Build Internet Infrastructure Modified
Build Internet Infrastructure Modified
LEARNING GUIDE
MODULE CODE :
LG Code:
Nominal Duration : 100hrs
.LEARNING OUTCOMES: At the end of the module the learner will be able to:
1
(ICAI5100A) Build Internet Infrastructure
Prerequisite units
Outline
1.1 Select internet infrastructure in line with business and end-user requirements, within budget
limitations
1.2 Evaluate the internet service for satisfactory performance and confirm that the service meets
business and end-user requirements
1.3 Ensure that hardware, software, network and security requirements are in accordance with agreed
business and end-user specifications
1.4 Research internet to source suppliers, technologies, delivery schedules and replacement parts and
document findings
1.5 Evaluate internet service providers and establish their capability to deliver the required connection
service
1.6 Determine internet protocol address allocation based on the number of addresses needed
2
2.6 Install workstation software and configure access to services
2.7 If required, install the necessary hardware and software to connect the internet to intranets or network
2.8 Configure domain names, internet protocol addresses and network address translation settings to make
internet access possible
V Ensure that user accounts are verified for security access and monitored
5.1 Verify user settings to ensure that they conform to security policies
5.2 Have legal notices displayed at appropriate locations for system users
5.3 Check passwords in accordance with business policies and verify with software utility tools
5.4 Plug well-known security gaps with appropriate hardware and/or software
VI Manage and support the internet
6.1 Assist management in developing procedures and policies for maintaining the internet infrastructure
6.2 Obtain, install and use management tools to assist in internet administration
6.3 Monitor traffic, appropriateness of broadcasts, content access and hits over the internet
6.4 Create logs and other reports required to manage and support the internet
6.5 Optimize internet performance
3
What is Internet Infrastructure?
All the hardware and services required to make a web page appear in your browser.
Internet infrastructure is a collective term for all hardware and software systems that constitute
essential components in the operation of the Internet. Physical transmission lines of all types,
such as wired, fiber optic and microwave links, along with routing equipment, the accompanying
critical software services like the Domain Name System (DNS), Email, website hosting,
authentication and authorization, storage systems, and database servers are considered critical
Internet components
1. Data Centre
A Data Centre is basically a specialist building that has the ability to power (and cool) massive
amounts of computer equipment. Typically a Data Centre would also have a very large amount
of network bandwidth to accommodate data transfer in and out of it.
A data center is a centralized repository computer facility used to house computer systems and
associated components, such as telecommunications and storage systems. It generally includes
redundant or backup power supplies, redundant data communications connections,
environmental controls (e.g., air conditioning, fire extinguisher) and security devices
2. Network
Most important foundation block of Internet Infrastructure is the Network. Without a
network connection no data can pass between Data Centers, over the Internet, and
Choosing the proper bandwidth and network connection (cable) is critical to the site's
web presence.
The router and the communications interface (cable, modem, bridge or other device) and
the cables that connect them form the bridge from the Web server to the outside world.
Most of this equipment will be provided by the Internet Service Provider, but as the site
grows more equipment such as switches, hubs, patch panels, wiring and firewalls will be
needed
4. Computer Equipment
4
Computer equipment refers to any or all of the many different parts of a computer, as well as
peripheral devices such as printers, external hard drives and servers. Basically, anything relating
to a computer is considered computer equipment.
5. Storage Services
Data Storage is a huge part of Internet Infrastructure. All those emails accessible online, all the
web pages on your favorite web site, all those photos on Face book … are all stored on a hard
drive in a DC somewhere. The basic level of storage is on-server storage, which means the hard
drives in the computer server.
6. Server Applications
The final piece of underlying Internet Infrastructure is the server applications themselves. In
order for a web application to be delivered from a server, that server requires
1. Operating System (typically Windows or Linux),
2. Web Server application (like Apache or Microsoft IIS), and
3. Database (such as MySQL, MS-SQL or Oracle).
There any many more variations here, but the basic web server has these 3 things. From here you
can install blog software, an ecommerce site, your new web 2.0 application, or any Internet
capable piece of software (more include – Instant Messaging Server, File Storage Server,
Message Board)
7. Internet security
Management Controls:
Focus on security policies, planning, guidelines, and standards that influence the selection of
operational and technical controls to protect the organization
Security policy
- It sets a clear direction and demonstrates the management’s support for and
commitment to information security.
Technical Controls:
5
Involve the correct use of hardware and software security capabilities in systems. This range
from simple to complex measures that work together to secure critical and sensitive assets of the
organization.
Login
Encryption
Authentication protocol
Access control
Firewall/proxy server
Intrusion detection system
etc
Operational Controls:
Address the correct implementation and use of security policies and standards, ensuring
consistency in security operations and correcting identified operational deficiencies. These
controls relate to mechanisms and procedures that are primarily implemented by people rather
than systems
Backup/Restore
Monitor audit trials
Account/privilege management
Monitoring and adjusting firewall
Media disposal
Patching
Overview
Requirement is a carful assessment of the needs that a system is to fulfill. It must say Why, a
system is needed, based on current and foreseen condition, which may be internal operations or
external market. It must say what system features will serve and satisfy this context. And it must
say how the system is to be constructed.
Why:
Enterprise requirements
Context analysis: the reason why the system to be created. Constraints on the environment in
which the system is to function
What:
Functional requirements (system)
A description of what the system is to do. What information needs to be maintained? What needs
to be processes?
Functional requirements capture the intended behavior of the system. This behavior may be
expressed as services, tasks or functions the system is required to perform.
How:
Non-functional requirements (system)
How the system is to be constructed and function.
6
The requirements documents are comprehensive; detailing what is required of an installation to
meet the business needs of users. Such a document can run to considerable length and would
normally be prepared by an IT analyst or project manager. The author of the functional
specification should be able to speak the language of both business and IT.
The functional requirements documents are the ‘blueprint’ for the project implementation.
Anything missed will appear at the end, and just as when building a house, if the plumbing
design is wrong then it will be expensive and time consuming to correct.
Often one of the first steps in large projects is to devise a functional specification, also known
as the functional requirements specification (FRS). After this, a technical specification can be
produced.
Requirements issues
When selecting and employing software and hardware tools, one of the first and most important
activities to embark on is identifying what the client wants and to ensure they sign-off on the
requirements. This may sound easy, but in many cases it is not.
For example, how can a client (who often has limited knowledge of IT architecture) indicate
what they want if they have not seen a working prototype to assess?
In many cases, inexperienced clients advise the developer on what they want, when they may not
really understand what is achievable technically. This issue can also be made more complex if
the process occurs in an organisation that has rigid IT policies, which can raise numerous
compatibility issues.
In addition, this is made even further complicated if you are in a situation where you are trying to
win a contract or compete for work. Others (e.g. competitors) may have promised the
unachievable and given an impression that ‘anything is possible’. If you are awarded the work or
win the contract, you may now be expected to deliver the impossible. An open and honest
assessment of what will be delivered is essential.
7
role definition of parties involved
the nature of the data (eg banking details, multimedia)
security needs (eg if the client needs logins, passwords, lockable sections, etc)
available support resources
Costing.
Needs analysis
Various techniques can be used to define and refine the project needs, such as interviews with
the client, online JavaScript surveys/forms, user discussion groups and questionnaires with
samples of the target audience. A very important purpose of this analysis is to develop an
understanding of what is achievable within the project resources of skills, funds and time.
The process of needs analysis may result in a separate needs report, especially on large projects.
On smaller projects, the needs analysis and the information gathered can often be documented
with the proposed solution in the one document: the scope document. This provides information
on which design decisions will be based in the next stages of development.
For most IT applications including multimedia, the needs analysis will need to focus on three
perspectives:
1 Business perspective: An outline of the current business climate, structure of company and
the emerging industry issues that are driving the project.
2 Technical perspective: An outline of existing IT systems/infrastructure of the company
including computer hardware specifications, numbers and locations, details on browsers,
operating systems, servers, security policies, networks, bandwidth capacity and so on.
3 Human perspective: An outline of the motivation of staff to use new IT systems. It may also
cover such considerations as PC literacy, industrial relations issues for staff, legalities and
even language issues for users.
A common criticism over the last decade is that IT developers have focused too heavily on the
technology and not enough on the users’ needs or the long-term business goals. By giving
adequate attention to these different perspectives, you are likely to end up with a solution that
addresses the client’s real needs.
Scope documentation
The aim of the scope document is to identify, control and justify the proposed solution.
Typically, the project manager/developer will normally prepare the document after consultation
with the client and the project team. It should contain most, if not all, of the information that will
form the project contract. Data gathered in the needs analysis can also be included here.
8
The first draft of the scope document is rarely fully mutually agreed upon. There are usually
numerous negotiations to refine the specifications of the deliverables. These will, of course,
impact on the budget and schedule of the project.
The final scope document should clearly specify the milestones and sign-off points, including
possible points and conditions for revisions to the budget and schedules. A timeframe should be
included in the document, but a full timeline that has agreed delivery dates may not necessarily
be part of the document at this stage. (This depends on the size and complexity of the project).
As part of the scope, there must be clear agreement on issues such as reporting, documentation,
evaluation, testing and delivery requirements. This defines, in quantitative terms, how the client
and the developer/implementer will work together and how, through the process of sign-offs, a
mutual end agreement will be reached. This means that in the end the appropriate product has
been built in the agreed way and via the agreed strategies outlined in the scope document.
