(ICAI5100A) Build an Internet Infrastructure

Prerequisite units

The following units are prerequisite for this competency:

• ICAB5160A - Build and configure a server

• ICAI3101A - Install and manage network protocols

• ICAI4029A - Install network hardware to a network

• ICAS120A - Configure and administer a network operating system

Outline

Elements of Competency and Performance Criteria

I. Plan and design internet infrastructure to meet business requirements

1.1 Select internet infrastructure in line with business and end-user requirements, within budget
limitations

1.2 Evaluate the internet service for satisfactory performance and confirm that the service meets
business and end-user requirements

1.3 Ensure that hardware, software, network and security requirements are in accordance with agreed
business and end-user specifications

1.4 Research internet to source suppliers, technologies, delivery schedules and replacement parts and
document findings

1.5 Evaluate internet service providers and establish their capability to deliver the required connection
service

1.6 Determine internet protocol address allocation based on the number of addresses needed

II. Install and configure internet infrastructure to meet business requirements

2.1 Install and test cables, where appropriate

2.2 Build and test servers
2.3 Install, configure and test switches
2.4 Install, configure and test firewalls
2.5 Install and test broadband hardware with selected internet service provider
2.6 Install workstation software and configure access to services
2.7 If required, install the necessary hardware and software to connect the internet to intranets or network
2.8 Configure domain names, internet protocol addresses and network address translation settings to make
internet access possible

III Install and configure internet services to meet business requirements

3.1 Set up software to provide services as required

3.2 Install and configure software that provides internet links with existing databases, documents, files
3.3 Develop templates and style guides for internet documents
3.4 Configure security access levels to safeguard data, making use of appropriate tools

IV Test security and internet access

4.1 Test and verify security access levels
4.2 Monitor and evaluate capability and reliability of security systems
4.3 Make changes to system to ensure protection against known and potential threats

V Ensure that user accounts are verified for security access and monitored
5.1 Verify user settings to ensure that they conform to security policies
5.2 Have legal notices displayed at appropriate locations for system users
5.3 Check passwords in accordance with business policies and verify with software utility tools
5.4 Plug well-known security gaps with appropriate hardware and/or software
VI Manage and support the internet
6.1 Assist management in developing procedures and policies for maintaining the internet infrastructure
6.2 Obtain, install and use management tools to assist in internet administration
6.3 Monitor traffic, appropriateness of broadcasts, content access and hits over the internet
6.4 Create logs and other reports required to manage and support the internet
6.5 Optimize internet performance
What is Internet Infrastructure?

All the hardware and services required making a web page appear in your browser, or an RSS
feed download into your reader, or VOIP calls / emails get to your desktop. All the underlying
technologies that are unseen, but ‘make the Internet go’.

Internet Infrastructure consisting of a ‘Top 5′ areas: These are :

Data Centre

A Data Centre is basically a specialist building that has the ability to power (and cool) massive
amounts of computer equipment. Typically a Data Centre would also have a very large amount
of network bandwidth to accommodate data transfer in and out of it. Data Centres are built as
highly redundant and resilient facilities – at the base level – you would expect a Data Centre to
have at least N+1 power (this likely comes as a local feed from the national electrical grid as ‘N’,
and a backup generator for the ‘+1′).

The Data Centre is the home for Internet Infrastructure. It is the central point of aggregation and
distribution of data and network services. These facilities tend to include:
- 24 x 7 Staffed Operations Centre (typically called a NOC, the staff monitor all activities of the
Data Centre and ensure smooth operation as well as deal with equipment issues)
- Building Management System (the BMS normally monitors and alerts on temperature zones,
power and cooling usage, outside temp., access control and CCTV)
- Secure Access Controls (i.e biometrics on all entry and DC floor doors)
- Fire Alarm and Suppression (ie. VESDA for detection and Inergen gas for suppression)
The unit of measurement for a Data Centre is space and power. How much space will the
equipment require and how much power will it draw (which is effectively double that, as cooling
a server takes about as much power as just having the device operating).

Network
Possibly to most important foundation block of Internet Infrastructure is the Network. Without a
network connection no data can pass between Data Centres, over the Internet, and ultimately
onto your Desktop, Laptop or Mobile Handset. For the purpose of this post, let’s talk about the
network infrastructure in a Data Centre, where data passed in to computer equipment, is
processed and/or stored, and passed back out of the DC.
So you would expect at least N+1 network connectivity into a Data Centre in the form of at least
2 Fibre Cables from telecommunications providers on diverse rings. Therefore if one had service
cut, the Data Centre’s network connection would not be affected. Some data centres
(Hosting365′s is one) are Carrier Neutral – which means a number of carriers have a Point-Of-
Presence in the facility, so the Data Centre is not affected by any commercial or technical issues
of a single carrier.
Next you would expect redundant switch gear in the Data Centre in separate racks so again if the
switch gear failed, the other set of it would simply take over and no service interruption would be
experienced.
The unit of measurement for network connectivity is megabits per second and available megabits
on the carrier connection. There may be 1 Gigabit available but the DC may only be using, and
paying for, 100 megabits. The ability to meet peak demand is important though, so Data Centres
will have a lot more connectivity available than is required for daily operations.

Computer Equipment
Now that the two basics of Internet Infrastructure are in place – the ability to power your
equipment and the ability to connect it to the Internet, the next thing is the computer hardware
that uses this to process and store the applications and data.
By computer equipment, for this basic post, I really mean Servers. A Server is a more complex
and high-end version of a desktop PC. An average server might consist of 2 power supplies (for
redundancy), 8-12 RAM slots, anything from 2-10 hard drive bays and multiple processors (not
just multi-core!).
Servers are housed in Racks in a DC which are typically 42u in height. (1U is 1-unit and a low-
end server takes up just 1 of these units, other servers scale within these racks to multiple ‘U’).
Racks are normally powered by 2 PDU (Power Distribution Units) which connect to (if
available) multiple power supply units in the server.
A low-end installation may be only a single server, which is the simplest form of Internet
Infrastructure. The server would be connected to the DC Power, the Network, an OS and other
required applications installed on it. Then it is ready to ‘power and push’ data on the Internet.
More complex deployments would include pools of servers, with different applications on each
one, or clusters of pools for multiple clusters with dedicated application requirements.
The unit of measure for Servers is Processor Power and RAM. Although there is a lot more to
selecting a server such as expandability, reliability, network ports, BUS speed, Cache size and
speed. Personally I would like the unit of measure in Servers to change, I think for buyers and
users it should be rated in ‘MIPS’ – which is ‘Millions of Instructions Per Second’ which is
effectively all that matters, and how today’s Mainframe computers (IBM BlueGene is a high end
Mainframe) are measured.

Storage Services
Data Storage is a huge part of Internet Infrastructure. All those emails accessible online, all the
web pages on your favorite web site, all those photos on Facebook … are all stored on a hard
drive in a DC somewhere. The basic level of storage is on-server storage, which means the hard
drives in the computer server. This can cause not just performance and capacity issues, but also
redundancy ones – local storage is inherently as prone to failure as the server it is in.
It is common to use specific storage devices – such as Direct Attached Storage (a dedicated and
dumb storage appliance connected direct to your server), Network Attached Storage (a storage
device that can be accessed by multiple machines over a network connection, and independent of
the server itself) and Storage Area Networks, which are high-end, resilient and redundant set-ups
that give high performance levels and are very scalable. A Storage Area Network may be shared
among many services, applications, servers and customers.
The unit of measure in storage is gigabytes (getting to be more commonly terabytes now) and
IO’s per second (input-output read/writes the device can perform per second).

Server Applications
The final piece of underlying Internet Infrastructure is the server applications themselves. In
order for an web application to be delivered from a server, that server requires an Operation
System (typically Windows or Linux), a Web Server application (like Apache or Microsoft IIS),
and a Database (such as MySQL, MS-SQL or Oracle). There any many more variations here, but
the basic web server has these 3 things. From here you can install blog software, an ecommerce
site, your new web 2.0 application, or any Internet capable piece of software (more include –
Instant Messaging Server, File Storage Server, Message Board)
More complex applications tend to have dedicated servers, or pools or servers, for specific things
– like a cluster of Database Servers, or a pool of Web Server to serve those ‘www.’ page
requests. These may also have more complex network setup such as dedicated routers, load
balancing and firewall devices (for traffic management and security respectively)
Overview

Functional requirements capture the intended behaviour of the system. This behaviour may be
expressed as services, tasks or functions the system is required to perform.
The requirements documents are comprehensive, detailing what is required of an installation to
meet the business needs of users. Such a document can run to considerable length and would
normally be prepared by an IT analyst or project manager. The author of the functional
specification should be able to speak the language of both business and IT.
The functional requirements documents are the ‘blueprint’ for the project implementation.
Anything missed will appear at the end, and just as when building a house, if the plumbing
design is wrong then it will be expensive and time consuming to correct.
Often one of the first steps in large projects is to devise a functional specification, also known
as the functional requirements specification (FRS). After this, a technical specification can be
produced.

Requirements issues
When selecting and employing software and hardware tools, one of the first and most important
activities to embark on is identifying what the client wants and to ensure they sign-off on the
requirements. This may sound easy, but in many cases it is not!
For example, how can a client (who often has limited knowledge of IT architecture) indicate
what they want if they have not seen a working prototype to assess?
In many cases, inexperienced clients advise the developer on what they want, when they may not
really understand what is achievable technically. This issue can also be made more complex if
the process occurs in an organisation that has rigid IT policies, which can raise numerous
compatibility issues.
In addition, this is made even further complicated if you are in a situation where you are trying to
win a contract or compete for work. Others (eg competitors) may have promised the
unachievable and given an impression that ‘anything is possible’. If you are awarded the work or
win the contract, you may now be expected to deliver the impossible. An open and honest
assessment of what will be delivered is essential.
So, one of the tasks is to document the requirements.
This may include identifying or clarifying:
 the business case
 what the client considers the project’s main objectives are
 what IT infrastructure is already in place
 basic specifications (eg formats)
 conflicting or overlapping requirements
 maintenance and backup requirements
 bandwidth issues that may affect the project
 role definition of parties involved
 the nature of the data (eg banking details, multimedia)
 security needs (eg if the client needs logins, passwords, lockable sections, etc)
 available support resources
 costings.

Needs analysis
Various techniques can be used to define and refine the project needs, such as interviews with
the client, online JavaScript surveys/forms, user discussion groups and questionnaires with
samples of the target audience. A very important purpose of this analysis is to develop an
understanding of what is achievable within the project resources of skills, funds and time.

The process of needs analysis may result in a separate needs report, especially on large projects.
On smaller projects, the needs analysis and the information gathered can often be documented
with the proposed solution in the one document: the scope document. This provides information
on which design decisions will be based in the next stages of development.
For most IT applications including multimedia, the needs analysis will need to focus on three
perspectives:
1 Business perspective: An outline of the current business climate, structure of company and
the emerging industry issues that are driving the project.
2 Technical perspective: An outline of existing IT systems/infrastructure of the company
including computer hardware specifications, numbers and locations, details on browsers,
operating systems, servers, security policies, networks, bandwidth capacity and so on.
3 Human perspective: An outline of the motivation of staff to use new IT systems. It may also
cover such considerations as PC literacy, industrial relations issues for staff, legalities and
even language issues for users.
A common criticism over the last decade is that IT developers have focused too heavily on the
technology and not enough on the users’ needs or the long-term business goals. By giving
adequate attention to these different perspectives, you are likely to end up with a solution that
addresses the client’s real needs.

Scope documentation
The aim of the scope document is to identify, control and justify the proposed solution.
Typically, the project manager/developer will normally prepare the document after consultation
with the client and the project team. It should contain most, if not all, of the information that will
form the project contract. Data gathered in the needs analysis can also be included here.
The first draft of the scope document is rarely fully mutually agreed upon. There are usually
numerous negotiations to refine the specifications of the deliverables. These will, of course,
impact on the budget and schedule of the project.
The final scope document should clearly specify the milestones and sign-off points, including
possible points and conditions for revisions to the budget and schedules. A timeframe should be
included in the document, but a full timeline that has agreed delivery dates may not necessarily
be part of the document at this stage. (This depends on the size and complexity of the project).
As part of the scope, there must be clear agreement on issues such as reporting, documentation,
evaluation, testing and delivery requirements. This defines, in quantitative terms, how the client
and the developer/implementer will work together and how, through the process of sign-offs, a
mutual end agreement will be reached. This means that in the end the appropriate product has
been built in the agreed way and via the agreed strategies outlined in the scope document.
The approval of the contract generally involves representatives signing a specified agreement on
the last page of the scope document. Any variations to this agreement will also have to be
approved by authorised representatives of the client and development team.
As you can imagine, once hardware is approved, ordered and functioning it is very difficult for
the client to then request anything else. At this stage, many thousands of dollars in hardware and
software, not to mention IT specialist wages, may have been allocated. The basic plan must be
right at the start!
Throughout the project, the client and the development team must have a strategy in place to
inform each other of any event that may impact on successful progress and timely completion of
the project. The strategy again must be outlined in the scope document.
Functional requirements specification

The functional specification describes what the system will do, as opposed to how it will be
done. This distinction is important, because:

 the client may not be interested in the details of how a function is implemented, and the
technical details may simply cause confusion for the client
 the implementation details may need to change during the design and development of the
project
 you don’t want to have to negotiate changes to the functional specification just to change
details of implementation
 the technical specification for large projects will be detailed in a separate document, and
you should not entangle one with the other.

The language of the functional specification should be clear, concise and (as far as possible) non-
technical. It is very important to attend to details in the functional specification. One misplaced
word may commit a vendor company to develop extra functionality that was never intended, and
damage the profitability of the project.

Fixed requirements
Some requirements are fixed, and not derived from the ideal functionality that the product or
system should possess. These are often in the form of constraints set by the client. For example:

 A client may require a particular look-and-feel to their website.

 The client may require your system to interface to their existing systems in a particular
way.
Use cases
A use case is a very useful tool to help you start to determine the required functionality of a
system. Use cases have quickly become a standard tool for capturing functional requirements.

A use case is a diagram showing how the proposed system will be used in one particular
scenario, by a particular user. Use cases allow the designer to focus on details, but keep the
design grounded in the basics of how the system will be used. A large system will have many use
cases.

