Difference between revisions of "Infrastructure"

From Interlock Rochester Wiki
Jump to: navigation, search
(Audio System)
(Audio-Visual System)
Line 105: Line 105:
  
 
'''Audio'''
 
'''Audio'''
*Two speakers rigged to the top corners of the room
 
 
*[http://www.bhphotovideo.com/c/product/541197-REG/Bogen_Communications_S810T725PG8W_Ceiling_Speaker_Assembly_with.html Public Address] system array across the ceiling
 
*[http://www.bhphotovideo.com/c/product/541197-REG/Bogen_Communications_S810T725PG8W_Ceiling_Speaker_Assembly_with.html Public Address] system array across the ceiling
 +
*Two speakers rigged to the top corners of the room
 +
*Surround sound rigged to the top of the room
 
*Inputs to an audio mixer/home receiver
 
*Inputs to an audio mixer/home receiver
 
*Sources: Microphone, CD/DVD, computers
 
*Sources: Microphone, CD/DVD, computers

Revision as of 19:52, 7 December 2009

Contents

Infrastructure

Power

Questions:

  • What is the capacity of the power system the space on?
  • Is it shared with other tenants?
  • What kind of emergency power/lighting does the building have?
  • Is it our responsibility or the landlord's to increase/change electrical capacity?

If so:

  • Do we have access to the electrical panel or disconnect/fuses from within the space?
  • Can we run our own conduit/wall boxes? (Wall conduit to comply with fire code)


Temporary power distribution can be done with extension cords. Overhead cord reels are a solution, but they must not remained plugged in at their source when not in use in order to comply with fire code. Cable trays are not a good solution for power. (They are a pain in the ass.)

Environmental

Questions:

  • How is the space heated in the winter?
  • How is the space cooled in the summer?
  • What is the RG&E budget for the space (assuming it can give some indication of the cost of heating/cooling)?
  • Will humidity be a problem?

Things we may need to purchase:

  • Heater
  • Air Conditioner
  • Dehumidifier
  • Thermostat/Thermometer

Network

  • Internet
    • Time Warner Cable (not twtelcom)
      • "Teleworker" Package: 10/1.5 $89.95 with a static IP
      • "Home Business" Package: 15/2 $109.95 with a static IP [1]
      • --Antitree 19:27, 3 December 2009 (UTC) Talking to John day about NFP discounts and possible packages for our building zone
    • Talking to Fibertech as well. This would be a dedicated fiber circuit, instead of DOCSIS. I've submitted a request for a quote / more info... will update as I know more. --Fvox13 02:30, 5 December 2009 (UTC)
    • I'm also talking with Cogent. They don't appear to offer service in Rochester, but their fiber line goes through Rochester (on the way to Buffalo and Albany), and they offer "off net" service by way of subcontracted T3 / sonet lines. --Fvox13 18:58, 5 December 2009 (UTC)
      • Cogent is going to try and get a quote to me by Tuesday afternoon. Quote will cover 10 / 20 and 50 meg lines. --Fvox13 18:34, 7 December 2009 (UTC)
    • If we're investing in a line like this, could we maybe sell it to other tenants?


  • Three distinct segregated networks
  • Separate colors of wires so we can tell at a glance which network we're plugging into (we can get colored keystone jacks, too)
    • Production = Green
    • Warzone = Red
    • Playground = Yellow
  • Each network should also have a VERY different IP scheme
    • Hey, there happen to be 3 private IP blocks in RFC 1918... 10.* 172.16-31.* and 192.168.*
  • Should be Cat 6 wired access, with drops throughout the space, no less than 6 feet apart (Similar to NEC 210.52)
    • We want to limit the number of switches / hubs that are used beyond the core equipment, so it's better to be overkill here

Production

  • 172.20.x.y
    • 172.20.0.y - core equipment (routers, switch management, etc)
    • 172.20.10.y - servers (LDAP, DHCP, DNS, etc - assuming not provided by router)
    • 172.20.20.y - wired hosts (shared workstation for research, etc?)
    • 172.20.30.y - wireless hosts (member laptops)
    • 172.20.50.y - wireless guests (event participants, class registrants, etc - may be partitioned into a separate network, see below)
  • Change management - agreement of whatever group is going to be responsible for maintenance before making major changes
  • Access to core equipment limited to small group of network managers
  • No probing / pen testing
  • Reliable node-to-node and internet connectivity
  • Robust internally hosted network services (DHCP, DNS, SFTP, Images (RIS, Ghost), LDAP)
    • Central LDAP host that contains authentication information for all members and is linked up with Google Apps
    • Possibly a web server to host the wiki, website, etc
    • Possibly light-weight co-lo boxes (offsite backup, etc) not intended to host production / high bandwidth websites (we will likely only have 1 external IP...)
  • AirPort Express wireless AP (connected to stereo system for streaming music via AirTunes?)
    • Production network should have a more robust AP... maybe a Meru or Cisco?
      • I agree, the problem is cost. I didn't see any mentions of a better AP on the donations page, so we may be stuck with what I've got for the time being. We will also probably want to offer guest wireless access at some point, through a different SSID, which will require an additional/different AP (the new Apple equipment can do it, but this one can't)
    • Can also act as a USB print server if we have a printer donated (USB is not the best option... we should consider an ethernet-enabled printer (maybe someone can donate?))
    • Authentication through RADIUS + LDAP?
  • No unauthorized devices (APs, infected boxes, traffic sniffing tools, etc)
    • Device registration system, like RIT's start.rit.edu ?
  • We have the ability to provide VPN access to this network. We will have to decide as a group if this is desirable and if it will be open to everyone or just the network management group

Warzone

  • 172.30.x.y
  • No expectation of reliability
  • Relatively open access to equipment / no change management
  • No expectation of structure, very dynamic depending on project use etc, may use different IP address schemes if it doesn't connect to the other two networks in any way
  • Expect to have equipment probed / pen tested
  • No internet connectivity? Expect machines to be exploited / infected?
  • "Rogue" access points allowed (maybe include DHCP message that states you'd better be sure you want to connect to this network - want to be friendly with our neighbors)

Playground

  • 172.25.x.y
    • Each project should claim an address space (ie 172.25.15.y) so we can tell what traffic is coming from which projects
  • Temporary, dynamic, but more static and stable than the warzone
  • Change management much more loose than production network but there should be some expectation of reliability so please at least check with someone unless you're very sure of what you're doing
  • Access to the internet
  • Area to play with an test new technologies (for example, play with VOIP/SIP)

Physical Security

  • We need to be able to "deactivate" keys, for non-payment etc
  • Multi-factor authentication (ie, fob + PIN)
  • Biometric stuff is really cool. Can we afford? Schlage Biometric systems
  • Audit logging (twitter, website, dot matrix paper trail, etc)


Audio-Visual System

Audio

  • Public Address system array across the ceiling
  • Two speakers rigged to the top corners of the room
  • Surround sound rigged to the top of the room
  • Inputs to an audio mixer/home receiver
  • Sources: Microphone, CD/DVD, computers

Video

  • Ceiling mounted projection
  • Screen
  • Sources: DVD, computers