home › Firmware › Principles of construction and operation of data transmission networks in distributed corporate networks. Organization of corporate networks based on VPN: construction, management, security The concept of a corporate system and network

Principles of construction and operation of data transmission networks in distributed corporate networks. Organization of corporate networks based on VPN: construction, management, security The concept of a corporate system and network

1. Introduction

According to the consulting company The Standish Group, in the United States, more than 31% of corporate information system projects (IT projects) end in failure; almost 53% of IT projects are completed with budget overruns (on average by 189%, that is, almost twice); and only 16.2% of projects are on time and on budget. What is the reason for this state of affairs? Apparently, success in building a CS is largely determined by the quality and reliability of the underlying systemic and technical foundation. The author’s experience working on information systems projects convinces us of how important it is to initially work through the issues of architecture (system-technical infrastructure) and begin to build application functionality on a holistic foundation.

The article is devoted to one of the key aspects of the CS architecture, the essence and relationship of its two components - system-technical and applied. The article proposes the concept of "Corporate Network", which in a concentrated form reflects what is now commonly called Intranet. In addition, the article proposes a system of concepts that makes it possible to create a holistic concept of the CS of a large modern organization. Perhaps the article will be useful in preparing conceptual documents for CS projects.

2. Components of information systems

2.1. Definition

As part of information systems, two relatively independent components can be distinguished. The first one is actually computer infrastructure organizations in the broad sense of the word (network, telecommunications, software, information, organizational infrastructure - that is, what is generically called in the article Corporate Network). The second component is the essence of interconnected functional subsystems that ensure the solution of the organization’s problems and the achievement of its goals. If the first reflects the systemic, technical, structural side of any information system, then the second relates entirely to the applied area and strongly depends on the specifics of the organization’s tasks and its goals.

The first component represents the basis, the basis for the integration of functional subsystems and completely determines the properties of the information system that are important for its successful operation. The requirements for it are uniform and standardized, and the methods for its construction are well known and have been tested many times in practice.

The second component is built entirely on the basis of the first and introduces application functionality into the information system. The requirements for it are complex and often contradictory, as they are put forward by specialists from various applied fields. However, this component is ultimately more important for the functioning of the organization, since, in fact, the entire infrastructure is built for its sake.

2.2. Ratio

The following relationships can be traced between the two components of the information system.

The components are independent in a certain sense. The organization will operate a high-speed 100 MB Ethernet network, regardless of what methods and programs for organizing accounting it plans to adopt. The organization's network will be built on the TCP/IP protocol, regardless of which word processor is adopted as the standard. In other words, in modern conditions the underlying infrastructure is becoming increasingly universal.

The components are dependent in a certain sense. The second is impossible without the first, the first without the second is limited because it lacks the necessary functionality. It is impossible to operate an application system with a client-server architecture if there is no or poorly constructed network infrastructure. However, having a developed infrastructure, it is possible to provide employees of an organization with a number of useful system-wide services (for example, e-mail) that simplify work and make it efficient (in our example, through electronic communications). If this evolutionary path of development of the information system is chosen, then in the process of its development the Corporate Network gradually acquires a number of application services aimed at solving universal problems of the organization - management and coordination tasks.

2.3. Variability

The second component is more variable. Indeed, the infrastructure of an organization depends only on the territorial location of its divisions, and even then rather in relation to the infrastructure, without in any way affecting the technologies used to build it. The second component strongly depends on the organizational and managerial structure of the organization, its functionality, the distribution of functions, the financial technologies and schemes adopted in the organization, the existing document flow technology and many other factors.

The first component is long-term in nature. The infrastructure is created for many years to come - since the capital costs of its creation are so high that they practically exclude the possibility of complete or partial rework of what has already been built. On the contrary, the second component is changeable in nature, since more or less significant changes are constantly taking place in the substantive part of the organization’s activities, which must be reflected in the functional subsystems. This thesis is especially relevant in the context of constantly occurring changes in the administrative structures of many domestic organizations.

