network management host to support its assigned area.
  • The management scheme for the data portion of the network will be based on the Simple Network Management Protocol (SNMP) standards.

Security Requirements

  • District security model will divide the network into (3) logical network classifications. Administrative (admin.net), curriculum (curr.net), and external (internet) with secured connections between them.
  • Internet connectivity shall utilize a double firewall implementation with all internet-exposed applications residing on a public backbone network.
  • Border Router/DMZ firewall must be of different manufactures.
  • Regional Hub I District Office/Data Center must implement an internal DMZ to protect the network from internal security threats.
  • District wide anti-virus protection must be implemented.
  • All connections initiated from the internet into the schools private network will be refused.
  • All computers on the District network will have full Internet access.
  • District security model dictates that two physical LAN segments be implemented at each school site and the District Office. One segment will be designated administrative and the other segment curriculum.
  • Each workstation and file server will be placed on the appropriate LAN segment based upon function.
  • All applications will be categorized and placed on the appropriate server.
  • Email and Directory Services will be allowed to pass freely between LAN segments since they pose no security risk.
  • Routers will utilize Access Control Lists (ACLs) to prohibit all traffic from the curriculum LAN on the administration LAN. Exceptions to this policy can be made on an individual basis.
  • All ACLs will be controlled at the District Office and exceptions will be reviewed prior to implementation.
  • A User ID and Password Policy will be published and is to be strictly enforced on all computers on the district network.

Internet Connectivity Requirements

  • The District Office will supply all Internet connectivity and will act as the single point of contact for all school sites and organizations within the district.
  • Internet connection will be highly controlled and bandwidth upgraded as usage dictates.
  • The District Internet connection will utilize a double firewall architecture that will prohibit all connectivity initiated from the Internet to the internal district network. This will be accomplished with the use of ACLs on the firewall routers.
  • All connectivity initiated from the district network to the Internet will be freely permitted.
  • A public network (Ethernet backbone) will be established for services that are exposed to the Internet (master Email, DNS, World Wide Web server).
  • The public backbone will utilize a web server that will be partitioned to allow all school sites to install a web home page.
  • Any independent web server host that is required by an individual school site will be placed on the public backbone only. Web servers that require total Internet exposure are prohibited on the district internal network.

User Count Requirements

  • The maximum at any given school site will be (250) student/curriculum computers and (75) teacher/administration computers.
  • Each room indicated by a (1) on the site drawings must have Layer 1 wiring that can accommodate up to (25) computers. (24) student/curriculum and (1) teacher/
    administration.
  • The district site breakdown as follows:

Washington Elementary School District

Regional Hub I supports (1) District Office/Data Center with (75) administration computers and (11) schools with (250) student/curriculum computers and (75) teacher/administration computers per school.
Schools:

  • Desert View
  • Sunnyslope
  • Mountain View
  • Road Runner
  • Washington
  • Lake View
  • John Jacobs
  • Iron Wood
  • Desert Foothills
  • Chaparral
  • Cholla

Regional Hub II supports (1) Service Center with (75) administration computers and (11) schools with (250) student/curriculum computers and (75) teacher/administration computers per school.
Schools:

  • Sunset
  • Acacia
  • Mountain Sky
  • Tumbleweed
  • Sweetwater
  • Sunburst
  • Sahuaro
  • Blue Sky
  • Moon Mountain
  • Lookout Mountain
  • Abraham Lincoln

Regional Hub III supports (11) schools with (250) student/curriculum computers, (75) teacher/administration computers per school, and (1) community school.
Schools:

  • Richard E. Miller
  • Royal Palm
  • Alta Vista
  • Cactus Wren
  • Manzanita
  • Maryland
  • Ocotillo
  • Orangewood
  • Palo Verde
  • Arroyo
  • Community School
Web Designed, Maintained & Hosted by Next Horizon Copyright 2002©