HomeMy WebLinkAbout27- Administration CITY OF SAN BERNARDINO - REQUEST FOR COUNCIL ACTION
From: Janis Ingels, Director of MIS Subject: Citywide Technology Upgrade
Dept: Administration, MIS Division
Date: October 29, 1996 ORIGINAL
Synopsis of Previous Council Action:
Recommended Motion:
Direct staff to develop and issue a Request for Proposals (RFP) for project management services
to assist in the implementation of the Information Systems Network Upgrade Plan.
Signature
Contact person: Janis Ingels Phone: 384-5010
Supporting data attached: Staff Report Exhibit A Ward:
UNDING REQUIREMENTS: Amount: $3 , 305 , 000
Source: (Acct. No.) "-
(Acct. Description) MIS Fund -- annual lease payment
Finance: $450 , 000 beginning in Fv 97-98
Council Notes:
J - j
CITY OF SAN BERNARDINO - REQUEST FOR COUNCIL ACTION
STAFF REPORT
OVERVIEW
Reliance on Information Systems (IS) in the City has become a integral part of daily operations.
Every City department has come to rely on IS as a tool to help meet their goals and objectives.
IS encompasses everything from the CAD/RMS system to the office automation system. Many
of the information systems that are currently in use however are outdated and are based on older
technology solutions. In addition, there has been a tremendous increase in usage in information
systems which has led to certain systems reaching capacity, not permitting any further growth.
In order to develop a comprehensive solution to the City's information technology needs, a plan
of action was developed to upgrade the computers and computer network in use by the City.
The goals of the upgrade were:
(1) Develop a robust network infrastructure to allow city departments access to all
network resources they are authorized to use regardless of location within the
City.
(2) Implementation of a Windows based office system including office applications
and enterprise wide electronic mail (e-mail).
(3) Upgrade the Computer Aided Dispatch and Records Management Systems.
(4) Provide secure access to the Internet for improved communication and
information gathering.
As a result of this effort, a network upgrade plan was developed and is provided as an
attachment.
FUNDING
A preliminary cost estimate was developed to implement the plan which is detailed below:
Network upgrades, cabling, integration $ 850,000
O/A, GIS, Internet, PC's, training $1,730,000
CAD/RMS, Police and Fire $1,525,000
SUBTOTAL $4,105,000
Less Police grant funding $1,100,000
Plus estimated tax & shipping $ 300,000
TOTAL $3,305,000
2
The approximate debt service over ten years would be $450,000. Included in the MIS budget
is $285,000 for lease payments and approximately $50,000 in equipment maintenance costs that
could be reallocated to fund debt service. These costs were previously used to fund the debt
service and hardware maintenance of the existing computer system. Since the existing system
has now been paid off, the funds can be used for this purpose. In addition, maintenance costs
should be less with the purchase of new IS equipment. The additional cost will be spread among
the user departments as part of the annual budget process. It is anticipated that FY 1997/98
would be the first year that debt service payments would be made. The proposed financing
mechanism would be added to the City Hall finance restructuring which is scheduled for Council
review at an upcoming meeting.
RECOMMENDATION:
To assist in the implementation of the plan, it is recommended that the services of a project
manager/systems integrator be retained. More specifically, the desired services would include
the following issues:
-Refining systems requirements: operational, business, user, technical, data, and reporting.
-Evaluating systems alternatives, selecting hardware/software solutions,and recommending terms
for favorable systems acquisition and support service contracts.
-Defining, designing, installing, and testing automated systems and interfaces to meet specific
requirements.
-Developing a systems implementation strategy-including training users, managing data
conversion, and designing new policies and procedures.
-Providing technical assistance in telecommunications, network design and implementation,
database selection and implementation.
The cost for these services will be funded from the proposed financing plan.
BACKGROUND
Five years ago, the City Council approved a technology upgrade package that catapulted the City
of San Bernardino from stand alone, outdated hardware and software to what was, at the time,
state of the art technology.
No other industry changes as rapidly as the computer industry. Five years is predominantly the
expected lifespan of any new technology.
We are now at a point where the City needs to update its technological infrastructure to meet
the demands of the public by providing the latest tools to City departments. These tools will
3
allow the City to continue its mission of providing quality service, speed, efficiency, and
convenience to the citizenry.
The following list of City technology issues need to be addressed at this time:
* Public Safety CAD and RMS software are approximately
10 years old. New software would include such features as
flexible reporting tools, mapping functionality for
dispatching, and jail management.
* The City's network infrastructure must be upgraded since
it is currently structured for dumb terminals, which is an
older, slower technology than PC based networks.
* The City's Office Automation (OA) system has seen the
single largest growth in usage. The current OA computer
reached maximum capacity several months ago. It cannot
be upgraded, and therefore, must be replaced. The Police
department alone desires to add over 200 users to the
system, but cannot do so until the outdated system is
addressed.
* The City's network currently connects City Hall and a
number of remote buildings, but does not include the Fire
stations.
* The City's method of delivery of computer services has
become dated. A dumb terminal has no memory, and no
storage capability. It is nothing more than a transport
vehicle, sending and receiving messages between the user
and the intelligent host computer system.
Today, the industry standard is a method of delivery
termed "client/server". In this arena, there are multiple
small powerful computers (servers) on the network, but the
user's machines (clients) are also intelligent devices,
typically personal computers (PC's) with their own storage
and memory. This method spreads the workload among all
devices rather than isolating all workload at the host
source.
Today there are thousands of inexpensive software
programs written specifically for the PC that City users
cannot take advantage of in the existing terminal
4
environment.
* The City's current OA software is out of date. New
release versions are rare, and are expected to cease
altogether while the PC market OA software continues to
see rapid growth and frequent enhancements.
* The City's current hardware maintenance budget for dated
equipment is substantial. The typical warranty period for
new hardware is now 3 years. A reduction in maintenance
spending should be realized by updating to current
hardware.
* The Police department's network backbone was built
mainly for a dumb terminal environment. The CAD
software the department expects to adopt is written to take
advantage of a PC environment. Minor upgrades on
network hardware in the Police facility will be required to
allow the new software and hardware to perform at
maximum speed and efficiency.
* The City's usage of GIS, (geographic information system),
continues to grow.
The Police department represents one of the largest users,
as MIS has been able to tie CAD data to the GIS. Crime
pattern maps are produced on demand. Police continue to
discover new potential for GIS for crime analysis purposes.
The City's 3 GIS work stations need replacement. The
latest software enhancements cannot be taken advantage of
due to the old hardware's lack of sufficient power.
* Few people today remain unaware of the "information
superhighway" or "internet". MIS frequently receives
requests for the capability to take advantage of the immense
resources the internet offers.
It is common for other agencies and citizenry to expect to
be able to communicate with the City via an internet email
address. We are currently unable to do this.
San Bernardino needs to catch up with surrounding cities,
and agencies all across the country in this area of
5
technology which continues to expand at lightning speed.
Cities are using the internet as the perfect tool to share
information with their citizenry and to gain unlimited
access to valuable information.
As noted, Exhibit A is the plan which was devised to address these issues. It is comprehensive,
and builds on top of, rather than completely replacing, the City's current technological
environment. The components of this plan lay a foundation necessary for continued growth of
use of technology to maintain service levels well into the future.
The following represents a brief summary of the main components of the plan:
NETWORK
-upgrades in City Hall hardware
-move to frame relay vs. expensive dedicated lines
-add Fire stations
-add E.D.A. and Water if desired
OFFICE AUTOMATION
-replace single large server with multiple smaller servers
-replace terminals with PC's
- standardize on popular PC based software
TRAINING
-technical classes for support staff
-PC & O/A classes for users
STAFFING
-add adequate technical support staffing
GIS
-replace three outdated work stations
CABLING
-replace or add cabling in all buildings except new Police facility
CAD & RMS
-replace Public Safety hardware and software
INTERNET
-move to PC environment which allows for this capability
It should be noted that the components of this comprehensive plan are inter-related. For
6
example, new CAD and RMS will not be able to function without addressing the network
upgrade to expand bandwidth, (size of the pipe through which the data traffic travels back and
forth.)
Internet access and modern OA software cannot be accessed without leaving the dumb terminal
environment.
New CAD software has been written specifically to take advantage of modern PC capabilities.
An example of the proposed enhancements that is included in the plan is the Fire Department.
This plan would allow Fire to move up to all new CAD and RMS hardware and software. It
facilitates the ability to make use of modern EMS software. It puts modern equipment at the
desktop, new cabling in every Fire station, internet access for research and communication, and
pulls every City Fire station into the city-wide network for maximum communication.
7
Network Upgrade Plan
for the
City of San Bernardino
September 19, 1996
Prepared by:
VI-Systems, Inc.