The approval of the contract generally involves representatives signing a specified agreement on
the last page of the scope document. Any variations to this agreement will also have to be
approved by authorised representatives of the client and development team.
As you can imagine, once hardware is approved, ordered and functioning it is very difficult for
the client to then request anything else. At this stage, many thousands of dollars in hardware and
software, not to mention IT specialist wages, may have been allocated. The basic plan must be
right at the start!
Throughout the project, the client and the development team must have a strategy in place to
inform each other of any event that may impact on successful progress and timely completion of
the project. The strategy again must be outlined in the scope document.
Functional requirements specification:
The functional specification describes what the system will do, as opposed to how it will be
done. This distinction is important, because:
the client may not be interested in the details of how a function is implemented, and the
technical details may simply cause confusion for the client
the implementation details may need to change during the design and development of the
project
you don’t want to have to negotiate changes to the functional specification just to change
details of implementation
the technical specification for large projects will be detailed in a separate document, and
you should not entangle one with the other.
The language of the functional specification should be clear, concise and (as far as possible) non-
technical. It is very important to attend to details in the functional specification. One misplaced
word may commit a vendor company to develop extra functionality that was never intended, and
damage the profitability of the project.
9
Fixed requirements
Some requirements are fixed, and not derived from the ideal functionality that the product or
system should possess. These are often in the form of constraints set by the client. For example:
Use cases
A use case is a list of steps, typically defining interactions between a role and a system, to
achieve a goal. The actor can be a human or an external system.
A use case is a very useful tool to help you start to determine the required functionality of a
system. Use cases have quickly become a standard tool for capturing functional requirements.
A use case is a diagram showing how the proposed system will be used in one particular
scenario, by a particular user. Use cases allow the designer to focus on details, but keep the
design grounded in the basics of how the system will be used. A large system will have many use
cases.
10
Examples of functional requirements
Functional requirements describe the way in which the different components and functions in the
solution will interact. They will clarify how the solution is going to work and how users can use
it.
Next are some examples of the questions you might ask in order to determine the functional
requirements of an IT system.
User requirements
How many users are expected to use the system?
How many people will be utilising the solution at one time?
Where the users will be located (eg overseas, interstate or at home)?
What navigation model will it use?
What is the range of the content?
How much content will it include?
How will the content be structured?
Technical requirements
What types of computers/operating systems will the users operate?
Are their desktops all the same?
What bandwidth restrictions occur presently?
What security (login) will they need?
What backup policies need to be in place?
Who will have administration rights?
What will the business do if the system fails at any stage?
Who is the project sponsor?
What does management expect the system will do and won’t do?
Hardware requirements
Compatibility: will the solution work with existing systems?
Support for multimedia formats: will the existing systems and architecture support all
types of media?
Will the new system be supported by existing resources within the company?
11
Is there funding available for new hardware? (eg new servers)
What is the backup strategy? Has this been costed?
Does the system need to be copied?
Will there be time delays to purchase and install hardware?
Will you be relying on another group to set up the hardware? If they don’t consider your
project a priority, is that time delay factored into the delivery strategy?
Are there other projects that you may be able to share hardware costs with?
If the system needs to cater for multimedia, does there need to be extra attention paid to
being able to store and transmit large graphic, sound and video files?
If you are a consultant or part time employee, will you be given permissions and rights to
install and support the system fully? (As some computer centres are secure).
Software requirements
What is the true cost of the software?
Are there licensing issues? (As the system is in development, should you pay for all the
licensing now, or when the system is in live mode?)
Can the software be licensed for use by multiple users who use it on different machines?
(Concurrent licensing)
How long has the software been on the market for?
What happens if the software company becomes insolvent? Who supports it?
Who owns the source code?
What happens if the source code is modified; who supports the product then?
Does the solution work with all other company software systems?
If web-based, does the solution function on all common browsers?
If security is a concern, can the software be delivered in a ‘locked down’ format?
Does the software support all file formats? (This is especially important when working on
multimedia tasks.)
Is the software easy to use or are there major training issues/costs?
Support materials
You will need to consider the content and design requirements of all support materials. Support
materials could include:
12
system specifications
user guides
knowledge banks
intranet/Internet help sites/CD-ROMs
training manuals
General user documentation and print-based help.
You will also need to consider workshops, seminars or briefings you may need to run in order to
support the software/hardware/system.
During the development of the scope document you will have determined the kinds of support
materials that you will need. You will probably also establish who will be responsible for the
production of those materials.
In conclusion, the project manager will generally be responsible for coordinating the
development of the support materials in parallel with the development of the package.
Role definitions
One of the most important tasks a developer must do before moving into the design and
development phases is to clarify roles and responsibilities. If this has not been done it is virtually
impossible to cost a job, as you cannot allocate the funding for staff. As well, this can lead to
problems finishing a project on time.
For example, the main things to clarify (in terms of roles and responsibilities) may include:
Who is responsible for the sign-off? (And if that person leaves the company, who will do
it then?)
Should the roles be described as position titles rather than individuals’ names?
Who approves purchases (eg software)?
Who will support the project after the development team has gone?
Who will collect and collate the content?
Who will check the legality of the content?
Who has responsibility for organising the workspace for the development team?
Who will approve the security systems of the multimedia product?
Who takes final responsibility for the project?
13
Budget issues
Funding is a tricky area. Sometimes the ‘real’ budget is not disclosed. Sometimes this is done for
valid reasons, sometimes not. It is common knowledge that some clients are reluctant to reveal
their budget as vendors will bid up to available funds. As well, some parts of the IT industry are
still somewhat immature, so it is often difficult to cost a job.
There are many variables. One job could take 2-3 weeks to install and set-up. Once all the bugs
are identified, the task might only take a matter of hours to repeat. Implementing complex IT
projects is not an exact science!
Due to this situation, it’s always worthwhile to seek additional funds. Many large and small
organisations do not appreciate being asked to fund extra amounts after a project has
commenced. It is often wiser to be honest and seek additional funds when completing the initial
project approval.
Another important point is that the client must understand what it is they are paying for. Be
mindful that it is easy to confuse clients with technology terms and acronyms. Ensure the
contract outlines what the deliverables are in plain English. It is also helpful for the client if you
include a breakdown list, as an attachment, that quantifies all the major deliverables.
Finally, remember that if you do not win the contract, you have devoted time to the bid and this
has cost your company money. So ensure this potential loss is a consideration in your overall
business plan!
Sign-off
In the planning phase, the sign-off typically covers an agreement with the client for the following
items:
target platforms
look and feel of the solution (proposed product/system)
graphics standards
navigation and user issues
hardware and software limitations
development tools (if not purchasing a solution off-the-shelf)
client and developer responsibilities
privacy issues
initial timelines
budget
Again, the major purpose of the sign-off is to prevent problems later in the project. No one wants
disagreement about aspects of the deliverables at the end of the project. The sign-off process
forces all issues to be laid out on the table and discussed.
14
Summary
A functional requirements document is a critical element of any IT project. It should cover all the
important points, yet still be easy to understand for non-technical people.
Another aim in preparing a comprehensive functional requirements document is to cover
everything and yet keep it brief. While it is the ‘blueprint’ for the project, if it covers everything
in too much detail the key stakeholders may not have time to read it all.
You must ensure that a realistic blueprint is achieved; to avoid confusion occurring late in the
project cycle and help the final result to be a positive experience for both parties.
Progress
Have a look at the next section—Practise. If you have trouble, review this Reading or perhaps
take a look at some of the listed Resources.
When you feel ready, try the Self check section at the end of this topic. This will help you decide
if you are now able to complete the task and attempt assessment.
15
Network hardware: A great variety of networking devices exist—many
more than can possibly be covered here. Local requirements dictate the types of networks be formed
using these devices. This reading will focus on the most common range of network devices and the
16
Ethernet: Most network devices commonly-used are based upon the Ethernet
protocol. Ethernet speeds have been slowly increasing over the last decade, from 10 megabits per
second (10 Mbps, 10 million bps) up to discussions of 10 gigabits per second (10 Gbps, 10 x 1000
Mbps) and beyond. Currently, most computer networks work very well with the 100 Mbps range of
products, but as data transfers within a local rea network increase, the higher bandwidth and capacity of
faster networks may be needed. Often the limiting factor is not the network speed but other bottlenecks
(limits) in the overall system, such as processing speed and hard drive access times. Ethernet uses the
concept of CSMA/CD (carrier sense multiple access with collision detection). Carrier sense means that
devices on the network listen first for no network activity on the network. No activity indicates that no
other device is sending information, since they all use a common medium to transfer data (multiple
access). But since just as in a momentarily quiet room two or more people may start to speak at the
same time, the collision detection mechanism is a method of dealing with this. Wireless
Ethernet: devices (based on the IEEE 802.11 standards) have recently become more
available. These include connection devices such as wireless access points (AP) and individual
peripherals, such as printers. Wireless networking devices connect the network by radio waves. Similar
concepts to the wired Ethernet are used to ensure that transmissions don’t conflict (collisions) and are
17
Open systems interconnect–reference model
(OSI-RM): The open systems interconnect—reference model forms the basis of
networking communications and is maintained by the International Standards Organization (ISO). It is
a model to aid in the development of communications standards, not a standard itself. The different
layers define functions that should be considered and implemented at each level. When a device
operates at a particular layer it means that the device components make informed decisions based on
information from that layer of the model. For example, a switch makes decisions at layer 2, data link
layer, based on the media access control (MAC) address of the destination network card. The MAC is a
sub-layer of the data link layer. (Of course, all devices need access to the layers below so that they can
Network devices
Some of the more general types of network devices available are listed in Table 1 on the next
page.
