Laser printer repair
National Computer Service Nationwide Printer Repair National Computer Repair Structured Cabling Network Services
Printer Sales
Printer Consumables
Printhead Installation Guide
Financing Options
Virtual Office
Newsletters
White Papers
Favorite Links
Client Login
Request Service
Search
Site Map
                                 
 
Headquarters:
2901 W Clarendon
Phoenix, AZ 85017
1-800-786-0288
Email Us!
 

 

ACCRAM INC

Zyxco Inc.

Network Assessment

Project Sponsor: 

Sponsor – Zyxco Inc.

 

Accram Project Team:

            Team Leader, Project Manager

            Sales Person, Business Development Manager

     

Overview

This document is intended to provide an overall technical assessment of the current PC networking infrastructure at the Zyxco Inc. main office.  In addition, this document will provide recommendations for the environment based on that assessment. 

In order to best serve this dual purpose, the document is divided into several sections to represent the major infrastructure components in the environment.  Each section is further subdivided to show specific technical details.  Each subsection is comprised of two major components:

  • Analysis – A technical assessment of the current configuration, highlighting strengths and deficiencies

  • Recommendations – Recommendations for improvements to the current configuration based on best practices and the overall direction of the IT infrastructure.

At the end of this document you will find several appendices containing the raw data collected through on-site evaluations and interviews of interested parties.  This raw data is the basis for all analysis and recommendations made in this document.

Network Infrastructure

The network infrastructure is loosely defined as “all of the components that let computers communicate”.  The word ‘communicate’ means many things to computers; saving a file to the network server, accessing a database, sending email or even surfing the web are all forms of computer communication.

Generally speaking, Network Infrastructure components include but are not limited to the following:

  • Network wiring including LAN and WAN connections

  • Network devices such as switches, routers, hubs, bridges and firewalls

Network Topology

Analysis

The Local Area Network at Zyxco is flat, containing only one logical IP segment.  All network connections are made via CAT-5 twisted pair on 10 Mb/s or 10/100 Ethernet hubs.  The topology is basically star-bus as illustrated below.

 

Figure 1 - Star-Bus Topology

The star-bus topology is generally accepted as a standard configuration for Ethernet over twisted pair networks, however the use of hub rather than switch technology is an area for concern. 

The use of hubs throughout the environment creates a single collision domain for the entire network.  Overall network performance decreases proportionally to the number of systems active on the network as well as to the level of that activity.  This situation is analogous to a large crowded room in which everyone is shouting at once. 

To further exacerbate the problem, all hub interconnects are made at line speed using ‘uplink’ ports.  This will result in poor performance for those network computers located farthest from the servers in terms of hub interconnects as illustrated in Figure 2 below. 

 

Figure 2 - Network Degradation

It is likely in this configuration that network packets are being dropped during heavy network load resulting in multiple retransmissions.  The end result is poor network performance and slow server response times.

Recommendations

Maintain the star-bus topology using Ethernet over twisted-pair.  Replace all hub devices with switch technology to reduce the amount of collision/retransmit packets.

Utilize corporate or enterprise level switches with faster than line speed interconnects for the core network backbone.  This will eliminate the line speed bottleneck as traffic moves across the switch fabric.

Internet Connectivity

Analysis

Internet connectivity for the site is achieved through a dedicated T-1 or Frame-Relay leased circuit terminated by a Cisco 1720 series router with an internal T-1 DSU/CSU WAN Interface Card as illustrated below.

Figure 3 - Internet Connectivity

A Sonic Wall firewall appliance provides NAT overload services for desktop clients as well as static one-to-one NAT translations for specific network services such as the Exchange email server.  The Sonic Wall is also configured for port filtering and stateful packet inspection to help increase Internet security.

Recommendations

This configuration is generally sound with respect to the method of Internet connectivity.  As mentioned before however, network hubs should be replaced with switch technology to minimize collisions and increase network performance.

Bandwidth utilization for this connection should also be monitored during peak usage, especially during high volume seasons to validate firewall performance under high inbound load conditions.

