Medical Facility Network Design

Management of Network & Telcom LIS4482

Eric Bis, Matthew Howard, Alex Johnson, Stephanie Mears, Evan Miller 12/8/2011

Medical Facility Network Design 2

I. Executive Summary The following proposal was created to inform you about our architectural plan for your medical facility network and data center. Our company has taken advantage of the latest technologies available and provided cutting edge designs, in order to reduce your operational costs and improve efficiency. In this proposal you will find our proposed networks, network policies, security policies, disaster recovery plans, budget outlines and network diagrams. We suggest that the medical facility and data center be connected wirelessly through a Virtual Private Network, so we do not have to dig beneath the road. This connection will be WEP encrypted and firewalled to all outside users who are not authorized. Ethernet cables will connect to all the medical facility and data center workstations. Off site users will be able to connect wirelessly to the facility through VPN. The data center will securely house four MacPro Servers to support all the medical records and workstation operations. The MacPro servers will each have 99.99% up time and will run OS X Lion Server for its reliability and usability. Backup data will be housed off site using both Tape Drives and Network-attached Storage drives. Everything on the network, including logs will be saved to both devices. This will ensure business continuity and longevity for many years to come.

Medical Facility Network Design 3

II. Written Description General Network Description: We recommend the two star topology network design, connected by a virtual private network (VPN) as depicted in our logical network topology diagram (Appendix B). All star network topologies follow the client server architecture, meaning a set of centralized servers supports and distributes data across the network. There will be application servers supporting the networks from the medical center and the data center. For this network, we recommend all Apple products. Although the initial costs will be higher than Windows and Linux based alternatives, the long run benefits are greater since apple products are more secure. All the hardware, especially the servers, will be running with 99.99% up-time. Medical Center: In Appendix A, there are eleven hard wired workstation computers with available Ethernet switches for up to thirty computers. We left extra ports in each room for increased flexibility. In the medical center, there is a server room housing a Mac Mini to handle all file and print services for both the medical facility and data center. We recommend an IT architectural style layout in the medical facility as follows: a print room for billing, reception, IT, and other offices for various users. Human Resources will be the only department with its own printing and fax machines. Data Center: The off-site data center will house three Apple iMac 21.5 computers for the networking staff. Four MacPro servers will support Databases, Networking and corporate Applications. There will be a single server that will solely act as the patient data medical record database. It is

Medical Facility Network Design 4

a good idea to keep this separate from the centralized user database for security purposes. HIPAA states that you must keep medical records for a minimum of seven years after the persons last visit. All records in the data center will be backed up on the mirror servers located in our off site business continuity location. Remote Users: Employees should all be assigned iPhones and MacBook Pro laptops, as well as Verizon air cards to allow remote access to the medical center and data center. There is no initial cost for the air cards, but there will be $49.95 monthly fee. All remote users must log into the VPN with their unique user name and password. No one will be able to connect to the network without the proper credentials. There can be guest accounts provided in some circumstances, but those accounts will only have access to the web server.

Medical Facility Network Design 5

III. Network Policy This section of the document outlines the network policies and guidelines to be followed by all employees. These protocols and procedures will help ensure the networks remain stable and active.

User Administration: Each employee will be able to login to company computers and networks using their employee ID number as the username and a twelve-digit password, provided to them by the network administrator. Only the network administrator can change the employees password. Once an employees contract is terminated, their username and passwords will be deleted from the system. More information about user IDs and passwords can be found in the security policy. Internet Access: Internet access will be provided wirelessly throughout the medical facility and data center via user login. There will be temporary usernames and passwords provided to guests via check-in. The network will have a filter to block explicit content, social media websites, video content and adobe flash. This will allow the network to run faster during peak times. The network administrator will monitor all network traffic and handle any network issues reported. Printing Procedures: Printing is only available on VPN connected machines with Line Printer Daemon installed. Employees can choose from a provided list of printers within the LPD interface. Printing will be limited to 100 pages per printing session. Employees can refill paper trays, change ink and toner cartridges and adjust printer settings as needed. Printers are only for work related documents. The same guidelines apply for Fax machines. Printer and fax materials can be found in the division supply rooms. Storage Allocation:

Medical Facility Network Design 6

Employees allocated to iMacs or MacBook Pros will be allowed to use all the available hard drive space on that particular computer. If they reach that computers maximum storage capacity, they are responsible for upgrading the hard drive or purging the data. Once an employees work contract is terminated, the assigned computer must be returned immediately. More information can be found in the security policy. E-mail Policy: E-mail will only be available to employees with a valid username and password. E-mail will be viewable on workstation computers, iPhones or personal computers. All e-mails will have a 100MB size limit to encourage text only messages. Employee in-boxes will also be limited to 1GB. E-mails will all be archived up to seven years in compliance with HIPAA regulations. As HIPAA states, all e-mails are considered public record, subject to injunction by the state or federal government. E-mails should be used strictly for work related purposes only. Naming Conventions: Custom ID codes will be applied to every computer and iPhone distributed to an employee. The naming conventions are as follows: Key: o Employee ID Last 4 digits of pre-assigned employee number (Ex; 3205 8230 1724 = 1724) o Location ID Medical Facility or Data Center (Ex; MF or DC) o Distribution Date ID Date item was distributed to Employee (Ex; 01/16/11 = 011611) o Employee Department ID Division where employee works (Ex; Human Resources = HR)

Medical Facility Network Design 7

Example: o 2934MF072111CC John H. Doe [2934], Medical Facility [MF], Date Received [07/21/11], Department: Critical Care [CC]

Protocol Standards: The following is a list of protocols that should be implemented for use within the company. FTP (File Transfer Protocol) a standard for the exchange of program and data files across a network. (TCP port 21) SFTP (Secure File Transfer Protocol) a more secure form of file transfer protocol because of encryption. (TCP port 22) TFTP (Trivial File Transfer Protocol) used for automated transferring of configuration or boot files between machines in a local environment. (UDP port 69) SMTP (Simple Mail Transfer Protocol) an Internet standard for e-mail transmission across networks. (TCP port 25) IMAP (Internet Message Access Protocol, V4) a protocol for transferring e-mail between servers. (TCP port 143) SNMP (Simple Network Management Protocol) used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. (UDP port 16) SSH (Secure Shell) a network protocol that allows data to be exchanged using a secure channel between two networked devices. (TCP port 22) HTTP (Hypertext Transfer Protocol) the data transfer protocol used on the World Wide Web. (TCP port 80)

Medical Facility Network Design 8

HTTPS (Hypertext Transfer Protocol Secure) a secure version of HTTP that encrypts and decrypts user page requests as well as pages that are returned by the Web server. (TCP port 443) Workstation Configurations: Certain computers may require different configurations based on the applications and operating systems. Provided is a list of the basic configuration steps for a data center workstation. There are no pre-installed business critical applications on these machines. Standard procedural steps are as follows: Data Center Workstation: 1) Connect the iMac or MacBook Pro (if an iMac, plug in Ethernet cable to back of machine) and boot to on. 2) Standard OS X Lion is pre-installed, go to the system preferences tab, then accounts and set Full Name to Admin. Make the new password Smile. 3) Next, go back to system preferences and choose Network. Makes sure you are connected to the LAN using the network username and password provided by the Network administrator. 4) 5) 6) Join the correct user group (Data Center) under the network tab. Once connected, open the web browser and type 192.169.0.1 into the URL. This will take you to the Data center Sharepoint page. Click the groups tab on the upper left hand corner of the screen and then click Network Administrator. 7) This will prompt you for your employee ID number and password. Once entered it will take you to a document storage page.

Medical Facility Network Design 9

8) Above all the listed applications on the page, click the Actions tab at the top and select Bulk Download. 9) A window will pop-up prompting you to verify the computer user name and password (Admin Smile). 10) 11) It will then ask where to store your downloads, select HD (hard drive). Once the install package finishes, open your applications folder through the finder window. Select Line Printer Daemon. 12) Configure the application by using the correct IP address and Proxy (both can be found in terminal using the function ipconfig /all) 13) Once complete, open and configure the remaining applications including Outlook Server 2003, OS X Lion Server User, MySQL Community Server, Directory Utility, Workgroup Manager, Xgrid Administator and XSAN Administrator. 14) Once all processes are complete, log out of the computer and power off.