18
Table 2: Examples of network devices available
Device Description
Network Often referred to as network interface cards (NICs), they may be installed in a computer or peripheral
cards device and interact with the network medium, including both wired and wireless networks.
Switches Often switches are used interchangeably with hubs, but they have slightly different characteristics. The
differences will not usually show up as a performance increase until used in a larger network with
multiple servers. A switch is a better performing device and is only slightly more expensive than a hub.
Switches operate at layer 2 (data link layer) of the open systems interconnect—reference model and
can make a decision on the destination of a data packet that they receive. In this way, a switch may
send data out to a port based on the destination media access control (MAC) address that is included in
every frame. In fact, simultaneous data transfer between computers is possible, which increases overall
network capacity.
Hubs A hub creates the basic framework for most local area networks used in business and home
environments. They connect the servers, workstations and other network devices together.
Hubs are also called multi-port repeaters. Hubs work at the OSI open systems interconnect—reference
model Physical (layer 1).
Routers Routers are used to interconnect two or more LANs. The LANs may communicate through the router
or the router may act as a gateway to connect to the Internet.
Routers operate at Layer 3 (Network layer) of the open systems interconnect—reference model and
make decisions based on the network addresses which are included in the data packet. In most
networks, the network address will be based on IP addresses but may also include IPX address
information to work with Novell Netware networks.
Access These devices act as a hub in a wireless network and as a connection between the wired and wireless
points network segments in a combined network. In some configurations, the access point will act as a switch
and/or router and prevent unnecessary data packets from travelling between the wired and wireless
sections of the network. In other configurations, two or more access points may only act as a repeater
(or relay) and connect segments of a wired LAN, perhaps between buildings or across roads where
wired access would be difficult or expensive to connect.
Broadband These devices connect between a LAN (or single computer) and a permanent broadband Internet
modem/ connection such as ADSL or Cable. Modem versions tend to have USB connections that must connect
routers directly to a computer. Router versions have an RJ-45 LAN connection and/or a wireless antenna that
may connect to a computer or hub to share Internet access between many computers.
Printers Many printers are available to connect directly to an Ethernet network. These include printer with an
inbuilt NIC. Examples are of network-ready printers are: Brother HL-5170DN, Canon IP4000R and
Hewlett Packard DJ6840.
Scanners Some scanners are network-ready and provide access from the network. Many of these are included in
Multi-Function Centres with printer, copying and fax capabilities as well. Examples are: Brother MFC-
620CN, Canon NSA-01 and Hewlett Packard Photosmart 2710.
Storage These devices offer additional file storage capabilities to a network. They act as a file server and the
storage can be controlled over the network. Examples of Network Attached Storage devices are: D-
Link DSM-624H, Iomega NAS 100d/160G and Linksys EFG250
19
Ways of minimising disruption
Reputation—yours and your client’s; will they want you for future projects?
System reliability—until fully tested doubts will linger as to the stability of the system.
In a technical field such as this client communications is important. Ultimately, the clients use
the computers and devices you are working on. These clients will determine if you continue
working with them. To minimise disruption, a close rapport of information exchange is required
that sets the scene to handle disputes and technical glitches that may arise.
You also need to plan to avoid disruption in the first place. When planning an installation or
modification to a network, you need to:
schedule work outside normal business hours
inform people when your work may disrupt their work
have backup and ‘back out’ plans in place to repair problems sooner
have an installation plan approved by your client in advance (and avoid the need for
problem and conflict resolution later).
For work in business hours, a temporary set up can allow business to continue while work is
done. This may include reconfiguring devices to use alternative resources, or to allow different
protocols to be used, such as by changing gateway settings and routes for Internet connection and
changing log in scripts. The configuration of any temporary set-up should be fully documented
as it can also be part of a disaster recovery plan.
20
Installation procedures: Internal hardware: Many
main system boards come with a network adapter built-in; opening the system unit of a computer
workstation in order to add networking hardware is rarely necessary. You may otherwise need to add a
21
Isolating and disconnecting the unit
You must first isolate the unit for your own safety and that of the equipment and data stored.
Most system units only deal with low voltages within the case (except for the power supply
itself) and safety switches on the mains supply (residual current devices, RCDs) reduce the
chances of electrocution.
The disadvantage of such systems is that the safety switches cover many power points. This
means that if a safety switch trips, many devices and even larger numbers of users will be
affected by the loss of mains power. Disconnection from the supply reduces the possibility of
causing such a power failure. Removing or adding components to a live system may cause
damage to the main board (and potentially larger problems, causing file system damage and data
loss, even application and operating system problems, over a network).
You need to disconnect exterior cables as a further safety practice. Access to the system unit will
be simpler if you can lift the case to a normal work height and into better lighting than found
under most tables. Disconnected cables must then be left out of the way to prevent accidents.
Opening the case and taking anti-static precautions
With the system unit in a well-lit, stable work area, you can remove the case. (Remember to put
the case parts out of the way to prevent accidents.)
Keep all hardware in its anti-static packaging until ready for installation and keep the anti-static
packaging in contact with an unpainted section of the computer case while removing the
component from packaging. Hardware components removed from the system should be placed in
anti-static packaging while the packaging is in contact with the case, in preparation for storage
and transport.
22
The additional use of an anti-static (static dissipative) mat will enhance your anti-static working
environment. At client sites this displays your concern for the equipment under your care. Web
links to handling techniques are listed in the Resources section of this Learning Pack.
23
Figure 2: PCI slot on main system board
24
Reassembly and connection
Reassembly and connection reverses the removal procedure. Remember to disconnect your
antistatic wrist-strap from the system as well. Re-locate the system unit and reconnect the
exterior cables.
When the power is turned on the unit should start up as normal. Be aware of any beeps or
warning messages that may be generated as the system performs its self-check.
Installing software drivers
The Microsoft Windows operating system should automatically detect the hardware during start-
up and a wizard will begin to install drivers necessary for the network card. This may require a
re-boot in order to activate the network card successfully. For UNIX or Linux systems, modules
may have to be enabled or even a re-compilation of the system kernel.
External hardware
Many devices already come with a network interface installed, such as hubs, printers and storage
devices. You may also choose to install a network interface adapter to an external port, such as
USB (Version 2.0) or FireWire (also known as i.Link or IEEE 1394). The choice of device will
have already been made by this time, so the physical installation is relatively straightforward.
Similarly, the location of the external device and provision of power and suitable network
connections should have been arranged.
25
Figure 4: Patch cable showing both ends Figure 5: Crossover cable with swapped pairs
identical (green swaps with orange)
26
be repaired or replaced. Figure 6: Computer using active network card
Figure 7: Double wall plate with shuttered Figure 8: Patch panel showing spare positions
sockets and patch cable connected
Figure 9: Hub with patch cable Figure 10: Hub with uplink port in use Note:
The uplink port and the 1X port cannot both
be used at the same time.
In Australia, for patch cables, the colour of the wire’s insulation (in Table 4) and their
interconnection follow the adopted standard is TIA/EIA T568A.
The connections you produce would resemble those on pages following, shown for:
normal connections with infrastructure (fixed wiring)
27
normal connections without infrastructure (no fixed wiring)
connecting two devices directly
connecting multiple hubs directly.
Figure 11: Diagram of the network connections used when fixed wiring infrastructure and a wiring cabinet is
available
28
Figure 12: Diagram of the network connections used when there is no fixed wiring infrastructure available
Figure 13: Diagram of the network connections used when connecting two like devices directly
29
Figure 14: Diagram showing how two or more hubs may be interconnected either within or outside a wiring cabinet
Note: Many hubs and switches now come with auto negotiation of the ports as either medium
dependent interface-crossover (MDI-X, normal) or MDI (uplink), this makes it much more fool-
proof to interconnect devices. MDI is an Ethernet port connection that allows network hubs or
switches to connect to other hubs or switches without a null-modem, or crossover cable.
However with the increased ease of interconnection, more care needs to be taken to ensure that
you keep a hierarchical structure to minimise the number of hubs between any two devices on a
LAN to four.
30
Configuration
Once new hardware is connected, the equipment is then integrated into the existing network or a
new network begins. Integration includes the naming and addressing schemes for the protocols
used on the network, which may be specified by the organisation.
Many new network devices such as routers or switches include a small web-server that allows
you to log in to the device and change settings using a web browser. In this way devices can be
configured using any operating system with a web browser.
When making changes you must keep track of the IP address of the device, if you change it to
suit the network you are working on, you will not be able to connect using the IP address in the
browser address bar. Factory defaults are usually in place for username and password, so at a
minimum the password needs to be changed to prevent unwanted access. There is often a button
to reset factory defaults if the password is lost or forgotten. Unfortunately, this also wipes any
configuration changes, so documenting the settings, including any changes made over time, is
essential. The reset switch also requires the device to be physically secured, to prevent
tampering.
