SECTION 1 - Wide area Network
SECTION 2 - Local Area Network & Wiring Scheme
SECTIOn 3 - District Supplied Servers and Functions 
SECTION 4 - Address and Network Management 
SECTION 5 - Security 
SECTION 6 - Internet Connectivity 


General Requirements

The school district is in the process of implementing a 
enterprise wide network which  will include Local Area 
networks (LANs) at each site and a Wide Area Network (WAN)
to provide data connnectivity between all school sites.

Access to the "Internet" from any site in the school district 
is also an integral part of this implementation. Once the 
network is in place the school district will implement a series
of servers to facilitate  online automation of all of the 
districts administrative and many of the curricular functions.

Since this network implementation will have to continue to be
functional for a minimum of 7-10 years, all design considerations 
should include 1000% growth in the LAN's and 100% growth in the WAN.
The minimum requirement for initial implementation design will be 

	1.0Mbps to any host computer in the network and
	100Mbps to  any server host in the network.

Only two OSI layer 3&4 protocols will be allowd to be 
implemented in this network, they are TCP/IP and Novel's IPX.

The Washington School District Wide Area Network (WAN) will
connect all school and administrative offices with the district
office for the purpose of delivering data. The WAN will be based
on a two layer hierarchical model.

Three (3) regional Hubs will be
established at the District Office, Service Center and Shaw Butte
elementary school for the purpose of forming a fast WAN core network.
School locations will be connect into the WAN core hub locations
based on proximity to hub.



TCP/IP and Novel IPX will be the only networking protocols that 
will be acceptable to traverse the district WAN. All other protocols
will be filtered at the individual school sites using Routers.
Routers will also be installed at each WAN core location. Access to
the "Internet" or any other outside network connections will be
provided through the District Office through a frame relay WAN link.
For securitypurposes, no other connections will be permitted.

Two Local Area Networks (LAN) segments will be implemented
in each school and the District office. The transport speeds
will be Ethernet 10BaseT, 100BaseT and 100baseFx.  Horizontal
cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP)
and will have the capacity to accommodate 100 mbps . Vertical
(Backbone) cabling shall be CAT5 UTP or fiberoptic multimode
cable. The cabling infrastructure shall comply with EIA/TIA 568
standards.

One LAN will be designated for student / curriculum usage and
the other will be designated for administration usage (see:
SECURITY SECTION). The LAN infrastructure will be based on
ethernet LAN switching which will allow for a migration to faster
speeds (more bandwidth) to the individual computers and between
MDF's and IDF's without revamping the physical wiring scheme to
accomodate future applications. 

In each location a Main Distribution Facility (MDF) room will
be established as the central point to which all LAN cabling
will be terminated and will also be the point of presence for
the Wide Area Network connection. All major electronic components
for the network, such as the routers and LAN switches will be
housed in this location. In some cases an Intermediate Distribution
Facility (IDF) room will be established, where horizontal cabling
lengths exceed EIA/TIA recommended distances or where site conditions
dictate.  In such cases, the IDF will service its geographical area
and the IDF will be connected directly to the MDF in a STAR or 
EXTENDED STAR topology.

Each room requiring connection to network will be able to support
24 workstations and be supplied with four (4) CAT 5 UTP runs for
data, with one run terminated at the teachers workstation.
These cable runs will be terminated in the closest MDF or IDF.

All CAT 5  UTP cable run will be tested end-to-end for 100 mbps
bandwidth capacity.  A single location in each room will be 
designated as the wiring point of presence (POP) for that room.
It will consist of a lockable cabinet containing all cable 
terminations and electronic components; i.e. data hubs. From this 
location data services will be distributed within the room via 
decorative wire molding.

Network 1 will be allocated for general curriculum usage and
network 2 will allocated for administrative usage.


 

Domain Name Services (DNS) and E-Mail delivery will be implemented
in a hierarchical fashion with all services located on the  master server
at the district office. Each Hub location will contain a DNS server to
support the individual schools serviced out of that location.

Each school will also contain a host for DNS and E-mail services
(local post office) that will maintain a complete directory of all staff
personnel and student population for that location.
The school host will be the local post office box and will store all
E-mail messages. The update DNS process will flow from the individual
school server to the Hub server and to the district server.

