Network operating systems rely upon network file systems and interprocess communication protocols to transfer data between servers and clients, to manage logon and security processes, and to allow communications between client and servers in client / server applications.

     Each network layer requires thought and planning to ensure the proper operation of the entire network. Rather than starting from the foundation, the physical cable plant, you will start your planning at the top: the needs of the end user. As you clarify the requirements for each level from the top down, your choices for the next level become clear. The steps in creating a well-designed network are as follows:

• Conduct a survey of existing conditions
  
• Plan network requirements
  
• Plan the network operating system
  
• Plan the network
  
• Plan the physical plant
  

---

Conduct a Survey of Existing Conditions

     The first step in planning a network is to record what you know about your organization's computing needs. Surver your organization to determine the following information:

• How many computers are in use?
  
  This answer will determine the size of your network, the number of servers you will need, and the quantity and type of data link equipment you will require.
  
  
• What types of computers are being used?
  
  This answer will define the network operating system you should use, the transport protocols you can use, and some of the services you will need.
  
  
• What special pieces of computing equipment, such as printers, are in use?
  
  This step will identify additional special equipment, such as print servers, that might be required.
  
  
• What services, such as Internet or private wide are network services, are in use?
  
  This step will further isolate which network operating system you should use, as well as help you identify any third-party software that might be required.
  
  
• What software is currently being used?
  
  Some network-ready software will operate only under certain network operating systems. If your network is using this type of software, your choice of network operating systems may be limited.
  
  
• Will you be integrating existing local area subnetworks into the new network?
  
  These existing networks will have to be compatible with the network you install, or you will have to migrate them to other technologies.
  
  

---

Plan Your Network Requirements

     The next step in network planning is to define what you want to be able to do with your network. Common requirements include:

• Supporting collaboration through groupware and e-mail
  
  How collaborative is your company? Some companies do not require teamwork while other companies require teamwork to create a product or service.
  
  
• Providing resource sharing for file storage and printing
  
  Nearly every network in existence must meet this requirement.
  
  
• Providing easy access to the Internet or to private wide area networks
  
  This requirement is becoming more commonplace every day - but it is full of pitfalls and security risks.
  
  
• Establishing a central point of network security and control
  
  For some organizations, the security of data is more important than networking. For others, security of data is no concern.
  
  
• Centralizing administration and reducing training burden
  
  Networks do not have to grow into unmanageable entities. Putting together a set of procedures for common tasks such as adding a new user, assigning passwords, and providing common training will help to keep your network running well.
  
  
• Supporting all existing computer hardware
  
  Few organizations can afford to throw away their existing computer and network equipment, so supporting legacy systems is an important priority when migrating to new technologies.
  
  
• Implementing data archiving and disaster recovery
  
  This requirement is easy to implement in server-based networks because they provide central points of data storage.
  
  
• Providing for the distribution of shared databases
  
  Servers support the replication of shared data among different servers to guarantee that a common set of information is available to everyone in the organization. Replication can keep the databases in different offices synchronized.
  
  
• Increasing the speed at which information can be shared throughout the organization
  
  Before overnight delivery services and networks, sharing a document with colleagues in other cities meant spending a week waiting for the mail. Email and groupware can transmit everything from blueprints to video presentations quickly and painlessly anywhere in the world.
  
  

---

Plan the Network Operating System

     After surveying your network, create a list of network operating systems you are considering using. This step will determine what type of server hardware you can use, and it may determine which set of transport protocols you can use. These choices can force your decision in which type of data link layer equipment you will use, which in turn will determine what type of cabling you will use.

---

Plan the Logical Network

     Planning the logical network involves selecting a transport protocol, selecting data link technologies, and dividing the network into subnetworks and security domains.

     Planning the logical network is often the most difficult portion of network planning, because you won't have any obvious or easy ways to measure or determine network requirements or usage. The steps in designing the logical network are as follows:

• Estimate the client load
  
• Determine which data link technologies will support the load
  
• Determine which types of cable support that data link layer technology
  
• Decide whether you will centralize or distribute servers on the network
  
• Lay out a network map
  

Estimating Client Load

     To estimate load capacities of networks, you need a metric with which you can compare very different network technologies and relate them to client computer requirements.

     The METRIC in the following table is determined by dividing 100 by the maximum useful number of clients of type can operate on a single Ethernet segment. Example: Macintosh METRIC: 100/100=1. DOS METRIC: 100/50=2.