Table 5 outlines the basic configurations added network hardware.
31
Added network Basic configuration required
hardware
If any settings were modified at the start of the installation phase then these need to be
reconfigured to their original settings, or to new settings if they are affected by the changes you
have made.
Many ADSL routers now incorporate a DHCP server so smaller networks are using dynamic IP
addressing. The DHCP server also allocates the configuration details for accessing the Internet
through the router, making re-configuration and Internet access easy.
32
To set the IP address as either static or dynamic as per
organisational policy and standards you must:
Login with an administrator level account.
Select Start then select the My Network Places option.
In Network Tasks on the left select View network connections if
they are not currently shown.
In the right panel under the LAN or High-Speed Internet section
right-click the Local Area Connection and select Properties from
the pop-up menu to display the following dialog.
You may need to scroll down the Protocols and Clients list to
view the Internet Protocol (TCP/IP) item. Select this and click on
the Properties button.
For dynamic IP addressing select both the Obtain an IP address
automatically and Obtain DNS server address automatically, as in
Figure 16.
Figure 15: Local Area Connection
Properties
33
Figure 17: Setting for static IP addressing (substitute values for your own network
and Internet service provider)
34
Now that everything is in place as planned, you must undertake a systematic (if not complete)
test of the network system.
You must confirm that the network functions as designed.
Can users login? Note that the questions
Can users reach the server to store and start with ‘Can users…’
retrieve files? You might be able to do
these things while
Can users run applications that need
logged on as an
access to the server?
administrator, but the
Can users print to all of the printers they test is ‘regular users’,
should have access to? probably with more
restrictive accounts.
Can users reach the Internet?
You should have a checklist available with the functions you will test and the expected outcomes
of the test. Leave room for comments, which allows you to log the actual results, problems and
solutions.
It is impractical to test every login account and every function on every workstation. You need to
access all combinations of user groups and functionality with at least one network function from
each workstation. This ensures that all devices are physically connected to the network and that
group based policies and scripts are working. This only leaves doubt about a few possible non-
standard (often undocumented) modifications that exist in an existing network system. These
will be highlighted by help desk calls and allow them to be integrated into the standard system or
documented properly as exceptions if they are really necessary.
Table 6 on the next page has a sample checklist. Note the testing is planned to cover all the
workstations and both the sales and admin groups. Access to the H: drive, Internet and both
printers is confirmed from each group.
35
Table 6: Sample checklist
Figure 21: Successful response from the ping command; an unsuccessful response will show the words ‘Request
timed out’
36
Summary
In this reading you have briefly considered the Ethernet protocol, the ISO reference model and
some of the broad range of network devices Ethernet supports, before some general notes on
ways of minimising disruption to clients when installing and configuring hardware devices.
A look at safe and professional installation procedures covered those involved for internal and
external hardware. Basic device configurations were outlined for setting IP address and computer
names, before testing was discussed, with the use of the ping command to test the connectivity of
network devices.
Remember that no installation should be done without first checking with the people who may be
affected; have plans for configuration and testing, and contingency plans in the event of failure.
Care also needs to be taken to keep things safe during the installation since business may be
continuing while you are working.
37
Install configure and test servers and
software: Before you start an installation
Before you begin installing server hardware or software you need a plan. Some installations have
evolved into a simple task, based on user-friendly menus—they may not require any real
technical knowledge; but what about the existing IT and network environment? It may be very
tempting to get in and start installing without an approved plan because you think you’ll save
time. Yet an installation can interfere with or even stop other network hardware, services or
applications from working, and your working without a plan is tantamount to working blind.
Installation plans and the schedules ensure that disruptions to business operations are kept to a
minimum and that issues of installation requirements, interoperability and compatibility are all
addressed.
Before commencing installation of server hardware or software you should:
Review the user requirements
Review the installation plan
Review and confirm the existing IT environment
Confirm the availability of required resources and materials
Review technical tasks (for installation and configuration)
Review the testing tasks
Review deployment task
Confirm scheduling and communications
Review all contingency plans.
All these items are considered in detail to follow.
38
The solution may be to install a central file server and user workstations. The developed
installation plan would be based on this.
Reviewing user requirements allows you to see what is expected as an outcome, and this is the
measure by which the success of the installation will then be judged. There is no point in
following an installation plan, only to find that client requirements are not delivered. You must
have a clear understanding of user requirements to properly review the objectives of the
installation plan and the tasks defined within it.
39
Confirm resources and material
Resources and materials needed should be set out in the installation plan, along with names and
details of those responsible for organising or providing resources.
You should confirm that all resources are available when required. For example, you may need
to install 50 XP workstations that will connect to a new server. The installation requires you and
four technical support staff to be on site to install the computers. You should therefore confirm
that the support people are in fact available to perform this task before you start, since fewer
hands will cause delays. Once again, you cannot simply assume availability, just because it is set
out in the installation plan.
Review tasks
Tasks define what you are required to do and how to do it. You will need to draw upon your IT
knowledge and skills to review individual tasks and confirm they are technically correct and
properly sequenced. Generally, the order of tasks for an installation will be as set out in Table 1.
You need to review tasks to ensure that they are ordered correctly and that you are aware of any
dependencies between tasks. For example you may need to perform a data backup before starting
a configuration task.
You should also confirm that tasks are technically accurate. You may want to research and
practice tasks that are new to you. For example, if you have no experience of installing an
additional hard disk in a Linux server, you might obtain vendor instructions to install and
configure the disk and perform the task on a test computer, away from the client’s IT
environment.
By reviewing the tasks in an installation plan you make yourself familiar with what you need to
do, before you do it. You will be able to undertake the tasks with confidence and without
wondering what comes next.
40
Scheduling and communication
A part of knowing what to do and when to do it is the need to confirm the start and end date and
duration of tasks and activities (the schedule). You also need to confirm schedules to confirm
resource availability.
Scheduling is usually approved by organisational management, an appropriately authorised
person or end user groups, and broadly overseeing it can be the responsibility of a project
manager.
All parties involved in an installation need to be informed of the schedule and of any impact on
normal business operations must be clearly communicated. For example, the users of a corporate
database may require five working days notice before any work on the database can start.
Some of the most fundamental parts of communication can sometimes be overlooked—always
confirm your installation plan, and the schedule for it, are approved before you begin.
41
Installing server hardware and software
Installation means to place computer hardware or software in place, ready for use. Once you
have reviewed the installation plan, confirmed the scheduling and are familiar with the task, you
can start. To follow are some specific considerations for server hardware and software
installation.
To install server hardware you will need to follow the installation plan along with any vendor or
manufacturer’s instructions. Generally you will need to:
42
Unpack new hardware and/or assemble server hardware
Site or mount the server hardware
Power on server hardware
Run hardware diagnostics.
Unpack new hardware and/or assemble server hardware
Server class hardware is generally manufactured to a higher standard than ordinary personal
computer hardware. The server hardware may be supplied by a vendor already assembled to your
specifications and requirements, or you may need to assemble a server from components
supplied by various vendors. Components can include those for storage (hard disks, optical disk,
tape drives and the like) memory, central processing units (CPUs), network adaptors, power
supplies and uninterruptible power supplies (UPS). You should check that the server hardware
supplied matches the requirements as stated in the installation plan.
Site or mount the server hardware
The assembled server hardware needs to be placed in an appropriate location. Usually this will
be in an environmentally controlled room or equipment cabinet. Some vendors manufacture their
server hardware to slide in and out of special racks like draws in a cupboard and share a single
keyboard, mouse and monitor between multiple servers via a switchbox.
Power on server hardware
This is where you connect the mains power and turn on the hardware. At this point, look for any
signs of hardware not operating as expected. Burning smells, smoke, severe vibrations and noises
are immediate indicators of hardware problems where the power should be immediately turned
off and the vendor contacted for advice.
Run hardware diagnostics (burn-in)
With server hardware successfully connected to mains power and turned on, any diagnostic
utilities or software recommended by the vendor or manufacturer should be run to check correct
operation. Third-party utilities or tools may be used for this. The process is known as ‘burn in’
where hardware is operated to its maximum specifications by diagnostic or ‘burn in’ utilities for
a period of time to find any faults or failings before the hardware is placed into normal operation.
The server is now ready for software installation.
43
Operating system installation
The server operating system is the software that will operate the server hardware to provide
network and services to users. The various methods of installing operating system software on to
server hardware depend on the software being used. Generally, methods used are:
Local manual installation
Local automated (or scripted) installation
Remote installation
Image installation.
Local manual installation
Local manual installation requires using installation media such as CDs, DVDs or a central
network repository that stores the installation files. The software is installed by physically
accessing the server hardware to run the operating system installation. Generally, you follow the
installation prompts and instructions using the local keyboard mouse and monitor.
Local automated (or scripted) installation
Local automated (or scripted) installation involves manipulating the installation process so that it
becomes a simple process of either running a single command, or clicking an install button. This
requires knowledge of the operating system and is usually done by using batch files or script
programs to set installation options that usually require user interaction or selection. If you have
multiple servers to install, this will ensure consistency and identical installations. The person
installing on-site does not require in-depth knowledge of operating systems to perform the
installation.