Web research
There are some very good articles on use cases on the Internet. Read these two articles on the A
List Apart website:

 ‘What’s the problem?’ by Norm Carr and Tim Meehan at:

www.alistapart.com/articles/whatstheproblem
 ‘Use cases Part II’ by Norm Carr and Tim Meehan at:
www.alistapart.com/articles/tamingscope.

Examples of functional requirements

Functional requirements describe the way in which the different components and functions in the
solution will interact. They will clarify how the solution is going to work and how users can use
it.
Next are some examples of the questions you might ask in order to determine the functional
requirements of an IT system.

User requirements
 How many users are expected to use the system?
 How many people will be utilising the solution at one time?
 Where the users will be located (eg overseas, interstate or at home)?
 What navigation model will it use?
 What is the range of the content?
 How much content will it include?
 How will the content be structured?
Technical requirements
 What types of computers/operating systems will the users operate?
 Are their desktops all the same?
 What bandwidth restrictions occur presently?
 What security (login) will they need?
 What backup policies need to be in place?
 Who will have administration rights?
 What will the business do if the system fails at any stage?
 Who is the project sponsor?
 What does management expect the system will do and won’t do?

Hardware
 Compatibility: will the solution work with existing systems?
 Support for multimedia formats: will the existing systems and architecture support all
types of media?
 Will the new system be supported by existing resources within the company?
 Is there funding available for new hardware? (eg new servers)
 What is the backup strategy? Has this been costed?
 Does the system need to be mirrored?
 Will there be time delays to purchase and install hardware?
 Will you be relying on another group to set up the hardware? If they don’t consider your
project a priority, is that time delay factored into the delivery strategy?
 Are there other projects that you may be able to share hardware costs with?
 If the system needs to cater for multimedia, does there need to be extra attention paid to
being able to store and transmit large graphic, sound and video files?
 If you are a consultant or part time employee, will you be given permissions and rights to
install and support the system fully? (As some computer centres are secure).
Software
 What is the true cost of the software?
 Are there licensing issues? (As the system is in development, should you pay for all the
licensing now, or when the system is in live mode?)
 Can the software be licensed for use by multiple users who use it on different machines?
(Concurrent licensing)
 How long has the software been on the market for?
 What happens if the software company becomes insolvent? Who supports it?
 Who owns the source code?
 What happens if the source code is modified; who supports the product then?
 Does the solution work with all other company software systems?
 If web-based, does the solution function on all common browsers?
 If security is a concern, can the software be delivered in a ‘locked down’ format?
 Does the software support all file formats? (This is especially important when working on
multimedia tasks.)
 Is the software easy to use or are there major training issues/costs?

Support materials
You will need to consider the content and design requirements of all support materials. Support
materials could include:

 system specifications
 user guides
 knowledge banks
 intranet/Internet help sites/CD-ROMs
 training manuals
 general user documentation and print-based help.

You will also need to consider workshops, seminars or briefings you may need to run in order to
support the software/hardware/system.
During the development of the scope document you will have determined the kinds of support
materials that you will need. You will probably also establish who will be responsible for the
production of those materials.

Handover training is another important and time-consuming task. If a developer (who is a

specialist in the area) works on a project for, say, six months, how long will it take to train a
support officer to support the system? One day? One week? One month?

In conclusion, the project manager will generally be responsible for coordinating the
development of the support materials in parallel with the development of the package.

Role definitions
One of the most important tasks a developer must do before moving into the design and
development phases is to clarify roles and responsibilities. If this has not been done it is virtually
impossible to cost a job, as you cannot allocate the funding for staff. As well, this can lead to
problems finishing a project on time.
For example, the main things to clarify (in terms of roles and responsibilities) may include:
 Who is responsible for the sign-off? (And if that person leaves the company, who will do
it then?)
 Should the roles be described as position titles rather than individuals’ names?
 Who approves purchases (eg software)?
 Who will support the project after the development team has gone?
 Who will collect and collate the content?
 Who will check the legality of the content?
 Who has responsibility for organising the workspace for the development team?
 Who will approve the security systems of the multimedia product?
 Who takes final responsibility for the project?

Budget issues
Funding is a tricky area. Sometimes the ‘real’ budget is not disclosed. Sometimes this is done for
valid reasons, sometimes not. It is common knowledge that some clients are reluctant to reveal
their budget as vendors will bid up to available funds. As well, some parts of the IT industry are
still somewhat immature, so it is often difficult to cost a job.
There are many variables. One job could take 2-3 weeks to install and set-up. Once all the bugs
are identified, the task might only take a matter of hours to repeat. Implementing complex IT
projects is not an exact science!
Due to this situation, it’s always worthwhile to seek additional funds. Many large and small
organisations do not appreciate being asked to fund extra amounts after a project has
commenced. It is often wiser to be honest and seek additional funds when completing the initial
project approval.
Another important point is that the client must understand what it is they are paying for. Be
mindful that it is easy to confuse clients with technology terms and acronyms. Ensure the
contract outlines what the deliverables are in plain English. It is also helpful for the client if you
include a breakdown list, as an attachment, that quantifies all the major deliverables.
Finally, remember that if you do not win the contract, you have devoted time to the bid and this
has cost your company money. So ensure this potential loss is a consideration in your overall
business plan!

Sign-off
In the planning phase, the sign-off typically covers an agreement with the client for the following
items:
 target platforms
 look and feel of the solution (proposed product/system)
 graphics standards
 navigation and user issues
 hardware and software limitations
 development tools (if not purchasing a solution off-the-shelf)
 client and developer responsibilities
 privacy issues
 initial timelines
 budget.
Again, the major purpose of the sign-off is to prevent problems later in the project. No one wants
disagreement about aspects of the deliverables at the end of the project. The sign-off process
forces all issues to be laid out on the table and discussed.
Summary
A functional requirements document is a critical element of any IT project. It should cover all the
important points, yet still be easy to understand for non-technical people.
Another aim in preparing a comprehensive functional requirements document is to cover
everything and yet keep it brief. While it is the ‘blueprint’ for the project, if it covers everything
in too much detail the key stakeholders may not have time to read it all.
You must ensure that a realistic blueprint is achieved; to avoid confusion occurring late in the
project cycle and help the final result to be a positive experience for both parties.

Progress
Have a look at the next section—Practise. If you have trouble, review this Reading or perhaps
take a look at some of the listed Resources.
When you feel ready, try the Self check section at the end of this topic. This will help you decide
if you are now able to complete the task and attempt assessment.
LO2: INSTALL AND CONFIGURE
INTERNET INFRASTRUCTURE
Network hardware

A great variety of networking devices exist—many more than can possibly be covered here.
Local requirements dictate the types of networks be formed using these devices. This reading
will focus on the most common range of network devices and the main standard that supports
them, Ethernet.

Ethernet
Most network devices commonly-used are based upon the Ethernet protocol. Ethernet speeds
have been slowly increasing over the last decade, from 10 megabits per second (10 Mbps, 10
million bps) up to discussions of 10 gigabits per second (10 Gbps, 10 x 1000 Mbps) and beyond.
Currently, most computer networks work very well with the 100 Mbps range of products, but as
data transfers within a local rea network increase, the higher bandwidth and capacity of faster
networks may be needed. Often the limiting factor is not the network speed but other bottlenecks
(limits) in the overall system, such as processing speed and hard drive access times.
Ethernet uses the concept of CSMA/CD (carrier sense multiple access with collision detection).
Carrier sense means that devices on the network listen first for no network activity on the
network. No activity indicates that no other device is sending information, since they all use a
common medium to transfer data (multiple access). But since just as in a momentarily quiet
room two or more people may start to speak at the same time, the collision detection mechanism
is a method of dealing with this.
Wireless Ethernet devices (based on the IEEE 802.11 standards) have recently become more
available. These include connection devices such as wireless access points (AP) and individual
peripherals, such as printers. Wireless networking devices connect the network by radio waves.
Similar concepts to the wired Ethernet are used to ensure that transmissions don’t conflict
(collisions) and are regulated in some way.

Open systems interconnect–reference model

(OSI-RM)
The open systems interconnect—reference model forms the basis of networking communications
and is maintained by the International Standards Organization (ISO). It is a model to aid in the
development of communications standards, not a standard itself. The different layers define
functions that should be considered and implemented at each level. When a device operates at a
particular layer it means that the device components make informed decisions based on
information from that layer of the model. For example, a switch makes decisions at layer 2, data
link layer, based on the media access control (MAC) address of the destination network card.
The MAC is a sub-layer of the data link layer. (Of course, all devices need access to the layers
below so that they can physically connect together.)

Table 1: OSI reference model layers and basic functions

Layer Basic functions

7 – Application Interface to user Programs

6 – Presentation Data compression, encryption
5 – Session Authentication
4 – Transport Logical connection of data stream
3 – Network Moving of data packets through connected networks
2 – Data Link Co-ordination of access to the medium
1 – Physical Physical signalling on the medium

Network devices
Some of the more general types of network devices available are listed in Table 1 on the next
page.

Table 2: Examples of network devices available

Device Description

Network Often referred to as network interface cards (NICs), they may be installed in
cards a computer or peripheral device and interact with the network medium,
including both wired and wireless networks.
Switches Often switches are used interchangeably with hubs, but they have slightly
different characteristics. The differences will not usually show up as a
performance increase until used in a larger network with multiple servers. A
switch is a better performing device and is only slightly more expensive
than a hub.
Switches operate at layer 2 (data link layer) of the open systems
interconnect—reference model and can make a decision on the destination
of a data packet that they receive. In this way, a switch may send data out to
a port based on the destination media access control (MAC) address that is
included in every frame. In fact, simultaneous data transfer between
computers is possible, which increases overall network capacity.
Device Description

Hubs A hub creates the basic framework for most local area networks used in
business and home environments. They connect the servers, workstations
and other network devices together.
Hubs are also called multi-port repeaters. Hubs work at the OSI open
systems interconnect—reference model Physical (layer 1).
Routers Routers are used to interconnect two or more LANs. The LANs may
communicate through the router or the router may act as a gateway to
connect to the Internet.
Routers operate at Layer 3 (Network layer) of the open systems interconnect
—reference model and make decisions based on the network addresses
which are included in the data packet. In most networks, the network
address will be based on IP addresses but may also include IPX address
information to work with Novell Netware networks.
Access These devices act as a hub in a wireless network and as a connection
points between the wired and wireless network segments in a combined network.
In some configurations, the access point will act as a switch and/or router
and prevent unnecessary data packets from travelling between the wired and
wireless sections of the network. In other configurations, two or more
access points may only act as a repeater (or relay) and connect segments of
a wired LAN, perhaps between buildings or across roads where wired
access would be difficult or expensive to connect.
Broadband These devices connect between a LAN (or single computer) and a
modem/ permanent broadband Internet connection such as ADSL or Cable. Modem
routers versions tend to have USB connections that must connect directly to a
computer. Router versions have an RJ-45 LAN connection and/or a wireless
antenna that may connect to a computer or hub to share Internet access
between many computers.
Printers Many printers are available to connect directly to an Ethernet network.
These include printer with an inbuilt NIC. Examples are of network-ready
printers are: Brother HL-5170DN, Canon IP4000R and Hewlett Packard
DJ6840.
Scanners Some scanners are network-ready and provide access from the network.
Many of these are included in Multi-Function Centres with printer, copying
and fax capabilities as well. Examples are: Brother MFC-620CN, Canon
NSA-01 and Hewlett Packard Photosmart 2710.
Storage These devices offer additional file storage capabilities to a network. They
act as a file server and the storage can be controlled over the network.
Examples of Network Attached Storage devices are: D-Link DSM-624H,
Iomega NAS 100d/160G and Linksys EFG250
Ways of minimising disruption

‘Hey! We’re trying to run a business here!’

This is the last thing you want to hear when you are under a desk trying to install something that
just won’t quite go in easy. Phew! Got it. You stick your head up and find everyone looking at
you. What? Oops. No server access. No Internet. What happened?
You just disrupted business operations. How much is the disruption going to cost? It may affect:
 People’s time—yours, your client’s and their clients’ time while redoing transactions and
cleaning up.
 Reputation—yours and your client’s; will they want you for future projects?
 System reliability—until fully tested doubts will linger as to the stability of the system.
In a technical field such as this client communications is important. Ultimately, the clients use
the computers and devices you are working on. These clients will determine if you continue
working with them. To minimise disruption, a close rapport of information exchange is required
that sets the scene to handle disputes and technical glitches that may arise.
You also need to plan to avoid disruption in the first place. When planning an installation or
modification to a network, you need to:
 schedule work outside normal business hours
 inform people when your work may disrupt their work
 have backup and ‘back out’ plans in place to repair problems sooner
 have an installation plan approved by your client in advance (and avoid the need for
problem and conflict resolution later).
For work in business hours, a temporary set up can allow business to continue while work is
done. This may include reconfiguring devices to use alternative resources, or to allow different
protocols to be used, such as by changing gateway settings and routes for Internet connection and
changing log in scripts. The configuration of any temporary set-up should be fully documented
as it can also be part of a disaster recovery plan.
Installation procedures

Internal hardware
Many main system boards come with a network adapter built-in; opening the system unit of a
computer workstation in order to add networking hardware is rarely necessary. You may
otherwise need to add a network card to a system when:
 none is built-in to the main system board
 replacing or overriding a failed built-in network card
 an additional network card is needed for routing purposes
 upgrading the network card for one with faster processing.
Regardless of the reasons for installing an internal network card, typical precautions must be
taken. Remember that if the computer is a server of files, printer or other resources on the
network then many people are potentially affected by the outage.
Typical steps to follow when installing a network card, explained in detail to follow, are to:
 inform users who will be affected
 isolate the system unit by disconnecting the power supply and exterior cables
 open the case and take anti-static precautions
 identify the location to install card and possibly remove old card
 follow manufacturer’s directions
 replace case and cables
 reconnect the power
 install the software drivers, following manufacturer’s instructions.

Informing users
Depending on the system to be opened this may be a single user or a group or everyone.
The only time you do not have to worry about this step is when the system is not working at all
and by working on it, you will restore functionality. If it will take a long time then you still need
to keep people informed of the progress. You can judge the necessity of the progress reports by
the number of people asking you when it will be fixed or even just ‘How’s it going?’
Isolating and disconnecting the unit
You must first isolate the unit for your own safety and that of the equipment and data stored.
Most system units only deal with low voltages within the case (except for the power supply
itself) and safety switches on the mains supply (residual current devices, RCDs) reduce the
chances of electrocution.
The disadvantage of such systems is that the safety switches cover many power points. This
means that if a safety switch trips, many devices and even larger numbers of users will be
affected by the loss of mains power. Disconnection from the supply reduces the possibility of
causing such a power failure. Removing or adding components to a live system may cause
damage to the main board (and potentially larger problems, causing file system damage and data
loss, even application and operating system problems, over a network).
You need to disconnect exterior cables as a further safety practice. Access to the system unit will
be simpler if you can lift the case to a normal work height and into better lighting than found
under most tables. Disconnected cables must then be left out of the way to prevent accidents.

