16a. Wide Area Data Network - Intranet

870 views
797 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
870
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

16a. Wide Area Data Network - Intranet

  1. 1. COMMONWEALTH OF VIRGINIA SECTION 16A – FUTURE SYSTEM ENHANCEMENTS STATEWIDE AGENCIES RADIO SYSTEM (STARS) WIDE AREA NETWORK (INTRANET) 16a. Wide Area Data Network - Intranet 16a.1 INTRODUCTION Motorola will provide a scalable intranet solution to support the enterprise data requirements of the Commonwealth of Virginia’s State Police (VSP), Department of Mines, Minerals, and Energy (DMME), Department of Emergency Management, and Department of Environmental Quality (DEQ). Its growth potential is limited by the bandwidth accommodations of the STARS microwave network (see section 5 Microwave). In addition, Motorola will provide the wide area intranet as a foundation for the use by all the Commonwealth agencies. This Wide Area Network (WAN) solution utilizes the transport facilities of the STARS microwave network and is designed to interconnect existing VSP LANs, VSP Land Mobile Radio (LMR) network components, and the Virginia Crime Information Network (VCIN). Any site not co-located with a STARS Microwave node will employ a Motorola approved, Commonwealth provided dedicated leased line or wireless technology equivalent (see Canopy System Description) to connect that site to an appropriate Microwave node. To complete the intranet solution Motorola has included security measures based on computer networking standards, availability management applications, and network monitoring solutions. Additionally, this design will include tools to enhance productivity, such as a centralized document management system, and dynamic network address management. 16a.1.1. The Intranet solution consists of three main components: • Wide Area Network – to support wide area networking infrastructure and allow the Commonwealth agencies to access information securely throughout the Commonwealth. • Data Center Solution – to store STARS project data that can be accessible via the Intranet; as well as provide the foundation for hosting other Commonwealth agency data in the future. The Data Center was designed with high availability in mind; therefore, a disaster recovery design has been included. • Software Management Solution – to support system management and network fault monitoring. Motorola will procure implement and provide technical support during the warranty period for a working Intranet. This includes hardware, software, databases, programming and transport media and other services as described herein. Page 1
  2. 2. SECTION 16A – FUTURE SYSTEM ENHANCEMENT COMMONWEALTH OF VIRGINIA WIDE AREA NETWORK (INTRANET) STATEWIDE AGENCIES RADIO SYSTEM (STARS) All traffic on the intranet will be encrypted via Cisco IOS IP-SEC 3DES tunnels on the routers. However, when AES encryption becomes available Motorola will submit a new design and additional costs to modify the intranet to use this encryption scheme. All dial-up users will use Virtual Private Network (VPN) software to access the trusted network. 16a.1.1.1. Performance Objectives The purpose of this section is to define the design, integration, and testing of a statewide public safety, secure, wide-area data network (Intranet). This network will serve the Commonwealth by providing a hierarchical data network structure, where every participating network site terminates into the nearest Division office. From there the Division offices will connect to the Control Center over bandwidth defined under section Class III Service connections. The Control Centers are built upon a fully redundant core switches. These switches are connected to each of the core routers that interface to the Division offices. Dual connections to the core routers provide the additional redundancy needed for continued operations should either of the core routers fail. To ensure privacy on the closed network IPSEC tunnels will be used to encrypt the data as it moves from one site to another. The IPSEC tunnels will be implemented between each point-to-point link in the router. Dial-up users will require both Virtual Private Network (VPN) Software on their workstation and an ACE device (see Two-Factor Authentication – The RSA SecurID/ACE System section) that dynamically generates secure tokens. The VPN software is used to create a private secured and encrypted tunnel from the workstation to a VPN Gateway that is connected to the trusted network. The user’s ACE card is synchronized to the VPN server gateway. This VPN Gateway then authenticates and logs the user into a session on the trusted network. The routers for each VSP site listed in Appendix 4 table “Wireless Lan/Wide Area Network” will have a Fast Ethernet port for connection to the local VSP-LAN. The intranet design is based on the Internet Engineering Task Force (IETF) Transmission Control Protocol/Internet Protocol (TCP/IP). Page 2
