ICT 435 SENIOR PROJECT

Kenneth AndersonDavid Gonzales

Logan Fernandez

POLICE HEADQUARTERS IT

PROPOSAL Topics covered in proposal: Server Personal Computers Network Personal training

The Outline of the Headquarters

IT devices in the police headquarters: 65 IP telephones 29 IP printers 78 computers 2 servers

ICT 435: SENIOR PROJECT

Workstation & Server report

Server Hardware

It is a matter of note that the Server may be among the most important element of any computer network.

Our Server has to:

Data Storage (15TB Raid Supported)• Mostly for digital Evidence & Virtual machine backup.

• Also hosting sensitive files & logs from the workstations.

Software Hosting • In addition to raw data storage capacity our server must be able to reliably host and run a few key Software applications.

Software Hosting 

Connectivity Software

Mobility XE“Mobility XE® is mobile VPN software that boosts the productivity of your workers in the field and gives your business the security and management you need for all of your mobile field mobile devices.” www.netmotionwireless.com/mobility-xe.aspx

Dispatch Software

DispatchNow Mobile“Tiburon’s DispatchNow Mobile is a robust solution for sharing immediate and accurate information between the dispatch center and the field. DispatchNow Mobile utilizes an innovative map-driven user interface to deliver essential information quickly and efficiently.”www.tiburoninc.com/Products/DispatchNow/DispatchNowMobile.aspx

Software hosting

Physical Virtualized

Support legacy

software

More fault tolerances 

Live migrate

Simpler Setup

Run faster

We believe that these systems can be made to run most reliably in a virtualized environment on the Server.

Server HardwareTo fulfill theses needs we have selected Dell the dell owing to Dell's history of solid hardware & support.

HardwareAfter some discussion we decided to

uses a Dell PowerEdge R520

Hardware Specifications of Dell PowerEdge R520:

Server price: $15,392.00

http://web.nmsu.edu/~kennya/ICT435/Server_preposal.html

Chassis Configuration 3.5" Chassis with up to 8 Hard Drives

ProcessorIntel Xeon E5-2450 2.10GHz, 20M Cache, 8.0GT/s QPI, Turbo, 8C, 95W, Max Mem 1600MHz

Additional Processor No Additional Processor

Memory Configuration Type

Performance Optimized

Memory DIMM Type and Speed

1600 MHz RDIMMS

Memory Capacity 2GB RDIMM, 1600 MT/s, Standard Volt, Single Rank, x8 Data Width

Operating SystemRed Hat Enterprise Linux 6.2,Factory Install,x64,Req Lic&Sub Selection

LicensesRed Hat Enterprise Linux,1-2SKT,3yr Subscription&License,1 virtual guest

OS Media kits No Media Required

RAID Configuration RAID 5 for H710P/H710/H310 (3-8 HDDs)

RAID Controller PERC H710 Integrated RAID Controller, 512MB NV Cache

Hard Drives 3TB 7.2K RPM Near-Line SAS 6Gbps 3.5in Hot-plug Hard Drive

Embedded Systems Management

Basic Management

PCIe Riser Risers with up to 4, 3x8 PCIe Slots + 1x16 PCIe Slots

Add-in Network Adapter Broadcom 5720 DP 1Gb Network Interface Card

Add-in Network Adapter On-Board Dual Gigabit Network Adapter

Power Supply Single, Hot-plug DC Power Supply (1+0), 1100W

Power CordsNEMA 5-15P to C13 Wall Plug, 125 Volt, 15 AMP, 10 Feet (3m), Power Cord

System Documentation Electronic System Documentation and OpenManage DVD Kit for R520

Virtualization Software Citrix XenServer 6.x (DIB)

Virtualization Licenses and Subscriptions

Citrix XenServer Enterprise Edition 3Yr Subscription Advantage

Hardware Support Services

3 Year ProSupport and NBD On-site Service

Proposed Workstations

While the Server may be the most important element of this computer network, the workstations are where the real day-to-day work takes place.

We have identified a few basic needs for the workstations

INTERCHANGEABILITY UPGRADABILITY

Owing to the logistical and technical issues that result from managing a mishmash of different hardware & software. We have decided that if we are to start ‘cold turkey’ that it would be best if all our systems were as identical to each other as possible. Such homogeneity would facilitate a quick and cheap recovery in the event of a serious problem either in software or in hardware (Due to recovery & reuse of interchangeable parts).

In order to meet a diversity of needs both now and in the next handful of years it is necessary that any generic system selected have the capacity to be upgraded.

Proposed Hardware

To fulfill theses needs we have selected the Dell Precision T1650 as our base system.

Dell Precision T1650:

Proposed Workstations Hardware specifications:

To the right are the base System Hardware specificationsWe expect the base system to cost around:

$708.00

For more advanced user system requirement we intend to simply upgrade theses machines in order to maintain the level of uniformity necessary to meet our goal of interchangeability.

Processor3rd Gen Intel Core i3-3220 Processor (Dual Core, 3.30GHz 3MB, w/HD2500 Graphics)

Operating System

Windows 7 Professional, No Media, 64-bit, English

Dell Precision T1650

Dell Precision T1650, Standard Base

Power Supplies 275W Power Supply, 65 Percent

Memory2GB, DDR3 UDIMM Memory, 1600MHz, Non-ECC (1DIMM)

Graphics Intel Integrated HD GraphicsHard Drive Configuration

C1 SATA 3.5 Inch, 1 Hard Drive

Boot Hard Drive

250GB, 7200 RPM 3.5" SATA 6Gb/s Hard Drive

DVD and Read-Write Devices

16X DVD-ROM, SATA

Network Adapter

Integrated PCIE 10/100/1000

Monitor Dell E2011H 20 Inch Flat Panel DisplaySpeakers No Speaker optionChassis Intrusion Switch

None

Port Adapter None

KeyboardDell USB Entry Business Keyboard, English

Mouse Dell MS111 USB Optical MouseProductivity Software

Microsoft Office 2010 Pro

Security Software

None

Proposed Workstations Software:

No computer does anyone any good without software, as such no statement on workstations can be said to be compete without discussing some of the Standard software that each station will come equipped with.

