North Quincy Museum Cluster
|The background on this case was
developed by me from experience with "artist's colonies" and museum
clusters in a couple places I've lived.
Nick Barrett and Brandon Lee developed the solution with some modifications from me.
Our case study is
set in an older part of town in North Quincy, MA. The city is
refurbishing the area, and because it is a historical area, they are
taking great care to preserve it. They would like to bring the look
and feel of the buildings back to their best documented original
Four of the buildings are being used collectively as a museum. Inside functions range from exhibit halls to gift shops to administrative offices. The buildings are all located on the same individual property. This property is fenced in to keep people from just wandering on the property. The city has added elevators and fire exits to each building, and they have taken great care to match the exteriors of these add-ons to the original building.
Due to the period nature of the cluster there is a desire to make the computer capabilities as invisible as possible. It was also not reasonable to place wiring within many parts of the older buildings. So, infrastructure needs to be underground and within the small add-ons used for the elevators a fire stairways.
Employees, users and customers tend to roam back and forth between the buildings, and the director feels as though it would be to their advantage to have the whole area covered with wireless access. We plan to make the network redundant so that the employees can learn to always rely on the network. Access points, routers, switches, and cable all have the potential to fail at one point or another. We don't want this to interfere with productivity.
· E-mail – this will allow employees to keep in contact with one another as well as clients for information exchange. We will be implementing a 1 gigabyte limit on mailbox sizes. Microsoft Outlook becomes unstable when mailbox sizes approach 2 gigabyte, and we want to keep our e-mail server doing just that; sending emails. We do not want to allow our users to effectively use the email server as their personal file server.
· Instant Messenger – this opens up a channel of communication between employees. Many organizations where employees are located in outlying sections of the building implement a type of instant messenger service that allows them to keep in contact without picking up the phone.
· Web Server – The NQMC wants to develop web services for visitors, particularly school groups. They also intend to offer memberships and museum shop capabilities online. To better serve researchers they also want to have appropriately secured portions available information.
· Database Server – Due to the nature of the collections they want to eventually develop online resources for researchers.
· Human Resources – NQMC expects to handle most of their internal operations on the network. This also means their needs to be special security to partition this from customers.
· Administration – NQMC will have as much of its administrative resources online as they reasonably can.
· Backup – All of the major project work of the firm will be saved on a tape backup system. This will allow the staff to take tapes off-site as per the disaster recovery plan. The high capacity of the tapes will work well for our need, as the file sizes are going to be relatively large.
· IT staff – The IT support staff will have a knowledge management system that will contain procedures and records related to IT support.
The Physical Layout. The following diagrams and very short discussions relate the basic layouts and footprints of the cluster and individual buildings.
The add-ons for the elevators and fire stairs were placed on the exteriors so that they are hidden from view from the central courtyard.
The Logical Network. Now we will present the overall diagram for the buildings and their interconnections and connection to the Internet. The discussion will follow the diagram.
The Network. The DSS - distribution system is going to be wired, but we likely need to have some ways to prevent people that can crack into the wireless system from gaining easy access to our wired system.
We will force all computers that want to use the wired LAN to authenticate on a domain. Each user will have his or her own account, and sharing of passwords will be against policy. Computers will automatically log off after 15 minutes of inactivity to ensure that an unauthorized user can not just sit down at a computer that some one has walked away from and start to examine our network, or our data. We will run a log on script that can quickly check these machines for things like MS Windows Updates, and anti-virus protection. This should help us keep our network from becoming polluted with worms that spread easily on local area networks. It is important that machines with viruses not access the network because they can infect other machines, or severely hinder the performance of our network.
High speed connections can also be leveraged by hackers to run DoS attacks against other companies, and also to send out SPAM. For this reason extra security needs to be put in place to assure that the museum is not held responsible for any damages caused to another company from our compromised network. Companies are now being held liable for damages that occur to other companies from their network, if it is found that every effort was not made to make security tight.
The employees of the museum will be equipped with desktops computers, and network enabled POS devices that they will be using to access the network. We expect visitors to bring in PDAs, web-enabled phones, and laptops to the museum. As long as these devices are 802.11b/g enabled, they should have very little difficulty connecting.