  3. 3. COMMONWEALTH OF VIRGINIA SECTION 16A – FUTURE SYSTEM ENHANCEMENTS STATEWIDE AGENCIES RADIO SYSTEM (STARS) WIDE AREA NETWORK (INTRANET) 16a.1.1.2. Data Repository The Wide Area Network design includes a data repository such as for project information, project documents, other documentation, photographs, and reports. Five (5) Terabytes of storage in the SPHQ Primary Control Center and five (5) terabytes of storage in the SPHQ Backup Control Center make up the ten (10) Terabytes (TB) of redundant storage. The repository will serve as a distribution center for radio, mobile data, microwave operations and maintenance manuals, and system as-built drawings. The repository will also be used to host fixed and mobile equipment inventory data, maintenance records, alarm reports, and WAN configuration management files. In addition, it will serve as a secure location for radio personality profiles used statewide by Commonwealth maintenance personnel. This repository uses Quest Software’s Vista Plus application as the repository manager with an Oracle database implementation on two SUN servers. Each is attached to 5TB of SUN disk storage that is loosely clustered between the primary and backup sites. Vista Plus is a very comprehensive package that will handle documents, photographs, scanned images and data from many different sources. The data, documents and images are accessible for viewing from Microsoft’s Internet Explorer web browser. The Vista Plus is capable of controlling access via a user ID and password mechanism. Vista Plus electronically distributes data via internal networks and email based on security user settings. This software provides reports to multiple users online, who can search and view information electronically. Finally, Vista Plus contains tools for report viewing, searching, extracting, printing, saving, and archiving. These tools include: TransVue™: Electronic documents saved in virtually any format can be stored in the same electronic folder as their related reports with TransVue Capture. TransVue Client allows viewing of over 225 electronic document file formats without having the native application installed on the desktop. SmartAlarms®: Vista Plus provides automatic notification (via email, Vista Plus messages, print-outs, and more) of report availability and changes with SmartAlarms. Report Index Hyperlinking™: Vista Plus automatically links reports by index values so you can easily drill down and view related report information and make quicker, more accurate business decisions. Bundling and Bursting: An easy way to automatically group reports together and distribute them electronically to the people who need them. Page 3
  4. 4. SECTION 16A – FUTURE SYSTEM ENHANCEMENT COMMONWEALTH OF VIRGINIA WIDE AREA NETWORK (INTRANET) STATEWIDE AGENCIES RADIO SYSTEM (STARS) 16a.1.1.3. System Management Server The network design provides access to a distribution server by which system software updates are pushed to mobile computer clients. This design consists of Microsoft’s “Systems Management Server” (SMS) to push upgrades, packages, and refreshes to mobile computing workstations. This function will be performed when the mobile terminals are brought into any of the eight Radio Maintenance facilities or within suitable range of properly equipped Wireless Local Area Network (WLAN) access points (refer to WLAN System Description). An SMS client will be installed on the Motorola supplied mobile terminal. The system is initially designed to provide service for 5000 mobile computer users. 16a.1.1.4. Intranet Access The intranet design makes extensive use of the STARS Microwave Network where it is available. For those sites that do not have a Microwave node on site a Motorola approved, Commonwealth provided dedicated leased line or wireless technology equivalent (see Canopy System Description) will be used to connect that site to the appropriate site that has an entrance into the Microwave network. Note, the intranet has been configured to replace the leased data lines used by the State Police among State Police Headquarters (SPHQ), division headquarters, and area offices. The VSP internal data (approximately 1,300 computers) will be transported by the intranet. Refer to Figures 16A-1 through 16A-10 for a description of the VSP Data Network. The intranet has been designed as a closed network and therefore will not provide internet access. This WAN has been explicitly configured for intranet operations only. If the Commonwealth should desire Internet connections, Motorola will provide a quote for additional services, equipment, warranty and training upon receiving a formal written request from the STARS Project Manager. In addition, Motorola will provide data relevant to impacts on the Project Schedule. Further, any Internet connections will be provided only upon the specific approval of the STARS Project Manager. Internet functionality will require a separate design and review by the Commonwealth to ensure that security and access control policies meet the Commonwealth’s Standard Operating Procedures. 16a.1.1.5. System Layout Motorola has supplied a block diagram of the backbone infrastructure, as designed, as well as designs for each of the Division offices and the two control centers. The diagrams can be found in the subsequent pages. Page 4
  5. 5. COMMONWEALTH OF VIRGINIA SECTION 16A – FUTURE SYSTEM ENHANCEMENTS STATEWIDE AGENCIES RADIO SYSTEM (STARS) WIDE AREA NETWORK (INTRANET) Commonwealth of Virginia Back Bone Network VSP Division VSP Division VSP Division VSP HQ 1 3 5 SPHQ Primary SPHQ Backup Control Center Control Center VSP Division VSP Division VSP Division VSP Division 2 7 4 6 Figure 16A-1 WAN System Block Diagram Page 5 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.