Network Device Placement: Network devices will all be placed in appropriate places within each facility. Access will be restricted to only authorized users. In the data centers main server room, there will be four MacPro Servers and a Linksys switch to connect it to all the local workstations through multiple CAT5e-RJ45 cables. All external connections will be through the VPN, which is operational through the Airport Extreme connected to the main switch. All these hardware components are located in the secured server room.

Medical Facility Network Design 10

At the medical facility, there will also be a server room, though much smaller than the one at the data center. This room will serve strictly as the hub to connect the LAN to the VPN at the data center. This server room will have a switch where workstations and routers connect to it using CAT5e-RJ45 cables. The switch is then connected to another Airport Extreme which connects to the data center through the VPN. The medical facility will also house the Apple Mini quad core server for use as a File and Print server. All workstations can access this because they are all wired to the work group switches (hubs). Environmental Issues: The server rooms will be kept locked at all times. The only entrance into the server rooms will be monitored via surveillance cameras. Security cards will verify entrance into the data center and server rooms. An armed security officer will guard the entrance into the data center 24/7/365. The two server rooms will have extra air ducts to keep them a cool 68F with 50% humidity. The off-site business continuity data center will house warm mirror servers that provide twice daily backup of all medical database servers and file servers. The exact location of the data center will be disclosed once a contract is legally abiding.

Power Configurations: The implementation of the Advanced Configuration and Power Interface (ACPI) provides an open standard for device configuration and power management by the operating system. The standard brings power management under the control of the operating system. Because every machine in the medical facility and data center are powered by alternating

Medical Facility Network Design 11

current, a separate server power supply will be needed. This will control any voltage spikes or low frequency current that could damage the hardware and cause data loss. Patches: When updating software on the servers, only hot patches will be applied. This will keep the server fully operational during the install period so access to important data will not be compromised while updating.

IV. Security Policies This section includes the policies of the security in place at the medical facility. IDS/IPS & Regular Vulnerability Assessments:

Overview

Medical Facility Network Design 12

Intrusion Detection System (IDS) is used to monitor the network for malicious activity and creates a report based on data retrieved. Intrusion Prevention System also monitors the network for malicious activity and attempts to prevent said activity from occurring.

Purpose

The purpose of these policies is to ensure the overall security of the network.

Scope

These policies must be followed by all network administrators.

Policies

Cisco ASA 5500 Series IPS Solution will be used Provides services such as URL blocking, anti-virus, anti-phishing, etc. Logs must be checked daily for suspicious activity. Network administrators will assess the overall vulnerability of the system every 6 weeks.

All logs must be kept for a minimum of two years.

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

User Account Access:

Overview

Users are accountable for all usage on their accounts.

Purpose

Medical Facility Network Design 13

The purpose of this policy is to acknowledge the importance of user responsibility.

Scope

All users are subject to these policies.

Policies

All users are accountable for any usage on their account. Users must log off their accounts when away from the computer. Users must not allow anyone else to access their account. User access is based on the principle of least privilege. All users are given limited access based on what they need to do their job.

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

Physical Security:

Overview

Physical security is crucial in keeping the hospital personnel and patient information secure.

Purpose

The purpose of this policy is to ensure the protection of employees, patients, and sensitive information.

Scope

These policies must be followed by all hospital employees.

Policies

All employees are given badges upon employment.

Medical Facility Network Design 14

All employees must scan their badges before entering a secure room. Employees who do not have permissions to be in a room will not have badge access. Each time an employee scans their badge, their location is logged (time, date, and location).

Enforcement

Any employee who does not follow these policies is subject to disciniplanary actions.

Audit Policy:

Overview

Audit policies are used to track and monitor changes in the system. This is important because it helps identify any corruptions or malicious activity through the medical systems.

Purpose

The purpose of audit policies is to monitor and deter

Scope

All employees are accountable for their activities on hospital computers and networks.

Policies

Each time a user logins to a computer the time, date, and location is logged. Each time account information is changed the information is logged. This includes, but is not limited to password changes, account creation, disabled accounts, new accounts, and group changes.

Each time a computer is rebooted or turned off the time, date, and location is logged. When files or folders are accessed on a computer the user, date, time, and located is logged.

Medical Facility Network Design 15

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

Virtual Private Network Policy:

Overview

The virtual private network (VPN) provides remote access to the medical facilities network.