The degree of certainty in the choice of technological solutions for the first component is slightly higher than for the second. Indeed, modern computer technologies offer such industrial solutions for building an organization’s infrastructure that are guaranteed to ensure the continuous development and improvement of the system-technical base of the information system with prospects for many years to come. The first component is more related to technology than to economics and management, and in this sense is more stable, and its development is more predictable and manageable.

2.4. What comes first?

Until recently, the technology of creating information systems was dominated by the traditional approach, when the entire architecture of the information system was built “top-down” - from application functionality to system-technical solutions and the first component of the information system was entirely derived from the second.

The practice of many large Russian projects has shown that starting the construction of a CS only with an analysis of business processes (without paying due attention to infrastructure) is very, very problematic. Automation of corporate activities based on the top-down concept and the principles of BPR (Business Process Reengineering) involves a reorganization of the corporate system that best serves the solution of management problems. The problem is that in modern Russian conditions - conditions of hyper-dynamic business, constantly arising force majeure circumstances and extremely rapidly changing rules of the game (social, political, economic), within the framework of which all applied functionality is built (which precisely ensures the solution of management problems ) - systematization of management activities is a very difficult task due to the high degree of uncertainty.

At the same time, it makes no sense to build infrastructure without paying attention to application functionality. If in the process of creating a system-technical infrastructure you do not analyze and automate management tasks, then the funds invested in it will not subsequently give a real return. Infrastructure hardware and software will be a “dead weight” on the shoulders of the organization, requiring annual maintenance and upgrade costs. The “bottom-up” approach to building a CS (with an emphasis on system-technical infrastructure) can hardly be considered as a mainline one.

Currently, a combined approach is being developed that can be characterized as a “counter movement”: computer infrastructure and system functionality are built in such a way as to ensure variability at the level of application functionality to the maximum extent. In parallel, analysis and structuring of business processes are carried out, accompanied by the implementation of appropriate software solutions, bringing applied functionality to the CS.

2.5. conclusions

Based on the above, we dare to draw the following conclusion. It is advisable to begin the development of an information system with the construction of a computer infrastructure (Corporate Network) as the most important (fundamental) system-forming component, based on proven industrial technologies and guaranteed to be implemented within a reasonable time due to the high degree of certainty both in the statement of the problem and in the proposed solutions. At the same time, in the context of the architecture of the Corporate Network, as a single generalized view of the foundation of the information system, in the most important and responsible areas it is advisable to carry out developments that saturate the system with application functionality (that is, implement financial accounting systems, personnel management, etc.). Next, applied software systems will be extended to other, initially less significant areas of management activity.

In this context, the following become especially important:

A wide range of ready-to-use industrial application systems for various areas of management activity (usually supplied by one company);
A high degree of granularity of such solutions (it is not necessary to implement the entire system at once - you can start with individual sections);
Construction on the basis of a single system foundation (as a rule, a modern relational DBMS serves as the foundation).

Such an evolutionary approach, based on corporate standards, will ultimately make it possible to build a real CS.

3. Corporation

3.1. Definition

The concept offered to the reader’s attention is based on the generalized concept Corporate Network How the basic supporting structure of a modern organization. The concept is aimed at large-scale organizations with distributed infrastructure, regardless of whether this organization commercial (trade, industrial, diversified) or belongs to the public sector.

To be specific, let’s consider a large organization (which we will further call a Corporation) that needs to build an information system for the purpose of effective management. Let us assume that the Corporation is a stable, multidisciplinary, geographically distributed structure that has all the necessary life support systems and operates on the principles of decentralized management (the latter means that decision-making of an operational and tactical nature is delegated locally and is within the competence of the divisions that are part of the Corporation).

3.2. Characteristics

Let's try to highlight the main characteristics of the Corporation. In general, they are typical for a representative of the family of large organizations and are of interest to us precisely as such.

