Download Standards and Requirements

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Airborne Networking wikipedia , lookup

Universal Plug and Play wikipedia , lookup

Computer network wikipedia , lookup

Wi-Fi wikipedia , lookup

Zigbee wikipedia , lookup

Lag wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Distributed firewall wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Network tap wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Wireless USB wikipedia , lookup

Wireless security wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Technology Standards and Minimum Requirements
1. Hardware
a. User Interaction
i. Desktop
1. Minimum Hardware Requirements - Desktops must have a minimum of 4 GB RAM, 250
GB permanent storage, and support Windows 7 64-bit.
2. Operating System - Windows 7 64-bit Professional should be installed as the default
operating system.
3. Warranty – All desktops should be purchased with at least a 3 year parts + labor
warranty, with “keep your hard drive” service, if such service is available. Regardless of
whether or not “keep your hard drive” service was available or purchased, no
permanent storage device may be returned to the manufacturer for any reason
(replacements must be purchased if they cannot be replaced under warranty without
returning the original).
4. Software – All desktops must be allocated a license for a supported version and edition
of Microsoft Office.
5. Configuration Management – If Fairfield County IT has deemed a specific unified
management system necessary, such as Altiris or System Center Configuration Manager,
and if per-device licensing is required for each device to be managed, then a device
license shall be purchased or otherwise allocated upon purchase of each desktop.
ii. Laptop
1. Minimum Hardware Requirements - Laptops must have a minimum of 4 GB RAM, 250
GB permanent storage, and support Windows 7 64-bit.
2. Operating System - Unless business requirements dictate otherwise, Windows 7 64-bit
Ultimate should be installed as the default operating system.
3. Encryption – All permanent storage within laptop computers must be encrypted at all
times, and encryption keys must be made available to IT when they are established and
immediately upon each change, if they are changed.
4. Docking Station – All laptops that will be regularly used both in the field and at a single
location (“workspace”) must be purchased with one docking station per workspace
where the laptop will be routinely used. All docking stations must support at least one
each external monitor, keyboard, mouse, power supply, and USB device.
5. Docking Accessories – If a docking station is purchased, an external monitor, keyboard,
and mouse should also be purchased.
6. Warranty – All laptops should be purchased with at least a 3 year parts + labor
warranty, with “keep your hard drive” service, if such service is available. Regardless of
whether or not “keep your hard drive” service was available or purchased, no
permanent storage device may be returned to the manufacturer for any reason
(replacements must be purchased if they cannot be replaced under warranty without
returning the original). Additionally, accidental damage protection is strongly
recommended to be purchased for the same duration as the original warranty, when
available.
7. Software - All laptops must be allocated a license for a supported version and edition of
Microsoft Office.
8. Configuration Management – If Fairfield County IT has deemed a specific unified
management system necessary, such as Altiris or System Center Configuration Manager,
and if per-device licensing is required for each device to be managed, then a device
license shall be purchased or otherwise allocated upon purchase of each laptop.
iii. Monitors
1. Minimum Dimensions – Monitors must have no less than 19” of viewable space,
measured diagonally across the screen. Power users of MUNIS, Crystal Reports, BIDS, or
SQL Server should have no less than 22” of viewable space.
2. Multiple Monitors – Multiple monitors are supported only when used on computers
with multi-head video cards and which are running Windows 7 as the operating system.
3. Interface - Monitors must support either DVI or DisplayPort.
iv. Cell Phones, Tablets, and other mobility solutions
1. Encryption - All mobility devices that are connected to the Fairfield County network
must support encryption of all Fairfield County data that is stored or cached locally.
2. Operating System Integrity (aka “jailbreaking”) – All mobility devices should run an
operating system that the manufacturer shipped with the device and that is currently
supported to be operated on the device. Any aftermarket operating system or
configuration that circumvents any restrictions that are programmatically enacted by
Fairfield County are prohibited, and any devices found to be operating in such a manner
will be permanently prohibited from connecting to the Fairfield County network.
3. Data Management – All mobility devices that connect to the Fairfield County Exchange