Remote installation
Remote installation is when the operating system software is installed by remote access from
another computer on the network. This also means that your server hardware does not require a
local keyboard, mouse and monitor and you do not need to physically attend to perform the
installation. The Mac OSX Server – Remote Installation option is an example of this. (For
applications software: using either the server operating system features or third-party remote
control software, the server is accessed from a remote location and the application or other
software installed, again without physically visiting the server. This method may also use
application packaging and delivery technology.)
Image installation
Image installation uses hard disk imaging to install the operating system on to the server
hardware. It may be performed locally or remotely and ensures consistent and identical
installations. Installation by disk imaging is much quicker than other methods. However, the
initial image creation may be time-consuming as a manual installation on server hardware is
usually required to create the initial disk image for installation on other servers.
Once the server operating system is installed it must be configured.
44
Application software installation
Application or other software is installed on the server only after the server operating system is
configured and tested. Other software and can be installed by manual, automated and remote
installation (as described above). :
Configuring server hardware and software
Configuring server hardware and software means setting up the way the hardware and software
operates to suit the IT environment and organisational or user requirements.
Generally, server hardware is configured before the server operating system is installed, or
afterwards if hardware components in an operating server are being changed or added. Software
may be configured when installed, as part of the installation process, or afterwards, if a default
installation has been performed.
Some specific considerations for configuring server hardware and software configuration follow.
45
hardware. There may be external devices (for example tape drives) that require hardware
configuring to connect to the main server hardware.
Redundant components
Hardware such as that for standby power supplies or network adaptors may need configuration.
You may need to consult the hardware manufacturer or vendor for information and configuration
instructions.
46
the server is an example of environment setting. Policy settings are used to enforce
organisational policies and may include disabling certain functions or enforcing a
particular setting on end user computers, such as stopping a non-administrative user from
login on the server console, or forcing users to change their password after 30 days.
All server operating systems have the above configuration options, while the processes to set
them will vary. Generally, configurations will be carried out using a graphical user interface
(GUI) configuration program that is provided as part of the server operating system.
Testing server hardware and software
Once a server has been installed and configured you need to ensure it will operate as expected
and will meet client requirements. Basic hardware testing should have been done on installation.
You now need to test the combination of server hardware and server software before the server is
made available for use.
47
server and software are acceptable. If the server passes all of these tests, it is considered to
be acceptable by the users.
It is important that you know what the expected results of a test should be. If the actual results do
not match those expected, the test for the selected function and item has failed. This failure is
known as a defect or deficiency that will need to be rectified. Defects or deficiencies can be rated
in terms of severity or importance and this can help you create a priority list of defects to rectify.
Once you have rectified a deficiency or defect you need to redo the failed test to confirm the test
is passed.
48
After testing
A new server should be free of defects or deficiencies before it is put into production. Results of
the testing process should be documented, and documentation then reviewed and analysed to
confirm that all required testing is complete and that all defects and deficiencies are resolved.
In some cases that documentation (along with other information) may need to be presented to
confirm the results of the user acceptance tests, so to authorise the next step of deployment or
placing the server into production. Clients can also decide to deploy or implement the server with
minor defects or deficiencies, if that a plan exists to rectify them, especially if there is a need to
implement the server quickly.:
Deployment and implementation
Deploying of implementing the server means making it available for use in a working
environment. How you deploy the new server will depend on the existing IT environment and
whether the server is a completely new installation or a replacement or addition for an existing
server. You may need to test your deployment methods in conjunction with your server testing.
To follow are some considerations for deployment. The method you use may affect how you
undertake server testing prior to deployment.
New servers
Deploying new servers is generally a simple process because you are implementing all new
services. The server is usually connected to the production network and existing client computers
connect and use the new server, depending on its configured role.
There may be a need to install client software or reconfigure client computers to enable use of
the new server. This type of activity should have been included in the installation plan and
testing of client software and client connections would be done before deployment.
For example, if you deploy a new dynamic host configuration protocol (DHCP) server in a
network where client computers have static Internet protocol (IP) addresses, you need to
reconfigure client computers to dynamic IP addressing. You could use the following options:
connect the new server to the production network, then
visit each client computer to manually reconfigure or
employ remote access technology (like Altiris, RDP) to reconfigure each computer, or
create an executable configuration file that is sent to the computer and the user executes.
In the above example, connecting the server to the network was the easy part of the deployment.
50
Plan the installation timetable to cover different sections.
Alert staff to the planned installation and training.
Regardless of implementation method, deployment should be addressed in the installation plan
and not run as an ad hoc process at the end of an installation.
51
Develop an advanced Software installation
plan: The planning process
Planning is the first step and foundation of any project. Planning requires thinking about what
you need to achieve. Having clear goals or outcomes is a starting point to knowing exactly what
must be done. You can then decide a sequence of activities to meet those goals, and assign
resources and timelines to each task and to the project as a whole.
Planning is the key to a successful installation. Installing a new file server, upgrading old
network hubs, or installing software on a network, all need an installation plan. While the details
and activities are different in each case, the steps in developing a plan are the same.
Smart installation plans, most importantly, help avoid disrupting business. Without good
planning you may need to reinstall components due to missing information or have unforseen
compatibly issues. While formulating a plan may take time, it will also save you time, not to
mention money, reputation, goodwill and even lost sleep, in the long run.
52
Defining the objective
Interpreting client requirements
The objective for an IT installation comes from the client. Often this will be stated in terms of
their business needs and it is your job to determine the technology required. In other cases, the
client might provide more specific documents to outline their installation needs.
An example of a client requirement expressed in business needs may be: ‘The organisation needs
a method of sharing data and information between all staff using organisation-owned
computers.’ The solution to which might be a central file server.
Understanding the existing IT environment
To make any recommendation so to meet the client’s requirements you need to first understand
the business, its processes and what makes up the existing IT environment; computers, servers,
network switches and infrastructure, software and programs. You need to also understand how it
all connects and functions together (known as interoperability).
For the file server above, for instance, you may need to ensure network switches are compatible
with existing switches. You will also need to know where the file server can be installed, and if
current equipment can be used. Knowing the existing environment will also help determine
staffing needs, and if specialist help is needed (such as to install new cabling).
An organisation’s IT security policy may also have set steps to ensure data stored is secure and
backed-up at all times and you’ll need to take account of this in making sure that any installation
protects the access to and validity of data. Any future need to increase or decrease the capacity of
the installed system will also affect requirements, as will a broad range of possible
circumstances, including the physical environment (and physical security of equipment and
cabling).
Once the objective is defined from client requirements, it must be expressed in a clear statement
of precisely what is to be achieved. For example: ‘Install a File Server’ is an objective, but too
general—it does not fully state the outcome. A better example would be: ‘Install a File Server to
provide 100 users file storage of 20 GB per user, along with print services’. The objective is
quantified and measurable and it will therefore be easy to judge that it is done successfully.
53
completed. Usually tasks are carried out in sequence (one after the other in a set order), but in
some circumstances may need to be performed concurrently (more than one task at a time).
Task sequences
Generally, the sequence of tasks for an installation will be:
Procurement of resources
Installation
Configuring
Testing and evaluation
Implementation into the production environment
Contingency plans
Post implementation review.
Tasks can be simplified or broken down into a number of sub tasks. For example the task
‘procure server equipment’ can be broken down into the clearly defined sub tasks of:
Obtain quote from preferred supplier for a HP Compaq DL360 Server (duration one day).
Submit quote to Finance department for approval and the raising of a purchase order
(duration four days).
Send purchase order to supplier with delivery instructions (duration four weeks for
delivery).
Accept delivery of server, check contents of package for correct items and advise finance
department that purchase order has been filled (duration two hours).
Each sub task clearly states what is to be done and the time to complete it. This time will be an
estimate based on your experience or based on tasks in similar installation projects.
54
Business operations may constrain your installation plans. For example, if the business cannot do
without its computer network between 9 am to 10 pm each weekday, the only down time
available may be the weekend. This will determine both the timeline and resources required.
The deadline for an installation might also be stated as part of the objective; for example ‘Install
a File Server to provide 100 users file storage of 20 GB per user along with print services by July
1 2007.’
Allocating resources
Resources to complete an installation include people to do the work (as above), tools, equipment
and finance. The installation plan must clearly state what resources are needed. You will have
worked out exactly what those resources are by dividing general activities into individual tasks
and costing the time required to do them plus materials and equipment.
The costs you work out will also be determined by organisational constraints. A major constraint
may be the budget—what can the organisation afford? There may be a number of options given
how much money is available in the budget.
An organisation may also have policies for purchasing (such as where to buy equipment) and
staff procurement (such as bringing contractors in).
Staffing can affect both resources and timelines—for example two people may be able to install
computer cables in less time than one.
55
If a new computer system or software is installed, the users of the new system may need training
or instruction. You need to ask yourself if that training or instruction can take place before,
during or after the installation.
Contingency plans
Even the best-made plans can fail. Unforseen events or circumstances may thwart a successful
installation.
Contingency plans for the whole installation and for parts of the process can limit the affect of
failure on business operations. They may be plans for staff, in case of sickness, plans for other
suppliers in the event of non-delivery, or implementation plans to ensure that business operations
are not disrupted in the event of failure while installing, configuring or testing.
