Department of Natural Resources Policy -
Network Design and Operations
Policy Number: 02:01
See signed policy - Adobe Acrobat file
I. PurposeThe purpose of this policy is to ensure that the Department of Natural Resources design, acquire, operate, and maintain Information Technology networks that will allow them to meet State Information Technology goals.
1.0 Scope This policy applies to the Department of Natural Resources in accordance with Section 3-401 of the Annotated Code of Maryland, State Finance and Procurement Article. This policy applies to development, maintenance, modification, and performance optimization for networks within Local Area Networks (LAN) and Wide Area Networks (WAN) environments. Wireless networks are also included if they interface with other State networks. This policy does not pertain to network server platforms equipment (covered in the Hardware Standards Policy 1:06).
II. Policy
It is the policy of the Department of Natural Resources to ensure affordable, effective, integrated network capabilities that are compatible with the State's IT vision and IT architecture, and nationally recognized Open Systems Interconnect (OSI) standards. This is accomplished by coordinating planning and ensuring that the Department of Natural Resources consider key criteria when designing networks.
III. Procedures
Network design should directly support Department of Natural Resources Information Technology Architecture, which in turn is consistent with and supports the State's IT Architecture. This includes standards defining the minimum acceptable network configuration. It also includes configuration standards for protocols and interfaces required to support the Department of Natural Resources operational requirements.
1.0 Requirements
The requirements for a network have to be specified before any network design begins. Requirements include services needed, traffic levels, performance levels (percentage utilization and latency), availability levels, and metrics that define what needs to be measured and how it should be measured (e.g., average value, peak value, and distribution profile).Maryland Department of Natural Resources adheres to the following minimum Network standards:
All Routers, Switches, Hubs, Servers, and other networking equipment must be secured in locked controlled access area with 24 hour, 7day access for ITS authorized personnel.
Minimum Server Configuration:
Hardware:
Hewlett Packard (HP) Server Series must have upgradeable capability for dual processors, hardware RAID, multiple power supplies as well as the following components as a minimum requirement beginning FY2002:Pentium III 500mhz CPU
512MB memory
Uninterruptible Power Supply (UPS) dependent on server/device requirements
Network Interface Card (NIC)- PCI 10/100 TX auto sensing (RJ45)
Adaptec SCSI II controller - Model 2940 and above
15" SVGA monitor (if required)Software:
Operating Systems:
Microsoft Windows NT 4.0 (SP4 or higher) or
Windows 2000
Operating System should be installed on RAID partition when RAID is implemented.
Network Interface Card driver (NIC) - NIC Manufacturer or Microsoft approved drivers
Protocol - TCP/IP - IP addressing schemes are documented in ITS' Network Operations ManualData Backup Configuration:
Hardware: DLT tape drives (external drives preferred, but not required)
Software: Veritas Backup Exec softwareNOTE: Remote router sites are required to have a minimum of one (1) server at each location to serve as a backup domain controller (BDC); and must meet all requirements as outlined above.
Switches/Hubs/Routers and connectivity:
In House Computer Room (Backbone):
Routers:
Cisco Catalyst 5000 or higher series houses RSM module, redundant Supervisor Engine III's, and required fiber and 10/100 TX port modules.
Cabling: Category 5e cabling or fiber to closets, workstations & servers.In House Workgroup/closets:
Switch: A minimum of Cisco Catalyst 3548 XL family or higher with 1 fiber port Module.
Cabling: Category 5e to workstations and fiber from closet to computer roomRemote (non-dial in):
Minimum 56k Frame-Relay circuit from remote sites to DNR LAN.
Router: Cisco 2600 series with 100mb minimum connection to switch
Switch: Cisco Catalyst 2924 (1 fiber port module if required.)
Cabling: Category 5e to workstations
Minimum Users: 6 or more total permanent employees (potential users) at a single physical locationRemote Key Regional Sites to be dialed in to:
Router: Cisco - specifications according to WAN plan to accommodate dial in users
Switch: Cisco Catalyst 2924 minimum; 1 fiber port module when needed.