NOS Environment

The ‘NOS’ or Network Operating System Environment is made up of the desktop and server operating systems, user and group configuration as well as all objects that make up what is commonly called the ‘network’.  In Windows based network environments, there is typically an NT domain model to provide various network services to desktop end users.

NT Domain Topology

Analysis

The NT Domain topology consists of a single mixed mode Active Directory domain with NT 4.0 BDC.  The domain is configured in only one site and thus there is no WAN replication topology to consider.

Figure 4 - Current Domain Topology

It appears that he Active Directory was upgraded from a single NT 4.0 domain in order to provide the required foundation for the installation of Microsoft Exchange Server 2000.

With few exceptions, desktops throughout the environment are Windows NT 4.0 Workstation and members of the domain.  Access is provided through Domain User account and Security group permissions.  Group based logon scripts provide network drive mapping to file shares located on network servers.

Recommendations

Migrate to a Native Mode Active Directory domain based on Windows 2000 Server.  Take advantage of Multi-Master Domain controllers.  Implement group policy objects as needed to reduce administration of groups and users.

NOS Security

Analysis

Network security is a fairly wide ranging topic covering everything from server configuration to network hardware and protocol configuration all the way to physical access and lock-types on doors.  For the purposes of this document, we are concerned with three main areas of OS level security:

  • Password Policy

  • Account Policy

  • Network Resource Policy

Password Policy

There is currently no password policy in place to define minimum password length, maximum password age or complexity requirements.  As such, passwords for network users are generally very weak and easily guessable, consisting mainly of dictionary words.  Additionally, there is no account lockout policy in place to limit the effectiveness of brute-force type attacks.

This configuration poses a security risk as it is easy for a malicious hacker to gain access to sensitive files by guessing a user password, or using a simple ‘brute-force’ hacking tool to derive the password by quickly trying multiple combinations in a short period of time.

Account Policy

There is no account policy in place to define allowed network access times or to further secure the environment by removing last-logged-on user names from the desktop.  The Administrator account is still active and named Administrator with full rights.

This security risk allows a malicious user – perhaps posing as a member of the night-time cleaning crew to have unfettered access after hours when their presence won’t be called into question.  In addition, this configuration gives the malicious user half of the information needed to hack into the system; the Username.

Network Resources

User rights are based on security group membership of their network account.  This is generally the best practice for assigning user rights as it makes administration of similar groups of users easier.  Many servers however have open share points to the root of local hard drives. 

Recommendations

Implement a network password policy requiring at least the following:

  • Minimum password length of 6 characters

  • Minimum password complexity requirement of Alpha-Numeric

  • Maximum password age of 45 days

The administrator account should be renamed to something other than administrator.  To increase security, after renaming the administrator account, set the password to be very strong – 16 characters, mixed case, alphanumeric with special characters – and store the password in a locked safe with limited access.  A second Domain Administrator account should be created, with a fairly strong password, for use during normal day-to-day operations.  This allows for ease in disabling the daily administration account should it become compromised.

A network account policy should be created to limit logon hours for the general user population to normal business hours.  Additionally, the last-logged-in username should be removed from the desktop and desktop profiles should not be cached.

All network file server access should be closely controlled through the use of specific share points and security group rights assignment.  The root level share points should be removed from all servers, leaving the hidden administrative shares (such as C$) in place.  This will still allow administrative access to resources by Network Administrators while removing the potential threat of a ‘network browser’ attack.

Server Analysis

Zyxserv1

Name:

Zyxserv1

Mfg:

Compaq

Model:

Proliant 3000

SN:

 

Function:

Exchange , AV, OWA, PDC, DHCP, DNS, WINS

OS:

Win2K SP2 (upgrade)

RAM:

1.5 GB

CPU:

P-III 500 MHz

Logical Drives:

0

 

 

HDD: 

C:

D:

 

 

RAID Level:

5

 

 

LD

0

0

 

 

LAN IP:

192.68.0.1

192.68.0.10

Capacity

3.7 GB

11.6 GB

 

 

WAN IP:

24.1.2.3

24.1.2.4

Free

200 MB

1.3 GB

 

 

Port Map:

SMTP, POP3

HTTP, HTTPS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Installed Applications

  • IIS (Outlook Web Access)

  • Exchange Server 2000

  • DHCP Server Service

  • DNS Server Service

  • WINS Server Service

  • Symantec Anti-Virus Corporate edition

Assessment

This system is overloaded, performing most of the required network services for the environment.  Hard drive capacity is at minimum acceptable levels for the system and boot partitions.  Large server load, or natural growth of data stored on the drive through use may cause a system failure resulting in system downtime and potential loss of data

The system is outside of the manufacturer’s warranty period.  Hardware failures requiring parts replacement will be considerably expensive assuming suitable replacement parts will even be available.