All regional servers will have the capability to communicate between
themselves thus building redundancy in the system in the event that the
District master server is unavailable. Should the District master server
require a partial or complete restore of data, the ability to query any or
all of the regional servers to aquire the needed information
will be provided.

The school district is moving towards a totally automated server 
based administration system.Each school location will contain an 
administration server which will house the student tracking, attendance,
grading and other administration functions. This server will  be 
running TCP/IP as its  OSI layer 3&4 protocols and will only be made 
avalible to teachers and staff.

The school district is implementing an automated library information and
retrieval system which will house an online library for curricular 
reseach purposes. This server will be running TCP/IP as its OSI layer 3&4
protocolsand will made available to anyone at the school site.

All computer applications will be housed in a cenrtal server at each 
school location. As applications such as Word processing, Excel, PowerPoint,
etc are requested by users these applications will be retrieved from the 
application server. This will provide district support staff with a easy and 
efficient method for upgrading applications without having to reload 
new software on each computer in the district network. 
This server will use TCP/IP as its OSI layer 3&4 protocols and will be
made available to anyone at the school site.

Any other servers implemented at the school sites will be considered 
departmental (workgroup) servers and will be placed according to user 
group access needs. Prior to implementation of other servers a 
requirements analysis must be submitted for the purpose  of determining
placement of the server on the district network.

SECTION 4 - ADDRESSING AND NETWORK MANAGEMENT

A complete TCP/IP addressing and naming convention scheme
for all host, servers and network interconnect devices will
be developed and administered by the District Office. The
implementation of unauthorized addresses will be prohibited.

All computers located on the administrative networks will  have static address,
curriculum computers will obtain addresses by utilizing Dynamic Host Configuration
 Protocol (DHCP).

A master network management host will be established at the District Office and
will have total management rights over all devices in the network. This host will also
serve as the router configuration host and maintain the current configurations of all
routers in the network. 

Each region location will house a regional network management host to support its area.

The management scheme for the data portion of the network will be based on the Simple
Network Management Protocol(SNMP) standards.

All routers will be pointed to the master Network Management  host for the purpose 
of downloading new or existing configurations.

The District Office will maintain the super user passwords for all network devices and 
configuration changes on these devices will  be authorized from the District Office: i.e.Routers
and Lan Switches.

External Threats - Internet Connectivity shall utilize a
double firewall implementation with all Internet exposed
applications residing on a public backbone network. In this
implementation all connections initiated from the Internet into
the schools private network will be refused.

In the district security model the network will be divided into
three (3) logical network classifications, Administrative, 
curriculum and external with secured interconnections between them.



This model will dictate that two physical LAN infrastructures
be installed at all schools and the District Office, with one
designated administrative and the other curriculum. Every
computer and file server will be categorized according to its
function and placed on the appropriate LAN segment At the schools
each LAN segment will have a file server.  All applications will
be categorized and placed on the appropriate server.

By utilizing Access Control Lists (ACL'S)  on the routers, all
traffic from the curriculum LANs will be prohibited on the
administration LAN. Exceptions to this ACL can be made on an
individual basis. Applications such as E-Mail and Directory
services will be allowed to pass freely since they pose no risk.

A user ID and Password Policy will be published and strictly
enforced on all computers attached to the administration LAN.

All computers in the District network will have full access
to the Internet.

All ACLs will be controlled at the district office and exceptions
to the ACLs will be reviewed prior to implementation.

SECTION 6 - INTERNET CONNECTIVITY

All Internet connectivity will be supplied through the
District Office with the District Office being the single
point of contact for all schools and organizations within
the district. This connection will be highly controlled and
capacity (bandwidth) upgraded as usage dictates.

Internet connection will utilize double firewall
implementation with a public network (ethernet backbone)
established for services that will be exposed to the Internet
such as master E-mail, Domain Name Services (DNS) and a World
Wide Web server. 

All connectivity that is initiated from the Internet to the
internal District network will be protected via Access Control
Lists (ACLs) on the routers that make up the double firewall
architecture. 

Any connectivity initiated from the District to
the Internet will be permitted to communicate freely.

E-mail and DNS services will communicate freely in both directions
since these applications poses no security threat.
A Web server will be located on the public backbone and
partitioned to allow any school to install a Web home page
on the Internet. 

Individual Web servers that need total exposure to the Internet
will not be permitted on the internal istrict network. If schools
require an independent web server host,this host will be placed on the 
public network backbone.