Purpose

The purpose of these policies is to identify the acceptable usage of the VPN in order to protect the network and patient data.

Scope

All employees are subject to facilities VPN policies.

Policies

Users must ensure that they are using a secure network connection prior to remotely accessing the virtual private network.

Only authorized users and employees may connect to the VPN. All devices connecting to the VPN must comply with the facilities rules and procedures.

Users must disconnect from the VPN when the device(s) is no longer being used.

Enforcement

Any employee who does not follow these policies are subject to disciplinary actions.

Password Policy:

Overview

Medical Facility Network Design 16

Passwords are an important part of computer and network security. By choosing a poorly rated password, it could compromise the company.

Purpose

The purpose of these policies is to ensure the protection of the medical facilities computers and networks.

Scope

In order to ensure the security of the company every employee is required to follow the password policies.

Policies

All administration users must change their account passwords every 60 days. All users must change their account password every 4 months. Passwords must contain lower-case, upper-case letters and numbers (a-z, A-Z, 0-9). Passwords must end with four numbers (RuUz 7aK4 6325) Passwords must be at least 12 characters. Passwords may not contain dictionary words. Passwords may not be sent through email, or through any other means.

Password Protection

Do not trust anyone with your password. Do not use familiar names for your password. Dont use a family name or pets name. Do not write your password down.

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

Medical Facility Network Design 17

Information Sensitivity:

Overview

Federal law protects patient health information and it may only be given out to patient designated individuals. This is to ensure the privacy and safety of patients.

Purpose

The purpose of information sensitivity policy is to help health care professionals and employees determine what information can be released to non-employees.

Scope

All hospital employees are required to abide by these policies

Policies

Each healthcare professional must be aware of and follow HIPAA regulations. All employees are required to keep all patient information private. Sensitive data must be discarded appropriately using HIPAA standards.

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

Wireless Policies:

Overview

Wireless Internet is offered throughout the hospital for the use of employees and authorized guests.

Medical Facility Network Design 18

Purpose

This policy is designed to ensure the protection of the wireless network and patient information.

Scope

All employees and guests with access to the wireless network must abide by these policies.

Policies

Only Wi-Fi enabled devices may connect to the wireless network. The SSID must not contain any characters that reveal the location of the wireless. The SSID broadcast must remain disabled. The wireless network must be WPA encrypted.

Enforcement

Any employee who does not follow these policies is subject to disciplinary actions.

V. Disaster Recovery Policy Back up Procedures: The system will perform several different types of backups including full, differential, and incremental. The system will perform a full back up once a month. These backups will be performed on the last Sunday of every month at 3:00am. These backups will be kept for one

Medical Facility Network Design 19

year. The system will perform a differential back up once a week. This is also a full back up of files, but only backs up new data from the previous 6 days. These backups are kept for one month. The system will perform an incremental backup twice a day. This will back up files that have changed or been created since the last differential backup. These backups will be kept for one week. All backups will be stored on magnetic data tapes. Full and differential backups will be stored off site. Incremental backups will remain on site and used for quick restoration of data. Full and differential backups will be stored with one copy in a safety deposit box and another copy on an out of state. This will ensure that if a natural disaster occurs the medical facility will still have a majority of its data backed up. Virus management: The medical facility will deploy McAfee VirusScan Enterprise to all computers and servers that are connected to the network. This will help prevent any malicious attacks to the network. If an employee believes their computer has been compromised please follow these steps:

Disconnect your computer from the internet If connected wirelessly, disable all wireless connections. If wired connection, disconnect Ethernet cord from computer. Call the IT department as soon as possible to decrease the risk of further

infections.

Disk/fault tolerance: Fault tolerance refers to the ability of a system to function after part of the system fails. Without this feature, data loss and software corruption could cause significant problems throughout the medical facility. Servers will be equipped with RAID 5. This will ensure that

Medical Facility Network Design 20

servers remain functional regardless to if one disk fails. Raid 5 includes the feature of error detection and recovery that could potential prevent soft errors. At the detection of a failed disk, it must be replaced immediately to prevent any damage or data loss. Power failure: All computers, monitors, and servers will be connected to a UPS (uninterruptible power source) to help eliminate data loss from power failure. Computers do not need to be shut down at this time. The UPS will supply enough power until the generator starts up. In the case of generator failure, all computers and servers must be manually shut down to decrease the risk of data loss. UPS must be replaced 2-months prior to the warranty expiration. All other electronic devices (such as printers, scanners, faxes, etc.) must be connected to a surge protector. This will ensure the safety of devices in case of voltage spikes. Surge protectors must be replaced 2-months prior to the warranty expiration.