Scale and distributed structure. The corporation includes many enterprises and organizations located throughout the territory Russian Federation, as well as beyond.

A wide range of sub-sectors and activities subject to automation. As part of the creation of the Corporation's information system, it is planned to automate entire areas of its activities, including accounting, financial management, capital construction and project management, logistics, production and personnel management, foreign economic relations and a number of other areas.

Organizational and management structure of the Corporation. Enterprises and organizations within the Corporation have a certain independence in developing and implementing a technical policy for their own automation.

Diversity of computing fleet, network equipment and, in particular, basic software.

A large number of special purpose applications. The Corporation operates a large number of different special-purpose applications created on the basis of various basic software.

There are many other, less significant characteristics that we will not consider in this article.

3.3. Principles of constructing a CS

What is the main thing when determining approaches to constructing a CS? Apparently there are two principles:

CS as a strategic life support system of the Corporation;
The basis of the CS is an effective system of centralized communications

The essence of the first principle is extremely simple. Without involving complex economic calculations for the purpose of a feasibility study of the need to build an information system for the Corporation, we will adhere to the following formula. It is proposed to consider the Corporation's information system as one of the strategic life support systems, which is of key importance for its effective operation. This definition makes numerous economic calculations on the expected effectiveness of the implementation of funds unnecessary. computer technology. Again, let's be realistic and admit that such an implementation will not have an immediate direct effect - neither in monetary terms, nor in personnel reduction, nor in anything else. Let's just take it on faith that an information system is in some sense analogous to a power supply network, telephone system, fire safety system, etc. The information system just has to exist - that's all.

The second principle needs some explanation. The well-known American specialist in the field of Intranet, Stephen Tellin, proposes a simple classification of systems based on their two aspects - communications and management. Stephen Tellin notes that until recently, most large business-related organizations, non-profit or government, were characterized by a structure with centralized management and centralized communications (the so-called “pyramid” structure). However, a number of very large organizations, due to their size and scale of activity, would be correct to consider as structures with distributed management and centralized communications. The organization in question also falls into this category.

According to Tellin, for structures of this class, the key factor for effective control, coordination and strategic management is an effective system of centralized communications, which is the Corporate Network.

4. Corporate Network

4.1. Definition

In terms of systems theory, the Corporation's information system is complex goal-oriented system. Following systems theory and taking into account essential distributed nature of this system, we conclude that it should be based on the principle centralized communications and coordination, summarized in the work.

Indeed, as mentioned above, the Corporation consists of many enterprises and organizations that have a very high degree of independence. At the same time, in its activities it is guided by very specific goals. To ensure their achievement, in its development the Corporation needs an exceptionally well-organized coordination activities of its constituent enterprises and organizations. Such coordination, in turn, is possible only on the basis of effective centralized communications systems (Corporate Network).

4.2. Technical Policy and Standards

A key factor in building a system of centralized communications and coordination is a unified technical policy. It is this that predetermines the possibility of interfacing various subsystems of the information system. It is this that allows us to form a unified view of the system and its architecture and develop mutual language for its definition and description. From a practical point of view, a unified technical policy is expressed, first of all, in corporate standards and takes the force of a technical law valid for all divisions of the Corporation without exception. A unified technical policy prevents "voluntarism" in the choice of software hardware and negates attempts at unauthorized rationalization periodically undertaken by technical specialists in the field.

4.3. Construction principles

There are several basic principles for building the Network.

Comprehensive nature. The scope of the Network extends to the Corporation as a whole. There is no division of the Corporation that is not connected to it.

Integration. The Corporate Network provides its users with the ability to access any data and applications (of course, within the framework of the information security policy). There's no such thing information resource, which could not be accessed over the Internet.

Global character. The Corporate Network is a global view of the Corporation beyond physical or political boundaries. The network allows you to obtain almost any information about the life of an organization. Its volume is significantly higher, and its range is immeasurably wider than, for example, information within local network one of the Corporation's divisions.