  6. 6. SECTION 16A – FUTURE SYSTEM ENHANCEMENTS COMMONWEALTH OF VIRGINIA WIDE AREA NETWORK (INTRANET) STATEWIDE AGENCIES RADIO SYSTEM (STARS) C is c o 7 2 0 6 -F ro u te r F a s t E th e rn e t T X /F X D iv is io n 1 S ite L A N N e tw o rk D S 3 C o n n e c tio n F iju tz u F la s h w a v e 4300 M ic ro w a v e N e tw o rk (8 ) (8 ) DS1 DS1 C o n n e c tio n to C o n n e c tio n to Backup D iv is io n 1 C o n tr o l C e n te r 7 2 0 6 -D 7 2 0 6 -F r o u te r ro u te r Figure 16A-2. WAN VSP Headquarters Block Diagram Page 6 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.
  7. 7. COMMONWEALTH OF VIRGINIA SECTION 16A – FUTURE SYSTEM ENHANCEMENTS STATEWIDE AGENCIES RADIO SYSTEM (STARS) WIDE AREA NETWORK (INTRANET) Commonwealth of Virginia Division 1 Cisco 1721-C These DS1's are M apped from Cisco 1721-B routers Flashwave 4300 to the Router. 1102 9111 Dept. Gam e & routers Cisco 2650-A These DS1's are M apped from Division1 Richm ond VSP Inland Fisheries Radio Radio Area Office routers Flashwave 4300 to the DACS. Headquarters (Aviation Division) Dispatch - Maintenance 1 Maintenance 8 These DS1's are M apped from 9110 Richm ond Capitol Police Cisco 2650-B Flashwave 4300 to the Router DS3 Connection Dispatch router Yellow lighting bolt is a DS1 on VSP (2) the Microwave Network. (Safety Division) T1 9109 Red Lighting B olt is a DS 1 Richm ond Safety leased from the local carrier. Area Office 61 VSP 9108 (Internal Auditors) Gloucester Intrusion VPN G ateway P IX (Area 33) Detection Firewall VSP MW -O nly (B CI Moorefield 9106 Auto Theft) M ineral Area Office Cisco 2650-B (2) router VSP T1 Cisco 7206-B Switch - A 9105 (BCI Moorefield) router Fort P ickett Cisco 7206-D 13 RJ48 EO C router VSP (10) DS1 (Richm ond Area 8) RJ48 DACS 2103 VDOT Central Office 2101 2102 Fast E thernet Richm ond Fulton Depot TX/FX District Shop 13 RJ48 Division 1 S ite LAN Network 9107 9104 Cisco 1721-A 10 RJ48 AAA Nottoway Ashland North Anna Area Office Nuclear Plant routers DS3 Connection Fijutzu Flashwave 9102 4300 9103 Bowling Green Caldon State Park Area Office (Area 44) Cisco 2650-A routers 9107 9102 Ashland Bowing Green Area O ffice Area Office (Area 44) Microwave 9108 Network 9101 G loucester Rum ford VDO T (Area 33) LM R / MW w /Data 9110 1109 Capitol Police Burgess Repeater Dispatch 1 2 3 1106 Louisa 1 (8) (8) Area Office Notes: The triangle sym bol designates that the DS1 Leased line is ter m inated at the DS1 DS1 closest Microwave location to that site. 1) 9105 Fort Pickets EO C. 1108 2) 1108 Powhatan Repeater. Connection to 3) 1103 Petersburg Area Office. Powhatan Repeater Backup Connection to Military Affairs VSP VSP Control Center VPS HQ 7206-F 1101 1103 1104 1105 Dispatch (Powhatan (Petersburg 7206-F router S tate Police HQ - Petersburg W est Point W arsaw Fort Pickett Area 6) Area 7) router M icrowave Hub Area Office Area Office Area Office Figure 16A-3. WAN Division 1 Block Diagram Page 7 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.