LOAD REQUIREMENTS OF NETWORK CLIENTS
CLIENT	METRIC	EXPLANATION
Macintosh	1	Macintoshes typically require very little from a network.
DOS	2	MS-DOS machines run simpler applications that do not demand much from a network.
Diskless DOS	6	Diskless MS-DOS clients are much more demanding than MS-DOS clients, they use the network for every input / output command that would normally go to a local disk drive.
Windows	3	Windows is more complex than MS-DOS and applications built to run on Windows are more complex and network aware.
Power Macintosh	3	Macintosh computers based on the PowerPC microprocessor are very fast and can demand more from the network than a regular Macintosh
Diskless Windows	9	Diskless Windows clients are extremely demanding on network bandwidth.
Windows 95	4	Windows 95 is a powerful multitasking operating system that typically runs on fast client computers.
OS/2	4	OS/2 is similar to Windows 95 in both hardware and applications.
Windows NT Workstation	5	Windows NT Workstation's ability to multitask multiple network applications requires much from a network.
UNIX Workstation	5	UNIX Workstations are usually used by bandwidth intensive users like programmers, graphic artists, and CAD operators.
UNIX X-terminal	3	X-terminals are diskless, but they operate as simple displays. Screen updates are sent from a server that actually performs the work requested by the user.
TCP/IP print server	10	Although print servers technically do not generate load on their own, printed documents do. Every document printed moves across the network twice. Because printed documents can be quite large, they can create quite a load on your network.

     Data link technologies use various methods to arbitrate the sharing of media, which makes a comparison difficult. For example, although Token Ring uses a faster bit rate than Ethernet uses, a client must wait for the token before transmitting, which can make Ethernet seem more responsive. Adding clients to a Token Ring will slow the network in a simple and deterministic manner, whereas overloading an Ethernet can cause it to suddenly cease operating all together. These differences mean that comparisons based on simple bit rates are meaningless.

LOAD CAPACITIES OF NETWORK TECHNOLOGIES
NETWORK	CAPACITY	EXPLANATION
Ethernet	100	Ethernet is used for the basis of comparison because it is the most common network data link technology. You can expect to attach 50 DOS clients to a single Ethernet subnetwork before it bogs down.
Token Ring	200	A single Token Ring can support roughly twice as many computers as a single Ethernet subnetwork. Because Token Ring degrades well, you can continue to load a Token Ring past this point, but your network will slow considerably.
Fast Ethernet	500	Although the bit rate for fast Ethernet is ten times the rate of Ethernet, it cannot handle ten times the traffic because of the delay involved in resolving data collisions.
Fiber Distributed Data Interface	1000	You can resonable connect ten Ethernet networks on a single FDDI ring. This arrangement depends greatly upon where you've chosen to place your servers - centralized servers require more from a backbone.
FiberChannel (1GB/s)	10,000	Gigabit Ethernet will operate over FiberChannel at one gigabit per second. Although gigabit Ethernet retains the Ethernet name, it is full duplex point to point and does not have collisions.
ATM-155 OC-3	1000	ATM is a switched technology. It is not shared. For this reason, you can count on being able to use about 80 percent of the bit rate for usable traffic so long as you maintain constant connections between servers.
ATM OC-12	4000	ATM bandwidth increases linearly with speed. At 622Mb/s, ATM OC-12 is sufficient for the most demanding backbone applications.
ATM OC-48	16,000	ATM at OC-48 (2.2Gb/s) is typically used for metropolitan area networks. This capacity is appropriate for metropolitan area high-speed links.
ATM OC-192	48,000	ATM at OC-192 (8.8Gb/s) is used for major trunks between metropolitan areas by the telephone companies.

     When creating internetworks, the capacity number used for a subnetwork becomes its load. For instance, an FDDI can handle up to ten Ethernet networks. You should try to avoid coming within 25% of the maximum values presented in the above table if you want your network to run smoothly.

• Backbones are high-speed links connecting shared media subnetworks. Backbones may be shared media networks themselves, point-to-point links, or switched networks.
  

---

Plan the Physical Plant

     All modern networks operate over one of two types of cable: category 5 unshielded twisted pair (UTP) or optical fiber. The distance limitations of UTP wiring restrict its use to connecting clients in a relatively small area (within 100 meters of a wiring closet) in a star architecture. Optical fiber conects these wiring closets to form the backbone of the network.

     To plan your physical plant, simply lay out where you want UTP station locations, also called drops, on blueprints of your facility. You can create more than one subnetwork in a single wiring closet, but it might be difficult for one subnetwork to span more than one wiring closet.

     Each network device and computer attached to the network will require a drop. Note where you have space for wiring closets, also known as intermediate distribution frames (IDFs), which are generally required for the central point of each star. The main distribution frame (MDF) closet is where the backbone runs for each IDF end. If you have more than one floor, the MDF on each floor will terminate in the computer room.

---

Special Purpose Servers

     Special purpose servers are computers configured to provide a network service other than file and print services. These servers are usually special cases of the basic application server.

Application Servers

     Application servers run applications designed to serve the server portion of a client / server application. The server portion of the client / server application is called the "back-end," and the client is ofter referred to as the "front-end." All the Microsoft BackOffice applications are designed to be run on an application server.

     Application servers are optimized for software execution speed. Typically, they have fast microprocessors, are likely to use symmetric multiprocessing, and generally have more RAM than any other type of server.

Internet Servers

     Internet servers are servers that answer HTTP, FTP, and Gopher requests and allow an organization to publish Web pages on the Internet. A Uniform Resource Locator (URL) address is used to locate an Internet server.