Adequate performance characteristics. The network has the property of being manageable and has a high level of RAS (reliability, availability, serviceability) - non-failure operation, survivability, serviceability with support for applications critical to the Corporation’s activities.

5. Architecture of the Corporate Network

5.1. General overview

The Corporate Network is the infrastructure of an organization that supports the solution of current problems and ensures the achievement of its goals (that is, the fulfillment of missions organization). It unites the information systems of all Corporation facilities into a single space. The Corporate Network is created as the system-technical basis of the information system, as its main system-forming component, on the basis of which other subsystems are constructed.

The Corporate Network must be considered from various aspects. The general idea of the Network consists of projections obtained as a result of viewing it from various points of view.

The Corporate Network is conceived and designed in unified system coordinates, which is based on the concepts system technical infrastructure(structural aspect), system functionality(services and applications) and performance characteristics to (properties and services). Each concept is reflected in one or another component of the Network and is implemented in specific technical solutions.

From a functional point of view, the Network is an effective medium for transmitting up-to-date information necessary to solve the Corporation's problems. From a system-technical point of view, the Network is an integral structure consisting of several interconnected and interacting levels:

smart building;
computer network;
telecommunications;
computer platforms;
middleware;
applications.

From the point of view of system functionality, the Corporate Network looks like a single whole, providing users and programs with a set of useful services ( services), system-wide and specialized applications, which has a set of useful qualities ( properties) and containing services, guaranteeing the normal functioning of the Network. Below will be given a brief description of services, applications, properties and services.

5.2. Services

One of the principles underlying the creation of the Network is the maximum use standard solutions, standard standardized components. Concretizing this principle in relation to application software, we can identify a number of universal services that it is advisable to make basic components of applications. Such services are a DBMS service, a file service, an information service (Web service), e-mail, network printing and others.

We especially note that the main tool for building application and system services is middleware. In this article, middleware is adopted in the interpretation of Philip Bernstein, that is, as described in the work. Recall that in this interpretation, middleware includes everything that is between the platform (computer plus operating system) and applications. That is, Bernstein includes, for example, a DBMS in the middleware.

The concept of middleware services is extremely useful when developing a CS architecture. In fact, the CS software infrastructure appears to be multi-layered, where each layer is a set of middleware services. The lower layers are low-level services such as name service, registration service, network service, etc. The upper layers include document management services, message management services, event services, and so on. The top layer represents the services that users access indirectly (through applications).

An analogy with telephone service. If a user needs to receive a specific service from an information system, then he must programmatically connect to the corresponding service. To do this, he must install on his computer an application that provides such a connection and request administrative actions from the system administrator. For example, if the user connects to email, he must install a client application Email, and the system administrator must register the new user. In the same way, an employee of an organization who wants to connect to the telephone network simply must connect the telephone to the outlet (after first requesting the system administrator to perform the appropriate actions).

It is extremely convenient to describe the KS project in terms of services. For example, it is advisable to build an information security policy based on their need to protect existing and newly launched services. You can read more about this in the work.

5.3. Applications

TO system-wide applications include automation tools for individual work, used by various categories of users and aimed at solving typical office tasks. This - word processors, spreadsheets, graphic editor, calendars, notebooks, etc. As a rule, system-wide applications are replicable, localized software products that are easy to learn and easy to use, aimed at end users.

Specialized Applications are aimed at solving problems that are impossible or technically difficult to automate using system-wide applications. As a rule, specialized applications are either purchased from development companies that specialize in their activities in a specific area, or are created by development companies on behalf of the organization, or are developed by the organization itself. In most cases, specialized applications access system-wide services during their work, such as file services, DBMS, email, etc. In fact, specialized applications, considered collectively across the Corporation, determine the entire range of application functionality.

5.4. Properties and Services

As mentioned above, the service life of system and technical infrastructure is several times longer than that of applications. The Corporate Network provides the ability to deploy new applications and their efficient operation while maintaining investments in it, and in this sense, it must have the properties of openness (following advanced standards), performance and balance, scalability, high availability, security, and manageability.