  8. 8. SECTION 16A – FUTURE SYSTEM ENHANCEMENTS COMMONWEALTH OF VIRGINIA WIDE AREA NETWORK (INTRANET) STATEWIDE AGENCIES RADIO SYSTEM (STARS) Commonwealth of Virginia C isco 1721-B ro u ters Division 2 R adio T hese D S 1's are M apped from C isco 1721-C Flashw ave 4300 to the R outer. M aintenance 2 ro u ter T hese D S 1's are M apped from Flashw ave 4300 to the D A C S . T hese D S 1's are M apped from Flashw ave 4300 to the R outer D S 3 C onnection Y ellow lighting bolt is a D S 1 on the M icrow ave N etw ork. R ed Lighting B olt is a D S 1 leased from the local carrier. Intrusion V P N G atew ay P IX M W -O n ly D etection Firew all C isco 7206-A S w itch - A ro u ter C isco 7206-C 10 R J48 ro u ter DACS 1209 1208 2201 2202 W inchester A rea Luray A rea O ffice Falm outh V D O T C ulpeper V D O T Fast E thernet O ffice T X /FX 10 R J48 D ivision 2 S ite LA N N etwork 4 R J48 D S 3 C on nection Fijutzu F lashw ave 4300 C isco 1721-A ro u ters C C C R ockingham C isco 2650-A ro u ter 2203 M assanutten M icrow ave N etwork 1211 W arrenton T raining C enter LM R / M W w /D ata 1210 H arrisonburg A rea O ffice 1 1207 P innacle K nob 1 (8) (8) R epeater N otes: T h e triang le sym bol d esign ates tha t th e D S 1 Le ased lin e is te r m ina ted at the DS1 DS1 closest M icrow ave loca tion to th at site . 1) 12 11 W arren ton T raining C enter. C onnection to 1206 C on nection to H ogback M ountain P rim ary D ivisio n7 7206-C router 1201 R epeater C on trol S ite VSP D ivision2 1202 1204 1205 7206-F (W arrenton H eadquarters F redericksburg G ordonsville Fork M ountain rou ter A rea 12) A rea O ffice R epeater R epeater Figure 16A-4. WAN Division 2 Block Diagram Page 8 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.
  9. 9. COMMONWEALTH OF VIRGINIA SECTION 16A – FUTURE SYSTEM ENHANCEMENTS STATEWIDE AGENCIES RADIO SYSTEM (STARS) WIDE AREA NETWORK (INTRANET) Commonwealth of Virginia Division 3 T hese DS 1's are M apped from Cisco 1721-B Flashwave 4300 to the Router. routers 1309 C isco 1721-C R adio Charlottesville router M aintenance 3 T hese DS 1's are M apped from A rea O ffice Flashwave 4300 to the DA CS . (2) C isco 2650-B (D M M E ) T hese DS 1's are M apped from T1 router C lass 2 Flashwave 4300 to the Router DS 3 Connection 9310 Yellow lighting bolt is a D S 1 on S taunton River the M icrowave Network. S tate P ark Red Lighting B olt is a D S 1 leased from the local carrier. 9309 DOC Intrusion V P N G ateway P IX M W -O nly Detection Firewall 9308 B askerville CU C isco 7206-A 9307 Switch - A Lynchburg router A rea O ffice C isco 7206-D 12 R J48 router 9305 E lliot K nob DACS 1305 1309 2301 Halifax A rea Charlottesville Lynchburg V DO T Fast E thernet O ffice A rea O ffice TX /FX (M ircowave-O nly) 12 R J48 Division 3 S ite LA N Network 10 R J48 DD D Charlotte C isco 1721-A 1301 DS 3 Connectio n Fijutzu Flashwave 4300 routers Division3 Headquarters 9306 B uffalo G ap C isco 2650-A routers 9302 S ugarloaf M tn. M icrowave Network 9301 1309 Leigh M ountain Charlottesville A rea O ffice Lookout T ower (A rea 18) LM R / Class 1 M W w /D ata 1310 S taunton A rea O ffice 1 2 1308 B ear Den M ountain 1 (8) (8) Repeater Notes: The triangle sym bol designates that the D S1 Leased line is ter m i nated at the D S1 D S1 closest M icrowave location to that site. 1) 2301 Lynchburg VDO T. 1307 2) 1309 Charlottesville A rea O ffice Connection to Conn ection to Cum berland (DM M E, Area 18) P rim ary Division 5 Repeater Control S ite 7206-D Dept. of Forestry 1302 1303 1306 VSP 7206-F router 1304 Dispatch - Long M ountain S outh Hill S prouses Corner (Lynchburg) router Halifax Repeater Charlottesville R epeater A rea O ffice A rea O ffice Figure 16A-5. WAN Division 3 Block Diagram Page 9 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.