Recommendations

Replace this server with modern equipment or distribute some of the server load to other more modern platforms with sufficient system resources to handle the additional load.  Exchange Server 2000 in particular should be installed on a server that performs no other network services for the environment.

ZYXS-FS

Name:

ZYXS-FS

Mfg:

Compaq

Model:

Proliant 800

SN:

 

Function:

File / Print , Network Backup

OS:

Win2K SP4

RAM:

512MB

CPU:

P-II 450 MHz

Logical Drives:

0

 

 

HDD: 

C:

D:

 

 

RAID Level:

5

 

 

LD

0

0

 

 

LAN IP:

192.68.0.2

 

Capacity

7 GB

26 GB

 

 

WAN IP:

 

 

Free

4 GB

8.5 GB

 

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 Installed Applications 

  • Veritas Backup Exec 9.0

    • DDS 4 20/40 DAT tape drive

  • File Server

    • Departmental file shares

    • General Data file shares

    • Private User file shares

 Assessment

While this system is currently out of warranty, it does have sufficient system resources to provide the role of File and Print server.  There are however some concerns with regard to the tape backup: 

  • The current DDS 20/40 DAT drive does not have sufficient capacity to perform a full backup of the entire environment

  • Backup jobs will run slowly on this platform due to system resource limitations.  Large backup or restore jobs may not run completely in the time allotted

Recommendations

I recommend leaving this server in place to perform the role of File and Print server.  The current tape drive system should be replaced with a larger unit capable of performing a full backup of the entire environment.  The backup server role should be migrated to a more modern platform, preferably a multiprocessor server.

 

Zyxserv2

Name:

Zyxserv2

Mfg:

Compaq

Model:

Proliant 800

SN:

 

Function:

BDC, File Server

OS:

NT 4.0 SP6

RAM:

128 MB

CPU:

Pentium 200

Logical Drives:

0

 

 

HDD: 

C:

D:

F:

 

RAID Level:

5

 

 

LD

0

0

0

 

LAN IP:

192.68.0.3

 

Capacity

2 GB

2 GB

9 GB

 

WAN IP:

 

 

Free

300 MB

700 MB

2 GB

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Installed Applications 

  • Historical UPS shipping data

  • Historical Cyma Accounting Data

  • Current Aperture system data

Assessment

This system just meets the Microsoft Minimum System Requirements for installation of Windows 2000 Server.  As a result, system performance will suffer under any appreciable server load such as multiple simultaneous user connections.  Ultimately, this will result in poor user experience and may result in loss of data due to a system failure while overloaded. 

 Hard drive capacity is at minimum acceptable levels for the system and boot partitions.  Large server load, or natural growth of data stored on the drive through use may cause a system failure resulting in system downtime and potential loss of data

 The system is outside of the manufacturer’s warranty period.  Hardware failures requiring parts replacement will be considerably expensive assuming suitable replacement parts will even be available.

 The NT 4.0 operating system has been deprecated by Microsoft.  Additional support for this OS is not available, nor will future updates, service packs or security updates be available.

 The root directory of all system hard drives is an open share to the network.  This poses a potential security concern as vital Operating System files are directly accessible via the network. 

Recommendations

Replace this server with modern equipment, or migrate the role of this server to a more modern platform with sufficient system resources to handle the additional load.  Consider migrating necessary historical data to offline storage such as demand access tape drives to conserve hard drive capacity.