For example the objective may be to install a new network database. Should the installation fail,
the business may be left with no database or corrupt records in a new version. Any business
would find it difficult to operate without its database. The contingency plans may include:
having the business work from back-ups of the old database in the event of failure—
having backed-up to another networked computer and testing that version to ensure data
validity and access
doing the installation on the weekend and allowing for time before start of business on
Monday to fix any problems
having a technical support person from the database vendor on call for technical support
via phone during the installation.
56
Notes on installing network software
All software applications have minimum system requirements for the server or PC processor,
amount of RAM, and available hard disk space. Network software will also have requirements
related to bandwidth, protocol and the network file system. You need to verify these are met
prior to installation.
You need also to ensure the organisation has licenses for software to be installed, and that all
terms and conditions of the license are adhered to, such as the number of clients that can use the
software. You should record any serial numbers or product keys required during the installation.
Installation methods
Knowing the various methods used to install network software will help you develop the
required tasks in the installation plan. The method used will depend on the existing network
environment and resources, including the budget.
Remote deployment
The term ‘deployment’ refers to the distribution of software to end users. Remote deployment
usually involves ‘packaging’ the software. The software is first manually installed on a test
computer and configured as required. The resulting changes (new files, folders, changed files and
registry entries) made by the installation and configuration of the software are recorded and
become the packaged software. This package can then be delivered and written to other
computers on the network.
57
Other remote deployment methods use hard disk imaging to create disk images of a computer
with the installed software. This disk image may be deployed to other computers creating a
standard environment and reducing the time required to install software.
In these ways, networked computers can have software delivered, installed and remotely
configured (if needs be) from a central location without user intervention or technical staff
visiting target computers.
Remote deployment and management can be a part of a network operating system, for example
Microsoft Remote Installation Server (RIS) and System Management Server (SMS). Third party
software such as ZenWorks (for windows and Linux), Alteris and Symantec Ghost provide
remote desktop management, imaging and software deployment.
58
Notes on installing network hardware
Hardware, of course, cannot be installed remotely. Someone must physically connect it—while
once installed, computer and network hardware can usually be remotely configured.
Network hardware
In planning an installation you need to identify existing hardware. Computer hardware broadly
categorised into network infrastructure is as follows.
Switches providing connection ports for devices to connect to the network.
Routers providing the correct data paths and IP addressing between devices connected to
the network.
Connectivity devices and media providing the physical path for a data signal to travel
along. It includes all physical cabling like UTP and optical fibre and also devices that
convert a data signal to travel along different media, such as wireless transceivers.
Storage provides a location on the network where data can be stored. This includes hard
disks, magnetic tape and optical storage devices that are attached to the network but not
directly attached to specific computers.
Servers provide the network services such as domain name system (DNS) and dynamic
host configuration protocol (DHCP), or applications for users such as email.
Workstations and terminals provide the user interface.
Installation planning
When developing an installation plan you need to apply what you know about network hardware.
You also need to be able to find appropriate information and people with the required skills for
the installation. Your installation plan will indicate who has responsibility for what part of the
installation.
When planning a hardware installation, consider the points in Table 1 on the next page.
59
Table 1: Hardware installation notes
60
Summary
The planning of your installation is important to minimise the disruption to the client and ensure
a successful outcome for all concerned.
You will need to work closely with your client to ensure you meet their requirements. Making
sure you provide all the mandatory information that is required in an advance installation plan
will ensure you have taken all the necessary steps to give your installation the best chance of
success.
Developing a good installation plan is usually the most difficult part of any project. If it’s done
well, implementing the plan should be a simple task.
61
Install and test network software: Before you start
the Install
The installation
Once the planning is complete, the actual task of installation can be very boring. You often just
load the CD-ROM, answer a few questions and off it goes. The supplier may try to make the
activity a bit more interesting by showing you a progress bar or by giving you screens of
advertisements that tell you all the great features of the product.
However, there are a few issues that are important and will impact on the planning and
implementation of the installation process. For the home user the installation process is normally
from a CD to a single computer. In a business environment there may be several decisions to be
made especially if the software being installed or upgraded is an operating system and there are
many users.
How software will be installed in a network will depend upon:
Software installation requirements. Does the software need to be installed in a certain
way?
Software configuration requirements. Is the software configured globally or are settings
required for each individual user or installation.
Network environment, including the types of hardware, number of users, network
connections, bandwidth, and so on.
62
Resources available for software installation. What people, skills, tools and budget are
available to install the software?
Organisational requirements and constraints. Are there deadline dates to have the
software installed? Can any disruptions to business operations be allowed?
64
Software configuration
Often installing the software is only part of the set-up process. Once the software files have been
installed you may need to configure the software for your operating environment or to select
other options. The amount of configuration will vary and again you should refer to the manuals
that accompany the software.
Configuration options can include:
Specifying other servers or other resources that the software needs to use. For example,
many web-based products will need to know the IP address or name of the server that's
running the Web service.
If the software uses a DBMS then there may be scripts that have to be run to set up and
configure the database tables and to load initial data.
Links to databases. Business intelligence products may need to be able to access data that
is stored in existing database tables. You will need to configure the servers and databases
so they can be used.
User information may need to be configured so that appropriate access and security can
be set
Network-based servers may need to be told about IP addresses, port numbers and
locations of other components or share names, especially if default settings have not been
used
Other parameters such as time outs, or number of processes to start, location of files, and
so on.
When packaging software or using remote deployment, configurations are usually part of the
package. For terminal services, configurations are set at the terminal server. Other installation
methods may require configuration to be set at the installed computer.
In any case, the installation plan and process should address how software configuration will be
managed for the installation.
65
Testing the installed software
The software evaluation process and the installation planning process should have included a
process for testing the installed software. Software is usually evaluated before it is installed in a
working network. Testing in the evaluation process is essential to determine if the software
meets the organisational and business requirements. This type of testing may include estimating,
testing and reviewing things like:
Disruption to business operations during installation
Time, resources and budget required for complete installation
Technical performance of installed software in a network environment
Functional test as per requirement statement
Security testing and backup
Ongoing maintenance procedures
Evaluation testing is usually conducted by installing software on an isolated network that
replicates the production network as best as possible. This ensures that there is not possibility of
disrupting the working network. The installation of the software will test and confirm
installation requirements and what installation method works best. Technical testing is then
conducted looking at things like transaction speeds, response times, interoperability with existing
software and operating systems, impact on network bandwidth and so on. Functional testing is
also conducted. This looks at the software features, user interfaces, how the users actually use
the software and how it will fit into existing business processes.
Thorough testing will highlight software deficiencies. These deficiencies may be referred to the
software vendor who may be able to provide solutions or rectifications. Any solution or
rectification should be tested to confirm it does what it claims to do.
The results from evaluation testing are used to determine if the software meets the business
requirements. If it does a pilot or test installation should be undertaken.
A pilot or test installation is undertaken to ensure that the installation methods work as expected
(proof of concept) and that the installed software will work as expected in the production
network. A pilot installation involves selecting a small section of the working network where
you will install the software. This may be a couple of couple of computers for a small network
up to an entire department for a large organisation. This installation will test your installation
methods as planned in the working network.
Once the pilot installation is complete, testing using specific criteria should be conducted before
rolling out of the software for the rest of the organisation. The test criteria are based upon the
66
organisational requirements for the installation. The main criteria will be things like disruption
to the network during the installation, time required for installation, resources required for the
installation. The functional and technical tests results are compared to that expected and
determined by the evaluation testing.
Following the pilot installation testing and reviewing, any necessary changes should be made to
installation plan before moving forward with the software deployment on the entire network.
Once this is done software can be rolled out across the entire network. With the software
installed, final testing can occur. This is usually termed ‘acceptance testing’ and is performed by
both technical staff and the users of the software. The purpose of this testing is to ensure that the
installed software performs as expected by the user – that is, the user accepts the software
installation is complete with no problems.
Documentation
Documentation is the most import thing to be done following the installation of software on a
network. This makes our job as network and system administrators much easier and not so
taxing on the memory.
The documentation for the installation should contain:
Software description including serial and licensing details and media storage location
along with any maintenance agreements or contracts.
Inventory of install locations (number of computers and location)
Detailed method for the installation including how the deployment package was created,
and how to perform the installation. Of course, the deployment packages used should be
kept in a secure location specified in these instructions.
Software configuration details. This may include screen shots of configuration options.
Change management history for changes in configuration or installation locations, or
methods.
Detailed instructions for any required preventative or scheduled maintenance.
This documentation remains in the organisation and is used as a reference should there be a need
for any configuration changes or installation of the software on new or additional computers.
67
Summary
It’s tempting to just rush in and install software if we are short of time or under pressure to get
things done. However without a proper plan and knowledge of software installation methods,
installation may take longer and have adverse effects upon business operations.
The practical installation of network software involves an initial test or pilot installation with
testing and review of the process and outcomes. This will reduce potential problems with
network software roll out across an organisation.
Documenting the installation process is required to maintain the network software. This
becomes a reference for any future installation or configuration changes.
68
Evaluate network security status
Network Security
What is network security? Before we can evaluate the status of network security we need to
understand what network security is.
Security refers to the measures taken to protect certain things or elements of information. There
are three main elements.
Confidentiality
This means keeping information secret and safe. It means controlling access to information so
that only the people with authorisation will access the information. No one else should have
access to the information.