VI. Budget Spreadsheet Product Name Cost # Total Cost Annual Cost

Medical Facility Network Design 21

Cisco SPA 504G VoIP Phone 126.43 20 $2,526.80 $0.00

Apple Mac Mini with Lion Server Apple Mac Pro w/ Lion Server Apple Time Capsule 3TB Airport Extreme 802.11N Apple iMac21.5- Inch: 27 GHZ Verizon Mobile Broadband Plans 10GB data @ $80/ month Apple MacBook Pro 13 Inch 2.4 GHZ iPhone 3gs 8GB 20FT 24AWG Cat6 550MHz UTP Ethernet Bare Copper Network Cable - Black

959.45 $3,699.00 489.00 179.00 $1,499.00 19.99 $1199.00

1 4 2 2 14

$959.45

$0.00

$14,796.00 $0.00 $978.00 258 $20,986 $0.00 $0.00 $0.00 $192,000 $0.00 $202,473 $0.00 $0.00

200 $3,998 212 $254,188

$74.99 monthly 225 $8,322.75 36.99 one time fee $3.16 20 1 $63.20 $110.30

1000FT 24AWG Cat6 550MHz UTP Stranded, In- $110.30 Wall Rated (CM), Bulk Ethernet Bare Copper Cable - Red High Quality 8P8C RJ-45 Network Cable Crimper $5.23 RJ-11 and RJ-45 Modular Plug Tester RJ-45 MODULAR PLUGS RJ45 - 100 PACK FOR SOLID $6.89 5.25

9 3 3 6

$47.07 $20.67 $15.75 $539.94

$0.00 $0.00 $0.00 $0.00

Acer S200HLAbd Black 20" 5ms LED Backlight Widescreen LCD Monitor

$89.99

XEROX WorkCentre 4260/XF MFC / All-In-One $4,954.98 Up to 55 ppm Monochrome Laser Printer Brother MFC-5490CN Up to 35 ppm 6000 x 1200 $131.99

1 1

$4,954.98 $131.99

$0.00 $0.00

Medical Facility Network Design 22

dpi Color Inkjet All-in-One Printer with Networking $389.99 Athena Power Zippy R2W-6500P 2 x 500W Redundant 2U Server Power Supply Router: Cisco Systems 2821H.Vsec AIMVPN2/SSL-Ccme/SRST AIS 256F/512D $5131.48 1 $5131.48 $0.00 2 $779.98 $0.00

ZyXEL ZyWALL USG20 Internet Security $158.99 Firewall with 4 Gigabit LAN/DMZ Ports, 2 IPSec VPN, SSL VPN, and 3G WAN Support Cisco-Linksys EZXS16W EtherFast 10/100 16Port Workgroup Switch McAfee VirusScan Enterprise IBackup 1000GB Plan $62.75

$158.99

$0.00

$188.25

$0.00

25.59 $1999.50 / year

225 5757.75 1 $1999.50

5757.75 $1999.50

Total Cost: Recurring Cost:

$326,912.85 $402,230.25

Cost Justification 1. Cisco SPA 504G VoIP Phone (20 @ $126.43 each)

Medical Facility Network Design 23

a. Durable, multi-function phone necessary for internal and external office communication. Multiple calls can be made throughout the office at the same time. Provides contact between sites. 2. Apple Mac Mini MC936LL/A with Lion Server (One @ $959.45) a. The purpose of this Mac Mini Server will be to handle file and print requests. Systems that run Mac Lion Server are less prone to system compromises such as malware and trojans. 2. Apple Mac Pro w/ Lion Server (Four @ $3,699.00 each) a. Hosted at data center. Will be the main server for both the medical facility and data center. Will manage all client requests on the network. Three, 1TB hard drive on each server. 2. Acer S200HLAbd Black 20" 5ms LED Backlight Widescreen LCD Monitor (Six @ 89.99) a. Monitors for servers 2. Apple Time Capsule 3TB (Two @ $489.00 Each) a. 6TB of on-site storage for all the file sharing and mail server needs. 2. Airport Extreme 802.11N (Two @ $179.00) a. Wireless solution for the medical facility and data center. 2. Apple iMac 21.5 Inch: 2.7 GHZ (14 @ $1,499.00) a. There will be 11 desktops used at the medical facility for medical staff and three at the data center for staff use. 2. Verizon Mobile Broadband Plans 10GB data ((200 @ $19.99) + $80/ month per device) a. Essential for all staff to be able to connect their laptops to the network off-site.