9 Corporate Park
Irvine, CA 92606
Exhibit A
Table of Contents
Section 1: Overview
Section 2: TCP/IP Conversion
Section 3: Internet Connection
Section 4: Wide Area Network Upgrade
Section 5: Computer Aided Dispatch / Records Management System
Upgrade
Section 6: Geographic Information System (GIS) Upgrade
Section 7: Office Systems Upgrade
Section 8: Security Plan
Section 9: Staffing and Training Plan
VI-Systems, Inc.
9 Corporate Park
Irvine,CA 92606-5129
City of San Bernardino
Wide Area Network Schematic Diagram
City Hall Detail
FDDI to PD EDA
- - - - - - - - — - - - — Collapsed
Backbone Switch i
Hub _
' 5t" fl.
City Hall 4u,fl.
Basement ' _ _ Hub
IMGSRV Primary WWW
' Firewall Server 3"' fl.
[Tub
IMGTXT -� I I
R R
BLISS
OCRSRV _� Internet GTE
frame relay
Remote Sites
Police Department Detail
I"floor 2"d floor
FDDI to City Hall
Secondary
I OBaseT Segments ' Firewall
R ' ' 1 OBaseT Segments
� � R
R � �
100BaseT for
CAD/RMS
FDDI - - - -
IOOBaseT
Prepared by: As noted
VLSystems, Inc.
Section 1
Overview
The Management Information Systems Department of the City of San Bernardino (the
City) has developed this plan of action to upgrade the computers and computer networks
in use by the City. The goals of this upgrade are:
1) Develop a robust network infrastructure to allow city departments access to all
network resources they are authorized to use regardless of location within the City.
2) Implementation of a Windows based office system including office applications and
enterprise wide electronic mail (e-mail).
3) Upgrade the Computer Aided Dispatch and Records Management Systems.
4) Provide secure access to the Internet for improved communication and information
gathering. Six areas of activity have been identified in order to accomplish these
goals.
TCP/IP Conversion
In order for computers to communicate with one another they must use a low level
language called a protocol. Over the years there have been many protocols developed;
however, TCP/IP has become the standard protocol for use in medium to large sized
networks such as the one operated by the City.
This activity will involve converting the systems that the City currently owns that are not
running TCP/IP to run TCP/IP. This is a relatively straightforward activity that should
not pose any difficulties. All new systems installed as part of this project will use TCP/IP
as their default protocol.
Internet Connection
Connection of the City network to the Internet deserves special attention, especially due
to the sensitive nature of some data held by the City. This project will provide access to
the Internet for City employees in a controlled manner. Especially useful are the ability to
exchange electronic mail with people outside of the City and the information gathering
possible on the World Wide Web. A critical aspect is the implementation of a "firewall"
to protect internal City resources from the outside world.
Wide Area Network Upgrade
A wide area network (WAN) is the combination of electronics and telecommunications
that connect many dispersed sites to one another. Currently the City provides basic
terminal based services to its users. This project will install new network hardware and
upgrade the telecommunications in use at all remote locations, e.g., Police substations, in
order to support a PC based network. Other aspects will be to extend the existing high
speed network within City Hall, and new remote locations to the City WAN, primarily
fire stations.
Network Upgrade Plan 1 .1 VLSystems, Inc.
Computer Aided Dispatch/ Records Management System (CAD/RVIS) Upgrade
The CAD/RMS upgrade will be performed primarily by the vendor of the software,
Tiburon, Inc. The current system is a terminal based system. The new system will be a
modern client-server application, and will involve the installation of new network, server
and workstation hardware at the Police Department. Tiburon will install the new system
and convert the existing system as a separate project. Details of the work Tiburon will
perform are provided in the Tiburon proposal.
Geographic Information System (GIS) Upgrade
This activity will be very straightforward to implement. This upgrade will allow the City
GIS system to keep up with an ever increasing workload. GIS is an intensive application
for any computer, and it can be seriously impacted if the hardware it is running on is too
slow.
Office Systems Upsrade
Currently the City operates a Digital ALL-IN-1 office automation system. This software
allows access to WordPerfect and Lotus 1-2-3 for word processing and spreadsheet
applications respectively. ALL-IN-1 itself provides e-mail capability. These are dated
character cell applications; they lack modern features such as windowing, easy cut and
paste and many other features found in modern office application systems. They are
relatively expensive and difficult to maintain while providing limited functionality. The
replacement of this system, and extension of the new capabilities to the rest of the City
will serve to unify the City computing environment into a coherent whole.
Network Upgrade Plan 1 .2 VI-Systems, Inc.
Section 2
TCP/IP Conversion
This project will convert the existing systems on the City's network to utilize the
Transmission Control Protocol/ Internet Protocol (TCP/IP or just IP). This will lay the
groundwork for all systems to easily communicate with one another and to communicate
with other systems on the Internet.
TCP/IP is rapidly becoming the dominant communications protocol for use by all
computers worldwide. Among its many advantages TCP/IP is non-proprietary, which
means that computers from many different vendors can communicate with each other
through its use.
Converting existing machines to utilize TCP/IP is a straightforward process. Most of the
systems currently on the City's network have TCP/IP licensed but not installed.
The following machines have TCP/IP licenses and only require software installation:
SYSTEM NAME OP. SYS. HARDWARE IP PKG.
SABLE Digital UNIX Digital Alpha 2100 NAS 200
IMGSVR MS NT Digital Alpha 1000 MS TCP/IP
JBSRV MS NT NEC Pentium MS TCP/IP
BLISS MS NT Gateway PC MS TCP/IP
IMGTXT MS NT NEC Pentium MS TCP/IP
OCRSRV Win V3.11 NEC Pentium MS TCP/IP
TCP/IP will be leased for the duration of the transition for this machine:
OA VMS VAX 4100a UCX
PCs that exist within the City will be upgraded to Windows 95, if necessary. All of these
machines will have TCP/IP added as their primary network protocol.
SYSTEMS OLD OS HARDWARE NEW OS IP PKG.
75 P75 PCs Win V3.11 Gateway & NEC PCs Windows 95 MS TCP/IP
25 P75 PCs Windows 95 Gateway & NEC PCs n/a MS TCP/IP
The following systems do not require TCP/IP licenses since they are due to be replaced:
SYSTEM NAME OP. SYS. HARDWARE
CAD VMS VAX 4300
RMS VMS VAX 4300
GISPW VMS VAXstation 3100
GISPD VMS VAXstation 3100
GISMIS VMS VAXstation 3100
Network Upgrade Plan 2.1 VLSystems, Inc.
TCP/IP Service Providers
There are several TCP/IP services that require specific servers. Briefly these services are:
1) Dynamic Host Configuration Protocol (DHCP). This service provides automatic
addressing for computers as they join the network thus eliminating the need to
maintain these addresses manually. Servers and other network devices that are not
frequently relocated will be assigned static IP addresses.
2) Domain Naming Service (DNS). Computers on a network are known to humans
by their names. However, in order for 2 computers to communicate with one
another they need to know their respective addresses, not their names. DNS is a
service that resolves'names into addresses. The table of names and addresses is
usually maintained manually and remains fairly static. This service can support
any computer running TCP/IP, regardless of the base operating system, with name
and address resolution.
3) Windows Internet Naming Service (WINS). WINS is very similar to DNS as it
provides a means for computers to translate names to addresses. This service can
only be utilized by Windows based PCs. This Microsoft product has been
integrated with DHCP so that as a machine comes up on the network and obtains
an address from DHCP its name and address is registered in WINS. Through the
use of both DNS and WINS a comprehensive name to address translation service
can be easily maintained.
The implementation of these services, to large measure, is dependent upon the
deployment of the servers specified in the OA portion of this project. These services
will be implemented on the following systems:
Service System(s)
DHCP New OA, and backup servers, and IMGSRV
WINS New OA, and backup servers, and IMGSRV
DNS SABLE, Internet firewall machine
Network Upgrade Plan 2.2 Vi-Systems, Inc.
Section 3
Internet Connection
The Internet is the network of networks, connecting computer systems around the world.
It is the home to immense amounts of information that can be used to affect daily City
operations and future plans. The City network will not be connected directly to the
Internet; rather the City will connect to an Internet Service Provider(ISP) who will in turn
connect to upper levels of the Internet.
It is imperative that the City connection to the Internet is accomplished in a secure
fashion. Protection of a private network is the responsibility of the organization making
the connection to the ISP; typically, the ISP does not provide much in the way of security
services. This security will be achieved through the use of"firewalls," which are special
computers or routers dedicated to protecting a private network from the Internet.
The intent of the City in connecting to the Internet is to allow access for City employees
to the information stored on the Internet, and to provide electronic mail access between
the City and other entities. The City will also provide information and services to the
general public on its own web server, thus becoming an Internet information supplier.
Internet Service Requirements
The following items address several issues related to the City Internet connection.
Connection speed
The City's access to the Internet will initially be via a frame relay connection. This
connection will initially be 128 kb/s; however, frame relay connections can be easily
upgraded as the City requires more bandwidth. It is expected that the City will
eventually require a T1 connection to the Internet as internal usage increases and as
public usage of the City web server increases.