With Network Security this means keeping all information stored in a network environment
confidential and safe. This means keeping unauthorised people off the network and preventing
them from browsing around and accessing thing they have no authority to access.
Integrity
This refers to the correctness of information. It means making sure that the information is kept as
it should be and not altered or changed by unauthorised people. It also means protecting the
information from changes or corruption by other things like system or program failures or
external events.
With Network Security this means keeping all information stored in a network environment as it
should be. Information includes user generated data, programs, computer services and processes
(email, DNS, etc). This means protecting information from unauthorised changes and deletion by
people, network devices or external influences.
Availability
This refers to the ability to access and use information. It means making sure that the information
can be accessed whenever it’s required. If information is not available it is useless.
With Network Security this means keeping all information stored in a network environment
ready and accessible to those who need it when they need it. Information includes user-generated
data, programs, computer services and processes (email, word processing application, etc).
69
Evaluating Network Security Status
Knowing what network security refers to means we now know what to look for when assessing a
network. We need to look at what measures are in place to ensure that the confidentiality,
integrity and availability of network data, applications, services and processes are maintained to
the organisation’s requirements.
Threats
Threats are actions or events that could occur to compromise an organisations network security.
The threat will compromise confidentiality, integrity and/or availability of network information.
People or organisations that have possible access to the network may present threats. Threats
may be presented by people or organisations that have some reason for compromising network
security and have the knowledge and resources to pose a threat. Some examples of threats could
be hackers gaining access to confidential files, or a disgruntled employee deleting corporate data,
or virus infections corrupting data. Joy riders also pose a threat. They have no particular reason
for gaining access except for the challenge and a bit of fun or perhaps prestige within their peer
group.
Threats may also arise through circumstance. For example using second hand or old hardware
may pose a threat to network security.
Vulnerability
This refers to potential ways or avenues that could be used to compromise network security. For
a network to be vulnerable it must be accessed in some way. For example, Internet connection,
user workstations, wireless access via user laptops are all means of accessing the network. All
these access points use various systems such as firewall, computer operating systems,
transmission protocols to authenticate and authorise network access. Various methods can be
used to gain unauthorised access if vulnerabilities exist in the systems.
Operating system bugs, shortcomings in the authentication mechanism, and no security checks
for people entering the workplace are examples of vulnerabilities.
Countermeasures
Countermeasures are used to reduce the level of vulnerability in the organisation. They can be
physical devices, software, policies and procedures. Examples of countermeasures include
firewalls, antivirus software and security guards checking employee IDs as they enter the
building. In most cases, countermeasures are implemented at network access points or where the
vulnerability exists.
70
Impact
Impact means what will happen to the organisation if a threat actually happened. The
consequence of a threat occurring is usually measured in financial terms because the result may
be loss of business productivity, stolen equipment replacements and repairs, costs for
investigation and expert contractors. Other consequences may be damage to reputation, loss of
business or time and resource related.
Assessing impact can be an involved process and a topic in its self. However, in brief terms,
assessment is usually done by identifying systems or resources in the organisation. Then by
analysing usage patterns, business processes and work flow the importance of a system can be
determined. Finally, with user and management questionnaires, analysis of usage, business
processes and workflow, the consequence of the system or resource being unavailable or
compromised can be determined in financial and other terms.
Likelihood
Likelihood refers to the probability of an event occurring. Whether an event is likely to occur
depends upon a number of factors such as degree of technical difficulty and knowledge required
to cause the event, potential gain to the perpetrators and opportunity. Countermeasures reduce
the likelihood of occurrence. For example procedures ensuring that operating systems have the
latest security patches installed will reduce the likelihood of hackers compromising the system.
Risk
Risk refers to the potential or possibility for some form of loss. With network security this means
loss of confidentiality, integrity and/or availability of information or services. Risk is determined
directly by threats and vulnerabilities. For there to be a risk, a threat AND some vulnerability
must exist.
For example virus infection may compromise the integrity of information on a network. The
vulnerability or ways virus infection can occur may include the using of CDs or disks from
outside the organisation on local network computers. In this case a risk exists. If a
countermeasure or mitigation strategy such as using diskless workstations was employed, users
could not use external media. This means that there is no vulnerability and therefore no risk.
However, another vulnerability associated with virus threats may be the network’s Internet
connection. So the risk of virus infection via the Internet may exist depending upon firewall and
antivirus countermeasures employed.
71
To work out threats and vulnerabilities, we need to examine:
access to the system – including physical, electronic via authentication processes, via
local workstations, Internet, remote access server
authorization mechanisms – including operating system or application permission or
access control methods, organisational processes and procedures to manage user access
who has access and what can they do - this includes file access permissions for users and
access to services and this can be examined using auditing features built in to operating
systems and applications
known vulnerabilities for example operating system or application defects/bugs,
hardware firmware
potential vulnerabilities and confirmed by testing
any countermeasures in place.
For any breech of security, there must be some form of access so it is important to consider all
possible means of access (physical and electronic). While hackers are usually associated with
external 'criminals', network security is more often jeopardised from within an organisation.
Look for vulnerabilities in the following areas of the individual network components.
Network design and components
Vulnerabilities associated with hardware and network design include exploitation of topologies,
switches, routers, firewalls, servers, computers and operating systems to breach network security.
Threats associated with hardware and network design vulnerabilities include:
interception of wireless transmissions by hackers
networks that use public or external transmission systems; for example leased lines are
vulnerable to eavesdropping
networks segments being exposed to sniffing
physical access to hardware
private network addresses accessed and read when routers and other devices are not
properly configured
dial-in servers or remote access used by off-site staff not being secure or monitored
regularly.
improper use of default security options – after operating systems or applications are
installed, default security options are offered automatically; these default prompts are
well known by crackers and, if they are not changed by the network administrator, will
allow easy access to the system
network operating system software having holes in its security, allowing hackers to gain
unauthorised access
72
Network operation and usage
We need to examine how the network or system is used and also any policies and procedures that
relate to this. Threats from people exploiting vulnerabilities in the way networks or systems are
used may include:
Intruders or hackers gaining user passwords through manipulation or monitoring.
Surprisingly, many people write their passwords down on sticky notes and leave them stuck
on the side of their monitor or under their keyboard. It is easy for an observant person to find
these notes, or even to unobtrusively watch passwords being typed in
Social engineering—This practice involves manipulating social relationships in order to gain
information, specifically, passwords. For example, the intruder may pose as a network
administrator who asks for your password in order to investigate some problems with the
network
incorrect configuration of user IDs and groups and their associated file or login access
network administrators not noticing security gaps in the operating system or application
configuration
lack of a security policy, leading to users not knowing or understanding security
requirements
dishonest or disgruntled employees abusing their access rights
an ’unused’ computer being left logged on to the network, thereby providing access to an
unauthorised user
users or administrators choosing easy-to-guess passwords
computer rooms being left unlocked, allowing unauthorised physical access
back up tapes or floppy disks containing confidential information being discarded in public
waste bins
administrators failing to delete system accounts of employees who have left the organisation.
Communications and connections
The security of network operating systems and application software is dependent on its
configuration. Some of the vulnerabilities in this area regarding communications and connections
include:
IP addresses easily falsified and requiring little authentication
flaws or gaps in network software allowing IP spoofing to occur.
viruses – which can be contracted from the Internet or external email, or transferred from one
computer to another through internal network and emails.
incorrectly configured firewalls not preventing unauthorised access
authorised users transferring files using Telnet or FTP over the Internet, with user ID and
password transmitted in plain text, which can easily be accessed and used inappropriately
73
hackers obtaining personal or user ID information entered into online forms or newsgroup
registrations
access inadvertently allowed into chat session or email software while users remain logged in
to Internet chat sessions or Internet-based email.
denial-of-service attacks. These are usually deluges of messages sent to a third party using
PCs on your network as ’drones’, resulting in the targeted system becoming disabled
Clear text sniffing—Some protocols do not use encrypted passwords as they travel between
the client and the server. A cracker with a sniffer can detect these types of passwords, thus
gaining easy access to the information
Encrypted sniffing—protocols may use encrypted passwords; hackers may carry out a
Dictionary attack. These are programs that will attempt to decrypt the password by trying
every word contained in English and foreign language dictionaries, as well as other famous
names, fictional characters and other common passwords.
Brute-force attacks are similar to Dictionary attacks. The difference is that Brute-force attack
intruders will use encrypted sniffing to try to crack passwords that use all possible
combinations of characters. These characters include not only letters, but other characters as
well.
Replay attacks—By reprogramming their client software, a cracker may not need to decrypt
the password; the encrypted password can be used ’as is’ to log into systems
74
In all cases these tools use known vulnerabilities and methods to test network security and as
such need regular updating as new vulnerabilities are discovered. These tools should be used out
of normal business operation hours as they can impact on network performance. Links to these
types of tools and sources for are available at the end of this reading.
Evaluate Findings
Once we have completed the task of looking for risks and checking configurations, we need to
compile our findings and determine if any improvements or changes are needed.
We need to record the findings for each of the systems or network components we reviewed. In
summary, these were the things listed in the 'Looking for Threats and Vulnerabilities' section
above.
Using a table can help you evaluate your findings. Once you have listed your findings you need
to consider what issues or concerns result from your findings. These concerns may become
threats and risks. From the concerns and issues consider what you can do to remove the issue or
concern.