Java

Oracle’s Java platform has become a standard for modern software applications both on the web(Java Script) and on system applications. It is therefore logical to include Java on all systems as Standard.

Adobe Reader

Adobe PDF is an extremely popular document format and while there are other applications capable of displaying Adobe’s PDF format more securely and quickly Adobe’s own reader is still the standard. We have therefore decided to stick to the standard.

Adobe Flash Player

While much of the web post IPhone boom has been moving away from flash based applications the number of Flash based websites is still quite significant and therefore Adobe Flash player is still a requirement. We have opted to include this application despite its security issues due to the need for functionality and compatibility.

Firefox web browser

Firefox is one of the most popular web browsers in uses today and is much more frequently updated (and therefore secure) than the default Window’s web browser Internet explorer. Given the number of web based application that the Sheriff’s office must employ on a regular basis we feel Firefox is a good pick as safe standard browser to meet their needs.

Microsoft Office 2010 Professional

It is difficult to find an office environments without an office productivity software suite. (Be it Microsoft Office, or Apache OpenOffice.) The sheriff’s department is no exception to this rule. So to fulfill the sheriff’s department's productivity software needs we have selected the popular Microsoft Office 2010 professional.

Proposed Workstations Software:

The standard software needed on the workstations are comparable with most business computers:

Java

Adobe Reader

Adobe Flash Player

Firefox web browser

Microsoft Office 2010 Professional

Specialized Applications

Specialized applications individual Officers may require will have to be installed on each users workstation by the Information Technology staff on a case by case basis.

Network Configuration

Subnetting and separation of groups Router choice Switch choice

IP Addresses

Setting up a private address scheme:

Decided on a Class B address scheme: 172.16.0.1-172.31.255.254 /12

This will provide IP addresses needed for all the subnets, and leave room for additional addresses.

VLSM will be used to preserve IP addresses

Subnetting

Groups are separated by function. The groups are:

Printers: 172.16.1.0-172.16.1.63 /26 62 hosts

Phones: 172.16.0.0-172.16.0.127 /35 126 hosts

Administrative: 172.16.128-172.16.159 /27 30 hosts

Non-administrative (general): 172.16.0.128-172.16.0.255 /25 126 hosts

Server/video camera:172.16.1.64-172.16.1.127 /26 62 hosts

Network Hardware

Requirements of hardware:

ACL capability Subnet configuration Trunking capability for multiple switches DMZ capability to protect servers

Router

Cisco 3925E Integrated Service Router :

Capable of handling all subnetting and VLSM required.

Can make virtual DMZ for servers.

Switches

Cisco SGE2010 48-port gigabyte switch:

Six would be used with VTP POE capable for IP phones Fast enough to handle load, and VLAN

capable

Employee Policy Enforcement Systems:

Sensitive Digital Storage

All sensitive, classified, case, personnel, and administrative files will be stored on the server in a system of encrypted directory shared individually to only select password protected personnel user accounts. Access to these files will be granted on an individual & group (such as rank, division, ect.) basis by department management on a need to know basis.

Active Directory

We can set permissions on a user basis or a computer basis. We can control what server drives computers are mapped to base on the OU they’re in. However file permissions may be our biggest use for this technology.

Administrator Accounts

• No administrator accounts for non-IT users. This will prevent employees from installing any non approved software.• Where necessary we could modify minor account rights.• The primary focus here is to prohibit the instillation of non-work related software on work systems.• Possibly prevent viruses or Trojans from getting into the network.

System Log Forwarding

All Workstations will be configured to forward a copy of their logs to the server for archiving.

We believe this measure will provide us with a far more secure record of what was done on each workstation for review in the event of an incident.

Network Firewall Logging

Firewall will be implemented at the network edge to help protect the internal network from external threats.

All incoming network traffic will logged for review of an incident.

As with the workstation logs, these logs will be stored on the server

EMPLOYEE TRAINING

Employee Training

It can be said without reservation that people are the most important part of any operation. That policy’s regarding the utilization of people is as such the cornerstone of any organized operation be it a fortune 500 company or a simple sheriffs department.

Trojan Detection

Show them what screens should look like if Windows or the Anti-virus detects something. Grayed-out secure desktop, pop-up from the

legitimate anti-virus. Everything else should be determined as a

trojan. Nothing should be clicked on until IT support

looks at it.

Email Safety

If you receive an email from an unknown address: Do not open any attachment or click any links. Do not send any information back. Verify the address with your supervisor or with

IT before doing anything.

Flash Drive Safety

Scan flash drives for viruses before opening anything on the flash drive.

It does not take that much time. By doing so you can root out some basic

viruses. Autoruns will be disabled be default.

Social Media Safety

Do not use social media sites while at work. Be careful what information you share while at home.

The information you share can used to attack you and the office

Even if you share with those that are friends or family. Accounts can be hacked and personal details shared can

be used to aid hackers in compromising other systems.

File Securty

Get approval from your supervisor before taking copies of any work files home.

Files deemed as evidence are monitored and all activity is logged.

All file transfers from computers are also monitored and all activity is logged.

Password Security Strong passwords will be required

It is recommended that you follow Microsoft’s guide lines in creating your password.

http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Keep your password safe and secure at all times. Do not share your password. Anything done under your name on the network

is your responsibly and you will be held liable if anything occurs under your login.