What Network?

Regardless of what fancy, new-fangled services you’ve added to your network, without the proper infrastructure, you might as well throw your money out the window. Many times, network infrastructure get left behind or forgotten when new equipment and services are added to the network. Having the latest computers and streaming video in your labs is nice, but when you try to use them on a 10BaseT network, you may as well be using smoke signals, spelling S.O.S. The first thing to look at is the physical wiring. If your school is utilizing anything less than Category 5 wiring for the network connections, plan on a big wire replacement party. Some networks may even have 10Base-2 coaxial cable connecting systems, especially those that have been on the network from its inception. If wire pulling is in your immediate future, I recommend you install Category 6 cabling to eliminate the need for replacement in the near future. Even if you have Cat-5 cabling installed, you might consider upgrading. Most Cat-5 cabling sold today is really Cat-5e, which means it will easily handle Gigabit Ethernet speeds. However, older Cat-5 cable may not have what it takes. Installing the cabling also requires planning, as you want to avoid as many sources of noise as possible. This doesn’t mean “avoid the music dept.†Instead, watch out for sources of electrical noise such as older fluorescent lights and high-voltage lines. Proper wiring is just the beginning. The next hurdles are wall connectors and patch panels. If any of these are more than four to five years old, replace them. All punch-down blocks and wall connectors are not created equal, and they must match the type of wiring installed. If your wire is Cat-6, then all connectors and patch panels should also be Cat-6. All the cabling needs to be connected to Ethernet switches somewhere. Your network layout can take different approaches. One method is to have a central switch that’s connected by a single Ethernet cable to other switches placed in each lab or area where computers or printers are located. These switches eliminate a lot of the in-wall wiring needed, but spread support issues out over the facility. The other approach is to run individual lines to each room for each computer. This increases the amount of cable that needs to go to each room, but keeps all your switching gear safely in one place and out of reach of curious students. If you take the safer approach, run extra lines now. It will save you from having to go back later to add one more computer. Regardless of where you place the switches, your current best bet is to find gigabit switches. As of this writing, some are available for as low as $25 per port. Most of these will crank back to 100Mbps if your computers don’t yet support gigabit. If gigabit switches are out of your price range, make sure that your 100Mbps switches support full-duplex ; that is, they need to support communication in both directions simultaneously. Regardless, any old hubs in your network need to be retired and thrown on the trash heap. Switches overcome a good amount of network congestion by keeping data relegated to only those computers involved. Don’t stop just at the physical plan. Making the connections between computers is only the first step. Security should be your next concern, and it will come from two fronts. The first is obviously to secure your connection to the outside world via the Internet. This is easily accomplished by placing a firewall at your Internet connection. For a fairly secure network, the firewall should be configured to allow only those inbound services that you support. For example, if you have Web and mail servers inside your network, that’s all the firewall should support. For outbound traffic, you can probably configure it to eliminate possible outbound student hacks or music downloading. The next line of defense is the office computers. These should be separated from the student labs as much as possible. Again, a firewall is the best solution. This firewall should restrict all inbound traffic, and outbound traffic should only be for those services necessary for operation. Any Web and mail servers should be located outside of the office computers to protect sensitive personal information. Keeping the office computers behind the firewall apart from the rest of the campus network makes hacking into the system a bit more complicated for the future hackers attending your school. There is also the issue of virtual LANs, or VLANs. While there are some VLANs that come with the claim that they can handle security on a network, this is not true. VLANs are simply virtual local area networks, which are designed to separate traffic, but not to secure networks. VLANs can easily be spoofed and are therefore more of a security risk than a help. My final recommendation would be for more wireless networks on a campus. I’ve had the opportunity to teach on several campuses around the country and I find those with wireless networks to be the most enjoyable. The campus I regularly teach at does not have any wireless networks and it shows. When I walk through the quad, I see students, a few cell phones, but no computers. When I walk around campuses like the University of Texas, I find students using their laptops everywhere to access the Internet and internal UT systems. While some elementary and junior highs schools may not see a reason for wireless networks, it’s almost a necessity for high schools and colleges. Again, don’t forget to protect your wireless network with proper firewall and authentication procedures. Darrin Woods (darrin@digitalmediaacademy.org) has 15 years experience in carrier and enterprise class systems and network engineering, specializing in video transmission. He has worked in the field of 3-D graphics and animation, and teaches distance learning at the Digital Media Academy.