Take a look at the sample Risk Evaluation table on the next page. Note: You can also download
this table as a separate document from the Reading section of this online learning pack.
75
Concerns or Issues Recommended Action
System or Results and findings
Network
Component
Identify the Physical environment (Example: Anyone can walk (Example: Lock the
network
system or in and access the computer computer room and only
(List here your findings
component and console. They could copy authorised people have
about the physical security
or delete information and keys)
of the system)
damage the hardware)
(Example:
(Example: insecure
Finance
computer room)
database server,
windows 2000)
76
Concerns or Issues Recommended Action
System or Results and findings
Network
Component
Vulnerability test results (Example: results of code may (Example: Apply vendor
leave server open to remote supplied security patch to
(List test results from
control by unauthorised server)
specific tests or test utilities
people)
like penetration tests,
network scans, etc)
77
Using tables like the one above will give us a picture of the security status of the components and
the network as a whole. As network or system administrators we make technical
recommendation on these finding to improve or correct any network security deficiencies.
However it is up to organisation management to approve any recommendation.
Information on threats, vulnerabilities, impact or consequence along with recommendations
(including implementation costs) addressing the risks must be provided in a meaningful way for
organisational management to make sound decisions regarding network security.
Quantifying Risk
We know that risk is the result of threats and vulnerabilities, but how do we measure the risk?
One useful way is to scale risks based on impact and likelihood. Using this method
organisational management can identify the most likely and most damaging risks.
Consider table on the following page. Risk is calculated by multiplication of impact and
likelihood. Risk is now scaled between 0=no risk and 25= extreme risk. (Note: You can also
download this table as a separate document from the Reading section of this online learning
pack)
78
Threat Vulnerability Impact Likelih Risk Comments Possible Countermeasures and
ood Factor Mitigation Strategy
0-5
0-5 0-25
In the above example both impact and likelihood are equally weighted. If an organisation is only
concerned with impact, then likelihood may use a smaller scale or not be used at all to calculate
the risk factor.
It is a management decision to accept the risk with consequences and potential cost to the
organisation. The alternative is to implement countermeasures or mitigation strategies to reduce
the impact or likelihood. These measures usually come at a cost and management need to decide
if they wish to spend potentially lots of money to prevent something that is unlikely to occur.
79
Prepare Report
As mentioned, your risk assessment findings must be presented using clear documentation. The
report presented to management regarding the status of network security should include:
Your summary of concerns and recommendation in plain English
Summary of findings should include your main concerns, possible consequences and
current network security compliance with existing organisation policy and standards
Recommendations need to include implementation costs, resources required, time
required, potential impact on continuing business or systems access.
A risk summary table including impact and likelihood (weighted if required)
Your methods of evaluation and investigation of network security status.
Any other relevant supporting documentation.
As an IT professional, management will be relying on your skills and judgement in presenting a
clear picture of the current network security status. Key points to remember here is that
management want to know if the organisation is exposed to potential risk, what is really at risk
and how much it will cost in financial terms, time and material to mitigate the risk.
As IT professionals, some times we may not look at the big picture and think in technical terms.
What you present must be understood by non technical people so that they can make valid and
justifiable business decisions using your information.
80
Summary
There is a lot of hype about network security and with it comes the potential to spend big dollars
in securing a network. We now know how to assess and evaluate the status of network security
by identifying real and valid threats. Without vulnerabilities to the threat there is no risk to
network security.
We have learnt that there must be some form of access to the network for security breeches to
occur. Evaluating network security means looking at the individual components that make up the
network, investigating how they are accessed specifically looking for vulnerabilities in
confidentiality, integrity and availability. Third party security evaluation tools are a most useful
resource when used in conjunction with our other findings to formulate recommendations.
Most importantly, our findings need to be interpreted and presented in a meaningful way with
recommendations that are easily understood. Management make decisions on acceptable risk not
administrators.
81
Manage user accounts
User Access
You’ve probably heard someone say that the most secure system is the one that has no users! It is
probably also one of the most useless systems. We do want our users to access the system; it’s
just that we want them to have the appropriate access.
The control of user access can take many forms and apply at several levels. Once a computer is
physically accessed, the user usually logs on to gain access to applications. These applications
will access data in files and folders.
We can simplify the process down to 3 things.
Physical access
Authentication
Authorisation
Physical access
The first layer of management and security is the physical access to the computer. To prevent
unauthorised access, a company may make use of:
locks on the front doors
locks on each floor
locks on offices, etc
security guards
cameras
keys on computer systems.
Only those who have permission and keys will be able to access a computer in the company’s
premises. The Internet, however, presents issues concerning access to corporate information or
systems because physical restrictions cannot be imposed.
Authentication
Authentication is the process of verifying the identity of people who are attempting to access the
network or system. Typically, a user identifies themself to the system, then is required to provide
82
a second piece of information to prove their identity. This information is only known by the user
or can only be produced by the user.
The most common method used to authenticate users is the Username and Password method.
Using this method a user identifies itself with a username. They are then prompted for a
password. The combination of name and password are then compared by the system to its data
on configured users and if the combination matches the system’s data information the user is
granted access.
Other authentication methods include:
Username with static passwords—the password stays the same untill changed by the user
at some time
Usernames with dynamic passwords—the password is constantly changed by a password
generator synchronised with the user and system.
Other challenge response systems—this may involve PINs, questions to the user
requiring various answers or actions
Certificate Based—this requires the user to have an electronic certificate or token. This
may also need to be digitally signed by a trusted authority. Kerberos is an example.
Physical devices—these include the use of smartcards and biometrics. Generally the
entire authentication process occurs on the local workstation, thus eliminating the need
for a special server.
Whatever method is used is determined by the organisational policy and security requirements.
Identity Management
In large organisations there may be thousands of users for a network. These users could be
employees, contractors, partners, vendors and customers. Being able to identify and manage each
of these users is most important because each user has different requirements and levels of
access.
This information is managed using either the Network Operating System, Directory Services or
specialised Identity Management Software. Essentially, all of these use a central repository or
database that contains all the user information and credentials. This presents a single location for
all applications and services to use when authenticating users as required.
Authorisation
Once a user has been authenticated (that is their identity validated) they are granted access to the
network or system. For the user to then access data or an application or execute some task or
command they need be authorised to do so. The authorisation process determines what the user
can do on the network. In other words it enforces the organisation policy as applicable to the
user.
The Network and System administrators are responsible for the technical configuration of
network operating systems, directory services and applications. Part of the configuration includes
83
security settings that authorise user access. The administrators use an organisational policy to
determine these settings.
84
Configuring User Access
Once user account settings have been determined how do we know who should have accounts
and what access should be set?
85
Use of Groups
The most common way of administering access permissions is to create groups and put user
accounts into appropriate groups. The group is then permitted or denied access as required.
Using groups is an efficient way of managing authorisation because you only need to set access
permission to a group and not individual accounts.
For example, a company may have thousands of users, but analysis of what those users want to
do may show that there are twenty or more different combinations of access permissions
required. By assigning users to groups and then allocating permissions to the group, the security
administration is greatly simplified.
Once we have users allocated to groups we can explore other levels of controlling access.
Allocating permissions to folders and files is a major security provision of network operating
systems and one that is important to set up correctly. Can we go lower and look at the content of
a specific file and restrict access there?
The restriction of file access is most applicable in controlling access to database files.
For example, imagine a Payroll system using a database in which the data is stored in tables.
These tables have columns and rows of data. Let us think about two groups of user, the payroll
department staff and the manager of a department. The payroll group are likely to be allowed full
access to all the data although in a very large organisation there may be segregation of access.
But what about a department manager? This person may be allowed to see salary details for the
staff that work in the department only.
In the table containing salary details there may be a row for every employee in the organisation.
This means that we only want to show this manager the rows that relate to the one department.
This would be secured with a filter that only displays staff in the department being examined.
Furthermore there may be information about an employee that even their manager may not be
able to see, such as medical or financial information. This information may be restricted by
controlling the columns returned in a report or query.
This type of security is really part of the application control rather than the network but it is still
an important part of the overall security of the system and needs to be addressed by the
organisational procedures.
Permissions and Rights
Permissions generally refer to file and directory access. The user account or group can be set
with the following type of permissions:
No access at all to files and directories
Read only.
Modify where the contents of files and directories may be accesses but changed or added
to but not deleted
Full Control or Supervisory where files and directories can be view modified and deleted.
86
Rights (or privileges) generally refer to the restriction on user accounts or group in performing
some task or activity. For example a user account or group may be assigned administrator or
supervisor rights meaning that the user can perform administration tasks like create, modify or
delete user accounts. Care must be taken with rights to ensure security is not compromised.
87
Policies and procedures
Many larger organisations post the policies that govern their user authorisation processes on their
intranets. Try searching intranet sites for larger companies—particularly IT based organisations.
You may need to look under’ ’Publications’ or’ ’Policies’. Also try a Google search for the term’
’user authorisation policy’ (use’ ’authorization’ for US companies).
Summary
How user accounts are managed is principally determined by organisational policy.
Administrators need to use policies and procedures to determine how to configure accounts and
how to set appropriate access permissions to application and data.
Once accounts are established, again policies and procedures will clearly define how the
accounts will be managed with regard to changes, disabling and
88