The properties listed above, in essence, represent performance characteristics of the information system being created and are determined collectively by the quality of the products and solutions on which it is based.

Professionally completed integration of information system components ( systems engineering) guarantees that it will have predetermined properties. These properties also stem from the high performance characteristics of middleware services. Bernstein calls them diffusion properties, meaning that they "penetrate" or "propagate" up through the middleware layers and guarantee high quality services top level. An analogy with a building is appropriate here, the high performance characteristics of which are determined, among other things, by the quality of its foundation.

Of course, good performance for specific properties will be achieved through competent technical solutions for system design.

Thus, the system will have the properties security, high availability and manageability through the implementation of relevant services in the Corporate Network project.

Scalability in the context of computer platforms (for example, for a server platform) means the ability to adequately increase computer power (performance, volume of stored information, etc.) and is achieved by such qualities of the server line as a smooth increase in power from model to model, a single operating system for all models, a convenient and well-thought-out policy for modifying younger models in the direction of older ones (upgrade), etc.

System-Wide Services- this is a set of tools that are not directly aimed at solving applied problems, but are necessary to ensure normal functioning information system of the Corporation. Information security, high availability, centralized monitoring and administration services must be included in the Corporate Network as mandatory.

6. Conclusion

The system of concepts "services-applications-services-properties" can be useful to the CS designer as a basis for writing basic documents for the project - concepts, terms of reference, preliminary design, working design and so on. The proposed system of concepts allows us to describe the CS “as a whole”, “generally” (the architectural analogue is “what the whole building looks like”). This is exactly what most CS projects lack. Typically, when preparing a concept, one thinks in terms of "computers", "hardware", "workstation", "routers" and so on, that is, a mixture of concepts from different fields is used. This makes it impossible to prepare a complete concept. The set of concepts proposed in this article is abstract enough to formulate the CS without reference to specific software and hardware solutions and, at the same time, specific enough to define useful functionality (services and applications as a means of solving the problems of the CS user) and operational characteristics (properties and services) of the designed system.

The concepts and principles outlined above are quite specific. Being accepted as fundamental in the construction of an information system, they result in specific organizational steps and technical actions, which together can be characterized as rational technologies. If consistently implemented, they are highly guaranteed to lead to the desired result.

Of particular importance in the context of the approach proposed in the article are:

Server products and technologies, the quality of which mainly determines the quality of the designed CS.
Ready-made application solutions (specialized applications) that determine the application functionality of the CS
Companies that supply a large set of server products and technologies, together with ready-made application solutions (specialized applications) integrated with them.

Acknowledgments

G.M. Ladyzhensky,
Editorial Board of DBMS Journal

Literature

S. Tellin. "Intranet and Adaptive Innovation: moving from management to coordination in modern organizations". - DBMS N 5-6, 1996.
F. Bernstein. "Middleware: a distributed system service model." - DBMS N 2, 1997
V. Galatenko. "Information security - the basics." - DBMS N 1, 1996.

Architecture of corporate information systems

Before we talk about private (corporate) networks, we need to define what these words mean. Recently, this phrase has become so widespread and fashionable that it has begun to lose its meaning. In our understanding, a corporate network is a system that ensures the transfer of information between various applications used in the corporate system. Based on this completely abstract definition, we will consider various approaches to creating such systems and try to fill the concept of a corporate network with concrete content. At the same time, we believe that the network should be as universal as possible, that is, allow the integration of existing and future applications with the lowest possible costs and restrictions.

A corporate network, as a rule, is geographically distributed, i.e. uniting offices, divisions and other structures located at a considerable distance from each other. Often corporate network nodes are located in different cities and sometimes countries. The principles by which such a network is built are quite different from those used when creating a local network, even covering several buildings. The main difference is that geographically distributed networks use fairly slow (today tens and hundreds of kilobits per second, sometimes up to 2 Mbit/s) leased communication lines. If when creating a local network the main costs are for the purchase of equipment and laying cables, then in geographically distributed networks the most significant element of the cost is the rental fee for the use of channels, which grows rapidly with the increase in the quality and speed of data transmission. This limitation is fundamental, and when designing a corporate network, all measures should be taken to minimize the volume of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process information transferred over it.