  10. 10. SECTION 16A – FUTURE SYSTEM ENHANCEMENTS COMMONWEALTH OF VIRGINIA WIDE AREA NETWORK (INTRANET) STATEWIDE AGENCIES RADIO SYSTEM (STARS) Commonwealth of Virginia Division 4 9412 9410 9408 C isco 17 21-B 9407 These D S 1's are M apped from G alax A rea O ffice A bingdon W ytheville S afety ro ute rs V ansant R ep. C isco 26 50-A Flashw ave 4300 to the R outer. (A rea 25) A viation O ffice A rea O ffice VSP R adio ro uter (W ytheville B C I- C isc o 1 721 -C These D S 1's are M apped from 2406 M aintenance 4 DED) rou ter Flashw ave 4300 to the D A C S . Lebanon V D O T These D S 1's are M apped from Flashw ave 4300 to the R outer D S 3 C onnection 2405 Y ellow lighting bolt is a D S 1 on Jonesville R esidency the M icrow ave N etw ork. VDOT R ed Lighting B olt is a D S 1 1408 leased from the local carrier. C laypool H ill 2404 A rea O ffice W ise R esidency VDOT Intrusion V P N G atew ay P IX M W -O nly D etection F irew all C isco 26 50-B 2403 ro uter D ial R ock V D O T (2) T1 D M M E B uchanan/ C isc o 7 206-A S m ith B uilding 2402 Sw itch - A rou te r C lass 2 2 T azew ell V D O T C isc o 7 206 -E 13 R J4 8 ro u ter 2401 W ytheville V D O T DACS 1410 1413 1414 W ise V ansant D ublin 1401 D ivision4 A rea O ffice A rea O ffice A rea O ffice H eadquarters Fast E thernet T X /F X 13 R J 48 D ivision 4 S ite LA N N etw ork 9411 C is co 172 1-A 9406 17 R J48 G G G G rayson W ilderness R d. B rum ley M tn. rou te rs SP D S 3 C o nn ection F ijutzu F lashw ave 4300 9498 K eene M ountain C isc o 2 650-A ro uters 1412 B ristol A rea O ffice M icrow ave N etw ork 1411 H unter's G ap R epeater LM R / M W w /D ata 9412 G alax A rea O ffice 1409 (A rea 25) H igh K nob R epeater C lass 1 1 1407 B ig A M ountain 1 (8) (8) R epeater N otes: T he trian gle sym bo l d esig na tes th at th e D S 1 L ea se d line is ter m i na ted a t th e DS1 DS1 closest M icrow a ve lo ca tio n to th at site. 1) 94 10 A b ing do n A via tio n O ffice . 1406 2) 14 10 W ise A re a O ffice . C onnection to E ast R iver M ountain C onnection to P rim ary C ontrol R epeater D ivision 6 7206-D S ite 7206-F VSP router 1402 1403 1404 1405 router (A bingdon W alker M ountain D ism al (F lat Top) B eam er K nob W hite Top M ountain A viation U nit) R epeater M tn. R ptr. R epeater R epeater Figure 16A-6. WAN Division 4 Block Diagram Page 10 Design, engineering and pricing information contained in this offering is considered confidential, proprietary and trade secret and may not be shared with any person or agency not directly associated with the addressee without the express written consent of Motorola, Inc., or its designees.

×