TCP/IP Addressing
Computers which communicate with the Internet require the TCP/IP protocol. The
ISP will provide a range of registered TCP/IP addresses for the City to use on its
machines. The City will require at least 2000 addresses to support the anticipated
growth of its WAN. Address assignment will be done dynamically for most PCs on
the network; however, all other devices will receive static addresses.
Security
The City has two distinct security requirements to be met: 1) To protect the City
network, in general, against unauthorized access, and 2) To further protect the Police
network from the rest of the City network and the Internet. The Police network is
connected to the California Law Enforcement Telecommunications System (CLETS),
Network Upgrade Plan 3.1 VLSysterns, Inc.
and as such any upgrade to the police network must be approved by the CLETS
Advisory Board.
These requirements will be met through use of firewall machines; a machine which
denies all traffic coming to it from the Internet side of the wall. Access through the
firewall is granted on an exception basis. This technique will be used on the
secondary firewall in certain situations as will be described later in this document.
Figure 1 depicts the City Internet connection. The primary firewall will limit access to
those services and entities that are authorized; e.g., e-mail. This machine will
effectively stop all incoming traffic from the Internet, and will also be used to block
outgoing traffic so that only authorized users can access the Internet.
A second firewall will be installed between the Police network and the main City
network. This machine will be located at the Police Department and will serve to
protect all systems in the PD from the rest of the City. Special access will be granted
through this firewall for remote Police and Fire Department users. When combined
with the significant physical and operating system security that will be employed by
the Police network a very secure environment for the PD will result.
Three Tiered Internet Firewall Model
Internet
Primary Net Visible Server
Firewall WWW,etc.
I
City Network Secondary
(OA, Sable,etc.) Firewall
Police Network
CAD/RMS
Figure 1
Connection to the Internet
Network Upgrade Plan 3.2 VLSystems, Inc.
Web Services
The City currently maintains several public web sites. A centralized web server for public
use will be installed on the outside of the primary firewall in City Hall. The existing web
sites will be transferred to the new web server. This system will be used by all City
departments to provide information to the public. Maintenance of the server hosting the
web site will be performed by MIS staff; however, content will generally be maintained
by the departments providing the information.
A relatively new form of web services are those established on an Intranet. This is a web
server which provides information distribution services internal to the City. This allows
users to utilize their web browser to obtain internal information in the format of web
pages. The OA system will be used to host Intranet services.
ISP Recommendation
Selection of an ISP can be a daunting task. There is great variability in pricing structures
and support levels. These factors also change with time; therefore, selecting a given ISP
at this time is not appropriate. When the City is close to actually connecting to the
Internet a selection will be made.
That said, the City does have one option available to it that may have certain advantages
that other organizations would not have available. The County of San Bernardino has
built an extensive data and voice network to fulfill their internal needs. This network is
capable of providing Internet access and support to the City. There is a microwave link
between the City and County networks currently used for public safety data traffic.
Because the County is a public agency the cost of these services could very well be lower
than those available from a commercial ISP.
The current connection between the County and the Internet is a T1 link; therefore, as the
City use of the Internet grows the City will wish to establish a separate connection to the
Internet. However, use of the County as an initial ISP could very well provide a level of
support not available from a commercial ISP.
Network Upgrade Plan 3.3 VI-Systems, Inc.
Section 4
Wide Area Network (WAN) Upgrade
This project will upgrade the network infrastructure which all systems and servers use to
connect to one another. The City currently has 19 locations connected to its Wide Area
Network (WAN). The backbone of the WAN is a dual attached station FDDI ring that
connects a Chipcom Galactica hub in the basement of City Hall with an FDDI router in
the Police Department. The remaining 17 sites connect to the WAN via dedicated phone
lines that terminate in the basement of City Hall.
Chipcom, the manufacturer of the Galactica hub, has been purchased by 3Com. Since that
purchase 3Com has been in the process of phasing out the Galactica product; although it
will be supported by 3Com for several more years. The Galactica has been under
warranty for the past year; however, the maintenance contract will need to be renewed to
maintain support for it. New cards to expand this hub are no longer available; therefore, it
is a dead-end product and will be replaced.
Figure 1 depicts the current configuration of the City's WAN.
Remote locations 0 O
9600 and 56K phone circuits
� O
Dual FDDI
Police ring
Dept. City Hall O
2nd Floor Basement
•
•
•
Figure 1
Current Wide Area Network O
Because the City desires to provide as long a lifetime as possible for this project a major
upgrade to the backbone capability is warranted. FDDI is, and will for the immediate
future, continue to be adequate backbone technology. However, FDDI alone is unlikely to
remain sufficient as technology progresses, particularly in areas such as video
conferencing and advanced client/server applications. In order to provide sufficient
bandwidth for future applications such as these an FDDI switch will be installed in the
City Hall basement. This will allow multiple FDDI segments to connect to each other and
to be switched across a high bandwidth backplane.
Network Upgrade Plan 4.1 VLSystems, Inc.
Another major facet of this upgrade will be the extensive use of frame relay technology to
connect sites. Sites already connected to the City WAN will not require new phone lines;
however, phone lines at remote locations not currently connected will have to be
installed. This technology has several advantages over the current practice of leasing
dedicated lines: 1) the phone company manages the transport of data between sites, 2) it
is easily scaleable; more capacity can be obtained quickly, and 3) generally costs less than
leased lines.
WAN Upgrade Proiect Components
This project has been divided into several components:
1) City Hall Upgrade.
2) Police Department Upgrade.
3) Connect the Economic Development Agency (EDA) and Water Department
4) Existing Remote Locations Upgrade.
5) Fire Department Upgrade.
6) New Remote Location Installation.
Upgrading City Hall will be done to build the new backbone technology, accommodate
the replacement of terminals with PCs, and connect City Hall to the phone system to
support frame relay. The Police Department upgrade will be conducted in conjunction
with the CAD/RMS project and the OA upgrade project. The Fire Department upgrade is
similar to some existing locations; however, it also has a Novell Netware LAN that will
be replaced. The next two projects will follow a"cookie cutter" approach in terms of the
network hardware required because most sites are very similar. Connecting the EDA and
the Water Department are straightforward tasks to bring these organizations into the City
network.
City Hall Upgrade
Three upgrades will be performed in City Hall: 1) build a new network backbone, 2)
upgrade wiring closets to support the terminal to PC transition, and 3) support for new
communications to connect the various remote sites within the city.
First, to support the growth of network traffic both within and outside of City Hall a
new network backbone system will be installed in the basement of City Hall. This
system will be in the form of a data switch. This switch will initially be used to create
multiple FDDI segments to various floors within City Hall, the Police Department and
to the primary network servers. This switch will be able to adapt to existing and future
network technologies such as Fast Ethernet and ATM. As demands for additional
bandwidth increase to support video and other technologies this switch will
accommodate that growth.
Second, all VT terminals and PCs within City Hall are connected in the 3`d floor
wiring closet. The network hardware in this closet lacks modern technologies, and is
not large enough to support the anticipated growth. Therefore, new Ethernet
concentrators and associated hardware will be installed in the basement and the
Network Upgrade Plan 4.2 VLSysterns, Inc.
wiring closets on the 3 r 4", and 5th floors. These concentrators will be connected via
separate FDDI rings to the switch in the basement.
The cables that currently terminate in the 3rd floor closet will continue to support the
VT terminals in City Hall. However, reuse of this existing cable plant is not feasible.
Consequently, new CATS cables will be installed from these closets to user locations
within City Hall. Whereas all floors are currently served out of the 3rd floor the
following table shows which floors will be served by the various closets.
City Hall Ethernet Cable Reconfiguration
Closet Location Floors supported
basement I't, basement
3rd 2nd 3rd
4th 4th
5th 5`h, 6th
Lastly, all current remote locations connect to City Hall on a point-to-point basis via
the use of leased lines. This means that many separate phone lines converge on City
Hall. Conversion of these sites to use frame relay (see below) reduces the number of
connections from City Hall into the phone system. This will be accomplished with
dual T1 connections (for redundancy) to the phone system. These connections will
terminate in the basement of the City Hall and will be connected directly into the
network backbone.
Police Department Upgrade
The Police Department (PD) upgrade can be subdivided into 2 parts: 1) Upgrading the
existing FDDI connections to support conversion from a terminal based network to a
PC based network, and 2) Installation of a switch and fast Ethernet segments to
support the CAD/RMS upgrade. The cable plant in the Police Department is of type
CATS and does not need any upgrades; however, further expansion will require
additional cabling.
The PD is connected to City Hall via an FDDI ring. The ring traverses 4 closets
within the PD; however, only 271 is actually connected to the FDDI ring. There is an
Ethernet connection from 271 to 140 to connect the lst floor. Both closets house one
17-slot 3Com ONline concentrator; these in turn support terminal server cards for the
installed VT terminals. Initially, the hub in 140 will be upgraded with an FDDI
connection. As PCs are installed they will connect via Ethernet repeater cards, which
will replace existing terminal server cards, installed within the existing hubs.