system must support the ability to “remote wipe” the device. This permits either that
user or Fairfield County IT to remotely instruct the device to destroy all of the data that
is kept on all of the storage mechanisms currently attached to the device. All users
utilizing mobility devices must understand and agree that Fairfield County IT will not be
held liable in the event of any data loss (whether that data is owned by Fairfield County
or personal in nature), be it as a result of a remote-wipe command or otherwise.
v. User Input Devices (Keyboards, Pointing Devices)
1. Wired – Unless the parent device’s interoperability requirements dictate otherwise, all
wired user input devices must connect to its parent device via USB.
2. Wireless – Wireless (either proprietary or Bluetooth) keyboards and mice are permitted
when desired by the end-user department, but cannot be supported by Fairfield County
IT.
a. Saturation and Interference – Most wireless devices are designed to operate
without being in proximity to another wireless device. In event that one device
conflicts with one or more other devices, the recommended course of action is
to reduce the number of wireless devices in that confined area, or to change the
type of radio used by some devices, so as to widen the used spectrum.
vi. Desk Phones
1. Compatibility – All desk phones must be compatible with the telecommunications
system that is managed by Fairfield County IT.
2. Headsets – Both wired and wireless headset is permitted to be attached to the
telecommunications network, provided that it is attached to a telephone that is also
deemed compatible with the system, and is connected in a manner that was intended
by the manufacturer of the telephone’s manufacturer. Fairfield County IT does not, and
cannot control any interference or loss of quality that may be introduced by the use of a
headset.
vii. Soft Phones
1. Compatibility – All soft phones must be compatible with the telecommunications
system that is managed by Fairfield County IT.
2. Network Requirements – Fairfield County IT must be consulted on a per-instance basis
when a soft phone is desired. Fairfield County IT will review the business case and the
network requirements that the soft phone will incur, and will advise the requesting
individuals about the best course of action.
b. Media Output (Printers, Copiers, Faxes, MFPs)
i. Protocol and Drivers – All devices that have the capability to be attached to a computer
network must support PCL5e or PCL6 printing, regardless of whether or not such attachment is
currently intended. Drivers which support the ability for both 32-bit and 64-bit clients to
connect to a single print queue on a 64-bit server are required.
ii. Encryption and Data Destruction – If the device contains a permanent storage device (such as a
traditional hard drive or SSD), such device must either a) be encrypted at all times, using an
encryption key that is specific to that particular installation of that printer, or b) have the ability
to otherwise perform guaranteed destruction upon termination of useful service, or
replacement of any parts that contain such data.
iii. Network Attachment – All devices that are to be used for printing must have the ability to be
directly connected to the network via a wired Ethernet connection.
iv. Direct Attachment (USB, Parallel, Serial, IRDA) – No printing device may be directly connected
to an end-user PC unless security requirements dictate that either the PC or the printer (or both)
must not be connected to the network.
c. Infrastructure
i. Networking
1. OSI Layer 1 (Physical Connectivity)
a. Hubs, and any other promiscuous repeating devices, are explicitly prohibited,
except in the case that Fairfield County IT deems it to be the only possible
solution to a business case, on a per-instance basis.
b. Media bridges (also known as media converters) are explicitly permitted.
2. OSI Layer 2+
a. Manufacturer - All network infrastructure devices operating at or above OSI
layer 2 must be manufactured by Cisco Systems.
b. Service Agreements – All network infrastructure devices must be covered by a
manufacturer’s service agreement at all times, and the agreement must be
submitted to Fairfield County IT for approval each time the contract is
established or renewed.
c. Remote Access – The device must support remote management via SSH.
d. Link Layer Detection – All devices must support Cisco Discovery Protocol and
Link Layer Discovery Protocol (IEEE 802.1AB).
e. Wireless
i. Protocol – All wireless access points must support 802.11n.
ii. Security – Any wireless access point, controller for wireless access
points, or upstream device that provides services to wireless access
points, when required, must support the use of multiple SSIDs, with
VLAN association and affiliated trunking. RADIUS support is required.
WPA2-AES-Enterprise support is required.
iii. Public Internet Connectivity – Wireless networks that are intended to
be accessed by anyone other than exclusively by Fairfield County
