Blog / Municipal IT Budget Planning – Part 6: Municipality Firewalls, Switches and WiFi
This is part 6 of a 9-part series that will look at selected areas of interest to Municipalities, pertaining to IT Budget Planning. Please contact me if you would like copies of other articles.
Firewalls, switches and WiFi are three critical elements of any corporate network, but their functions are rarely understood. So, to help understand, allow me to provide a simple (albeit strange) analogy:
Imagine you live and work in a small town where the only function is the municipal office. Everyone in the town works there and it’s located in the only office building in the town. There are no other businesses or shops. All roads lead to the parking lot near the municipal building, except for one road that leads out of town to the rest of the region. There is a small shuttle that takes Workers from the parking lot to the office building on a single road. On the road leading out of town, there is a permanent Police check-stop (I told you it was strange.)
Every day, Workers drive to the parking lot, park their cars and take the shuttle to the office building where they work. At night, they reverse the process to go home. Every once in a while, Residents drive to the next town to buy groceries and go to a movie. They have to pass through the Police check-stop driving out-of, and back into the town. The Police check Residents’ vehicles to make sure nothing bad is brought into the town. The Police also make sure no criminals enter the town, although every once in a while an imposter sneaks in, because they look like a Resident.
Only Residents and Town Workers are allowed to drive on the roads. If someone else needs to visit the Town Office, they take a helicopter to the parking lot, and then take the shuttle to the office building. The police also check the helicopters, to make sure no unauthorized people are entering the town.
If you understand this town, then congratulations – you’re well on your way to becoming a Network Engineer!
- The town is your IT system
- The office building is your server
- The houses are your workstations and laptops
- The roads are your network cables
- The parking lot is your network switch
- The helicopters are your WiFi
- The check-stop is your firewall
- The Police Force is your Anti-Virus
Oh, and the People are the bits and bytes of information, which is the most important part of any network/town.
So now, a few more real-world definitions:
Firewalls: Act as the bridge and filter between your internal network and the Internet. They ensure incoming Internet traffic is routed to the correct User and filter-out bogus information, such as random attacks, (some) viruses, and blocked websites (Little Idea #3 **.) Firewalls are actually powerful single-purpose computers; they process vast amounts of information every second. They need to be sized for the number of Users and amount of Internet traffic anticipated. The process of filtering unwanted and bogus information from reaching your network, is complex. Remember that 100’s of new viruses and attack-vectors are created every day. So most modern Firewalls utilize Subscription Services, to keep the filters up-to-date.
Switches: Distribute the traffic from the server(s) to the Users’ computers. Modern switches are managed, in that they allow a Technician to monitor and control the traffic on each port. This allows Virtual Private Networks (VPNs) to be created, and helps troubleshoot traffic bottlenecks. For example, if a User’s computer malfunctions and starts flooding a network with extraneous traffic, the network can become saturated, and performance for all Users will suffer. With a Managed switch, the Technician can quickly locate the errant computer’s port and disable it, or use diagnostics to troubleshoot the computer.
Switches can be cascaded (daisy-chained) together to provide more ports. But this practice is usually discouraged, as network speeds drop dramatically and network troubleshooting becomes very difficult. If more than 48 ports (the maximum for most commercial switches) are required on a network, many (better quality) switches have special high-speed 10 GB up-link ports to connect similar make/model switches together, without losing speed or bandwidth.
WiFi Access Points (WAPs): WAPs are used to allow Users to connect to the network wirelessly (through a 2-way radio channel.) Traffic is usually encrypted and access is restricted using a Key. There are usually 2 types of connections: Private for connection to the Internal Corporate network – and Public, a connection to the Internet on the Public side of the firewall that does not have access to the Internal network. Each connection usually has a separate Key. While WiFi users have the same capabilities as if connected to a network cable – either Public or Private, it is much slower and less secure than a wired network connection. New WiFi networks are incorporating a 3rd connection for the Internet of Things (IoT) devices – an emerging class of automated devices that require WiFi to operate: light bulbs, printers, thermostats, Security cameras, fridges, stoves, coffee makers – the list is endless.
WiFi is inherently less secure than a wired connection, as the radio traffic can be intercepted (sniffed) – or unauthorized devices can be connected if the Key is known or guessed (hacked.) WiFi standards evolve, as radio capabilities improve. If your WiFi doesn’t support the new standards, connected devices could operate more slowly. Thus, WAPs should be replaced more frequently than other network equipment, to keep pace with new and faster standards found on modern laptops, tablets and Smartphones.
Here is our Budget scenario *:
- New System – or one that’s 5 or MORE years old and due to be replaced (Little Idea #2 **)
- IT Systems comprised of:
- 1 x Physical HOST server with 4 Virtual (VM) servers
- (Domain Controller, File Server, Exchange Email, & Applications)
- Finance Application uses Microsoft SQL Server database
- 4 Network Devices (Firewall, Switch & 2 x WiFi Access Points)
- 25 Workstations & Laptops
- 1 x Physical HOST server with 4 Virtual (VM) servers
- 35 Users or User Accounts
- Budget Plan: 12 months
We only need to focus on the Network Devices:
- New Firewall (50 users: 35 Staff + 5 WiFi Guests + future expansion): $1,000
- New (48-port) Network Switch (35 Users + printers + WAPs + servers + Firewall + spares): $1,000
- (Switches come in 8, 16, 24, and 48-port configurations)
- New WAPs (2):$2,000
- Sub-total Capital Costs: $4,000
- Firewall Subscription Services (@ $225/month x 12): $2,700
- Sub-total Operating Costs: $2,700
Notice that the Firewall Subscription Services are more expensive than the Firewall hardware box. This is common in the industry (they learned it from the razor manufacturers – who are really in the razor-blade business.)
There are other options to consider: extended warranties that provide Next Business Day hardware replacement or repair, mounting hardware, and cabling – to name a few. It will be prudent to increase the contingency to 20% for these accessories.
Total Budget: $6,700 + 20% contingency = $8,040 -> $8,100
Of course, most of this equipment resides in the Server Room. Other items that pertain to network equipment and the servers are: an equipment rack ($1,500), and a UPS (Uninterruptible Power Supply) ($1,000). An equipment rack is the exception to the 5-year rule; they can be re-used year after year, as long as there is sufficient room.
Next week, we’ll explore Workstations and Laptops. Until then, please contact me or your Account Manager, if you would like some personalized help with some stress-free Network Budgeting.
* – Full Disclosure: we’re going to use services and prices for Trinus-supplied systems and services. Other provider costs and equipment may vary.
** – Little Ideas – along with the BIG IDEA – were presented and defined in Part 1 of this series