Figure 2 depicts the configuration of the FDDI rings within City Hall and the Police
Department before and after the upgrade.
Network Upgrade Plan 4.3 VI-Systems, Inc.
City Hall Police Department
B - 0 A 2
basement 0 7
A 2 1 2 B 1
4 1
0 9
Current Conf euration
B Fl.# 0 1 2 A 2
basement 3,4,5 0 4 1 7
A 2 0 9 B 1
pgraded Configuration
Figure 2
City Hall to Police Department FDDI Configuration - Current and Upgraded
The 271 closet will be upgraded to support the CAD system that is proposed by
Tiburon, Inc. The CAD system is a very graphics intensive system and as such
requires significant network bandwidth. The Tiburon proposal recommends that the
CAD servers and dispatch workstations be configured on a dedicated, switched
Ethernet segment (10mb/s). Accordingly, an Ethernet switch will be installed prior to
CAD hardware installation.
Connection to Economic Development Agency (EDA) and Water Dep't. (WD)
Both the EDA and WD have developed small networks that may desire connection to
the new City network. These networks are independently funded and managed by the
using departments. While development of small LANs has been a common
occurrence as computing power has migrated away from the centralized host-based
systems they also illustrate another phenomenon; namely, the desire of these various
organizations to communicate with one another in a centralized, coherent fashion.
However, valid security concerns about connecting small LANs onto the City network
must be addressed before the MIS organization can accept them. Small LANs are
often run by a person whose primary responsibility lies elsewhere, and this can lead to
shortcomings in all phases of network management. For a small LAN, this is often
acceptable; however, when connecting to a large network this can become a security
risk. Therefore, before these 2 networks can be connected to the City WAN the
security policies of these networks will be reviewed to ensure that they are in
compliance with accepted industry security standards.
Network Upgrade Plan 4.4 VI-Systems, Inc.
The WD is located on the 5`h floor of City Hall. Consequently, their connection will
simply be made in the 5`h floor wiring closet. The WD will be granted a separate
Ethernet segment so that their traffic is isolated.
The EDA is already connected to City Hall via a fiber Ethernet link. The cable plant
in this building will need to be replaced due to damage to the existing plant rendering
it unusable. Also, the cable plant will be expanded to include office areas not
currently served; e.g., Main Street. The fiber link will be upgraded from Ethernet to
FDDI to provide improved bandwidth for future requirements.
Existing Remote Locations Upgrade
Most of the remote sites have a small number of workstations, usually only 1 or 2 VT
terminals and 1 or 2 printers. This upgrade will not increase the number of devices at
any given location and as such they have suitable environments for the hardware to be
installed. It is important to note that the upgrade for remote sites must occur in
conjunction with the OA upgrade at those sites.
This configuration generally will allow for some growth at the remote locations since
only 2-4 ports of an 8 port hub will be used. The existing wiring, in those locations
with a wire plant, is CATS which is suitable for this upgrade. Many sites do not use a
wire plant; they use patch cords because all hardware is in close proximity.
The Police substations have requirements to access the RMS system which will be
located at the PD, behind the secondary firewall. Access will be granted through the
firewall to the RMS server on a machine-by-machine basis.
The basic blueprint for upgrading these sites is as follows:
1) Switch the existing 56Kb circuits to frame relay circuits. This will be done by
GTE in coordination with the rest of the upgrade at each site.
2) Install a frame relay-to-Ethernet router and CSU/DSU to connect to City Hall.
3) Install a small Ethernet hub for the local PCs, printer and router.
Three sites, the Feldhyem Library, the vehicle maintenance garage, and the main
Parks and Recreation office are larger installations and require slightly different
hardware configurations. In addition to the first two items noted above these sites will
also receive the following:
1) One or two 16 port hubs depending upon the number of users at each site.
2) A local server to accommodate data serving requirements at the given site.
All of the libraries have another unique consideration. The terminals used at the
check-out counters employ a light pen to read bar codes on books and library cards.
This application is not easily replaced by PC workstations. Accordingly, the VT
Network Upgrade Plan 4.5 VLSystems, Inc.
terminals at these locations will be retained. However, the existing network hardware
(multiplexers) will be replaced by City owned DECserver 300 terminal servers at
each location. These terminal servers utilize TCP/IP for terminal sessions and will
connect directly to the hubs that will be installed at each location.
Fire Department Upgrade
The main fire station is currently connected via a single phone circuit which supports
8 terminals in the City OA network. There is also a local Novell Netware LAN
installed at the fire station with approximately 10 local users and 10 users supported
via dial-in phone lines. This local server is running Novell Netware V3.12 on a clone
machine. The network cabling is co-axial thinnet, and there is a Shiva Lan Rover to
support the dial-in users from remote fire stations. The OA section contains details
about the conversion of the Novell server.
The WAN upgrade for the Fire Department divides into 2 parts. First, the main fire
station facility will be upgraded to support approximately 20 users. This is analogous
to the upgrades to other sites with local servers as noted above, except that new CATS
cabling will be installed to replace the existing co-axial wiring. Second, all remote
fire stations will be converted to use frame relay in a process similar to that for small
remote sites without servers. The remote stations will connect to the network at City
Hall.
Similar to the Police substations, the remote fire stations have requirements to access
the RMS system located in the PD. As with the Police substations, access will be
granted through the secondary firewall for these machines to access the RMS system.
Additional Remote Location
The Perris Hill Park is the only remote site to be included in the City WAN that does
not already have some form of telecommunication. The upgrade for this site will be
similar to that for existing remote locations. The only added step will be that a new
phone circuit will need to be installed to support frame relay.
Figure 3 depicts the configuration of the City WAN after this upgrade has been
completed.
Network Upgrade Plan 4.6 VLSystems, Inc.
Ci Hall Police Police
City Hall Dept. Dept.
4`s, floor 5 floor I"Floor 2nd Floor
FDDI circuits �� FDDI circuits
City Hall City Hall
3 floor Basement EDA
Dual T 1
Frame Relay circuits GTE
Remote locations, e.g.,
Police&Fire
0 • • •
Figure 3
Wide Area Network Configuration After Upgrade
Telecommunications Services
Telecommunications services will be provided by GTE. Almost all remote sites within
the city are served directly by GTE. A small number of locations are served by
PACBELL; however, this will not pose any difficulties in connecting those sites to the
upgraded WAN.
Management Software
The ability to effectively manage this increasingly complex network is critical to its
success. A dedicated network management station will be installed for this purpose. This
machine will run software specifically targeted to manage the array of hardware
components installed. Simple Network Management Protocol (SNMP) provides a way for
network managers to monitor, troubleshoot and manage a network composed of different
types of hardware from different vendors. This system can be configured to support both
the network components and the servers and workstations that will populate the network..
The Stoneybrook software, Router Manager, will be installed on this system. This
software is capable of managing routers from 5 different vendors and provides an
integrated approach to network management.
Network Upgrade Plan 4.7 VI-Systems, Inc.
Hardware Required
The Galactica hub in City Hall and the ONline concentrators in the PD were installed in
September, '95. As noted, the manufacturer of this hardware has been purchased by
3Com. As a result the Galactica hub is being phased out by 3Com; however, the ONline
concentrators are still a current offering. The Galactica hub, while still a serviceable
component, is no longer expandable and will be replaced. The ONline concentrators will
be retained and used for the upgrade within the PD.
That being said, the hardware required for this upgrade divides into the 2 areas listed
below. The following specifications outline the required hardware to implement this
upgrade. In some circumstances a specific number of hardware components are listed;
whereas, in other areas an "n" is listed since vendor solutions may vary.
Backbone Upgrades (proiects#1,#2, #3)
#1 - City Hall Upgrade
3`d, 4`h, 5`h Floors (Each floor. Water Department is accommodated on 5`h floor.)
256 lOBaseT Ethernet ports, using RJ45 terminators, connected to an FDDI
ring in at least 4 subnets per floor.
• Ethernet switches or repeaters to support required number of ports.
• Switching hubs or concentrators capable of creating virtual LANs
between subnets.
• Routers capable of routing traffic between virtual LANs created in above
switching hubs.
Basement
128 lOBaseT Ethernet ports connected to the FDDI ring in at least 4 subnets.
Ethernet switches or repeaters to support required number of ports.
1 Switch capable of creating virtual LANs between FDDI segments, Fast
Ethernet segments, and capable of supporting future ATM upgrades.
2 T1 to Ethernet router(s) (for 2 connections to GTE).
2 CSU/DSU for T1 connections
6 PCI FDDI network cards for existing server hardware (as noted in the IP
upgrade section)
7 FDDI routers to be mounted in main switch for connection to PD hub,
EDA hub, 3RD, 4TH, 5TH floor hubs, basement/1"floor hub, and basement
computer room.