employees must be directly routed over to public facilities (the
internet), rather than routed using the Fairfield County internal
network, unless Fairfield County IT in its sole discretion deems that an
alternate configuration is an acceptable risk. In other words, this means
that there must be a local internet connection available at each site
where public wireless internet access is desired.
iv. Internal Network Connectivity – Wireless networks that are enabled for
internal use must be encrypted by the highest available encryption
method permitted by Fairfield County IT, a minimum of which is WPA2AES. RADIUS must be enabled for internal connectivity. Each user that is
to be granted access to the internal wireless network must have a
Central Authentication Identity account with Fairfield County IT.
Fairfield County IT may also prohibit traffic from all wireless networks,
including wireless networks that permit internal traffic, from reaching
certain parts of the Fairfield County network, when security
considerations so require.
v. Hardware Registration – Fairfield County IT may require that each
device to be used on any wireless network first be registered with
Fairfield County IT before being granted access. This may be
accomplished via any means, including but not limited to requiring form
submission or instituting captive portals.
vi. Refusal – Fairfield County IT may, at its sole discretion, refuse to permit
wireless connectivity at any named site or attached to any named
network.
f.
Switches
i. Family - All wireline switches must be of the Catalyst LAN Switches
family.
ii. Model - Minimum model 3560.
iii. Stackability - In environments where more than two switches will be
housed in close proximity, the switches are required to be stacked
(which requires stackable features).
iv. Switchport Type - In environments where high throughput is a priority,
or large file streams (including but not limited to multimedia, GIS,
mapping, and video) will be used, sufficient gigabit-ethernet switchports
are required to connect to devices that will be utilizing those services.
v. Switchport Quantity – When designing a switching environment,
switchports should be allocated in a ratio of 1.25 available switchports
per 1 design requirement switchport.
vi. VLAN – All switches must support administrative VLAN configuration on
any switchport.
vii. POE – Any switch that will have IP telephones or wireless access points
connected to it must support power over Ethernet.
g. Routers
i. VLAN – All routers must support VLAN tagging on internal ports.
ii. Routing protocol – All routers must support EIGRP and OSPF.
h. Security Appliances
i. Family – Cisco ASA 5500 (minimum)
i.
VPN
i. Site-to-Site
1. Technology – IPSEC IKEv1 or IKEv2
ii. End-User
1. Technology – Clientless or AnyConnect
iii. Licensing – Licenses must be purchased together with the device (and
additional licenses may be purchased thereafter) which enable a
maximum number of users or sessions to be concurrently maintained
across a VPN. Sufficient licenses shall be purchased such that there is at
least 150% of resources available for the projected load.
ii. IP Address Management
1. A minimum of one server is required at each site to serve as a dynamic host
configuration protocol (DHCP) server. All sites across Fairfield County are required to
use the same DHCP server software (manufacturer, package, and version). No person is
permitted to have administrative access to the DHCP server unless directly authorized
by Fairfield County IT.
iii. Servers
1. Manufacturer – Unless prohibited by the business case, all servers shall be
manufactured by Dell.
2. Operating System – All servers must support Windows Server 2008 R2. When the server
is being configured for a branch office or a lightly used server, Windows Server 2008 R2
Enterprise Edition should be purchased, as it provides minimal Hyper-V licensing built-in.
When the server is being configured to be heavily-used, particularly if virtualized,
Windows Server 2008 R2 Datacenter Edition should be purchased, as it provides for
unlimited Hyper-V clients. Alternate operating systems, such as Red Hat Enterprise
Linux, are permitted when justified by business case.
3. RAM – Minimum 16 GB for a lightly-used branch-office server. Minimum 32 GB for a
virtual host that will be running at least two client operating systems. Minimum 64 GB
for a virtual host that will be running many client operating systems. RAM minimums
will be waived by Fairfield County IT on a per-instance basis when the server will be
dedicated to performing only certain tasks, will not support virtualization, and the
requesting department understands that more RAM may be required at a later date.
4. Permanent Storage – Fairfield County IT must design a permanent storage solution on a
per-instance basis. All storage must be configured redundantly. All storage must be hot
swappable, except in such case that the server is single-purpose and 1 hour of service
outage during business hours will not impact business operations.