Marketing

Name:

Marketing

Mfg:

HP

Model:

Netserver E50

SN:

 

Function:

4D Server

OS:

NT 4.0 SP 6

RAM:

128 MB

CPU:

P-II 300

Logical Drives:

0

 

 

HDD: 

C:

 

 

 

RAID Level:

 

 

 

LD

0

 

 

 

LAN IP:

192.68.0.5

 

Capacity

4 GB

 

 

 

WAN IP:

 

 

Free

620 MB

 

 

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Installed Applications

  • IIS (Default install – Server Stopped)

  • 4D Server service

  • Timbuktu for remote administration

Assessment

This system just meets the Microsoft Minimum System Requirements for installation of Windows 2000 Server.  As a result, system performance will suffer under any appreciable server load such as multiple simultaneous user connections.  Ultimately, this will result in poor user experience and may result in loss of data due to a system failure while overloaded. 

 Hard drive capacity is at minimum acceptable levels for the system and boot partitions.  Large server load, or natural growth of data stored on the drive through use may cause a system failure resulting in system downtime and potential loss of data

 The system is outside of the manufacturer’s warranty period.  Hardware failures requiring parts replacement will be considerably expensive assuming suitable replacement parts will even be available.

 The NT 4.0 operating system has been deprecated by Microsoft.  Additional support for this OS is not available, nor will future updates, service packs or security updates be available.

 The root directory of all system hard drives is an open share to the network.  This poses a potential security concern as vital Operating System files are directly accessible via the network.

Recommendations

Replace this server with modern equipment, or migrate the role of this server to a more modern platform with sufficient system resources to handle the additional load.  Consider migrating necessary historical data to offline storage such as demand access tape drives to conserve hard drive capacity.

NetCommerce

Name:

NETCOMMERCE

Mfg:

Clone PC

Model:

 

SN:

 

Function:

eCommerce Web Service

OS:

NT 4.0 SP6

RAM:

1 GB

CPU:

Dual P-III 700 MHz

Logical Drives:

0

 

 

HDD: 

C:

D:

 

 

RAID Level:

5

 

 

LD

0

0

 

 

LAN IP:

192.68.0.6

 

Capacity

4 GB

14 GB

 

 

WAN IP:

24.1.2.6

 

Free

2.7 GB

12 GB

 

 

Port Map:

HTTP / HTTPS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

                                   

Installed Applications 

  • IBM Net Commerce eCommerce web server software

    • DB2 Database backend

    • Stand alone Web service, not reliant on IIS

  • PC Anywhere

    • Remote Access / Administration

    • Direct dial modem access

Assessment

System meets system requirements for the role performed; however this clone PC is built with off the shelf hardware that is not of server quality.  This system may experience unacceptable system performance or hardware failures in the future. 

Recommendations

While this system meets the requirements and does not currently need to be replaced, it should be considered in the system refresh budget to replace with server class hardware.

Peach

Name:

Peach

Mfg:

Compaq

Model:

Proliant 800

SN:

 

Function:

Peachtree File share

OS:

Win2K SP2 (upgrade)

RAM:

156 MB

CPU:

Pentium 200 MHz

Logical Drives:

0

 

 

HDD: 

C:

D:

 

 

RAID Level:

5

 

 

LD

0

0

 

 

LAN IP:

192.68.0.8

 

Capacity

2 GB

2 GB

 

 

WAN IP:

 

 

Free

300 MB

1.2 GB

 

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

Assessment

This system just meets the Microsoft Minimum System Requirements for installation of Windows 2000 Server.  As a result, system performance will suffer under any appreciable server load such as multiple simultaneous user connections.  Ultimately, this will result in poor user experience and may result in loss of data due to a system failure while overloaded.

 Hard drive capacity is at minimum acceptable levels for the system and boot partitions.  Large server load, or natural growth of data stored on the drive through use may cause a system failure resulting in system downtime and potential loss of data

 The system is outside of the manufacturer’s warranty period.  Hardware failures requiring parts replacement will be considerably expensive assuming suitable replacement parts will even be available.

Recommendations

Replace this server with modern equipment, or migrate the role of this server to a more modern platform with sufficient system resources to handle the additional load. 