#2 - Police Department Upgrade
1st Floor
192 lOBaseT Ethernet ports installed in the existing concentrator using RJ-
45 connectors.
Network Upgrade Plan 4.8 VI-Systems, Inc.
2°d Floor
192 1OBaseT Ethernet ports installed in the existing concentrator using RJ-
45 connectors.
24 Switched lOBaseT Ethernet ports using RJ-45 connectors.
2 Switched 10013aseT Fast Ethernet ports using RJ-45; switched
connection to 24 switched 1OBaseT ports above.
#3 - Economic Development Agency
64 1OBaseT Ethernet ports connected to the FDDI ring in at least 2 subnets.
Ethernet switches or repeaters necessary to support required number of ports.
1 Switching hub or concentrators capable of creating virtual LANs between
subnets.
n Routers capable of routing traffic between virtual LANs created in above
switching hubs
Connectivity Upgrades (proiects#4,#5,#6)
#4 & #5 - Existing Remote Locations
27 CSU/DSU units
27 Frame relay to Ethernet routers, SNMP manageable
21 8-port managed hubs (21 locations) or equivalent
9 16-port managed hubs or equivalent. Three locations have more than 8 but
fewer than 16 ports; three locations have more than 16 but fewer than 32
ports.
#6 - New Remote Location
1 CSU/DSU unit
1 Frame relay to Ethernet router, SNMP manageable
1 8-port managed hub or equivalent
Network Management Station
1 High-end Pentium workstation, 96MB, 1GB, 21" monitor, NT workstation
Digital Polycenter Netview, HP Openview, or equivalent
Stoneybrook Router Manager with appropriate "personality" modules
Other management software as necessary for hardware installed
Network Upgrade Plan 4.9 VLSystems, Inc.
Section 5
Computer Aided Dispatch (CAD) /
Records Management System (RMS) Upgrade
The bulk of the CAD and RMS upgrade will be performed by the system vendor,
Tiburon, Inc. Their proposal is very detailed and can, in general, be treated as a
standalone project. While Tiburon can supply the necessary hardware as a convenience to
the City, this isn't necessary. The City will likely obtain hardware to support this project
through a 3rd party vendor so as to obtain the best pricing available.
This upgrade will install 2 Digital Alpha servers for CAD, and 1 Digital Alpha server for
RMS all running Digital UNIX. Twenty workstations will be installed; twelve Digital
Alpha workstations running Windows NT as dispatcher workstations, and eight Pentium-
class Windows 95 workstations for call-taker workstations. These machines will be
connected via a switched Fast Ethernet backbone as described in Section 4: "Wide Area
Network Upgrade."
Because of the sensitive nature of the data stored on the CAD and RMS systems they
require high levels of security and facility preparation. The following sections describe
how these systems will be installed to meet these requirements.
Facilities
The CAD/RMS system requires a facility equipped with uninterruptable power
supplies (UPS), proximity to the CAD workstations, and telecommunications
services. The Police Department facility meets these requirements. The entire
building is supported by a UPS and has adequate air conditioning. Suitably secured
rooms for hardware installation are available in close proximity to the workstations
that will connect to these systems, and all telecommunications services required for
CAD/RMS terminate in this building.
Networking
The CAD application requires extraordinary levels of network bandwidth due to the
graphical nature of the program. To accommodate this level of activity Tiburon
recommends that the workstations and servers be segmented from the rest of the
network via a Fast Ethernet switch. A switch will allow for the entire bandwidth to be
available to update workstations. This will require installation of a 100mb/s data
switch in the#271 closet to connect the CAD workstations to the CAD dispatch
terminals. The Wide Area Networking section of this plan outlines further details of
the network support for the CAD system.
The RMS system also requires significant network bandwidth. The RMS system will
accordingly be segmented from the remainder of the network so that its network
traffic is isolated.
Network Upgrade Plan 5.1 VI-Systems, Inc.
Security Considerations
The CAD application must be made as secure as possible. This system is connected to
the California Law Enforcement Telecommunications System (CLETS), and when
this entire project is completed, to the Internet through its connection to City Hall.
In order to secure CAD/RMS a tiered "firewall" system will be installed as part of the
Internet connection. This firewall system will provide 2 layers of security between
CAD/RMS and the Internet. The diagram below depicts such a tiered approach.
Three Tiered Internet Firewall Model
Internet
Public Net(not secure)
Primary Net Visible Server
Firewall WWW,etc.
City Net(secure)
I
City Network Secondary
(OA,Sable,etc.) Firewall
IF Police Net(very secure)
Police Network
CAD/RMS
More information on the firewall and the Internet connection is in Section 3: "Internet
Connection."
Performance, Security, and Facility Considerations
The CAD/RMS will be installed in the Police Department for compelling technical
reasons. While there are advantages to locating servers centrally (e.g., City Hall) the
reasons for locating CAD/RMS in the PD outweigh those advantages.
Network Upgrade Plan 5.2 VLSysterns, Inc.
As noted above, the CAD/RMS systems requires enormous amounts of network
bandwidth. In order to provide that bandwidth between servers and workstations all
machines must be in close proximity (i.e., in one building). Should the CAD servers
(in City Hall) be separated from their workstations (in the PD) this network traffic
would be forced to compete with all other network traffic to the detriment of both.
Securing the CAD/RMS system from the Internet would be complicated by having the
servers located separately from the workstations. While it could be done it would not
result in an optimal solution.
Finally, the PD facility itself is superior to City Hall for supporting a mission critical
system such as CAD/RMS. This was graphically demonstrated by the recent regional
power outage when the CAD system was down for several hours because power could
not be properly restored to the City Hall basement, yet the PD suffered no loss of
power.
In order to properly support the Police Department, MIS needs to have staff on site at
the PD on a 7x24 basis. In order to provide this level of support, arrangements for
office space for up to 4 MIS employees will be required at the PD facility.
Network Upgrade Plan 5.3 VI-Systems, Inc.
Section 6
Geographic Information System (GIS) Upgrade
The Geographic Information System (GIS) is currently hosted on 3 Digital VAXstation
3100 workstations. These machines are old technology and are unable to maintain the
workload required. They will be replaced with 3 Digital Alpha workstations.
Replacement of these systems will be a straightforward process since no complex
software installations or database transfers need to be performed.
These systems connect to the City's OA machine in the form of a"cluster." This means
that they get their operating system code, program code and operating data from the OA
system. The GIS application requires the OpenVMS operating system; this will not be
changed initially. The application vendor, Graphic Data Systems (GDS), is developing a
Windows NT version of their program; however, it will not be available in an NT version
for 12-24 months. When an NT version is available these machines will be converted to
NT. (Alpha machines can operate with either the OpenVMS or NT operating systems.)
New Hardware & Software
The new systems will be configured to form a"local area cluster" in the basement of City
Hall. The new cluster will be independent of the old cluster in current use. The new
machines will use DECnet to form the cluster and TCP/IP to communicate with other
systems on the network.
The building of a cluster is a straightforward process and is well documented by Digital.
The machines will have OpenVMS already installed on their disks, and after the
machines are started they will be configured into a cluster. One of the machines will be
designated to hold the user authorization files and common files that will be used by all
the systems so as to minimize system administration. TCP/IP will be installed after the
systems have formed a cluster. The GIS software will then be installed. Sample data will
be downloaded from the existing systems and the new configurations will be tested for
proper operation.
Data Transfer
After testing has been satisfactorily completed the GIS data will be transferred to the new
systems. A special archive backup of the data will be made on the existing system as a
final precaution. The data transfer itself will be a very easy process. Since all the
machines will reside on the same network the data structures used by the application will
be divided between the three new workstations and copied as appropriate.
The new GIS systems will host data according to function; although any of the systems
will be able to access data on the other two. One workstation will host data for Public
Works and Public Safety. Another system will host the "base data" while the 3rd system
will host the remainder of the City's GIS data.
Network Upgrade Plan 6.1 VI-Systems, Inc.
Windows NT Conversion
Converting these systems to run the NT operating system will also be a straightforward
task. That said, however, the conversion process to utilize the new GIS software is
unknown since such a version does not exist yet. It is likely that there will be mandatory
data conversions in addition to the installation of the new software. While the actual
dynamics of the conversion are not known the vendor is well aware that the City (and
presumably other customers) are converting to NT and they will be responsible for
providing the necessary procedures. This issue cannot be dealt with in any detail until an
NT version of the program is available.
Network Upgrade Plan 6.2 VI-Systems, Inc.
Section 7
Office Systems Upgrade
Currently the City operates a Digital ALL-IN-1 office automation system. This software allows
access to WordPerfect and Lotus 1-2-3 for word processing and spreadsheet applications
respectively. ALL-IN-1 itself also provides for e-mail capability. All of these applications run on
a single VAX 4000 computer, which has become overloaded. Also, these are dated, character cell
applications lacking modern features such as windowing, easy cut and paste and other features
found in modern office application systems. They are relatively expensive and difficult to
maintain while providing limited functionality. The replacement of this system, and extension of
the new capabilities to the rest of the City is the purpose of this area of work.