5. Chassis – Servers must be configured with a rack-mount chassis, unless 1) a specific
server model is required, and a rack-mount chassis is not available for that model, 2) the
server must be housed in a facility that cannot support a rack, or 3) a business case
exists which demands the portability of a tower form-factor server.
6. Power Requirements – All servers must be equipped with hot-swappable redundant
power supplies, except in such case that the server is single-purpose and 1 hour of
service outage during business hours will not impact business operations.
7. Network Interfaces – All servers must be equipped with Intel network interface cards.
8. Backup Solutions – A backup solution must be designed for each server on a perinstance basis. In most cases, an internal tape drive is required.
9. Out-of-band management – All servers must support some method of out-of-band
management. In most cases, this requirement is met by an integrated Dell Remote
Access Card (iDRAC).
10. Physical Console – No physical console is required for a long-term installation of most
servers, where out-of-band management is available. When out-of-band management is
unavailable, or there are multiple physical servers in a single location and physical
console access is desired, a KVM solution must be designed by Fairfield County IT. Note
that no person may gain access to any physical console of any server for any reason,
unless explicitly authorized by Fairfield County IT.
11. Optical Media – Optical media drives are not required in servers.
12. Physical Security – All servers must be housed in a secure environment, and must never
be physically accessible by the public or unauthorized employees.
iv. Power Protection and Uninterruptable Power Supplies (UPS)
1. Due to the varying environmental concerns imposed upon a UPS, Fairfield County IT
must be involved in the design and selection, and has approval and rejection authority
pertaining to, the purchase of each UPS on a per-instance basis.
2. All UPS devices that are intended to protect servers or network infrastructure devices
must contain a network management interface, and the interface must be connected to
a Fairfield County IT switch.
3. Due to network management requirements, only APC and Avaya UPS’s are permitted
when the intended protection load is servers or network infrastructure devices.
v. Racks and cabinets
1. Due to the nature of racks and cabinets needing to be customized to accommodate its
destination environment, Fairfield County IT must be involved in the design and
selection, and has approval and rejection authority pertaining to, the purchase of each
rack or cabinet on a per-instance basis.
d. Physical access control, surveillance, life safety, and related
i. Fairfield County IT will work with each requesting department on a per-instance basis to
determine the best design and implementation for these products.
ii. All access control products must integrate with the central access control system maintained by
Fairfield County IT, if one exists.
e. Specialty
i. Fairfield County IT will work with each requesting department on a per-instance basis to
determine the best design and implementation for any specialty products required. Fairfield
County IT may require that the requesting department pay for consulting services from a third
party vendor, if Fairfield County IT does not have sufficient in-house knowledge of the subject
matter.
2. Hardware Leases
a. All hardware leases must be accompanied by comprehensive maintenance agreements for a minimum
of the same amount of time as the lease.
3. Replacements, Repairs, and Parts
a. Existing devices may be repaired, or otherwise have parts replaced, regardless of that parent device’s
current eligibility for purchase according to these guidelines, provided that the cost of the repair is less
than 50% of the cost of replacing the entire device.
Document Version
Version
Reason
Approval Date
Approving Authority
Effective
2012030801
Original
2012-03-08
Fairfield County Board of Automated Data Processing
2012-03-09 00:00:00
Related documents
A unique opportunity exists for a motivated individual to make a
A unique opportunity exists for a motivated individual to make a
Shared Services - Robert Frances Group
Shared Services - Robert Frances Group
DEA - Fairfield Fire Department
DEA - Fairfield Fire Department
Fairfield Entrepreneurs Association (FEA)
Fairfield Entrepreneurs Association (FEA)
Student Orientation Manual 2014 Edition
Student Orientation Manual 2014 Edition
Physicals for the 2013
Physicals for the 2013
Thesis Defense
Thesis Defense
Wireless Monitoring System
Wireless Monitoring System
Downlaod File
Downlaod File
Check Your Understanding Chapter 7 Part 1 For a quick review to
Check Your Understanding Chapter 7 Part 1 For a quick review to
Chapter 8 Power Point Solutions Define communications including
Chapter 8 Power Point Solutions Define communications including
Computer Vision I: Introduction
Computer Vision I: Introduction