By applications we mean both system software - databases, mail systems, computing resources, file services, etc. - and the tools with which the end user works. The main tasks of a corporate network are the interaction of system applications located in various nodes and access to them by remote users.

The first problem that has to be solved when creating a corporate network is the organization of communication channels. If within one city you can count on renting dedicated lines, including high-speed ones, then when moving to geographically distant nodes, the cost of renting channels becomes simply astronomical, and their quality and reliability often turn out to be very low. A natural solution to this problem is to use already existing wide area networks. In this case, it is enough to provide channels from offices to the nearest network nodes. The global network will take on the task of delivering information between nodes. Even when creating a small network within one city, you should keep in mind the possibility of further expansion and use technologies that are compatible with existing ones global networks.

Introduction. From the history of network technologies. 3

The concept of "Corporate networks". Their main functions. 7

Technologies used in creating corporate networks. 14

Structure of the corporate network. Hardware. 17

Methodology for creating a corporate network. 24

Conclusion. 33

List of used literature. 34

Introduction.

From the history of network technologies.

The history and terminology of corporate networks is closely related to the history of the origins of the Internet and the World Wide Web. Therefore, it does not hurt to remember how the very first network technologies appeared, which led to the creation of modern corporate (departmental), territorial and global networks.

The Internet began in the 60s as a project of the US Department of Defense. The increased role of the computer has given rise to the need for both sharing information between different buildings and local networks, and maintaining the overall functionality of the system in the event of failure of individual components. The Internet is based on a set of protocols that allow distributed networks to route and transmit information to each other independently; if one network node is unavailable for some reason, the information reaches its final destination through other nodes, which this moment in working order. The protocol developed for this purpose is called Internetworking Protocol (IP). (The acronym TCP/IP means the same thing.)

Since then, the IP protocol has become generally accepted in military departments as a way to make information publicly available. Since many of these departments' projects were carried out in various research groups at universities around the country, and the method of exchanging information between heterogeneous networks proved to be very effective, the use of this protocol quickly expanded beyond the military departments. It began to be used in NATO research institutes and European universities. Today, the IP protocol, and therefore the Internet, is a universal global standard.

In the late eighties, the Internet faced a new problem. At first, the information was either emails or simple data files. Appropriate protocols have been developed for their transfer. Now, a whole series of new types of files have emerged, usually united under the name multimedia, containing both images and sounds, and hyperlinks, allowing users to navigate both within one document and between different documents containing related information.