The City also operates several applications, which will be retained, on other hardware platforms.
These systems are outlined in the table below:
SYSTEM NAME OP. SYS. HARDWARE APPLICATION/FUNCTION
SABLE Digital UNIX DEC Alpha 2100 Business Systems
IMGSVR MS NT DEC Alpha 1000 Image services (non-Police)
JBSRV MS NT NEC Pentium CD server for imaging system
IMGTXT MS NT NEC Pentium Image recognition server
OCRSRV Win V3.11 NEC Pentium Character recognition server
BLISS MS NT Gateway PC Business license server
Legend:
MS = Microsoft
DEC =Digital (Digital Equipment Corporation)
NEC = Nippon Electronics Corporation
In general terms these systems will continue to operate in their current fashion. However, some
changes will be applied so as to complete their integration into the upgraded network. These
changes will be detailed below.
New Office Svstem Hardware and Operating Systems
The new hardware for the City network is divided between servers and workstations, or clients.
The hardware discussed here is in addition to servers and workstations noted in other parts of this
document.
The City will install 5 new servers located as follows:
The basement of City Hall
Feldhyem Library
Parks and Recreation main office
Fire Department main station (see section below)
Vehicle maintenance garage
Network Upgrade Plan 7.1 VI-Systems, Inc.
The server to be installed in City Hall will be a high-end Digital Alpha server and will be the
centerpiece of the new network. This machine will serve most of the City's users, estimated to
grow to 1000 users, with e-mail, file and print services, office system applications, and certain
network management functions. This system will provide significant data storage resources, and
as such the disk drives on this machine will be set up in a RAID-5 configuration to provide added
data security. Further, an appropriate tape drive will be installed to allow for archival and off-site
storage of City data. This machine will be directly connected to the FDDI backbone of the City
network and will run the Microsoft Windows NT Server(NT) operating system.
Each of the 4 servers at the other locations (called remote locations) will be Pentium or low-end
Digital Alpha machines. They will provide local file and print services and will serve office
system applications. They will not provide e-mail; this will be provided by the main server in
City Hall. These machines will be also be installed with RAID-5 disk configurations and local
tape drives. They will be connected to the LAN that will be built at each site, which in turn will
connect to the City WAN. Each of these systems will also run Microsoft Windows NT Server.
Integration of New And Existing Server Systems
The five new systems will be combined with the four existing Windows NT systems and the
SABLE system into a city-wide "domain." The NT operating system allows domains to contain
many servers, yet provide a single login procedure for access to most or all network resources.
This structure means that users throughout the City will be able to easily access data,
applications, printers and other resources from a single desktop PC.
Several changes will be performed to existing systems prior to their integration with the new
machines:
System Name OS Description Of Chame/Upgrade
SABLE Digital UNIX Install Pathworks for Digital UNIX
IMGSVR MS NT Reinstall NT with new domain name
JBSRV MS NT Reinstall NT with new domain name
BLISS MS NT Reinstall NT with new domain name
IMGTXT MS NT Reinstall NT with new domain name
OCRSRV Win V3.11 Upgrade to NT with new domain name
Fire Department Upgrade
The Fire Department upgrade is unique in that there is a Novell Netware server installed at the
main fire station. This LAN supports approximately ten users within the fire station and ten users
from remote fire stations that connect via a Shiva Lan Rover. The server is running Netware
V3.12. The server hardware is a clone machine, but the individual who once ran this LAN is no
longer employed by the City. As a result, the upgrade at this location is more involved than the
other 3 remote locations with servers.
The Windows NT server to be installed at the main fire station will serve approximately 20 local
users. Transfer of the functions of the Netware server to the NT server will be facilitated via an
NT function known as "Gateway Services for Netware." This allows users to connect to the new
Network Upgrade Plan 7.2 VLSystems, Inc.
NT server and still access their applications and data on the Netware server while the transition
occurs. The Shiva Lan Rover will be removed since the remote fire stations will connect via the
WAN as previously outlined. Access to the RMS system will be allowed through the secondary
firewall in the PD. All other aspects of this conversion will be similar to other sites with servers.
Workstation Hardware And Operating Systems
New workstation hardware will be Pentium PCs. These machines will be connected to the
network via twisted pair Ethernet connections. Those PCs located in City Hall will be connected
to the cable plant in City Hall that will be installed as part of the WAN upgrade. As a rule, these
machines run the Windows 95 operating system and TCP/IP for network communication.
PCs installed at remote sites will be somewhat more variable. They will be connected to the LAN
at their location, which will connect to the City WAN. Generally, these machines will run the
Microsoft Windows 95 operating system and TCP/IP; however, this is not true for machines
located at the neighborhood police stations. Those machines will use the Windows NT
Workstation operating system and TCP/IP because of the higher security levels required for those
machines.
New Office Svstem Software
One of the primary reasons to upgrade a network is to make modern software available to all
users. Effective delivery of these applications is key to a successful implementation. In general,
the following guidelines will be used to deliver office system applications. These applications,
e.g., word processing, will be installed on the 5 primary servers and will be shared by users in
locations so served. Users in locations without a local server, e.g., COP shops, will have
applications loaded locally on their PCs. Existing applications, e.g., imaging, will continue to be
hosted on the systems which currently host them.
Application Software
The primary office systems applications will be provided by the Microsoft Office suite of
products. This includes Microsoft Word, Excel and PowerPoint for word processing,
spreadsheets and presentations respectively. Electronic mail (e-mail) will be provided by
Microsoft Exchange. This package will allow mail to be exchanged both within the City and
with external organizations via the SMTP capability of this software. The existing business
applications are terminal based; they will be accessed by a terminal emulator application on
individual PCs. These terminal sessions will occupy a single window on a given PC, which
means that users can easily switch between terminal applications and Windows applications
without the need to shut down any given application.
Management Software
Another issue in successfully implementing this network upgrade is the ability to effectively
manage the resulting network. Two system management packages will be installed to support
this goal.
Microsoft Systems Management Server(SMS) is used to inventory PC hardware and
software, distribute software to clients, perform software audits, and provide help desk
Network Upgrade Plan 7.3 VLSystems, Inc.
functions. SMS will be installed on all of the NT servers and on every PC workstation.
Installation on workstations occurs automatically as machines come up on the network. After
installation the inventory functions and software distribution occur in an automated fashion.
This allows for significant diagnostic capability without having to visit a given workstation.
Additionally, users can permit help desk personnel to assume control of their PC over the
network for diagnosing problems or user training.
Digital Polycenter Assetworks extends SMS functionality to include machines other than PCs
in the inventory function; this will allow VMS and UNIX systems to be included in the SMS
system. Assetworks further provides PC software metering and an integrated reporting
capability that is lacking in SMS. This software allows administrators to determine software
usage levels so that proper licensing can be maintained without unnecessary expense.
Client Workstation Installation Within City Hall
New PC client workstations will be installed on all floors to replace the existing VT terminals.
All of the VT terminals are connected to the network through the data closet on the 3rd floor. As
noted in the WAN section, closets in the basement, and the 3rd, 4d', and 5`h floors will be
upgraded to service users throughout City Hall. This will allow support for both VT terminals
and the growing PC population during the transition period. This strategy supports either gradual
conversions or accelerated upgrades for individual departments.
These machines will have the Windows 95 operating system installed. These systems will use
TCP/IP to communicate with other systems; the IP addresses will be assigned dynamically as
outlined in the WAN section. They will utilize services offered by the machines in the City Hall
basement; e.g., e-mail, printing, file storage, imaging. In general, they will obtain shared copies
of network office applications (e.g., Word) from the new Office Applications (OA) server. They
will utilize a terminal emulation package to connect to SABLE to run applications on that
system. They will also be able to connect to disk drive services (a.k.a. shares) on SABLE and
other NT servers in the network as necessary.
For purposes of this discussion the Police Department and EDA are considered part of City Hall.
This is because the PD and EDA are connected to City Hall via the high speed FDDI link
between those buildings. The CAD/RMS systems, while connected to the City WAN, will be
segmented from the main network. The remaining users in the PD will use the FDDI link to
obtain their services from the new OA system. The PD has been wired with a CAT-5 wire plant
and will not require any additional wiring from closets to desks.
Client Workstation Installation Outside City Hall (except Police Department and EDA)
Installation of client workstations outside of City Hall depends upon which remote location is
being examined. The speed of the transition for a given site depends upon the size of the site. The
remote sites fall into the following categories:
1) Small sites without a local server
2) Sites with a local server
3) Libraries
Network Upgrade Plan 7.4 Vi-Systems, Inc.