Opening the case and taking anti-static precautions

With the system unit in a well-lit, stable work area, you can remove the case. (Remember to put
the case parts out of the way to prevent accidents.)

At a minimum, you need to use an Notes on static

anti-static wrist strap in a correct Static discharge can damage sensitive
manner to avoid causing damage to components in the computer system. They
the system while working on it. The may not fail immediately but the life of
anti-static device works by components exposed to static discharge is
connecting you to the computer and often reduced.
parts to reduce the voltage difference It is not sufficient to merely touch the case.
to zero. This is a fallacy. As soon as you are no
longer touching the case, static starts to
Wear the wrist-strap on your non-
build up a voltage difference between you
dominant wrist (the left wrist for
and the system unit. You would need to
right-handed people). The lead consciously keep continuous contact with
between the wrist-strap and the the case. Less than 25 volts is needed to
alligator clip (or similar) should damage sensitive components in computer
connect to an unpainted surface of systems while it takes over 1000 volts
the computer case containing the before you feel any shock from static
main-board. electricity.

Keep all hardware in its anti-static packaging until ready for installation and keep the anti-static
packaging in contact with an unpainted section of the computer case while removing the
component from packaging. Hardware components removed from the system should be placed in
anti-static packaging while the packaging is in contact with the case, in preparation for storage
and transport.
The additional use of an anti-static (static dissipative) mat will enhance your anti-static working
environment. At client sites this displays your concern for the equipment under your care. Web
links to handling techniques are listed in the Resources section of this Learning Pack.

Figure 1: PCI network interface card on anti-static bag with wrist-strap

Identify location to install card (possibly removing an old card)

PCI is the peripheral component interconnect standard (the abbreviation is always used), which
specifies a computer bus for attaching peripheral devices to a computer motherboard. These
devices can take the form of integrated circuits fitted onto the motherboard itself (called planar
devices in the PCI specification); or expansion cards that fit in sockets.
New network cards will insert into a spare PCI slot of the main system board. The PCI slots can
be identified as white connectors approximately 8 cm long by 1 cm wide towards the back of the
system board. You should also identify possible obstructions to the installation of the network
interface card (NIC) and a clear path for the easy connection of the network patch cable with all
the other cables connected. This may include removing a screwed-in cover plate or a fixed panel
that has been pre-perforated. The pre-perforated panel needs to be removed by repeated small
movements back and forth until eventually it snaps off. Beware of the sharp edges of the case
while doing this, particularly when the piece comes away.
 Figure 2: PCI slot on main system board

Follow manufacturer’s directions

Manufacturer’s directions usually include instructions for the correct insertion of the NIC. Some
manufacturers specify which PCI slot to use, which may require the rearrangement of other
cards.
The visibility within a system case is often low, particularly with other cards adjacent to the
small NICs available. It is important to be sure that the network card is properly seated into the
PCI slot. You should be able to see that most of the card’s gold edge connectors have gone into
the slot and what is left showing is even along the top edge.

Figure 3: Firmly seated PCI card

Reassembly and connection
Reassembly and connection reverses the removal procedure. Remember to disconnect your
antistatic wrist-strap from the system as well. Re-locate the system unit and reconnect the
exterior cables.
When the power is turned on the unit should start up as normal. Be aware of any beeps or
warning messages that may be generated as the system performs its self-check.

Installing software drivers

The Microsoft Windows operating system should automatically detect the hardware during start-
up and a wizard will begin to install drivers necessary for the network card. This may require a
re-boot in order to activate the network card successfully. For UNIX or Linux systems, modules
may have to be enabled or even a re-compilation of the system kernel.

External hardware
Many devices already come with a network interface installed, such as hubs, printers and storage
devices. You may also choose to install a network interface adapter to an external port, such as
USB (Version 2.0) or FireWire (also known as i.Link or IEEE 1394). The choice of device will
have already been made by this time, so the physical installation is relatively straightforward.
Similarly, the location of the external device and provision of power and suitable network
connections should have been arranged.

Patch and crossover cables

Most networking hardware will interconnect using standard patch cables. Stranded unshielded
twisted pair (UTP) cable is used for flexibility, with an RJ-45 modular connector plug on each
end. The four pairs of conductors are arranged identically in each plug, as shown in Figure 4 on
the next page.
When you need to directly connect a pair of like (similar) devices, a crossover cable must be
used. These cables are also made from stranded UTP cable for flexibility with an RJ-45 modular
connector plug on each end, while the four pairs of conductors are arranged to swap (cross over)
the ‘transmit’ and ‘receive’ pairs in just one of the plugs, as shown in Figure 5 on the next page.
Table 3 on the next page shows the types of direct connections possible and the types of cables
used.
Figure 4: Patch cable showing both ends Figure 5: Crossover cable with swapped
identical pairs (green swaps with orange)

Table 3: Direct connections table * These direct connections should not

normally occur when connecting hardware
Network **
to a network.
storage

Network ** These direct connections will probably

** **
printer never happen.

Wall plate Patch cable Patch ***

cable
*** A patch cable may
be for testing as a
Patch * * Fixed *** loop back.
panel cabling

Hub or Patch cable Patch Crossover Patch Patch cable

switch cable cable * cable between an
uplink and a
normal port

Computer Crossover Crossover Patch * Patch cable Crossover

(NIC) cable cable cable cable

Device Network Network Wall Patch Hub or Computer

storage printer plate panel switch (NIC)
How does it look?
Figures 6-10 to follow show
how the various connections will
appear when you connect the
devices to form a network. Note
the plastic lug of the RJ-45
connector needs to be squeezed
in order to remove the plug as it
locks the connector in place.
Cables with broken lugs need to
be repaired or replaced.
Figure 6: Computer using active network card

Figure 7: Double wall plate with Figure 8: Patch panel showing spare
shuttered sockets and patch cable positions
connected

Figure 9: Hub with patch cable Figure 10: Hub with uplink port in use
Note: The uplink port and the 1X port
cannot both be used at the same time.

In Australia, for patch cables, the colour of the wire’s insulation (in Table 4) and their
interconnection follow the adopted standard is TIA/EIA T568A.
Table 4: Patch cable colours

Conductor pairs Colour

1/2 White with orange stripe/solid orange

3/6 White with green stripe/solid green
4/5 White with blue stripe/solid blue
7/8 White with brown stripe/solid brown

The connections you produce would resemble those on pages following, shown for:
 normal connections with infrastructure (fixed wiring)
 normal connections without infrastructure (no fixed wiring)
 connecting two devices directly
 connecting multiple hubs directly.

Figure 11: Diagram of the network connections used when fixed wiring infrastructure and a wiring cabinet
is available
Figure 12: Diagram of the network connections used when there is no fixed wiring infrastructure available

Figure 13: Diagram of the network connections used when connecting two like devices directly
 Figure 14: Diagram showing how two or more hubs may be interconnected either within or outside a
wiring cabinet

Note: Many hubs and switches now come with auto negotiation of the ports as either medium
dependent interface-crossover (MDI-X, normal) or MDI (uplink), this makes it much more fool-
proof to interconnect devices. MDI is an Ethernet port connection that allows network hubs or
switches to connect to other hubs or switches without a null-modem, or crossover cable.
However with the increased ease of interconnection, more care needs to be taken to ensure that
you keep a hierarchical structure to minimise the number of hubs between any two devices on a
LAN to four.
Configuration

Once new hardware is connected, the equipment is then integrated into the existing network or a
new network begins. Integration includes the naming and addressing schemes for the protocols
used on the network, which may be specified by the organisation.
Many new network devices such as routers or switches include a small web-server that allows
you to log in to the device and change settings using a web browser. In this way devices can be
configured using any operating system with a web browser.
When making changes you must keep track of the IP address of the device, if you change it to
suit the network you are working on, you will not be able to connect using the IP address in the
browser address bar. Factory defaults are usually in place for username and password, so at a
minimum the password needs to be changed to prevent unwanted access. There is often a button
to reset factory defaults if the password is lost or forgotten. Unfortunately, this also wipes any
configuration changes, so documenting the settings, including any changes made over time, is
essential. The reset switch also requires the device to be physically secured, to prevent
tampering.
Table 5 outlines the basic configurations added network hardware.

Table 5: Configurations for added hardware

Added network Basic configuration required

hardware

Workstation or Name; IP Address; Join domain or active directory; Add extra

NIC protocols such as Internetwork Packet Exchange (IPX) if needed
Hub Usually no configuration needed
Switch Usually no configuration needed. Switches learn about their part of
the network as they are used.
Router Name; Configuration needs to be made to have correct routes and
interface addresses assigned. IP Addresses (Note two or more for a
router). Some routers will discover the adjacent route from adjacent
routers if these protocols are active.
Printer Configuration program needs to be installed on a workstation to
allow configuration to be carried out. Drivers installed on the server
if present and possibly on each workstation. Name; Share name; IP
address; Add to domain or active directory
Added network Basic configuration required
hardware

Network storage Configuration program needs to be installed on a workstation to

allow configuration to be carried out. Share often controlled by the
server transparently to the users. Mapping drive letters by modifying
login scripts. Name; Share name; IP Address.

If any settings were modified at the start of the installation phase then these need to be
reconfigured to their original settings, or to new settings if they are affected by the changes you
have made.

Setting the IP address

Each workstation, server or other network peripheral device on a network needs its own unique
identification number in the form of an Internet protocol (IP) address. In IP version 4 (used here),
known as dotted decimal notation, has a 4-byte binary string that is normally written as four
decimal numbers each separated by a period or dot, for example:
203.14.151.67.
The two choices for setting IP addresses are called static and dynamic. Static IP addresses are
changed manually so the address remains the same for a computer until specifically changed.
A dynamic host control protocol (DHCP) server allocates dynamic IP addresses, and while they
tend to remain the same, they may change without notice.
Static IP addresses are manually configured and tend to be used in small networks where
changes will not happen very often and a DHCP server is not present on the network. Static IP
addresses are also used for routers, gateways, servers and other network resources on any
network.

Dynamic IP addresses must be used in Note on figures next page

conjunction with a DHCP server and
tend to be used on larger networks for Dialog boxes in Figures 15–19 to follow,
IP address allocation to workstations. used to illustrate setting an IP address
and computer name, are from Windows
The DHCP server allocates an IP XP Home edition. Windows XP
address automatically to a client Professional differs slightly in detail.
device when the client requests one.

Many ADSL routers now incorporate a DHCP server so smaller networks are using dynamic IP
addressing. The DHCP server also allocates the configuration details for accessing the Internet
through the router, making re-configuration and Internet access easy.
 To set the IP address as either static
or dynamic as per organisational policy and
standards you must:
 Login with an administrator level
account.
 Select Start then select the My
Network Places option.
 In Network Tasks on the left select
View network connections if they
are not currently shown.
 In the right panel under the LAN or
High-Speed Internet section right-
click the Local Area Connection
and select Properties from the pop-
up menu to display the following
dialog.
 You may need to scroll down the
Figure 15: Local Area Connection Properties
Protocols and Clients list to view
the Internet Protocol (TCP/IP) item.
Select this and click on the
Properties button.
 For dynamic IP addressing select
both the Obtain an IP address
automatically and Obtain DNS
server address automatically, as in
Figure 16.
 Figure 17: Setting for static IP addressing  For Static IP addresses you need to
(substitute values for your own network and set all of the information except an
Internet service provider)
Alternate DNS server in order to
access the Internet, as in Figure 17.

You need to set the computer name of all the computers in your network. This allows you to
organise how the network interacts with various devices and also allows shares to be re-shared
from a central source such as a server.
Setting the computer name
To change the computer’s name to
conform to organisational policy and
standards you must:
 Login with an administrator level
account.
 Select Start then right-click on the
My Computer option.
 From the pop-up menu select
Properties.
 Click on the Computer Name tab of
the dialog. You should have a
dialog like that in Figure 18.
 Click on the Change button to
show the Computer Name Changes
dialog in Figure 19.

Figure 18: System Properties showing Computer

Name tab details (Note: Windows XP Professional
will also mention joining a domain near the Change
button)

When the name is displayed as required you

press the OK button.
If you are using Windows XP Professional
and you are joining a domain here then you
will be prompted for the username and
password of a domain administrator level
account to join the domain.
This will be followed by a short delay as
authentication and entry to the Active
Directory is made. When successful, a
welcome message is displayed.

Figure 19: Changing the computer’s name

(Note: Windows XP Professional will have a
section to join a Domain under the Workgroup
entry fields)
Testing the hardware and configuration

Now that everything is in place as planned, you must undertake a systematic (if not complete)
test of the network system.
You must confirm that the network functions as designed.
 Can users login? Note that the questions
 Can users reach the server to store and start with ‘Can users…’
retrieve files? You might be able to do
these things while
 Can users run applications that need
logged on as an
access to the server?
administrator, but the
 Can users print to all of the printers they test is ‘regular users’,
should have access to? probably with more
restrictive accounts.
 Can users reach the Internet?

You should have a checklist available with the functions you will test and the expected outcomes
of the test. Leave room for comments, which allows you to log the actual results, problems and
solutions.
It is impractical to test every login account and every function on every workstation. You need to
access all combinations of user groups and functionality with at least one network function from
each workstation. This ensures that all devices are physically connected to the network and that
group based policies and scripts are working. This only leaves doubt about a few possible non-
standard (often undocumented) modifications that exist in an existing network system. These
will be highlighted by help desk calls and allow them to be integrated into the standard system or
documented properly as exceptions if they are really necessary.
Table 6 on the next page has a sample checklist. Note the testing is planned to cover all the
workstations and both the sales and admin groups. Access to the H: drive, Internet and both
printers is confirmed from each group.
Table 6: Sample checklist

Computer Login as Access Access Print Print Tested Test Test

H: Internet colour laser by date OK

WS001 Testsales Test Test

WS002 Testsales Test
WS003 Testsales Test
WS004 Testadmin Test Test
WS005 Testadmin Test
WS006 Testadmin Test

The ping command

The ‘ping’ command helps confirm the basic connectivity of a network device. Ping stands for
packet Internet grouper (or groper or gopher). An echo request packet is sent out to the IP
address; the receiving system identifies it and sends back an acknowledgement. This round trip
ensures that there is an active network path between the two devices.