In 1989, the Laboratory of Elementary Particle Physics of the European Center for Nuclear Research (CERN) successfully launched new project, the goal of which was to create a standard for transmitting this type of information over the Internet. The main components of this standard were multimedia file formats, hypertext files, as well as a protocol for receiving such files over the network. The file format was named HyperText Markup Language (HTML). It was a simplified version of the more general Standard General Markup Language (SGML). The request servicing protocol is called HyperText Transfer Protocol (HTTP). In general, it looks like this: a server running a program that serves the HTTP protocol (HTTP demon) sends HTML files upon request from Internet clients. These two standards formed the basis for a fundamentally new type of access to computer information. Standard multimedia files can now not only be obtained upon user request, but also exist and be displayed as part of another document. Since the file contains hyperlinks to other documents that may be located on other computers, the user can access this information with a light click of the mouse button. This fundamentally removes the complexity of accessing information in a distributed system. Multimedia files in this technology are traditionally called pages. A page is also the information that is sent to the client machine in response to each request. The reason for this is that a document usually consists of many separate parts, interconnected by hyperlinks. This division allows the user to decide for himself which parts he wants to see in front of him, saves his time and reduces network traffic. The software product that the user directly uses is usually called a browser (from the word browse - to graze) or a navigator. Most of them allow you to automatically receive and display specific page, which contains links to documents that the user accesses most often. This page is called the home page, and there is usually a separate button to access it. Each non-trivial document is usually provided with a special page, similar to the “Contents” section in a book. This is usually where you start studying a document, so it is also often called the home page. Therefore, in general, a home page is understood as some kind of index, an entry point to information of a certain type. Usually the name itself includes a definition of this section, for example, Microsoft Home Page. On the other hand, each document can be accessed from many other documents. The entire space of documents linking to each other on the Internet is called the World Wide Web (the acronyms WWW or W3). The document system is completely distributed, and the author does not even have the opportunity to trace all the links to his document that exist on the Internet. The server providing access to these pages may log all those who read such a document, but not those who link to it. The situation is the opposite of what exists in the world of printed products. In many research fields, there are periodically published indexes of articles on a topic, but it is impossible to track all those who read a given document. Here we know those who read (had access to) the document, but we do not know who referred to it. Another interesting feature is that with such technology it becomes impossible to monitor all the information available through the WWW. Information appears and disappears continuously, in the absence of any central control. However, this is not something to be afraid of; the same thing happens in the world of printed products. We do not try to accumulate old newspapers if we have fresh ones every day, and the effort is negligible.

Client software products that receive and display HTML files are called browsers. The first graphical browser was called Mosaic, and it was made at the University of Illinois. Many of the modern browsers are based on this product. However, due to the standardization of protocols and formats, you can use any compatible software.Viewing systems exist on most major client systems that can support smart windows. These include MS/Windows, Macintosh, X-Window and OS/2 systems. There are also viewing systems for those operating systems where windows are not used - they display text fragments of documents that are accessed.

The presence of viewing systems on such disparate platforms is of great importance. The operating environments on the author's machine, server, and client are independent of each other. Any client can access and view documents created with using HTML and corresponding standards, and transmitted through an HTTP server, regardless of the operating environment in which they were created or where they came from. HTML also supports form development and functions feedback. It means that user interface allows you to go beyond point-and-click in both querying and retrieving data.

Many stations, including Amdahl, have written interfaces to interoperate between HTML forms and legacy applications, creating a universal front-end user interface for the latter. This makes it possible to write client-server applications without having to worry about coding at the client level. In fact, programs are already emerging that treat the client as a viewing system. An example is Oracle's WOW interface, which replaces Oracle Forms and Oracle Reports. Although this technology is still very young, it already has the potential to change the landscape of information management in the same way that the use of semiconductors and microprocessors changed the world of computers. It allows you to turn functions into separate modules and simplify applications, taking us to new level integration, which is more consistent with the business functions of the enterprise.

Information overload is the curse of our time. Technologies that were created to alleviate this problem have only made it worse. This is not surprising: it is worth looking at the contents of the trash bins (regular or electronic) of an ordinary employee dealing with information. Even if you don't count the inevitable heaps of advertising "junk" in the mail, most of the information is sent to such an employee simply "in case" he needs it. Add to this “untimely” information that will most likely be needed later, and here you have the main contents of the trash can. An employee will likely store half of the information that "might be needed" and all of the information that will likely be needed in the future. When the need arises, he will have to deal with a bulky, poorly structured archive of personal information, and at this stage additional difficulties may arise due to the fact that it is stored in files of different formats on different media. The advent of photocopiers made the situation with information “that might suddenly be needed” even worse. The number of copies, instead of decreasing, is only increasing. Email only made the problem worse. Today, a “publisher” of information can create his own, personal mailing list and, using one command, send an almost unlimited number of copies “in case” they may be needed. Some of these information distributors realize that their lists are no good, but instead of correcting them, they put a note at the beginning of the message that reads something like: "If you are not interested..., destroy this message." The letter will still be blocked Mailbox, and the recipient will in any case have to spend time familiarizing himself with it and destroying it. The exact opposite of "maybe useful" information is "timely" information, or information for which there is a demand. Computers and networks were expected to help in working with this type of information, but so far they have not been able to cope with this. Previously, there were two main methods of delivering timely information.