For small sites without a local server a rapid conversion will be employed, i.e., the entire site will
be converted at one time including the WAN changeover. These sites will use the new OA
system for file and print serving; however, the machines at these locations will have local copies
of applications installed. It would also be expected that users will store the majority of their data
locally on their PCs; although, regular backups of important data to the main server will need to
be employed. Some services will only be offered in City Hall: e-mail, the SABLE applications,
GIS, and imaging. The RMS system will only be available at the main Police Department.
Access to RMS will be granted to those systems requiring access through the secondary firewall.
The four sites with local servers can, and likely should, be converted more slowly. The local
server at these sites will provide file and print serving. Office applications will be served locally
instead of installed on each machine. However, as noted above, some services will only be
offered in City Hall. While accessing these applications across the WAN will result in somewhat
slower performance it isn't practical to attempt local installations of those services, and
performance should be quite adequate.
In the case of the libraries a total transition away from VT terminals will not occur due to the
light pen system employed for checking out books; they will use both terminals and PCs for the
foreseeable future. As outlined in the WAN section, the libraries will use DECserver 300
terminal servers for the VT terminals to communicate with the WAN. Other aspects of
converting libraries will be the same as other sites depending upon whether they have a local
server or not.
Data Conversion
Conversion of data from the existing ALL-IN-1 system to the new NT system will be one of the
most important tasks in this project. The success of data conversion is a large factor in the
perception of success from the user perspective. No matter how well the new network performs,
if existing user data cannot be transferred easily and reliably then the project can be perceived
poorly.
A basic issue that will be addressed is the difference in file naming conventions. The ALL-IN-1
user recognizes a file by a name meaningful to him or her. The ALL-IN-1 system actually uses
another name that is meaningful only to the computer, not the user. This issue will be apparent in
all of the ALL-IN-1 data conversion tasks below. This problem will be solved through the use of
a small program that will copy the file from its machine meaningful name to the name that the
user knows it by. Once this renaming is complete the files will be copied from the old OA
computer to the new OA computer into the user's new file storage area.
Conversion of ALL-IN-1 to Microsoft Exchange
During the transition period the City will be using two separate mail systems. The Exchange
system will use SMTP to send and receive mail with external organizations via the Internet.
This capability is built into Exchange and is very easy to implement. Conversely, ALL-IN-1
does not have a built-in SMTP capability. Adding this to the old OA system would require
additional software which would be used for a very limited time, and it would require
valuable time to configure and maintain during the transition. For these reasons the two mail
Network Upgrade Plan 7.5 VI-Systems, Inc.
systems will not be able to communicate with one another. While this will create some
measure of dislocation during the transition, it will allow the transition to occur more rapidly.
Conversion of ALL-IN-1 mail to Exchange will occur on a user-by-user basis and will be
coordinated with PC and network hardware installations and user training. The actual
conversion will occur as a batch process. This will involve extracting user data from the
ALL-IN-1 File Cabinet intermediate files which are then copied to the Exchange server and
imported into the new mail system. Data structures the user has created in their File Cabinet
can be transferred to Exchange, but the export may be restricted to current files to reduce the
time and disk space required during the transfer.
Conversion of Wordperfect documents to Microsoft Word
After the above steps of renaming and copying documents from the old OA system to the
new OA system has occurred the Wordperfect documents can be converted into Word format
by Word itself. The actual conversion will occur when the user opens the document in Word
for the first time. This will take some period of time to occur depending upon the size and
complexity of the document. When the user saves the document it will be saved back into
Word format. Afterwards, the conversion will not need to occur.
These conversions have improved greatly over the years, but they are not perfect. The level of
imperfection depends upon the content of the document. Most of the time only minor changes
in formatting, e.g., tabs or highlighting, will need to be performed to restore the document to
its previous condition. Other conditions may exist which will require additional effort,
particularly those documents that contain graphic elements.
The rename and copy steps will occur on a per user basis as the transition occurs. This will be
coordinated with the installation of PC and network hardware as appropriate. There are
approximately 75,000 documents that may require conversion.
Conversion of Lotus 1-2-3 Spreadsheets to Microsoft Excel
Converting Lotus 1-2-3 spreadsheets to Excel will follow the same procedure as that for
WordPerfect documents. The spreadsheets will be renamed and transferred to the new OA
system. Once the spreadsheets have been copied to the new OA system they will be converted
by Excel as they are opened by users. As above, the initial conversion will take a period of
time depending upon size and complexity of the spreadsheet, but further conversions will not
be required so long as the spreadsheet is saved in Excel format. There are approximately
3,000 spreadsheets that may require conversion.
Server Hardware Required To Implement
1 Digital Alpha 4100 server (up to 1000 users), 256MB, FDDI, 36GB Raid5, DLT
4 Pentium or Digital Alpha 400 servers (up to 50 users ea.), 64MB, Ethernet, 4GB Raid5,
4GB tape
Network Upgrade Plan 7.6 VI-Systems, Inc.
Client Hardware Required To Implement (ner client workstation)
Intel Pentium- 133MHz, 16MB memory, 0.5 or 1GB IDE disk, 3C590 NIC, 15" monitor,
keyboard, mouse
Server Software Required
5 Windows NT Server
5 Executive Software Diskeeper for NT Server
1 Arcada Backup Exec. Enterprise Edition for NT
4 Arcada Backup Exec. Server Edition for NT
1 Arcada Backup Exec. SQL Module
1 Arcada Backup Exec. Exchange Module
1 Microsoft NT Resource Kit
1 Microsoft Backoffice Server
1 Digital Polycenter Assetworks Server
4 Digital Polycenter Assetworks Enterprise Clients
350 Microsoft Office (for network serving)
350 Reflection 4 terminal emulation (for network serving)
Client Software Required
950 Windows 95
50 Windows NT Workstation
1000 Windows NT client connect
1000 Exchange client
1000 SMS client
1000 Assetworks client
Network Upgrade Plan 7.7 VI-Systems, Inc.
Section 8
Security Plan
The City-wide network created by the project adds significant capabilities for information
exchange within the City and with outside agencies. This improvement also makes it
easier for information to be released inappropriately and adds paths for unauthorized
access to sensitive City data. Protecting the network from unauthorized access requires a
wide range of techniques.
Network security is a multi-tiered issue, and, of necessity, the means to address it are
multi-tiered. Security has been mentioned in other parts of this document; however, this
section will serve to enumerate, in one location, the security measures that will be
employed as part of this network upgrade.
Physical Security
Physical access control prevents many problems from occurring in addition to providing
added reliability. Core network hardware, e.g., routers, switches, servers, will be installed
in locked areas. These locations will be the MIS office, the wiring closets on the 3`d, 4`t',
and Sd'floors of City Hall, and the#271 and#104 closets in the Police Department. All
these locations provide excellent physical security via locked doors with key or cipher
lock access.
Securing network hardware at remote sites will be accomplished in a similar manner,
where possible. Some facilities have a telecommunications closet with a locked door that
will house the basic network components for each site. However, a majority of sites do
not have a lockable closet. In these sites the network hardware will be installed outside of
general public view and in lockable furniture where possible. Further security for these
sites will be provided by access control methods described below.
Access Control
Users' access to the network is the most noticeable form of security. It is access control
that mandates passwords and the regulation of passwords. Microsoft Windows NT
Server, Digital UNIX and Digital OpenVMS will be the network operating systems used
in the upgraded network. These operating systems are C2 compliant which means that
they provide event tracking and auditing, user validation and authentication, login time
restrictions, password length and age restrictions, user account lockout and other
advanced security features.
Access control at remote sites is a special problem since the workstations at these sites
provide direct access to the City network. This will be addressed by installing the
Windows NT Workstation operating system on these systems. This operating system has
the same level of controls as the server version mentioned above, which will prevent
unauthorized access to data on these machines, even if the machine were stolen. User
accounts will be created on the individual machines, in addition to the normal network
Network Upgrade Plan 8.1 Vi-Systems, Inc.
account. This means that to gain access to an individual workstation a correct username
and password must be provided.
Network Control
Securing the network itself(aside from physical controls) will be accomplished through
the use of"firewalls." These systems will be installed as part of the Internet connection.
They will be employed so as to give a multi-layered approach to securing the network.
The diagram below depicts this approach.
Three Tiered Internet Firewall Model
Internet
Public Net(not secure)
Primary Net Visible Server
Firewall WWW,etc.
City Net(secure)
I
City Network Secondary
(OA,Sable,etc.) Firewall
Police Net(very secure)
Police Network
CAD/RMS
In this model the Internet visible server will be used by the City to host web pages and
other information that the City wishes to share with the public at large. Behind this is a
primary firewall system which will prevent access to internal city network resources and
allow control of access from inside the network to the Internet. The main City network
resources will reside on this tier. A secondary firewall to protect the Police network will
be installed. This firewall is required because many security threats come from inside an
organization; this will protect the Police network from unauthorized access originating
from within the City and in the event that the primary firewall is breached. This firewall
will be configured to permit access to RMS from the remote Police and Fire substations,
and to allow access to the imaging server for selected City employees.