Firewalls

     The explosion of the Internet has forces companies to protect their computing resources from intrusion by unauthorized parties. Internet protocols were not designed with security in mind, rather for ease of connectivity. Special security servers called firewalls patch the holes in Internet security.

Messaging Servers

     Messaging servers typically run a LAN groupware package, such as Microsoft Exchange or Lotus Notes and are usually configured as Internet email gateways. Messaging servers may also be configured with modems to dial into alphanumeric pagers.

Gateways

     Gateways are servers configured to provide a link between two distinct networks, protocols, or services. Routers are a type of gateway optimized for connecting networks of dissimilar data link technologies that run the same transport protocol. Remote access servers can be considered a serial to network gateway.

Remote Access Servers

     Remote access servers answer incoming connections from remote clients. Typically, modems, ISDN interfaces, or Point-to-Point Tunneling Protocol (PPTP) connections from the Internet perform this function. Because RAS connections are very slow compared to LAN connections, RAS servers do not need to be located on high-bandwidth backbones.

---

Windows NT Network Security Models

     There are two security models to choose from when networking with Windows NT Server: workgroup and domain. The first model, workgroup, governs the interactions of Windows and Windows NT computers in a peer network; the second model, domain, governs the interactions of clients and Windows NT Servers in a server-based network with a Windows NT server (designated the primary domain controller) coordinating the security of the network.

The Workgroup Security Model

     Workgroups are essentially peer-to-peer networks, which means that the users of each workstation select and manage the resources on that workstation that are made available to other users on the network. A workgroup is a good choice for you networking model if your organization is small (10 users or less), the workstation users have the ability to administer their own workstations, and central file storage and central control of network security are not important.

     The workgroup security model does not support user accounts, workgroup resources are simply protected by a password. Windows NT requires an account name and password and allows servers to participate in workgroups as stand-alone servers. Stand-alone servers are servers that run Windows NT Server but do not participate in any domain security. A workgroup secuity model is not a good choice if: you have many users, you need to centralize user account management and network security, you cannot rely on the users of your network to administer their own workstations.

The Domain Security Model

     Domains provide much more coherent security and network administration than the workgroup security model provides. In domains, accounts are managed on a single computer, called the primary domain controller, which permits or denies access to all the shared resources in the domain. Backup domain controllers keep a copy of the security accounts database and can log on users if the primary domain controller is busy or unavailable. The domain controller will "introduce" the user to the other servers in the domain by forwarding their account information in the form of a security access token.

     In a domain of one or more servers store the shared network files for all workstations in the domain. The primary domain controller controls workstation access to the files stored on the servers, using account and security information it stores in a central database. Because this information and the network files are centrally controlled and stored, the task of managing a large network is easier for the network administrator and helps streamline the task of data backup.

Structuring Domains

     A large network may have more than one domain. An organization that is divided into functional units, for instance, marketing, finance, manufacturing, and research departments, may devide its domain-based network along those same functional lines. Others will different offices in different parts of the world would probably choose to have a domain in each office. The use of multiple domain networks is called Enterprise networking.

Workgroup User Accounts and Domain User Accounts

     The User Manager program that comes with Windows NT Workstation cannot administer the domain user and administrator accounts. These accounts are mangaged by the User Manager for Domains program on the Windows NT Server.

     Local user and group accounts for individual workgroup resources are not added to the domain database. Local users and groups are still administered with the User Manager program.

Trust Relationships

     Trust relationships extend the domain logon process beyond the bound of a single domain. You can establish trust relationships between Windows NT domain controllers so they can "introduce" clients from their domains to the domain controllers in the foreign trusted domain without requiring logon to that domain. The trust relationship then determines what access the foreign client is given.

Choosing a Security Model

     Generally, you will choose the domain security model over the workgroup model. The advantages of the domain security model are numerous, and the disadvantages are few. For most server-based networks, the workgroup model had no advantages since you normally log onto a server anyway. The domain model supports a single logon to all shared resources in a domain, whereas a workgroup model requires a seperate logon for each workstations shared resource.

---

Licensing

     The final step in planning your network is satisfying the legal aspects of client licensing. Client licensing is the purchase of a license to attach to a network operating system, thus providing a way to scale the price of a network operating system by the number of people who will be using it, rather than charging all organizaitons, large or small, the same price.

Per Server Licensing

     Most network operating systems, including Windows NT and Novell NetWare, have stringent licensing requirements. Novell limits the number of users who can attach to a NetWare server simultaneously. This arrangement is called "per server licensing."

Per Seat Licensing

     Windows NT allows per seat licensing but gives you the choice of using per seat licensing if that arrangement fits your needs better. Per seat licensing means purchasing a seperate client access license (CAL) for each computer on a network. That computer can attach to any number of Windows NT Servers.

Selecting a License Method

     Microsoft recommends choosing per server licensing for small, single-server organizations. Microsoft allows a one time conversion of per server licenses into per seat licenses if your organization grows beyond one server. Microsoft recommends using per seat licensing for all networks larger than a single server. Some recommend using per seat licensing in all cases.