Cabling: Category 5e to workstations
Determination of Key Regional Site: Minimum of 3 DNR divisions co-located at a single physical location, Host site for remote dial in users, Site designated "Key" due to Telco provisioning model, and/or any site DNR ITS has determined will be a key Regional Site and does not necessarily fall into any of the above categories.Minimum workstation network connectivity configuration:
Network Interface Card - 10/100 TX PCI auto-sensing (RJ45)
Windows NT 4.0 (SP4 or higher) or Windows 2000 (SP1)
Cabling: Category 5e with RJ45 connectorsNOTE: Machines must also meet minimum hardware requirements as outlined in the Departments Computer Hardware Standards 1:06.
Required Network Services:
DHCP - Dynamic Host Control Protocol DNS - Domain Name Server WINS - Windows Internet Name ServiceAcceptable maximum traffic & performance level:
70% network utilization during peak work hours with full saturation for less than or equal to 2 minutes.Acceptable availability levels:
98% for FY2001 99% for FY 2002Availability Metrics:
Measured by total time available divided into total acceptable availability time.X=Time Actual Available Time= ________________________ ___________________ Total Time 5,323,200 Whereas: X = percentage availableTotal time = total amount of time application should be available in minutes, times the number of applications.
Based on the Matrix below the total minutes available are calculated as follows;
- 24x7 - 60 minutes in an hour times 24 hours in a day equals 1,440 Times 365 days a year equals 525,600 times the number of applications (9) for a total of 4,730,400 Total Time
- 9x5 - 60 minutes in an hour times 8 hours in a day equals 480 minutes a day times 260 days in a year equals 124,800 times the number of applications (1) equals 124,800 Total Time
- 10x5 - 60 minutes in a hour times 10 hours a day equals 600 minutes times 260 days in a year 156,000 times the number of applications (3) equals 468,000 Total Time
Total Time = 4,730,400+124,800+468,000=5,323,200 Minutes
Time Available = actual time available in minutes
Specific Application Availibility Matrix 24 x 7 9 x 5: (7:00 - 4:00) 10 x 5: (7:30 - 5:30) Exchange FMIS SMART COIN --- NationsBank DNR Backbone --- Print Servers Dial-In --- --- WAN --- --- Internet (DIGEX/Intermedia) --- --- Talisma --- --- MERLIN-on-line --- --- NRP Communications --- --- 3.1 Traffic projections
The Department of Natural Resources network design will be based on expected traffic levels. The criterion will take into account increased traffic from additional or reengineered services.The purchase of a Network Sniffer and/or Network Management System planned for FY2003 will bring to realization the ability to produce a network traffic baseline and to determine network utilization and latency. Projections will then be calculated as applications are added in order to recommend future bandwidth expansions and/or backbone upgrades. Bandwidth expansion and/or backbone upgrades should be calculated in the cost of all new applications.
3.2 Total lifecycle cost
The total long-term lifecycle includes initial costs such as purchase, installation, and training, plus the longer-term cost of maintenance and support.
NOTE: figures are per year, per server (should be multiplied by three year life cycle.)
Purchase price: $ 6832.00 Installation: $ 264.81 Training: $ 5850.00 Maintenance: $ 1000.00 Support: $ 3390.40 Upgrades: $ 500.00 3.3 Long-term support
Existing maintenance contract is to remain in place; internal staffing availability is during working hours. Staff is available off hours for emergency situations, subject to four-hour minimum on-call compensation, if called out.3.4 Interoperability
DNR network non-proprietary protocol is TCP/IP. The Department of Natural Resources existing and future network include interoperability with Maryland's high-speed network and with other State Agencies' networks.3.5 Compatibility
The Department of Natural Resources network components work together effectively and efficiently in an integrated system. Vendor equipment that requires the use of proprietary systems are used only if there is a compelling reason to compromise compatibility.3.6 Scalability
The Department of Natural Resources IT network components will not limit the ability of the system to support future traffic growth and increased throughput necessary to meet the Department of Natural Resources goals.3.7 Availability/Accessibility
Alternate/redundant routing should be considered, but due to Budget Constraints and limited resources available to the Department of Natural Resources ITS, alternate/redundant routing is not feasible at this time.3.8 Modeling & Simulation
This criterion addresses a method of predicting performance of a network design before it is implemented or modified. A model of a new application can be used to predict traffic levels. Alternatives can be compared for cost/benefit analysis. An analytical model can be used to determine cost effective clustering or homing during network design.3.9 Security
The Department of Natural Resources ITS addresses the need to protect system data and the operational network from loss or compromise. It includes the ability to prevent as well as recover from potential losses through encryption, firewalls, monitoring, authentication, and passwords. The importance of security increases directly with the importance of the data that will be transported on the network. Impacts of security are taken into account for performance. Relevant information and guidance on security can be found in the State of Maryland Data Security Information Technology policy.Reference DNR's Data Security Policy.