Medical Facility Network Design 24

2. Apple MacBook Pro 13 Inch 2.4 GHZ Laptop (212 @ $1,199.00) a. Provide all staff with laptops and wireless access to the network and files via the mobile broadband cards. 2. iPhone 3gs 8GB ((225 @ $36.99 one time fee) +$74.99 monthly fee) a. Cell phones chosen to provides reliable communication for all employees on and off site.
2. 20FT 24AWG Cat6 550MHz UTP Ethernet Bare Copper Network Cable (20 @ $3.16 each)

a. Ethernet cables to provide all desktop nodes, printers, and fax machines with network access.
2. 1000FT 24AWG Cat6 550MHz UTP Stranded, In-Wall Rated (CM), Bulk Ethernet Bare

Copper Cable - Red ($110.30) a. Cat 6 network cable used for all internal office wiring. 2. High Quality 8P8C RJ-45 Network Cable Crimper (Nine @ $5.23) a. Used to crimp RJ-45 to Cat6 network cable 2. RJ-11 and RJ-45 Modular Plug Tester (Three @ $6.89) a. Test cables that have been crimped 2. RJ-45 MODULAR PLUGS RJ45 - 100 PACK (Three @ $5.25) a. RJ-45 plugs for Cat6 cable. 2. XEROX WorkCentre 4260/XF MFC / All-In-One Up to 55 ppm Monochrome Laser Printer ($4954.98)

Medical Facility Network Design 25

a. Commercial printer, copier, scanner and fax machine that will connect to network. Used to print medical documents and other print requests. 2. Brother MFC-5490CN Up to 35 ppm 6000 x 1200 dpi Color Inkjet All-in-One Printer with Networking ($131.99) a. Basic ink-jet printer for single office print needs. 2. Athena Power Zippy R2W-6500P 2 x 500W Redundant 2U Server Power Supply (Two @ 389.99) a. Will be server power source to prevent voltage spikes that could potentially harm the servers. 2. Router: Cisco Systems 2821H.Vsec AIM-VPN2/SSL-Ccme/SRST AIS 256F/512D ($5131.48) a. This router intelligently embeds data, security, voice, and wireless services into a single,

resilient system for fast, scalable delivery of mission-critical business applications 2. ZyXEL ZyWALL USG20 Internet Security Firewall with 4 Gigabit LAN/DMZ Ports, 2 IPSec VPN, SSL VPN, and 3G WAN Support ($158.99) a. Comprehensive threat protection firewall, vpn, and content filtering. Offers bandwidth

management for traffic prioritization for VoIP or mission critical applications. 2. Cisco-Linksys EZXS16W EtherFast 10/100 16-Port Workgroup Switch (Three @ $62.75) a. 16 port workgroup switch. 2. McAfee VirusScan Enterprise (225 @ $25.59/year) a. Virus scanner for all computers. 2. IBackup 1000Gb/month Plan

Medical Facility Network Design 26

a. Can plan incremental backups to a secure off-site location.

VII. Appendix A Physical

Medical Facility Network Design 27

Medical Facility Network Design 28

Medical Facility Network Design 29

VIII. Appendix B Logical

VIIII. Distribution of Work

Medical Facility Network Design 30

EXECUTIVE SUMMARY - Matthew Howard WRITTEN DESCRIPTION - Eric Bis, Evan Miller NETWORK POLICIES - Matthew Howard SECURITY POLICY - Stephanie Mears DISASTER RECOVERY POLICY - Stephanie Mears BUDGET - Alex Johnson APPENDIX A: PHYSICAL NETWORK DIAGRAM - Eric Bis, Evan Miller APPENDIX B: LOGICAL NETWORK DIAGRAM - Evan Miller, Alex Johnson, Eric Bis