The Network.  The DSS - distribution system is going to be wired, but we likely need to have some ways to prevent people that can crack into the wireless system from gaining easy access to our wired system.

We will force all computers that want to use the wired LAN to authenticate on a domain.  Each user will have his or her own account, and sharing of passwords will be against policy.  Computers will automatically log off after 15 minutes of inactivity to ensure that an unauthorized user can not just sit down at a computer that some one has walked away from and start to examine our network, or our data.  We will run a log on script that can quickly check these machines for things like MS Windows Updates, and anti-virus protection.  This should help us keep our network from becoming polluted with worms that spread easily on local area networks.  It is important that machines with viruses not access the network because they can infect other machines, or severely hinder the performance of our network.

High speed connections can also be leveraged by hackers to run DoS attacks against other companies, and also to send out SPAM.  For this reason extra security needs to be put in place to assure that the museum is not held responsible for any damages caused to another company from our compromised network.  Companies are now being held liable for damages that occur to other companies from their network, if it is found that every effort was not made to make security tight.

The employees of the museum will be equipped with desktops computers, and network enabled POS devices that they will be using to access the network.  We expect visitors to bring in PDAs, web-enabled phones, and laptops to the museum.  As long as these devices are 802.11b/g enabled, they should have very little difficulty connecting. 

We expect that visitors will access the network in exhibit halls, as well as the lobby area and ticket sales area.  Our staff will have desks in various locations for administrative tasks.  We will be trying to minimize holes, jacks, and cable runs indoors.  There is no reason to not have these user machines access the wireless network.  WPA security inherent in 802.11g will suffice for the level that this cluster is trying to accomplish. The hard wired LAN is going to only provide a skeleton network for our wireless “meat” to attach to. 

Currently, the employees of the museum as well as visitors will have access to the network.  Visitors will only have access to the wireless network via a managed captive portal system.  These access points have firewall software installed in them that allows network managers to restrict or grant access to the network/Internet based on how the user authenticates (or doesn't authenticate for that matter).  These can be set up so that people who do not authenticate are given a direct (bandwidth limited) connection to the Internet.  The museum will also need to use captive portals because they will soon be advertising their own wireless hot spot. 

We felt that Sputnik was the best product to use for our captive portals because other products like Cisco does not have web integrated with their captive portals. There was a choice between four different Sputnik products: Sputnik AP 220 ($199), Sputnik AP 200 ($259), Sputnik Control Center ($299), and Sputnik AP 250 ($399). We came to the conclusion that Sputnik AP 220 was the best choice. Sputnik AP 220 is a high powered Wi-Fi-Complaint 802.11b/g wireless network access point that is designed to support even the largest hot spots. This product allows the network to be managed centrally by the Sputnik Control center.

The museum wants to be able to limit how much bandwidth users can use. The museum wants the users to have enough bandwidth to check their email and do some light surfing of the web. This can be done with the Sputnik 220 because it allows network administrators to set automatic network timeouts and enable or disable end-users’ capabilities to create and manage their own accounts. The museum plans to charge the users a dollar for the use of their wireless network.  The money will be used to help cover the cost of maintenance, Internet connection, and equipment.   This money will be collected when the user is pays for admission.  They will also be given information about how to connect to the network.

Another objective for the museum is to collect the users email and home address, in order to send them advertisements about the museum.  The user can choose whether or not they want to receive advertisements.  This should be a useful tool for low-cost marketing, and also a way to attract attention to the museum.

The museum will implement 802.11g, which will allow for up to about 20 simultaneous connections per access point without bogging down.  More than 20 visitors accessing the wireless network in the museum is not expected, even if there is a popular exhibit on display. 

The equipment implemented to the North Quincy Network will be provided by Cisco.  The wireless network will be connected via the Cisco Aironet 1200 Series.  The 1200 series is suitable for the Museum’s requirements, it provides the flexibility to change capabilities as customer requirements and technologies evolve. Customers can confidently deploy 802.11g networks now, and have the option to upgrade to a dual-band 802.11a/g network in the future.

The switch that will be put in place will be the Cisco® Catalyst® 3560 Series.  This is ideal for the museum, Cisco explains;

The Cisco Catalyst 3560 is an ideal access layer switch for small enterprise LAN access or branch-office environments, combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks.

One of the main concerns of the museum is security.  The Cisco 2800 Series Router is target model needed and provides the museum with performance, availability, and reliability required for scaling mission-critical business applications in the most demanding enterprise environments. The Cisco 2800 Series is designed to meet both performance and density requirements for the delivery of secure, concurrent services, without compromising performance, for:

• Medium-sized businesses
• Small and medium-sized enterprise branch offices
• Service provider-managed services applications

The museum is a historical building, and the interior walls are fairly dense compared to interior walls in modern construction.  This will likely reduce the range of our access points to about 40ft. 

Since the buildings are in close proximity, and their grounds are currently dug up to add other amenities, it is a great time to run fiber optic cable in between the buildings.  Multi-mode fiber will be used because the distance between buildings is relatively small.  Direct bury fiber will be used to protect the drop from rodents.  In addition, you can run as much direct bury fiber as you want inside a structure without breaking any fire codes.  Non-direct bury, outside cables, are filled with a waterproof gel that can not be ran more than 50 feet indoors. 

Fiber was chosen over a wireless solution because antennas and access points can not be mounted on the exterior of the building.