Citrix

Name:

Citrix

Mfg:

Compaq

Model:

ML 330

SN:

 

Function:

Citrix Server

OS:

Win2K SP2

RAM:

1 GB

CPU:

Dual P-III 1.1 GHz

Logical Drives:

0

 

 

HDD: 

C:

D:

W:

 

RAID Level:

5

 

 

LD

0

0

0

 

LAN IP:

192.68.0.12

 

Capacity

8 GB

9 GB

6 GB

 

WAN IP:

24.1.2.5

 

Free

1 GB

7 GB

1 GB

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

Installed Applications

  • Citrix Metaframe XP

  • MS Office Suite

Assessment

This is a remote access / terminal services server.  This server is currently well suited for the role it has been assigned.  The RPC Patch discussed in Microsoft Knowledge Base article 823980 has not been applied. 

Recommendations

Apply critical security patches as needed, especially KB 823980.  Monitor server load during peak utilization to identify bottlenecks to system performance.

4DClient

Name:

4DClient

Mfg:

IBM

Model:

Net Vista

SN:

 

Function:

Fileshare, 4D Distribution

OS:

Win2K SP2

RAM:

1 GB

CPU:

P-4 1.7 GHz

Logical Drives:

0

 

 

HDD: 

C:

 

 

 

RAID Level:

0

 

 

LD

0

 

 

 

LAN IP:

192.68.0.230

 

Capacity

32 GB

 

 

 

WAN IP:

 

 

Free

17 GB

 

 

 

Port Map:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

Installed Applications

  • IIS (Default install, not in use)

  • WinFAX Pro

  • 4D Client

  • Mercury32 – Mass Mail application

  • Fileserver

    • Current Peachtree Data

Assessment

This critical network server is actually running on desktop class hardware.  There is no fault tolerance for the hard drive sub-system nor is there a regular system backup to tape.  System resources are adequate for the role performed.  The RPC Patch discussed in Microsoft Knowledge Base article 823980 has not been applied. 

Recommendations

Uninstall IIS and any other non essential network services that may be running on this system as part of server system hardening.  Consider replacing this system with server class hardware or migrating the role of this server to another platform with sufficient system resources to handle the additional load.  Apply critical system security patches as needed.  Migrate the current file-share data to a central file server.

Desktop Environment

Hardware

Analysis

The desktop environment is generally standardized on Toshiba Equium 5200D Desktop Computers with the following specifications:

  • Pentium 200 MHz Processor

  • 128 MB RAM

  • 2 GB HDD

  • Windows NT 4.0 Workstation (SP 6)

  • Office 97 SR-2

  • Norton AV Corporate Edition (Managed Client Mode)

These desktops are several generations old and are likely experiencing significant underperformance issues due to limitations in system resources.  These systems are out of warranty and have surpassed the manufacturer’s end of product life.

Microsoft is no longer supporting the Windows NT 4.0 operating system as it has entered the end of product life phase.  Additionally, contemporary hardware and software applications may no longer support installation on the NT 4.0 platform.

Recommendations

As these systems have reached their product end of life, have significant resource deficiencies for many applications and are incapable of effectively running a modern operating system, these desktops should be replaced with modern equipment meeting the following minimum system requirements:

  • Pentium – III 1.0 GHz Processor

  • 256 MB RAM

  • 9 GB HDD

  • Windows 2000 Professional (SP 4) or Windows XP Professional (SP 1)

This hardware configuration is the minimum required for use to provide an acceptable level of performance to the end user.  New systems that exceed these stated minimums are strongly recommended.

Application Assessment

4th Dimension

The 4th Dimension application is a marketing tool used by Zyxco Inc. to distribute press releases and disseminate news information through a variety of media.  The application itself is a 3-tier process as illustrated below.

Figure 5 - 4D Application Flow

NetCommerce

NetCommerce is a web based e-Commerce application based on the IBM Net Commerce server product.  NetCommerce provides merchandise for sale and processes credit card payments over the web as illustrated below.

Paciolan

Paciolan is the application used to track ticketing and seating for Zyxco events.  It is based on the RS/6000 Unix platform for server side processing with system builder front end components at the client desktop.