We expect that visitors will access the network in exhibit halls, as well as the lobby area and ticket sales area. Our staff will have desks in various locations for administrative tasks. We will be trying to minimize holes, jacks, and cable runs indoors. There is no reason to not have these user machines access the wireless network. WPA security inherent in 802.11g will suffice for the level that this cluster is trying to accomplish. The hard wired LAN is going to only provide a skeleton network for our wireless “meat” to attach to.
Currently, the employees of the museum as well as visitors will have access to the network. Visitors will only have access to the wireless network via a managed captive portal system. These access points have firewall software installed in them that allows network managers to restrict or grant access to the network/Internet based on how the user authenticates (or doesn't authenticate for that matter). These can be set up so that people who do not authenticate are given a direct (bandwidth limited) connection to the Internet. The museum will also need to use captive portals because they will soon be advertising their own wireless hot spot.
We felt that Sputnik was the best product to use for our captive portals because other products like Cisco does not have web integrated with their captive portals. There was a choice between four different Sputnik products: Sputnik AP 220 ($199), Sputnik AP 200 ($259), Sputnik Control Center ($299), and Sputnik AP 250 ($399). We came to the conclusion that Sputnik AP 220 was the best choice. Sputnik AP 220 is a high powered Wi-Fi-Complaint 802.11b/g wireless network access point that is designed to support even the largest hot spots. This product allows the network to be managed centrally by the Sputnik Control center.
The museum wants to be able to limit how much bandwidth users can use. The museum wants the users to have enough bandwidth to check their email and do some light surfing of the web. This can be done with the Sputnik 220 because it allows network administrators to set automatic network timeouts and enable or disable end-users’ capabilities to create and manage their own accounts. The museum plans to charge the users a dollar for the use of their wireless network. The money will be used to help cover the cost of maintenance, Internet connection, and equipment. This money will be collected when the user is pays for admission. They will also be given information about how to connect to the network.
Another objective for the museum is to collect the users email and home address, in order to send them advertisements about the museum. The user can choose whether or not they want to receive advertisements. This should be a useful tool for low-cost marketing, and also a way to attract attention to the museum.
The museum will implement 802.11g, which will allow for up to about 20 simultaneous connections per access point without bogging down. More than 20 visitors accessing the wireless network in the museum is not expected, even if there is a popular exhibit on display.
The equipment implemented to the North Quincy Network will be provided by Cisco. The wireless network will be connected via the Cisco Aironet 1200 Series. The 1200 series is suitable for the Museum’s requirements, it provides the flexibility to change capabilities as customer requirements and technologies evolve. Customers can confidently deploy 802.11g networks now, and have the option to upgrade to a dual-band 802.11a/g network in the future.
The switch that will be put in place will be the Cisco® Catalyst® 3560 Series. This is ideal for the museum, Cisco explains;
One of the main concerns of the museum is security. The Cisco 2800 Series Router is target model needed and provides the museum with performance, availability, and reliability required for scaling mission-critical business applications in the most demanding enterprise environments. The Cisco 2800 Series is designed to meet both performance and density requirements for the delivery of secure, concurrent services, without compromising performance, for:
The museum is a historical building, and the interior walls are fairly dense compared to interior walls in modern construction. This will likely reduce the range of our access points to about 40ft.
Since the buildings are in close proximity, and their grounds are currently dug up to add other amenities, it is a great time to run fiber optic cable in between the buildings. Multi-mode fiber will be used because the distance between buildings is relatively small. Direct bury fiber will be used to protect the drop from rodents. In addition, you can run as much direct bury fiber as you want inside a structure without breaking any fire codes. Non-direct bury, outside cables, are filled with a waterproof gel that can not be ran more than 50 feet indoors.
Fiber was chosen over a wireless solution because antennas and access points can not be mounted on the exterior of the building.
The overall dimensions of each of the the buildings vary, but the largest is 60 feet wide by 200 feet long. The ceiling has been fitted with steel girders, the outside walls are cinder block with a facade. All of the interior walls are non-load bearing and essentially partitions with cheap metal 2” x 4” and sheet rock. This implies that with 802.11g you’ll actually get about 40’ of spread from an AP.
Conclusion. The North Quincy Museum is a smaller type of organization with mainly wireless network requirements, particularly considering the restrictions on running wires. They were able to find all their required devices from Cisco. The network is mainly going to be used for database access developed through the various departments. A secure network is offered by the Cisco 2800 Series router from various attacks by “hackers”.