The ping command is

easily run from the Run
menu (Start->Run…)
type in the command
ping –t 192.168.0.101
which causes the system
to continue (-t) trying to
send an echo packet to
the IP address used until
you stop it using the Figure 20: Running the ping command
Ctrl-C key combination.
(Note in UNIX/Linux Figure 21 shows the screen for a successful
systems the –t is response from a ping command. Note that many
unnecessary as this is the firewalls can be set to reject ping and other
default behaviour.) packets.
Figure 21: Successful response from the ping command; an unsuccessful response will show the words
‘Request timed out’

Comment Tariku and Dani

Evaluate Internet service

Identify requirements

 Hardware
 Network
 Security

Mail server and client software

Determine IP

Install and configure to create link

 Database
 Document
 File
Summary

In this reading you have briefly considered the Ethernet protocol, the ISO reference model and
some of the broad range of network devices Ethernet supports, before some general notes on
ways of minimising disruption to clients when installing and configuring hardware devices.
A look at safe and professional installation procedures covered those involved for internal and
external hardware. Basic device configurations were outlined for setting IP address and computer
names, before testing was discussed, with the use of the ping command to test the connectivity of
network devices.
Remember that no installation should be done without first checking with the people who may be
affected; have plans for configuration and testing, and contingency plans in the event of failure.
Care also needs to be taken to keep things safe during the installation since business may be
continuing while you are working.

Check your progress

Have a look at the next section — Practice. If you have trouble, review these Readings or
perhaps take a look at some of the listed Resources.
When you feel ready, try the Self check section at the end of this topic. This will help you decide
if you are now able to complete the task and attempt assessment.
Install configure and test servers and
software
Before you start an installation

Before you begin installing server hardware or software you need a plan. Some installations have
evolved into a simple task, based on user-friendly menus—they may not require any real
technical knowledge; but what about the existing IT and network environment? It may be very
tempting to get in and start installing without an approved plan because you think you’ll save
time. Yet an installation can interfere with or even stop other network hardware, services or
applications from working, and your working without a plan is tantamount to working blind.
Installation plans and the schedules ensure that disruptions to business operations are kept to a
minimum and that issues of installation requirements, interoperability and compatibility are all
addressed.
Before commencing installation of server hardware or software you should:
 Review the user requirements
 Review the installation plan
 Review and confirm the existing IT environment
 Confirm the availability of required resources and materials
 Review technical tasks (for installation and configuration)
 Review the testing tasks
 Review deployment task
 Confirm scheduling and communications
 Review all contingency plans.
All these items are considered in detail to follow.

Review user requirements

The user requirements (also known as user or client specifications) state what an organisation,
person or user requires from the installation; they define what the outcomes of an installation
will be, in functional terms. For example, a user requirement may be:
The organisation needs a method of sharing data and information between all staff using
organisation-owned infrastructure.
The solution may be to install a central file server and user workstations. The developed
installation plan would be based on this.
Reviewing user requirements allows you to see what is expected as an outcome, and this is the
measure by which the success of the installation will then be judged. There is no point in
following an installation plan, only to find that client requirements are not delivered. You must
have a clear understanding of user requirements to properly review the objectives of the
installation plan and the tasks defined within it.

Reviewing the installation plan

A well developed installation plan will include detailed tasks that cover installation,
configuration and testing.
As an IT professional you may be contracted to implement only certain tasks within an
installation plan developed by others. In this case, reviewing the plan will help you understand
your role and responsibilities and the roles and responsibilities of others involved, as well as the
task sequence in which your activity occurs.
For example, if you are contracted to undertake the ‘install server’ task in a network installation
plan for a large firm, you would need to know that beginning your task is dependent on activities
to install network switches and cabling having been completed.
In some cases your activity, as described in the plan, may need to be developed. There may be no
specific details given on how to ‘install server’—so you would need to develop an installation
plan for your task that fits into the overall installation plan.

Review and confirm the existing IT environment

The affect of the proposed installation on the existing IT environment must be considered and
documented. Issues to investigate include the system and installation requirements for the
proposed software and hardware, and interoperability and compatibility between existing and
proposed software and hardware.
Tasks in the plan should address changes to the existing IT environment, and include specific
installation and configuration details for all software and hardware, existing and proposed.
It is also important to confirm that details in the plan of the existing IT environment are in fact
correct. This is especially important if you did not develop the plan, or if some time has elapsed
since the plan was developed. If you simply assume all is as documented, and it isn’t, you may
run into installation problems or severely disrupt business operations.
This part of a review may involve visual inspections of the network and devices, alongside
checks of current configurations and settings. A wide range of tools come with operating systems
or are available from third-party vendors to help with this. Knowing how network devices and
software connect and interact will also help ensure installation and configuration tasks are
appropriately defined and implemented.

Confirm resources and material

Resources and materials needed should be set out in the installation plan, along with names and
details of those responsible for organising or providing resources.
You should confirm that all resources are available when required. For example, you may need
to install 50 XP workstations that will connect to a new server. The installation requires you and
four technical support staff to be on site to install the computers. You should therefore confirm
that the support people are in fact available to perform this task before you start, since fewer
hands will cause delays. Once again, you cannot simply assume availability, just because it is set
out in the installation plan.

Review tasks
Tasks define what you are required to do and how to do it. You will need to draw upon your IT
knowledge and skills to review individual tasks and confirm they are technically correct and
properly sequenced. Generally, the order of tasks for an installation will be as set out in Table 1.

Table 1: The general order of installation tasks

Tasks Hardware Software

Installation Physically installing the hardware Loading the application or

and powering it up program on the appropriate
device
Configuration Setting how the hardware will Setting how the software
operate, such as what services a will operate (user access,
server will provide (file and print, database locations,
network services and so on) connection, etc)
Testing Activity carried out to ensure that the installed and configured
hardware or software operates as expected
Deployment Activity undertaken to make the installed hardware and/or software
available for use within the production environment.

You need to review tasks to ensure that they are ordered correctly and that you are aware of any
dependencies between tasks. For example you may need to perform a data backup before starting
a configuration task.
You should also confirm that tasks are technically accurate. You may want to research and
practice tasks that are new to you. For example, if you have no experience of installing an
additional hard disk in a Linux server, you might obtain vendor instructions to install and
configure the disk and perform the task on a test computer, away from the client’s IT
environment.
By reviewing the tasks in an installation plan you make yourself familiar with what you need to
do, before you do it. You will be able to undertake the tasks with confidence and without
wondering what comes next.
Scheduling and communication
A part of knowing what to do and when to do it is the need to confirm the start and end date and
duration of tasks and activities (the schedule). You also need to confirm schedules to confirm
resource availability.
Scheduling is usually approved by organisational management, an appropriately authorised
person or end user groups, and broadly overseeing it can be the responsibility of a project
manager.
All parties involved in an installation need to be informed of the schedule and of any impact on
normal business operations must be clearly communicated. For example, the users of a corporate
database may require five working days notice before any work on the database can start.
Some of the most fundamental parts of communication can sometimes be overlooked—always
confirm your installation plan, and the schedule for it, are approved before you begin.

Reviewing contingency plans

Contingency plans help reduce the impact of a failed installation on business operations. You
need to be well aware of any contingency tasks or plans prior to starting an installation. If
something goes wrong you need to know what to do and how to recover. You may need to test
your contingency plan prior to commencing an installation.
Contingencies may include data backups before commencing installation, backup or duplicate
hardware or systems, pilot testing, and carrying out work after hours.
Installing server hardware and software

Installation means to place computer hardware or software in place, ready for use. Once you
have reviewed the installation plan, confirmed the scheduling and are familiar with the task, you
can start. To follow are some specific considerations for server hardware and software
installation.

Server hardware considerations

Server hardware is the computer equipment that will run specific software to provide services or
applications. The type of hardware, as determined in your installation plan, depends upon the
service to be provided.
For example, a server needs to have an operating system installed for it to operate and provide
services. Operating system software needs minimum hardware specifications, as recommended
by the hardware manufacturer, to run successfully. New or existing hardware needs to be able to
satisfy the minimum system requirements. Table 2 below is an example of the minimum
requirements for two operating systems.

Table 2: Minimum requirements for two operating systems—as an example

Windows 2003 standard edition Red Hat Linux V9

server
 PC with CPU of 133 megahertz  Pentium Class CPU. For text mode: 200
or higher processor clock speed MHz or better. For graphical mode: 400
 128 megabytes (MB) of RAM MHz Pentium II or better
or higher (max 4GB)  Hard Disk Space: minimum of 475MB for
 2 gigabytes (GB) of available basic install, a Server requires a minimum
hard disk space of 850MB, a personal desktop requires
1.7GB, a workstation requires 2.1GB and
 Super VGA (800 x 600) or if you install everything then 5.0GB
higher-resolution video adapter
and monitor  Memory for text mode is 64MB, minimum
for graphical mode is 128MB,
 CD-ROM or DVD drive Recommended for graphical mode is
 Keyboard and mouse or 192MB
compatible pointing device  Other hardware components may be
required to use other parts of the operating
system.

To install server hardware you will need to follow the installation plan along with any vendor or
manufacturer’s instructions. Generally you will need to:
  Unpack new hardware and/or assemble server hardware
 Site or mount the server hardware
 Power on server hardware
 Run hardware diagnostics.

Unpack new hardware and/or assemble server hardware

Server class hardware is generally manufactured to a higher standard than ordinary personal
computer hardware. The server hardware may be supplied by a vendor already assembled to your
specifications and requirements, or you may need to assemble a server from components
supplied by various vendors. Components can include those for storage (hard disks, optical disk,
tape drives and the like) memory, central processing units (CPUs), network adaptors, power
supplies and uninterruptible power supplies (UPS). You should check that the server hardware
supplied matches the requirements as stated in the installation plan.

Site or mount the server hardware

The assembled server hardware needs to be placed in an appropriate location. Usually this will
be in an environmentally controlled room or equipment cabinet. Some vendors manufacture their
server hardware to slide in and out of special racks like draws in a cupboard and share a single
keyboard, mouse and monitor between multiple servers via a switchbox.

Power on server hardware

This is where you connect the mains power and turn on the hardware. At this point, look for any
signs of hardware not operating as expected. Burning smells, smoke, severe vibrations and noises
are immediate indicators of hardware problems where the power should be immediately turned
off and the vendor contacted for advice.

Run hardware diagnostics (burn-in)

With server hardware successfully connected to mains power and turned on, any diagnostic
utilities or software recommended by the vendor or manufacturer should be run to check correct
operation. Third-party utilities or tools may be used for this. The process is known as ‘burn in’
where hardware is operated to its maximum specifications by diagnostic or ‘burn in’ utilities for
a period of time to find any faults or failings before the hardware is placed into normal operation.
The server is now ready for software installation.

Server software considerations

Server software refers to both the server operating system and any additional application
software running on the server. The server operating system must be installed prior to any
application software. Once again an installation plan should address these tasks.
Operating system installation
The server operating system is the software that will operate the server hardware to provide
network and services to users. The various methods of installing operating system software on to
server hardware depend on the software being used. Generally, methods used are:
 Local manual installation
 Local automated (or scripted) installation
 Remote installation
 Image installation.

Local manual installation

Local manual installation requires using installation media such as CDs, DVDs or a central
network repository that stores the installation files. The software is installed by physically
accessing the server hardware to run the operating system installation. Generally, you follow the
installation prompts and instructions using the local keyboard mouse and monitor.

Local automated (or scripted) installation

Local automated (or scripted) installation involves manipulating the installation process so that it
becomes a simple process of either running a single command, or clicking an install button. This
requires knowledge of the operating system and is usually done by using batch files or script
programs to set installation options that usually require user interaction or selection. If you have
multiple servers to install, this will ensure consistency and identical installations. The person
installing on-site does not require in-depth knowledge of operating systems to perform the
installation.

Remote installation
Remote installation is when the operating system software is installed by remote access from
another computer on the network. This also means that your server hardware does not require a
local keyboard, mouse and monitor and you do not need to physically attend to perform the
installation. The Mac OSX Server – Remote Installation option is an example of this. (For
applications software: using either the server operating system features or third-party remote
control software, the server is accessed from a remote location and the application or other
software installed, again without physically visiting the server. This method may also use
application packaging and delivery technology.)

Image installation
Image installation uses hard disk imaging to install the operating system on to the server
hardware. It may be performed locally or remotely and ensures consistent and identical
installations. Installation by disk imaging is much quicker than other methods. However, the
initial image creation may be time-consuming as a manual installation on server hardware is
usually required to create the initial disk image for installation on other servers.
Once the server operating system is installed it must be configured.
Application software installation
Application or other software is installed on the server only after the server operating system is
configured and tested. Other software and can be installed by manual, automated and remote
installation (as described above).
Configuring server hardware and
software

Configuring server hardware and software means setting up the way the hardware and software
operates to suit the IT environment and organisational or user requirements.
Generally, server hardware is configured before the server operating system is installed, or
afterwards if hardware components in an operating server are being changed or added. Software
may be configured when installed, as part of the installation process, or afterwards, if a default
installation has been performed.
Some specific considerations for configuring server hardware and software configuration follow.

Server hardware configuration

Server hardware configurations will depend on what components make up the server.
Configurations you may need to consider include those for:
 Storage
 Boot sequences
 Specific devices
 Redundant components.

Storage
Options like the hardware redundant array of independent disks (RAID), the system which uses
multiple hard drives to share or replicate data among the drives, are configured independently of
operating systems. You may need to configure RAID options and logical volumes. You may be
using remote storage with special adapter cards that may need configuration.

Boot sequences
A boot sequence is the set of operations the computer performs when it is switched on which
load an operating system. Usually you have the option to select boot orders such as network, CD,
which hard disk and so forth. The Intel WFM (Wired for Management) options may need to be
set.
Specific device configurations
Things like the addresses for small computer system interface (SCSI), which is a standard
interface and command set for transferring data between devices on both internal and external
computer buses, may need to be set on old SCSI devices. Generally bus, port, interrupt request
(IRQ) and other settings are usually automatically determined for you with current server
hardware. There may be external devices (for example tape drives) that require hardware
configuring to connect to the main server hardware.