Reference section 3.10 of this policy for backup configuration3.10 Management
The Maryland Department of Natural Resources ITS addresses the need to monitor and actively manage a network to correct problems and to tune network performance using network management software. Monitoring software should collect and store traffic and performance statistics that can be used in baseline measurements. The baseline measurements are useful for comparison when problems arise, and for developing trends for traffic projections. Reporting and alarms need to be defined in order to determine what analysis tools are required. Reporting needs to be planned so that required information is gathered, but unneeded information is not stored. Monitored reporting data can become voluminous very quickly. Projections could then be calculated as applications are added in order to recommend future bandwidth expansions and/or backbone upgrades. Management also includes the scheduling of backups, both what to backup and how often to backup. However, traffic generated by network management software, especially the scheduled backups, has to be taken into account in traffic projections, consideration must be given to the impact of network performance management software can increase network traffic.The Maryland Department of Natural Resources ITS schedules and performs tape backups of the entire network and rotates storage of off-site tapes for disaster recovery purposes. Back-ups are scheduled after business hours of 8am to 5pm. The Schedule is as follows:
** Offsite rotation is weekly
COINS
SQL DatabaseGIS DATA
SERVERSSTANDARD
DATA
SERVERSCAC
MET
MANTA
LRS/NRPMGS OXFORD Weekly Full Backup Monthly Full Backup Weekly Full Backup Weekly Full Backup Weekly Full Backup Friday and Monday Full Backup Incremental Daily
***Incremental Daily
****Incremental Daily
***Incremental Daily
***Incremental Every 3 Days
**Offsite Rotation As Needed
*** Offsite rotation is bi-weekly
**** Offsite rotation is monthly4.0 RESPONSIBILITIES
The Department of Natural Resources has defined and implemented a Network Design and Operation Policy for the efficient and productive design, acquisition, and maintenance of IT networks as a means to accomplish the agency's mission and program goals and support Department of Natural Resources IT goals. This policy will be reviewed, revised, and reissued annually or as business conditions warrant.Network Design and Operation Policies will be submitted for review to the Office of Information Technology, Maryland Department of Budget and Management, which will comment on any possible conflicts with State goals and networking direction.
5.0 Definitions
- DHCP
Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network.- DNS
Domain Name System (or Service), an Internet service that translates domain names into IP addresses.- LAN
Local Area Network A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings.- Network
In general, a group of computers set up to communicate with one another. Your network can be a small system that's physically connected by cables (a LAN), or you can connect separate networks together to form larger networks (called WANs). The Internet, for example, is made up of thousands of individual networks.- RAID
Redundant Array of Independent (or Inexpensive) Disks, a category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers but aren't generally necessary for personal computers.- SCSI
Acronym for small computer system interface. Pronounced "scuzzy," SCSI is a parallel interface standard for attaching peripheral devices to computers.- SVGA
Super VGA, a set of graphics standards designed to offer greater resolution than VGA. All SVGA standards support a palette of 16 million colors, but the number of colors that can be displayed simultaneously is limited by the amount of video memory installed in a system.- TCP/IP
Transmission Control Protocol/Internet Protocol. A set of protocols, resulting from ARPA efforts, used by the Internet to support services such as remote login (TELNET), file transfer (FTP) and mail (SMTP).- UPS
Uninterruptible Power Supply. A unit that switches to battery power whenever the power cuts out.- WAN
Wide Area Network A computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).- WINS
Windows Internet Naming Service, a system that determines the IP address associated with a particular network computerWilson Parran Chief of Information Technology
Posted February 19, 2002