Network Upgrade Plan 8.2 VI-Systems, Inc.
Data Security
The previous sections outline methods to prevent unauthorized physical or network
access to the components of the City network. However, the actual data stored on a
network is the most valuable asset of the network, and it is the most likely to suffer
damage or loss. Securing and recovering data stored on the network is, in many respects,
the most important job a network administration staff must accomplish.
Securing data from intentional or accidental damage or loss is accomplished with two
primary methods. First and foremost is employment of a data backup strategy that copies
data to secondary storage media, usually tape. An adjunct to backing up data to tape is
employed by many database applications where the management application will backup
data dynamically to journal files and the like. The second method is to protect data
through the use of permissions; users are granted access and privilege only to the data and
level that they require.
All of the systems that will be employed in this project will either have, or have available
to them, backup media to secure their data from loss. The servers at remote sites will have
small tape drives while the main servers will utilize larger tape drives. While it is not
practical to back up all data every day, all new and modified data will be backed up on a
daily basis. Full system backups will be performed regularly. These tapes will be stored in
a secure location in the MIS office and will be rotated regularly so that data recovery will
be possible for a reasonable historical period. Also, some tapes will regularly be rotated
off site so that not all data will be lost in the event of destruction of the primary tape
store.
Backing up databases poses special problems. Since the files that compose the database
are almost always open by the application the backup software often times cannot backup
those files. This creates a situation where valuable data is not being backed up to tape.
This can be solved by stopping the database, thus closing the files, and then backing them
up to tape. This also can be solved by creating journal files which can then be backed up.
The solution to this problem will be solved by cooperation between the database
administrators and the system or network administrators. The Exchange e-mail and SQL
databases on the main OA server will be backed up by special modules from the backup
software vendor.
Data access protection is provided by the operating systems that will be used on the
network. Part of the C2 security specification are requirements for providing extremely
fine levels of control over data to prevent accidental or malicious damage or deletion of
data. Users will be grouped to make assignment of access and privilege easier and more
maintainable. A typical example of this is when one or two people are granted full access
to a data structure, a larger group of data maintainers can add to and modify the data, and
then everyone else on the network can read the data.
Network Upgrade Plan 8.3 VLSysterns, Inc.
Section 9
Staffing and Training Plan
Implementation of this project will result in a system that adds significant value to City
operations. The current staff operates the City environment through extraordinary efforts;
however, the City will require additional staff and training for existing staff to support
this new network. Increased complexity is a price to be paid for the added value that
modern LANs and WANs provide. It is difficult to over emphasize the need for adequate
staffing, training and appropriate tools to assure the success of this project.
One measure of staffing efficiency is the ratio of LAN administrators to end users. This
ratio is regularly studied and updated by several leading research groups. Meta Group and
Infovision International report ranges from a low of 40:1 to a high of 125:1.1 Currently
there are 600 users on the City's network and 3 administrators yielding a 200:1 ratio.
Since the City is expecting growth in its user population this ratio will only worsen.
Selecting a middle value of 80:1 for a 1000 user network would require a technical staff
of 12 - 13 individuals. Applying this calculation would require the City to add up to 10
people to the technical staff to support these activities. Such a team will be cross-trained
so that no one individual is the only person to possesses a particular skill set.
End users must also be trained to effectively use the new tools that will be provided.
Currently users know how to use ALL-INA, WordPerfect, Lotus 1-2-3 and those business
applications associated with their job function. While the business applications expertise
will continue to apply in the new environment, many other aspects will change. For
example, the character cell versions of WordPerfect and 1-2-3 are much different than the
new versions of Word and Excel that will be employed. Also, users will be using
Windows 95, an Internet browser and a new mail system. Thrusting users into such a
radically different environment without adequate training and on-going Help Desk
support will not serve the City's interest.
Support Staff Skill Mix
The skill mix below reflects the disciplines necessary to support this network. Please note
that most Help Desk category products or technologies appear elsewhere under a
management category. This is because effective deployment, maintenance and
management of a given application usually has little to do with the actual workings of an
application from the user perspective. That is to say, if the application operates correctly
within the overall environment then management and deployment of the application has
been successful. This says nothing about the inner workings of the application or the
types of questions that users are likely to ask about a given application.
1 META Group, Inc., "The Cost of LAN Support," Global Networking Support,File 513,April 13, 1992,
p. 1; and Infovision International, "The LAN Administrator-to-End User Balance," May 1995,p. I.
Network Upgrade Plan 9.1 Vi-Systems, Inc.
Skill Category Products or Technologies
Operating systems MS Windows NT Server& Workstation
Microsoft Windows 95
Digital UNIX
Digital OpenVMS
Digital Pathworks
Systems Management MS Systems Management Server
Digital Assetworks
Network Management Network hardware configuration and management
Tools for network monitoring and trouble shooting
Simple Network Management Protocol (SNMP)
TCP/IP skills including Dynamic Host Configuration
Protocol ( DHCP), Domain Naming Service (DNS),
Windows Internet Naming Service (WINS)
Internet Security
Application Management and MS Word, MS Excel, MS PowerPoint,
Database Management MS Exchange, MS Schedule Plus
Tiburon Computer Assisted Public Safety System
Existing Business system applications
Informix and Unidata
Geographic Information System, ArcView
Imaging application
Data conversion from old OA to new OA
Intranet and Internet web pages
Hardware maintenance Network hardware (routers, hubs, repeaters, etc.)
Server hardware
Individual PC workstations
Specialized high-end workstations
Printers
Help Desk Minimal operating system administration (e.g.,
passwords, printers)
MS Word, Excel, PowerPoint, Exchange, Schedule+
Data conversion applications/techniques
Existing Business systems
Geographic Information System, ArcView
Imaging
Web browser
Legend: MS = Microsoft, Digital = Digital Equipment Corporation
Network Upgrade Plan 9.2 VLSystems, Inc.
Support Staff Training
In order to develop the above skill mix a combination of training, hiring, and outsourcing
will be used. The choice will be based upon factors such as: Is it faster to hire certain
skills rather than develop them in-house, and the relative importance of the skill. Critical
skills such as security, network and system administration should stay within the City;
whereas, less important skills such as hardware maintenance, Help Desk, and training can
be outsourced.
Training for technical support staff
MS Windows NT Server and Workstation
MS Systems Management Server (SMS)
Digital Assetworks
Digital UNIX
Tiburon CAD/RMS
Netview/Openview - SNMP
TCP/IP, DHCP, WINS, DNS
ClearVISN, Router Manager and/or other network management products
Training for Help Desk personnel
MS Office (Word, Excel, PowerPoint)
MS Exchange
MS Windows 95
CAD/RMS
Imaging system
Other in-house business systems
Web browser(s)
Operating systems administration (NT, UNIX, OpenVMS)
Support skills to be outsourced
Hardware maintenance (all)
Software maintenance. (NT, Win95, VMS, UNIX, SMS, office apps., Netview, PW,
ClearVISN, GIS, ArcView, Imaging)
User Training
Training for users will be an on-going process, especially during the transition period.
Basic training in the use of the operating system and office applications will be
coordinated with the installation of new hardware. Every effort will be made to assure
that this training will occur immediately prior or immediately after installation of
hardware, although this may not always be possible. After users have received a base
level of training detailed training in certain applications will be made available.
Training for City network users
MS Office (Word, Excel, PowerPoint) MS Exchange
MS Windows 95 CAD/RMS
Imaging system Web browser(s)
Other in-house business systems
Network Upgrade Plan 9.3 VI-Systems, Inc.
Job Titles
The list below presents sample job titles and the skill sets required to fulfill those jobs. In
most jobs skill sets overlap with other jobs, e.g., the line between network and system
administration is often not clear and personnel in each job should have significant skills
in the other. Very few individuals will possess all of the skills in all of the skill sets listed
for a given job title, but elements of several skill sets are required for every job type.
Job Title/Staffing Level Skills Required
Network Engineer/Administrator Network management
Systems management
1.5 EP Operating systems
System Engineer/Administrator Operating systems
Systems management
1.5 EP Network management
Network Security Analyst/Officer Operating systems
Application management
Systems management
0.5 EP Network management
Database Administrator Database management
Application management
0.5 EP Operating systems
System Operator Operating systems
4 EP Systems management
Help Desk Analyst Help Desk
outsourced 1 EP, employee 1 EP Application management
Hardware Engineer(outsourced) 1 EP Hardware maintenance
Applications Analyst Application management
Operating systems
0.5 EP Network management
Applications Trainer Application management
Help Desk
Operating systems
(outsourced) 1 EP Network management
Internet Systems Engineer/Administrator Network management
Application management
0.5 EP Operating systems
Internet Applications Analyst Application management
0.5 EP Help Desk
EP = Equivalent Person
Note: The staffing levels noted above do not include programming, clerical or
management staffing.
Network Upgrade Plan 9.4 VI-Systems, Inc.