Redundant components
Hardware such as that for standby power supplies or network adaptors may need configuration.
You may need to consult the hardware manufacturer or vendor for information and configuration
instructions.

Server software configuration

Configurations for server software depend on the purpose or function of the server. Generally, a
server may be configured for one or more of the following roles:
 An application server which runs specific software applications for end users, such as a
server that runs a central Oracle Database that is accessed by users across an
organisation.
 A storage server which provides a central storage place for data that can be accessed by
computer users around a network.
 A network services server which provides specific services, such as print, user
authentication and authorisations, dynamic host configuration protocol (DHCP), and
domain name system (DNS) are some examples of the services that can be provided.
Configuration for each of the above roles will be different and will depend on the client’s IT
environment.

Server items to be configured

Generally the following items will need to be configured on a server:
 Network setting, which includes network protocol to be used, network addressing, server
name and network adaptor settings.
 Services, which include enabling and configuring specific services to run on the server,
such as setting the server to run dynamic host configuration protocol (DHCP), and
domain name system (DNS) services for an organisation.
 Authentication, which involves setting how users of the server will be identified. This
may involve setting up local user accounts with passwords on the server or setting the
server to authenticate users via some other mechanism.
  Authorisation, which is setting up which authenticated users are permitted to access and
use the server, such as allocating user permission to access data storage or server
applications or programs.
 Environment setting and policies, which are settings for the server to operate as
required or settings dictated by organisational policy. Having data backup schedules for
the server is an example of environment setting. Policy settings are used to enforce
organisational policies and may include disabling certain functions or enforcing a
particular setting on end user computers, such as stopping a non-administrative user from
login on the server console, or forcing users to change their password after 30 days.
All server operating systems have the above configuration options, while the processes to set
them will vary. Generally, configurations will be carried out using a graphical user interface
(GUI) configuration program that is provided as part of the server operating system.
Testing server hardware and software

Once a server has been installed and configured you need to ensure it will operate as expected
and will meet client requirements. Basic hardware testing should have been done on installation.
You now need to test the combination of server hardware and server software before the server is
made available for use.

The test environment

To avoid disruption it is best to install and configure a server in an environment not connected to
the production network, and which is, ideally, a replica of the working environment. A replica
test environment allows testing of system integration and compatibility with existing systems.
Unfortunately, fully replicated test environments are not often available, in which case the new
server must be first tested in isolation and then completely tested in the production environment
in a manner that causes the least disruption. It is important that your installation plan addresses
the issue of testing, taking into account the existing client IT environment.

The testing process

With the server is in place, the following tests can be conducted in order.
1 System test—which checks the technical operation of the server and includes network
communications, operating services and schedules, system performance (disk I/O, memory,
CPU) application and program availability, authentication and authorisation, manual
procedures, backup and recovery procedures. The entire system needs to be tested. Test
strategies that work the system to its capacity are used. These strategies must ensure that all
problems that the server may have, are found before it is placed into production.
2 Integration test, to check that the server works with all applications, systems, servers and
network resources in the client’s IT environment.
3 User acceptance test, which is a functional test performed by the users to ensure that the
new system works and functions as expected and that it satisfies their needs. User
acceptance testing involves the clients using the operating system and performing normal
work activities for a period of time, to see if any problems occur. They also determine if
performance requirements, as defined in the user requirement statements, are met.
Performance requirements must be subjected to a specific set of tests that will decide if the
 server and software are acceptable. If the server passes all of these tests, it is considered to
be acceptable by the users.

The test plan

A plan for the above tests should be a part of the installation plan, with a time line, a list of
resources required and the roles and responsibilities of those involved set out. The test plan
should:
 list the function or service to be tested, and within each function or service, list items to
be tested in sequence
 list the procedure to test each item and the expected results of the test procedure
 provide for documenting actual test results with comments (as shown in the example in
Table 3).

Table 3: Simple test plan extract, as an example

Function Item Procedure Expected result Actual result Comment

Printing Install network On client computer Network Printer

printer from login as user1. installed on local
server on to Select Start computer with test
Windows XP select Printers and Faxes page successfully
client computer select add printer printed.
browse to \\server\ptr-1
install printer
print test page
Printing Application On client computer Selected document
printing using login as user2. printed
server print Access local MS Word
services application on client
computer.
print a document to \\
server\prt-1

It is important that you know what the expected results of a test should be. If the actual results do
not match those expected, the test for the selected function and item has failed. This failure is
known as a defect or deficiency that will need to be rectified. Defects or deficiencies can be rated
in terms of severity or importance and this can help you create a priority list of defects to rectify.
Once you have rectified a deficiency or defect you need to redo the failed test to confirm the test
is passed.
After testing
A new server should be free of defects or deficiencies before it is put into production. Results of
the testing process should be documented, and documentation then reviewed and analysed to
confirm that all required testing is complete and that all defects and deficiencies are resolved.
In some cases that documentation (along with other information) may need to be presented to
confirm the results of the user acceptance tests, so to authorise the next step of deployment or
placing the server into production. Clients can also decide to deploy or implement the server with
minor defects or deficiencies, if that a plan exists to rectify them, especially if there is a need to
implement the server quickly.
Deployment and implementation

Deploying of implementing the server means making it available for use in a working
environment. How you deploy the new server will depend on the existing IT environment and
whether the server is a completely new installation or a replacement or addition for an existing
server. You may need to test your deployment methods in conjunction with your server testing.
To follow are some considerations for deployment. The method you use may affect how you
undertake server testing prior to deployment.

New servers
Deploying new servers is generally a simple process because you are implementing all new
services. The server is usually connected to the production network and existing client computers
connect and use the new server, depending on its configured role.
There may be a need to install client software or reconfigure client computers to enable use of
the new server. This type of activity should have been included in the installation plan and
testing of client software and client connections would be done before deployment.
For example, if you deploy a new dynamic host configuration protocol (DHCP) server in a
network where client computers have static Internet protocol (IP) addresses, you need to
reconfigure client computers to dynamic IP addressing. You could use the following options:
 connect the new server to the production network, then
 visit each client computer to manually reconfigure or
 employ remote access technology (like Altiris, RDP) to reconfigure each computer, or
 create an executable configuration file that is sent to the computer and the user executes.
In the above example, connecting the server to the network was the easy part of the deployment.

Replacement or upgraded servers

Replacing servers requires some careful planning to ensure minimal disruption to existing
services. The following strategies can be used:
 parallel implementation
 abrupt implementation
 phased implementation
  pilot implementation.

Parallel implementation
Parallel implementation takes place where the old server and software run alongside the new
server and software. This is done for a period of time to ensure any problems not detected in the
prior testing phase are resolved. The old server and software are then terminated either abruptly
or phased out.
This method allows the organisation to keep functioning as normal, and it also allows much more
time for the users to become familiar with the new software. The disadvantage is that it is costly
and time consuming for the users to run both operating systems and applications simultaneously.
(To counter that disadvantage, a small group or section may pilot the proposed changes, as
below.)

Abrupt implementation
Abrupt implementation is when the old server and software are completely removed and the new
server and software put in place immediately. It requires no transition costs and is very fast, yet
there is the risk of costly data loss if the new system fails, or if existing data is not correctly
transferred to the new server. Operations can be seriously disrupted if this happens, or if the
users have not been adequately trained (with abrupt implementation users are under a lot of
pressure to learn the system before the change over).

Phased implementation
Phased implementation is used with larger applications that can be broken down and installed
separately at different times. An example of a phased implementation could be a server
providing an accounting application, with the accounts receivable, accounts payable, general
ledger and payroll modules all installed separately in phases with the new operating system. If
something does not work it may be only the (general ledger) that has problems or, since the
(general ledger) has just been installed, it can be quickly identified as the cause of other
problems.

Pilot implementation
Pilot implementation is where the new server and software are installed and used by one
department in the organisation, to be tested. Once this pilot site is working as expected, other
departments convert, using one of the above mentioned deployment methods.
It is wise to have a phased implementation process. This may include the following steps:
 Backing up important data in case there is a problem during installation
 Selecting a sample area to use the new server and software first. Document any problems
and considerations that arise from this ‘pilot site’.
 Break up the installation into smaller, more manageable units.
 Plan the installation timetable to cover different sections.
 Alert staff to the planned installation and training.
Regardless of implementation method, deployment should be addressed in the installation plan
and not run as an ad hoc process at the end of an installation.

Post installation review

Once the installation of the server is complete there remains one more task—reviewing the
installation process to ensure the client requirements are met. This requires a review of the
completed installation, by reflecting on the installation plan and its execution, discussing any
issues arising from the installation, and confirming that the installation delivered the user
requirements. It is at this point that the installation may be signed-off as completed.
Summary

In this reading you’ve considered the importance of having a well developed installation plan,
which is also used after installation to judge effectiveness and to check that user requirements
have been met.
You looked at preparatory work including the need to review user requirements and the
installation plan before an installation begins (including review and survey of the existing IT
environment). Considerations and issues related to the installation of hardware and software and
its configuration were outlined. The process of testing was then discussed, followed by a
summary of methods of deployment and implementation.

Check your progress

Now you should try and do the Practice activities in this topic. If you’ve already tried them,
have another go and see if you can improve your responses.
When you feel ready, try the ‘Check your understanding’ activity in the Preview section of this
topic. This will help you decide if you’re ready for assessment.
Develop an advanced Software
installation plan
The planning process

Planning is the first step and foundation of any project. Planning requires thinking about what
you need to achieve. Having clear goals or outcomes is a starting point to knowing exactly what
must be done. You can then decide a sequence of activities to meet those goals, and assign
resources and timelines to each task and to the project as a whole.
Planning is the key to a successful installation. Installing a new file server, upgrading old
network hubs, or installing software on a network, all need an installation plan. While the details
and activities are different in each case, the steps in developing a plan are the same.
Smart installation plans, most importantly, help avoid disrupting business. Without good
planning you may need to reinstall components due to missing information or have unforseen
compatibly issues. While formulating a plan may take time, it will also save you time, not to
mention money, reputation, goodwill and even lost sleep, in the long run.

What does an installation plan contain?

Documenting the installation plan, in simple format or as a spreadsheet or produced by project
management software (depending on the complexity and scale of the installation), is the means
by which the plan can be approved and authorised. The plan also serves as reference for
everyone involved, including users who will be affected.
An installation plan should address:
 The objective, goal or desired outcomes.
 Tasks and dependencies.
 Time and duration of tasks or activity (timelines).
 Roles and responsibilities.
 Required resources.
 Contingency plans or tasks.
To have a plan with all these elements you need information about installation requirements and
technical information about each task. The elements of the plan overlap (for instance assigning
responsibilities will go hand in hand with working out the schedule and sequence of tasks). The
various parts of a plan are discussed in detail below.
Defining the objective
Interpreting client requirements
The objective for an IT installation comes from the client. Often this will be stated in terms of
their business needs and it is your job to determine the technology required. In other cases, the
client might provide more specific documents to outline their installation needs.
An example of a client requirement expressed in business needs may be: ‘The organisation needs
a method of sharing data and information between all staff using organisation-owned
computers.’ The solution to which might be a central file server.

Understanding the existing IT environment

To make any recommendation so to meet the client’s requirements you need to first understand
the business, its processes and what makes up the existing IT environment; computers, servers,
network switches and infrastructure, software and programs. You need to also understand how it
all connects and functions together (known as interoperability).
For the file server above, for instance, you may need to ensure network switches are compatible
with existing switches. You will also need to know where the file server can be installed, and if
current equipment can be used. Knowing the existing environment will also help determine
staffing needs, and if specialist help is needed (such as to install new cabling).
An organisation’s IT security policy may also have set steps to ensure data stored is secure and
backed-up at all times and you’ll need to take account of this in making sure that any installation
protects the access to and validity of data. Any future need to increase or decrease the capacity of
the installed system will also affect requirements, as will a broad range of possible
circumstances, including the physical environment (and physical security of equipment and
cabling).
Once the objective is defined from client requirements, it must be expressed in a clear statement
of precisely what is to be achieved. For example: ‘Install a File Server’ is an objective, but too
general—it does not fully state the outcome. A better example would be: ‘Install a File Server to
provide 100 users file storage of 20 GB per user, along with print services’. The objective is
quantified and measurable and it will therefore be easy to judge that it is done successfully.

Tasks—breakdown of tasks and sequences

The nature of the tasks needed, depends on the objective, as defined above. Tasks to install
network software will be different from those to install a file server, for instance. You will need
to use your knowledge of computer systems to the actual tasks required.
Single tasks help break down the overall installation into smaller individual jobs. Beginning one
task may be dependent on another task being done—the associated tasks or conditions are called
‘dependencies’. A configuring task, for instance could not start until the installation task is
completed. Usually tasks are carried out in sequence (one after the other in a set order), but in
some circumstances may need to be performed concurrently (more than one task at a time).

Task sequences
Generally, the sequence of tasks for an installation will be:
 Procurement of resources
 Installation
 Configuring
 Testing and evaluation
 Implementation into the production environment
 Contingency plans
 Post implementation review.
Tasks can be simplified or broken down into a number of sub tasks. For example the task
‘procure server equipment’ can be broken down into the clearly defined sub tasks of:
 Obtain quote from preferred supplier for a HP Compaq DL360 Server (duration one day).
 Submit quote to Finance department for approval and the raising of a purchase order
(duration four days).
 Send purchase order to supplier with delivery instructions (duration four weeks for
delivery).
 Accept delivery of server, check contents of package for correct items and advise finance
department that purchase order has been filled (duration two hours).
Each sub task clearly states what is to be done and the time to complete it. This time will be an
estimate based on your experience or based on tasks in similar installation projects.

Setting timelines and schedules

Once the nature and sequence of all the tasks is decided, and you have determined the duration of
each task, a schedule can be determined.
In the above example, assuming a week is five working days it will take five weeks and two
hours to complete the ‘Procure Server Equipment’ task.
To create schedule you take into account the sequence or order of your tasks (noting whether
they are sequential or concurrent), and people’s availability to do those tasks, to determine the
overall time required to complete the installation. This is important information for both you and
the client and it will help you track and report on progress.
Business operations may constrain your installation plans. For example, if the business cannot do
without its computer network between 9 am to 10 pm each weekday, the only down time
available may be the weekend. This will determine both the timeline and resources required.
The deadline for an installation might also be stated as part of the objective; for example ‘Install
a File Server to provide 100 users file storage of 20 GB per user along with print services by July
1 2007.’

Defining roles and responsibilities

With tasks and resources clearly defined (in a planned sequence and to a schedule), the
installation plan should also clearly state who will do what task and who will make sure that
resources are available when needed.
This level of planning ensures:
 that tasks are completed according to a schedule and people know their responsibilities
(avoiding the ‘I thought you were going to…’ phenomena)
 that tasks can be costed against the hours that individuals are allotted to do them
 that hierarchies of responsibility are created, if needed, such as having a more expert
person supervise the work of others
 that task and timelines reflect the actual availability (or capacity in hours) of staff
 that contingency plans are in place in case staff become unavailable.
This part of the installation plan usually also includes an outline of communications and
reporting to ensure all stakeholders are kept up to date.

Allocating resources
Resources to complete an installation include people to do the work (as above), tools, equipment
and finance. The installation plan must clearly state what resources are needed. You will have
worked out exactly what those resources are by dividing general activities into individual tasks
and costing the time required to do them plus materials and equipment.
The costs you work out will also be determined by organisational constraints. A major constraint
may be the budget—what can the organisation afford? There may be a number of options given
how much money is available in the budget.
An organisation may also have policies for purchasing (such as where to buy equipment) and
staff procurement (such as bringing contractors in).
Staffing can affect both resources and timelines—for example two people may be able to install
computer cables in less time than one.
If a new computer system or software is installed, the users of the new system may need training
or instruction. You need to ask yourself if that training or instruction can take place before,
during or after the installation.

Contingency plans
Even the best-made plans can fail. Unforseen events or circumstances may thwart a successful
installation.
Contingency plans for the whole installation and for parts of the process can limit the affect of
failure on business operations. They may be plans for staff, in case of sickness, plans for other
suppliers in the event of non-delivery, or implementation plans to ensure that business operations
are not disrupted in the event of failure while installing, configuring or testing.
For example the objective may be to install a new network database. Should the installation fail,
the business may be left with no database or corrupt records in a new version. Any business
would find it difficult to operate without its database. The contingency plans may include:
 having the business work from back-ups of the old database in the event of failure—
having backed-up to another networked computer and testing that version to ensure data
validity and access
 doing the installation on the weekend and allowing for time before start of business on
Monday to fix any problems
 having a technical support person from the database vendor on call for technical support
via phone during the installation.
Notes on installing network software

All software applications have minimum system requirements for the server or PC processor,
amount of RAM, and available hard disk space. Network software will also have requirements
related to bandwidth, protocol and the network file system. You need to verify these are met
prior to installation.
You need also to ensure the organisation has licenses for software to be installed, and that all
terms and conditions of the license are adhered to, such as the number of clients that can use the
software. You should record any serial numbers or product keys required during the installation.

Installation methods
Knowing the various methods used to install network software will help you develop the
required tasks in the installation plan. The method used will depend on the existing network
environment and resources, including the budget.

Manual and automated installation

Manual installation requires CDs, DVDs or a central network repository to store installation
files. Software is installed by IT staff or by users themselves running the installation program on
their computer. While this suits small, single-site networks, it will not suit large networks
because of security issues, the time needed in each case, the staff required, disruption to users,
lack of control and potential configuration inconsistency.
Automated installation requires manipulating the installation process so that it becomes a simple
process of either running a single command or clicking an install button. It is done by using
batch files or script programs to set installation options that would otherwise need user
interaction or selection. While more efficient, it requires installation scripts. Although simpler,
because users and installation staff need not interact with the install process, the script may need
to be manually executed at the computer to start it.

Remote deployment
The term ‘deployment’ refers to the distribution of software to end users. Remote deployment
usually involves ‘packaging’ the software. The software is first manually installed on a test
computer and configured as required. The resulting changes (new files, folders, changed files and
registry entries) made by the installation and configuration of the software are recorded and
become the packaged software. This package can then be delivered and written to other
computers on the network.
Other remote deployment methods use hard disk imaging to create disk images of a computer
with the installed software. This disk image may be deployed to other computers creating a
standard environment and reducing the time required to install software.
In these ways, networked computers can have software delivered, installed and remotely
configured (if needs be) from a central location without user intervention or technical staff
visiting target computers.
Remote deployment and management can be a part of a network operating system, for example
Microsoft Remote Installation Server (RIS) and System Management Server (SMS). Third party
software such as ZenWorks (for windows and Linux), Alteris and Symantec Ghost provide
remote desktop management, imaging and software deployment.

Terminal server installation

Terminal server installation involves installing and configuring the software on a special server
known as a terminal server. The software thus installed is then available to networked computers
and appears to run as if locally installed, though it is running on the terminal server and is
presented to the user’s computer via a terminal session. The user’s computer may need to have
terminal services client software installed or in some cases users can access the terminal server
via a web connection.
With this method, software can be accessed by hardware below the normal software requirement
specifications, but it requires a dedicated server powerful enough to run the software in a
terminal service environment. The number of concurrent connections to the server may also be
limited and license costs expensive. Terminal services may be available as part of the network
operating system or as a third-party product, such Citrix or Tarantella.
You need to test new software prior to organisation-wide installation. Your installation plan
should include testing in a test environment to ensure user requirements are met. Functional
testing will confirm the software will perform as expected. The installation plan should also
include testing of deployment methods to ensure the software will be installed across the network
as expected.
Always back-up existing network software installations prior to implementing upgrades and test
that you can restore the backup. Prior testing of the upgrade software in a test environment and
backup of current software should form part of your installation plan tasks and contingencies.
Notes on installing network hardware

Hardware, of course, cannot be installed remotely. Someone must physically connect it—while
once installed, computer and network hardware can usually be remotely configured.

Network hardware
In planning an installation you need to identify existing hardware. Computer hardware broadly
categorised into network infrastructure is as follows.
 Switches providing connection ports for devices to connect to the network.
 Routers providing the correct data paths and IP addressing between devices connected to
the network.
 Connectivity devices and media providing the physical path for a data signal to travel
along. It includes all physical cabling like UTP and optical fibre and also devices that
convert a data signal to travel along different media, such as wireless transceivers.
 Storage provides a location on the network where data can be stored. This includes hard
disks, magnetic tape and optical storage devices that are attached to the network but not
directly attached to specific computers.
 Servers provide the network services such as domain name system (DNS) and dynamic
host configuration protocol (DHCP), or applications for users such as email.
 Workstations and terminals provide the user interface.

Installation planning
When developing an installation plan you need to apply what you know about network hardware.
You also need to be able to find appropriate information and people with the required skills for
the installation. Your installation plan will indicate who has responsibility for what part of the
installation.
When planning a hardware installation, consider the points in Table 1 on the next page.

Table 1: Hardware installation notes

Area Details to consider

Requirements Network devices and hardware have minium requirement
specifications specifications (similar to software). These are available from
equipment suppliers and will include specifications for operating
conditions (such as voltages, temperature and humidity) and
installation requirements such as rack mounting and connection
requirements.
Interoperability If adding network hardware, conduct a thorough review and
investigation of the existing network. You need to consider any
interoperability issues between old and new equipment. The equipment
suppliers should be a useful resource for this.
Scaling Consider if the installation needs to be ‘scalable’. Do you need to
expand or contract the network capacity over time? Will the hardware
you use cater for this easily?
Tests Always test your hardware before installing to a live or production
network. Set up a test environment for your hardware installation and
hardware configuration.
Warranty Consider purchasing hardware warranty and support, and make this
part of your installation and maintenance contingency in your
installation plan. The equipment vendor may have installation
knowledge and experience that you can use.
Business Plan your hardware installation so that it has the least impact on any
operations business operations.
Roll back Have a roll back strategy when installing or replacing network
hardware. Don’t immediately remove the old hardware you are
replacing—you may need to go back to it if problems arise.
Summary

The planning of your installation is important to minimise the disruption to the client and ensure
a successful outcome for all concerned.
You will need to work closely with your client to ensure you meet their requirements. Making
sure you provide all the mandatory information that is required in an advance installation plan
will ensure you have taken all the necessary steps to give your installation the best chance of
success.
Developing a good installation plan is usually the most difficult part of any project. If it’s done
well, implementing the plan should be a simple task.
Reading: Install and test network
software

Before you start the Install

Installing network software should hold no surprises or unexpected consequences. Planning is
the most important part of installing network software. In this process, software prerequisites,
system requirements, compatibility, installation requirements and configuration should have
been looked at and tested to see how these fit into the existing network environment. The
planning process should include the planning for software testing and evaluation.
Following this, if the software appears appropriate for the organisation, an installation plan
should have been develop. This plan addresses how the software would be installed in the
network. It would also cover configuration and testing.
In all cases there is no substitute for reading the product manuals to find out what you need to do.
This should have been done in the planning process to develop the installation process

The installation
Once the planning is complete, the actual task of installation can be very boring. You often just
load the CD-ROM, answer a few questions and off it goes. The supplier may try to make the
activity a bit more interesting by showing you a progress bar or by giving you screens of
advertisements that tell you all the great features of the product.
However, there are a few issues that are important and will impact on the planning and
implementation of the installation process. For the home user the installation process is normally
from a CD to a single computer. In a business environment there may be several decisions to be
made especially if the software being installed or upgraded is an operating system and there are
many users.
How software will be installed in a network will depend upon:
 Software installation requirements. Does the software need to be installed in a certain
way?
 Software configuration requirements. Is the software configured globally or are settings
required for each individual user or installation.
 Network environment, including the types of hardware, number of users, network
connections, bandwidth, and so on.
  Resources available for software installation. What people, skills, tools and budget are
available to install the software?
 Organisational requirements and constraints. Are there deadline dates to have the
software installed? Can any disruptions to business operations be allowed?

Manual installation methods

This method requires using installation media like CDs or a central network repository that stores
the software installation files. The software is installed by visiting each computer and running
the software installation program on that computer.
This may be done by IT technical staff visiting each computer or by the users. This process may
be suitable for small single site networks. There are disadvantages for large networks because of:
 security issues
 the amount of time per installation
 the number of people required for the installation
 disruption to users
 lack of control and configuration consistency during the installation.
 ongoing maintenance issues (may require more visits)

Automated installation methods

This process involves manipulating the installation process so that it becomes a simple process of
either running a single command or clicking an install button. This is usually done by using
batch files or script programs to set installation options that usually require user interaction or
selection.
This method is more efficient than manual installation but does require the development of
installation scripts. Although simpler because users and installation staff are not required to
interact with the install process, the script may need to be manually executed at the computer to
start the installation.

Remote deployment methods

The term ‘deployment’ refers to the distribution of software to the end users. Deployment is
often referred to as a ‘roll out’ which gives the impression of a mechanical production line. The
production line analogy becomes appropriate when you are installing the same software over
again and again.
This method usually involves ‘packaging’ the software. This means manually installing the
software on a test computer. This installed software is then manually configured as required.
Then the complete configuration (new files, folders, changed files, registry entries, etc) is re-
packaged for deployment. This package can then be delivered and unpacked into other
computers on the network that require the software to be installed.
This method may use hard disk imaging or cloning technologies to create disk images of a
computer with the installed software. This disk image may be deployed to other computers
creating a standard environment and reducing the time required to install software.
For remote deployment this method will employ remote control of other computers on the
network from a central location. This means that the computers connected to the network can
have the software delivered, installed and remotely configured if need be, without user
intervention or technical staff physically visiting the target computers.
Remote Deployment and management can be a part of a network operating system: for example
Microsoft Remote Installation Server (RIS) and System Management Server (SMS). Third party
software such as Novell ZenWorks (used for windows, Linux and Netware), Altris, Prism and
Norton Ghost provide remote desktop management, imaging and software deployment.

Terminal services methods

This method of software installation involves installing and configuring the software on a special
server known as a Terminal Server. The installed software on the server is then made available
for use by users at their networked computer. The software is not installed on the user’s
computer but appears to run as if it were locally installed. But in fact, the software is running on
the terminal server and is presented to the user’s computer via a terminal session. Note that the
software needs to be installed in only one location – the terminal server. For this to work the
user’s computer may need to have terminal services client software installed or in some cases
may simply access the terminal server via a web connection.
This type of software deployment overcomes problems of user’s hardware having to meet the
requirements of all software that is used. The user’s terminals can be relatively inexpensive, and
need not meet the hardware requirements (RAM, CPU speed, storage requirements) of the served
software applications.
Drawbacks of this scheme include:
 the need for a dedicated server powerful enough to run the required software in a terminal
service environment,
 Limitations in the number of concurrent connections to the server, and
 expensive license costs.
Terminal services may be available as part of the network operating system or as a third party
product like Citrix or Tarantella.
Software configuration
Often installing the software is only part of the set-up process. Once the software files have been
installed you may need to configure the software for your operating environment or to select
other options. The amount of configuration will vary and again you should refer to the manuals
that accompany the software.
Configuration options can include:
 Specifying other servers or other resources that the software needs to use. For example,
many web-based products will need to know the IP address or name of the server that's
running the Web service.
 If the software uses a DBMS then there may be scripts that have to be run to set up and
configure the database tables and to load initial data.
 Links to databases. Business intelligence products may need to be able to access data that
is stored in existing database tables. You will need to configure the servers and databases
so they can be used.
 User information may need to be configured so that appropriate access and security can
be set
 Network-based servers may need to be told about IP addresses, port numbers and
locations of other components or share names, especially if default settings have not been
used
 Other parameters such as time outs, or number of processes to start, location of files, and
so on.
When packaging software or using remote deployment, configurations are usually part of the
package. For terminal services, configurations are set at the terminal server. Other installation
methods may require configuration to be set at the installed computer.
In any case, the installation plan and process should address how software configuration will be
managed for the installation.
Testing the installed software

The software evaluation process and the installation planning process should have included a
process for testing the installed software. Software is usually evaluated before it is installed in a
working network. Testing in the evaluation process is essential to determine if the software
meets the organisational and business requirements. This type of testing may include estimating,
testing and reviewing things like:
 Disruption to business operations during installation
 Time, resources and budget required for complete installation
 Technical performance of installed software in a network environment
 Functional test as per requirement statement
 Security testing and backup
 Ongoing maintenance procedures
Evaluation testing is usually conducted by installing software on an isolated network that
replicates the production network as best as possible. This ensures that there is not possibility of
disrupting the working network. The installation of the software will test and confirm
installation requirements and what installation method works best. Technical testing is then
conducted looking at things like transaction speeds, response times, interoperability with existing
software and operating systems, impact on network bandwidth and so on. Functional testing is
also conducted. This looks at the software features, user interfaces, how the users actually use
the software and how it will fit into existing business processes.
Thorough testing will highlight software deficiencies. These deficiencies may be referred to the
software vendor who may be able to provide solutions or rectifications. Any solution or
rectification should be tested to confirm it does what it claims to do.
The results from evaluation testing are used to determine if the software meets the business
requirements. If it does a pilot or test installation should be undertaken.
A pilot or test installation is undertaken to ensure that the installation methods work as expected
(proof of concept) and that the installed software will work as expected in the production
network. A pilot installation involves selecting a small section of the working network where
you will install the software. This may be a couple of couple of computers for a small network
up to an entire department for a large organisation. This installation will test your installation
methods as planned in the working network.
Once the pilot installation is complete, testing using specific criteria should be conducted before
rolling out of the software for the rest of the organisation. The test criteria are based upon the
organisational requirements for the installation. The main criteria will be things like disruption
to the network during the installation, time required for installation, resources required for the
installation. The functional and technical tests results are compared to that expected and
determined by the evaluation testing.
Following the pilot installation testing and reviewing, any necessary changes should be made to
installation plan before moving forward with the software deployment on the entire network.
Once this is done software can be rolled out across the entire network. With the software
installed, final testing can occur. This is usually termed ‘acceptance testing’ and is performed by
both technical staff and the users of the software. The purpose of this testing is to ensure that the
installed software performs as expected by the user – that is, the user accepts the software
installation is complete with no problems.
Documentation

Documentation is the most import thing to be done following the installation of software on a
network. This makes our job as network and system administrators much easier and not so
taxing on the memory.
The documentation for the installation should contain:
 Software description including serial and licensing details and media storage location
along with any maintenance agreements or contracts.
 Inventory of install locations (number of computers and location)
 Detailed method for the installation including how the deployment package was created,
and how to perform the installation. Of course, the deployment packages used should be
kept in a secure location specified in these instructions.
 Software configuration details. This may include screen shots of configuration options.
 Change management history for changes in configuration or installation locations, or
methods.
 Detailed instructions for any required preventative or scheduled maintenance.
This documentation remains in the organisation and is used as a reference should there be a need
for any configuration changes or installation of the software on new or additional computers.
Summary

It’s tempting to just rush in and install software if we are short of time or under pressure to get
things done. However without a proper plan and knowledge of software installation methods,
installation may take longer and have adverse effects upon business operations.
The practical installation of network software involves an initial test or pilot installation with
testing and review of the process and outcomes. This will reduce potential problems with
network software roll out across an organisation.
Documenting the installation process is required to maintain the network software. This
becomes a reference for any future installation or configuration changes.
Evaluate network security status

Network Security
What is network security? Before we can evaluate the status of network security we need to
understand what network security is.
Security refers to the measures taken to protect certain things or elements of information. There
are three main elements.

Confidentiality
This means keeping information secret and safe. It means controlling access to information so
that only the people with authorisation will access the information. No one else should have
access to the information.
With Network Security this means keeping all information stored in a network environment
confidential and safe. This means keeping unauthorised people off the network and preventing
them from browsing around and accessing thing they have no authority to access.

Integrity
This refers to the correctness of information. It means making sure that the information is kept as
it should be and not altered or changed by unauthorised people. It also means protecting the
information from changes or corruption by other things like system or program failures or
external events.
With Network Security this means keeping all information stored in a network environment as it
should be. Information includes user generated data, programs, computer services and processes
(email, DNS, etc). This means protecting information from unauthorised changes and deletion by
people, network devices or external influences.

Availability
This refers to the ability to access and use information. It means making sure that the information
can be accessed whenever it’s required. If information is not available it is useless.
With Network Security this means keeping all information stored in a network environment
ready and accessible to those who need it when they need it. Information includes user-generated
data, programs, computer services and processes (email, word processing application, etc).
Evaluating Network Security Status
Knowing what network security refers to means we now know what to look for when assessing a
network. We need to look at what measures are in place to ensure that the confidentiality,
integrity and availability of network data, applications, services and processes are maintained to
the organisation’s requirements.

Threats
Threats are actions or events that could occur to compromise an organisations network security.
The threat will compromise confidentiality, integrity and/or availability of network information.
People or organisations that have possible access to the network may present threats. Threats
may be presented by people or organisations that have some reason for compromising network
security and have the knowledge and resources to pose a threat. Some examples of threats could
be hackers gaining access to confidential files, or a disgruntled employee deleting corporate data,
or virus infections corrupting data. Joy riders also pose a threat. They have no particular reason
for gaining access except for the challenge and a bit of fun or perhaps prestige within their peer
group.
Threats may also arise through circumstance. For example using second hand or old hardware
may pose a threat to network security.

Vulnerability
This refers to potential ways or avenues that could be used to compromise network security. For
a network to be vulnerable it must be accessed in some way. For example, Internet connection,
user workstations, wireless access via user laptops are all means of accessing the network. All
these access points use various systems such as firewall, computer operating systems,
transmission protocols to authenticate and authorise network access. Various methods can be
used to gain unauthorised access if vulnerabilities exist in the systems.
Operating system bugs, shortcomings in the authentication mechanism, and no security checks
for people entering the workplace are examples of vulnerabilities.

Countermeasures
Countermeasures are used to reduce the level of vulnerability in the organisation. They can be
physical devices, software, policies and procedures. Examples of countermeasures include
firewalls, antivirus software and security guards checking employee IDs as they enter the
building. In most cases, countermeasures are implemented at network access points or where the
vulnerability exists.
Impact
Impact means what will happen to the organisation if a threat actually happened. The
consequence of a threat occurring is usually measured in financial terms because the result may
be loss of business productivity, stolen equipment replacements and repairs, costs for
investigation and expert contractors. Other consequences may be damage to reputation, loss of
business or time and resource related.
Assessing impact can be an involved process and a topic in its self. However, in brief terms,
assessment is usually done by identifying systems or resources in the organisation. Then by
analysing usage patterns, business processes and work flow the importance of a system can be
determined. Finally, with user and management questionnaires, analysis of usage, business
processes and workflow, the consequence of the system or resource being unavailable or
compromised can be determined in financial and other terms.

Likelihood
Likelihood refers to the probability of an event occurring. Whether an event is likely to occur
depends upon a number of factors such as degree of technical difficulty and knowledge required
to cause the event, potential gain to the perpetrators and opportunity. Countermeasures reduce
the likelihood of occurrence. For example procedures ensuring that operating systems have the
latest security patches installed will reduce the likelihood of hackers compromising the system.

Risk
Risk refers to the potential or possibility for some form of loss. With network security this means
loss of confidentiality, integrity and/or availability of information or services. Risk is determined
directly by threats and vulnerabilities. For there to be a risk, a threat AND some vulnerability
must exist.
For example virus infection may compromise the integrity of information on a network. The
vulnerability or ways virus infection can occur may include the using of CDs or disks from
outside the organisation on local network computers. In this case a risk exists. If a
countermeasure or mitigation strategy such as using diskless workstations was employed, users
could not use external media. This means that there is no vulnerability and therefore no risk.
However, another vulnerability associated with virus threats may be the network’s Internet
connection. So the risk of virus infection via the Internet may exist depending upon firewall and
antivirus countermeasures employed.

Looking for Threats and Vulnerabilities

Evaluating the status of network security can be a daunting task if we don’t take a methodical
approach. We need to understand what makes up the network – the hardware and software.
Knowing this helps us break things down into smaller manageable parts. Once we identify the
individual systems and components (for example email service, web services, internet access,
applications, etc) we can then start to look at the security status of these one by one.
To work out threats and vulnerabilities, we need to examine:
 access to the system – including physical, electronic via authentication processes, via
local workstations, Internet, remote access server
 authorization mechanisms – including operating system or application permission or
access control methods, organisational processes and procedures to manage user access
 who has access and what can they do - this includes file access permissions for users and
access to services and this can be examined using auditing features built in to operating
systems and applications
 known vulnerabilities for example operating system or application defects/bugs,
hardware firmware
 potential vulnerabilities and confirmed by testing
 any countermeasures in place.
For any breech of security, there must be some form of access so it is important to consider all
possible means of access (physical and electronic). While hackers are usually associated with
external 'criminals', network security is more often jeopardised from within an organisation.
Look for vulnerabilities in the following areas of the individual network components.

Network design and components

Vulnerabilities associated with hardware and network design include exploitation of topologies,
switches, routers, firewalls, servers, computers and operating systems to breach network security.
Threats associated with hardware and network design vulnerabilities include:
 interception of wireless transmissions by hackers
 networks that use public or external transmission systems; for example leased lines are
vulnerable to eavesdropping
 networks segments being exposed to sniffing
 physical access to hardware
 private network addresses accessed and read when routers and other devices are not
properly configured
 dial-in servers or remote access used by off-site staff not being secure or monitored
regularly.
 improper use of default security options – after operating systems or applications are
installed, default security options are offered automatically; these default prompts are
well known by crackers and, if they are not changed by the network administrator, will
allow easy access to the system
 network operating system software having holes in its security, allowing hackers to gain
unauthorised access
Network operation and usage
We need to examine how the network or system is used and also any policies and procedures that
relate to this. Threats from people exploiting vulnerabilities in the way networks or systems are
used may include:
 Intruders or hackers gaining user passwords through manipulation or monitoring.
Surprisingly, many people write their passwords down on sticky notes and leave them stuck
on the side of their monitor or under their keyboard. It is easy for an observant person to find
these notes, or even to unobtrusively watch passwords being typed in
 Social engineering—This practice involves manipulating social relationships in order to gain
information, specifically, passwords. For example, the intruder may pose as a network
administrator who asks for your password in order to investigate some problems with the
network
 incorrect configuration of user IDs and groups and their associated file or login access
 network administrators not noticing security gaps in the operating system or application
configuration
 lack of a security policy, leading to users not knowing or understanding security
requirements
 dishonest or disgruntled employees abusing their access rights
 an ’unused’ computer being left logged on to the network, thereby providing access to an
unauthorised user
 users or administrators choosing easy-to-guess passwords
 computer rooms being left unlocked, allowing unauthorised physical access
 back up tapes or floppy disks containing confidential information being discarded in public
waste bins
 administrators failing to delete system accounts of employees who have left the organisation.

Communications and connections

The security of network operating systems and application software is dependent on its
configuration. Some of the vulnerabilities in this area regarding communications and connections
include:
 IP addresses easily falsified and requiring little authentication
 flaws or gaps in network software allowing IP spoofing to occur.
 viruses – which can be contracted from the Internet or external email, or transferred from one
computer to another through internal network and emails.
 incorrectly configured firewalls not preventing unauthorised access
 authorised users transferring files using Telnet or FTP over the Internet, with user ID and
password transmitted in plain text, which can easily be accessed and used inappropriately
 hackers obtaining personal or user ID information entered into online forms or newsgroup
registrations
 access inadvertently allowed into chat session or email software while users remain logged in
to Internet chat sessions or Internet-based email.
 denial-of-service attacks. These are usually deluges of messages sent to a third party using
PCs on your network as ’drones’, resulting in the targeted system becoming disabled
 Clear text sniffing—Some protocols do not use encrypted passwords as they travel between
the client and the server. A cracker with a sniffer can detect these types of passwords, thus
gaining easy access to the information
 Encrypted sniffing—protocols may use encrypted passwords; hackers may carry out a
Dictionary attack. These are programs that will attempt to decrypt the password by trying
every word contained in English and foreign language dictionaries, as well as other famous
names, fictional characters and other common passwords.
Brute-force attacks are similar to Dictionary attacks. The difference is that Brute-force attack
intruders will use encrypted sniffing to try to crack passwords that use all possible
combinations of characters. These characters include not only letters, but other characters as
well.
 Replay attacks—By reprogramming their client software, a cracker may not need to decrypt
the password; the encrypted password can be used ’as is’ to log into systems

Third Party Tools

How long do you think it would take an administrator to manually check the configuration of
every network device for possible security vulnerabilities?
Administrators are human and humans are not well suited to looking at long detailed log files
and configuration listings. There is a good chance something will be missed. Fortunately, there
are a number of tools available that can accurately do this work for the administrator.
Network security tools evaluate the security of a network by
 Performing scans of security configuration for specific devices and operating systems –
for example account policies and security policy settings for windows operating systems.
These tools generally need administrative access to the devices and compare results to
expected best practice settings reporting the differences. These types of tools can also
audit file systems by listing security setting and permissions as applied to the files system
and services.
 Network traffic scans and probes that test for available network connections. This tests
for network addresses, protocols and gathers transmission and connection information
about the network. It may draw topology diagrams with device and host information.
 Penetration testing. These tools will attempt to gain access to the network by performing
a series of attacks on the network using methods that exploit known vulnerabilities. These
types of tests can be performed from outside the network (for example via the Internet) or
from inside the network to test internal security.
In all cases these tools use known vulnerabilities and methods to test network security and as
such need regular updating as new vulnerabilities are discovered. These tools should be used out
of normal business operation hours as they can impact on network performance. Links to these
types of tools and sources for are available at the end of this reading.

Evaluate Findings
Once we have completed the task of looking for risks and checking configurations, we need to
compile our findings and determine if any improvements or changes are needed.
We need to record the findings for each of the systems or network components we reviewed. In
summary, these were the things listed in the 'Looking for Threats and Vulnerabilities' section
above.
Using a table can help you evaluate your findings. Once you have listed your findings you need
to consider what issues or concerns result from your findings. These concerns may become
threats and risks. From the concerns and issues consider what you can do to remove the issue or
concern.
Take a look at the sample Risk Evaluation table on the next page. Note: You can also download
this table as a separate document from the Reading section of this online learning pack.
Table: Sample Risk Evaluation table.
System or Results and findings Concerns or Issues Recommended Action
Network
Component

Identify the Physical environment (Example: Anyone can walk (Example: Lock the
network
system or in and access the computer computer room and only
(List here your findings
component and console. They could copy authorised people have
about the physical security
or delete information and keys)
of the system)
damage the hardware)
(Example:
(Example: insecure
Finance
computer room)
database server,
windows 2000)

Access configurations (Example: Password (Example: Change system

complexity is low. Passwords requirements for longer
(This includes
could be easily cracked) and complex passwords)
authentication systems,
electronic access to the
system, operating system
configurations for access)

(Example: Password length

is set to 4 characters)

Authorised users and (Example: Default permission (Example: Do not use

access levels is to read all files. Secure default permissions.
information cannot be changed Develop required
(List of authorised user and
or deleted by unauthorised permissions for each
what they can do and access
people but anyone logged in group of users and
on the system)
can see it) implement)
(Example: Default
permission set on all files
for everyone accessing the
server)

Process or procedural (Example: Anyone can gain (Example: Set password

assessment access when authorised user is protected screensavers to
away from desk) activate after 5 minutes
(List any failings in
and educate user about the
procedures or work
need for security)
practices. This includes the
way the system or network
is used.)

(Example: Users are leaving

logged in computers
Using
unattended)
tables
like the
one
Vulnerability test results (Example: results of code may (Example: Apply vendor above
(List test results from
leave server open to remote supplied security patch to will give
specific tests or test utilities
control by unauthorised server) us a
like penetration tests,
people) picture of
network scans, etc) the

(for example operating

system ’buffer overflow
may cause arbitrary code to
execute)
security status of the components and the network as a whole. As network or system
administrators we make technical recommendation on these finding to improve or correct any
network security deficiencies. However it is up to organisation management to approve any
recommendation.
Information on threats, vulnerabilities, impact or consequence along with recommendations
(including implementation costs) addressing the risks must be provided in a meaningful way for
organisational management to make sound decisions regarding network security.

Quantifying Risk
We know that risk is the result of threats and vulnerabilities, but how do we measure the risk?
One useful way is to scale risks based on impact and likelihood. Using this method
organisational management can identify the most likely and most damaging risks.
Consider table on the following page. Risk is calculated by multiplication of impact and
likelihood. Risk is now scaled between 0=no risk and 25= extreme risk. (Note: You can also
download this table as a separate document from the Reading section of this online learning
pack)
Threat Vulnerability Impac Likeli Risk Comments Possible Countermeasures
t hood Factor and Mitigation Strategy
0-5 0-5 0-25

Confidential Access to 5 0 0 Records kept on None require as long as

ity of client information database server on server remains isolated
records from outside separate network
(Example: organisation segment not
credit card via internet accessible via
numbers internet
may be
This risk does not
gained by
exist because there is
unauthorised
no vulnerability
people
Access via 5 2 10 Unauthorised person Increase building access
internal may gain access to security by introducing
workstations the building and security guards and key card
computers in the access
closed segment
Employee education on
Covert employee security issues
activity may occur.
Implement auditing on
sensitive resource accesses

Access via 5 1 5 Procedure checks in Audit procedures and

failed process place perform spot checks
and procedures
Copies of shredded Locked document
printouts may be destruction bins.
possible

In the above example both impact and likelihood are equally weighted. If an organisation is only
concerned with impact, then likelihood may use a smaller scale or not be used at all to calculate
the risk factor.
It is a management decision to accept the risk with consequences and potential cost to the
organisation. The alternative is to implement countermeasures or mitigation strategies to reduce
the impact or likelihood. These measures usually come at a cost and management need to decide
if they wish to spend potentially lots of money to prevent something that is unlikely to occur.

Prepare Report
As mentioned, your risk assessment findings must be presented using clear documentation. The
report presented to management regarding the status of network security should include:
  Your summary of concerns and recommendation in plain English
 Summary of findings should include your main concerns, possible consequences and
current network security compliance with existing organisation policy and standards
 Recommendations need to include implementation costs, resources required, time
required, potential impact on continuing business or systems access.
 A risk summary table including impact and likelihood (weighted if required)
 Your methods of evaluation and investigation of network security status.
 Any other relevant supporting documentation.
As an IT professional, management will be relying on your skills and judgement in presenting a
clear picture of the current network security status. Key points to remember here is that
management want to know if the organisation is exposed to potential risk, what is really at risk
and how much it will cost in financial terms, time and material to mitigate the risk.
As IT professionals, some times we may not look at the big picture and think in technical terms.
What you present must be understood by non technical people so that they can make valid and
justifiable business decisions using your information.
Summary

There is a lot of hype about network security and with it comes the potential to spend big dollars
in securing a network. We now know how to assess and evaluate the status of network security
by identifying real and valid threats. Without vulnerabilities to the threat there is no risk to
network security.
We have learnt that there must be some form of access to the network for security breeches to
occur. Evaluating network security means looking at the individual components that make up the
network, investigating how they are accessed specifically looking for vulnerabilities in
confidentiality, integrity and availability. Third party security evaluation tools are a most useful
resource when used in conjunction with our other findings to formulate recommendations.
Most importantly, our findings need to be interpreted and presented in a meaningful way with
recommendations that are easily understood. Management make decisions on acceptable risk not
administrators.

Notes

Test Security Levels

Manage user accounts

User Access
You’ve probably heard someone say that the most secure system is the one that has no users! It is
probably also one of the most useless systems. We do want our users to access the system; it’s
just that we want them to have the appropriate access.
The control of user access can take many forms and apply at several levels. Once a computer is
physically accessed, the user usually logs on to gain access to applications. These applications
will access data in files and folders.
We can simplify the process down to 3 things.
 Physical access
 Authentication
 Authorisation

Physical access
The first layer of management and security is the physical access to the computer. To prevent
unauthorised access, a company may make use of:
 locks on the front doors
 locks on each floor
 locks on offices, etc
 security guards
 cameras
 keys on computer systems.
Only those who have permission and keys will be able to access a computer in the company’s
premises. The Internet, however, presents issues concerning access to corporate information or
systems because physical restrictions cannot be imposed.

Authentication
Authentication is the process of verifying the identity of people who are attempting to access the
network or system. Typically, a user identifies themself to the system, then is required to provide
a second piece of information to prove their identity. This information is only known by the user
or can only be produced by the user.
The most common method used to authenticate users is the Username and Password method.
Using this method a user identifies itself with a username. They are then prompted for a
password. The combination of name and password are then compared by the system to its data
on configured users and if the combination matches the system’s data information the user is
granted access.
Other authentication methods include:
 Username with static passwords—the password stays the same untill changed by the user
at some time
 Usernames with dynamic passwords—the password is constantly changed by a password
generator synchronised with the user and system.
 Other challenge response systems—this may involve PINs, questions to the user
requiring various answers or actions
 Certificate Based—this requires the user to have an electronic certificate or token. This
may also need to be digitally signed by a trusted authority. Kerberos is an example.
 Physical devices—these include the use of smartcards and biometrics. Generally the
entire authentication process occurs on the local workstation, thus eliminating the need
for a special server.
Whatever method is used is determined by the organisational policy and security requirements.

Identity Management
In large organisations there may be thousands of users for a network. These users could be
employees, contractors, partners, vendors and customers. Being able to identify and manage each
of these users is most important because each user has different requirements and levels of
access.
This information is managed using either the Network Operating System, Directory Services or
specialised Identity Management Software. Essentially, all of these use a central repository or
database that contains all the user information and credentials. This presents a single location for
all applications and services to use when authenticating users as required.

Authorisation
Once a user has been authenticated (that is their identity validated) they are granted access to the
network or system. For the user to then access data or an application or execute some task or
command they need be authorised to do so. The authorisation process determines what the user
can do on the network. In other words it enforces the organisation policy as applicable to the
user.
The Network and System administrators are responsible for the technical configuration of
network operating systems, directory services and applications. Part of the configuration includes
security settings that authorise user access. The administrators use an organisational policy to
determine these settings.

User Account Configuration

Network and System Administrators are responsible for configuring user accounts. Network
operating systems and applications have many security options and setting relating to user
access. How does an administrator determine the configuration and setting for user accounts?
Organisation policies and procedures provide the guidelines for administrators.

User Account Settings

The organisation’s policies should make statements as to the degree of user control that is
required. Network procedures should contain details as to how these policies may be
implemented. For example, the policy may state that user passwords should not be less than six
characters. The procedures will then describe how the administrator should configure the
operating system to ensure that all passwords are at least six characters.
The administrator should review the policies to ensure that the procedures produce the desired
outcomes. The procedures should describe in detail how to make use of the operating system
facilities to configure user accounts in accordance with the security requirements.
The actual way you set these parameters will vary with each operating environment, however,
here are some basic parameters covered by most operating systems to consider when setting up
user account options:
 Password requirements—whether a password is required, minimum length, complexity,
needs to be changed at intervals, etc
 Account lock out settings—disabling accounts that have made a number of bad logon
attempts
 Access hours—the standard days and time that users will be permitted to access the
network
 Account expiry dates—date when account will be disabled
 Logon restrictions—accounts can only be used at specified locations or
workstations.
 Home directory information—a home directory is a folder that usually has the name of
the user and the user has full permissions over.
 Logon scripts—these perform specific tasks or run specific programs when the user logs
on
Configuring User Access
Once user account settings have been determined how do we know who should have accounts
and what access should be set?

Reflect: Configure user access

Before you read through the next section, think about who needs to be consulted in setting up
user access.

User Authorisations
Once again, organisational policy and procedures provide the necessary information for the
administrators. There should be procedures in place that inform the appropriate people that a
person requires a new user account or changes to an existing account or a deletion of accounts.
The notification procedure should cover circumstances such as new employees joining the
organisation, employees changing positions in the organisation and employees leaving the
organisation. These notifications must come from authorised people in the organisation
(managers, etc) as stated in the policy and procedures.
Notifications also need to specify what information, data, resources etc the account is permitted
to access. The request for access must be authorised by an appropriate person in the organisation
(usually department managers). The access permissions for users should be carefully planned
and determined in writing by appropriate people who have the authority to allocate the access.
Procedures should address:
 which managers can authorise a new user
 standards for user id and passwords
 groups that users can belong to and authority required for each group
 basic accesses that all users are allowed
 authorisation requirements to access sensitive data
 application accesses
 ability to install additional software
 email and Internet accesses
 special accesses that may be required.

Reflect: User authorisation

Take a look on the net for examples or tutorials about Configuring user authorisation. You may
want to try Microsoft (www.microsoft.com) or Linux (www.linux.org). You could also search
for tutorials using Google (www.google.com) and searching for the phrase’ ’account creation
procedure’.
Use of Groups
The most common way of administering access permissions is to create groups and put user
accounts into appropriate groups. The group is then permitted or denied access as required.
Using groups is an efficient way of managing authorisation because you only need to set access
permission to a group and not individual accounts.
For example, a company may have thousands of users, but analysis of what those users want to
do may show that there are twenty or more different combinations of access permissions
required. By assigning users to groups and then allocating permissions to the group, the security
administration is greatly simplified.
Once we have users allocated to groups we can explore other levels of controlling access.
Allocating permissions to folders and files is a major security provision of network operating
systems and one that is important to set up correctly. Can we go lower and look at the content of
a specific file and restrict access there?
The restriction of file access is most applicable in controlling access to database files.
For example, imagine a Payroll system using a database in which the data is stored in tables.
These tables have columns and rows of data. Let us think about two groups of user, the payroll
department staff and the manager of a department. The payroll group are likely to be allowed full
access to all the data although in a very large organisation there may be segregation of access.
But what about a department manager? This person may be allowed to see salary details for the
staff that work in the department only.
In the table containing salary details there may be a row for every employee in the organisation.
This means that we only want to show this manager the rows that relate to the one department.
This would be secured with a filter that only displays staff in the department being examined.
Furthermore there may be information about an employee that even their manager may not be
able to see, such as medical or financial information. This information may be restricted by
controlling the columns returned in a report or query.
This type of security is really part of the application control rather than the network but it is still
an important part of the overall security of the system and needs to be addressed by the
organisational procedures.

Permissions and Rights

Permissions generally refer to file and directory access. The user account or group can be set
with the following type of permissions:
 No access at all to files and directories
 Read only.
 Modify where the contents of files and directories may be accesses but changed or added
to but not deleted
 Full Control or Supervisory where files and directories can be view modified and deleted.
Rights (or privileges) generally refer to the restriction on user accounts or group in performing
some task or activity. For example a user account or group may be assigned administrator or
supervisor rights meaning that the user can perform administration tasks like create, modify or
delete user accounts. Care must be taken with rights to ensure security is not compromised.

Managing User Accounts

Once user accounts are configured we still need to manage the accounts as required by
organisational policy. For example user accounts for contractors are active only for as long as the
contractor are physically on site. This means that accounts need to be enabled and disabled. This
activity should be addressed by procedures.
Note also that many networks on different OS’s allow’ ’guest’ and’ ’temporary’ accounts. These
are usually set up for either read-only or short-term access to people who would not normally
have access to the system. Great care must be taken in configuring or using these accounts firstly
because they can allow anonymous and uncontrolled use of a system and secondly guest
passwords can sometimes be guessed easily and provide a doorway for hackers/crackers.
Administrators need to review procedures to ensure that they remain current and address any
changes to the organisation and the network.
Administrators need to be aware of user activities and practices when accessing the network.
Organisational policy and procedures should address how users should access the network. In
time users may develop shortcuts and practices that knowingly or unknowingly are in breech of
policy and may compromise network security. For example a user may log on to the network on
one workstation. Then to allow access for a colleague who has forgotten their password the users
logs in on another workstation for the colleague. The result is two concurrently network
connections for one user account but for two different people who have different user access
requirements.
To manage user accounts appropriately administrators should
 Regularly review organisational policies and procedures to be aware of requirements and
address any organisational or network changes
 Conduct regular checks to ensure the change management procedures are working for
new, changed and deleted users
 Review and investigate current work practices regarding user network access
 Conduct information and training sessions for network users to reinforce appropriate
practices and organisational policy
 Conduct regular audits of network access—verifying current users and deleting expired
accounts
Managing user accounts can be a complex and tedious task but we can things easier by ensuring
appropriate policy and procedures are in place.
Reflect: Policies and procedures
Many larger organisations post the policies that govern their user authorisation processes on their
intranets. Try searching intranet sites for larger companies—particularly IT based organisations.
You may need to look under’ ’Publications’ or’ ’Policies’. Also try a Google search for the term’
’user authorisation policy’ (use’ ’authorization’ for US companies).

Summary
How user accounts are managed is principally determined by organisational policy.
Administrators need to use policies and procedures to determine how to configure accounts and
how to set appropriate access permissions to application and data.
Once accounts are established, again policies and procedures will clearly define how the
accounts will be managed with regard to changes, disabling and

Dani and Tare

Manage and Support Internet

General Comment
 Session plan
 Operation sheet
 Self check
 Lap test