When using the first of them, information was distributed between applications and systems. To gain access to it, the user had to study and then constantly carry out many complex access procedures. Once access was granted, each application required its own interface. Faced with such difficulties, users usually simply refused to receive timely information. They were able to master access to one or two applications, but they were no longer sufficient for the rest.

To solve this problem, some enterprises have attempted to accumulate all distributed information on one main system. As a result, the user received a single access method and a single interface. However, since in this case all enterprise requests were processed centrally, these systems grew and became more complex. More than ten years have passed, and many of them are still not filled with information due to the high cost of entering and maintaining it. There were other problems here too. The complexity of such unified systems made them difficult to modify and use. To support discrete transaction process data, tools were developed to manage such systems. Over the past decade, the data we deal with has become much more complex, making the information support process more difficult. The changing nature of information needs, and how difficult it is to change in this area, has given rise to these large, centrally managed systems that are holding back requests at the enterprise level.

Web technology offers a new approach to on-demand information delivery. Because it supports the authorization, publication, and management of distributed information, the new technology does not introduce the same complexities as older centralized systems. Documents are created, maintained, and published directly by the authors, without having to ask programmers to create new data entry forms and reporting programs. With new browsing systems, the user can access and view information from distributed sources and systems using a simple, unified interface without having any idea about the servers they are actually accessing. These simple technological changes will revolutionize information infrastructures and fundamentally change how our organizations operate.

The main distinguishing feature of this technology is that control of the flow of information is in the hands not of its creator, but of the consumer. If the user can easily retrieve and review information as needed, it no longer has to be sent to them "just in case" it is needed. The publishing process can now be independent of automatic information dissemination. This includes forms, reports, standards, meeting scheduling, sales enablement tools, training materials, schedules, and a host of other documents that tend to fill our trash bins. For the system to work, as stated above, we need not only a new information infrastructure, but also a new approach, a new culture. As creators of information, we must learn to publish it without disseminating it, and as users, we must learn to be more responsible in identifying and monitoring our information needs, actively and efficiently obtaining information when we need it.

The concept of "Corporate networks". Their main functions.

Often the first, or even the only, such network that comes to mind is the Internet. Using the Internet in corporate networks Depending on the tasks being solved, the Internet can be considered at different levels. For the end user, this is primarily a worldwide system for providing information and postal services. The combination of new technologies for accessing information, united by the concept of the World Wide Web, with cheap and publicly available global system computer communications The Internet has actually given birth to a new mass media, which is often called simply the Net - the Network. Anyone who connects to this system perceives it simply as a mechanism that gives access to certain services. The implementation of this mechanism turns out to be absolutely insignificant.

When using the Internet as the basis for a corporate data network, a very interesting thing emerges. It turns out that the Network is not a network at all. This is exactly the Internet - interconnection. If we look inside the Internet, we see that information flows through many completely independent and mostly non-commercial nodes, connected through a wide variety of channels and data networks. The rapid growth of services provided on the Internet leads to overload of nodes and communication channels, which sharply reduces the speed and reliability of information transfer. At the same time, Internet service providers do not bear any responsibility for the functioning of the network as a whole, and communication channels are developing extremely unevenly and mainly where the state considers it necessary to invest in it. Accordingly, there are no guarantees about the quality of the network, the speed of data transfer, or even simply the reachability of your computers. For tasks in which reliability and guaranteed time of information delivery are critical, the Internet is far from the best solution. In addition, the Internet binds users to one protocol - IP. It's good when we use standard applications, working with this protocol. Using any other systems with the Internet turns out to be difficult and expensive. If you need to provide mobile users with access to your private network, the Internet is also not the best solution.

It would seem that there shouldn’t be any big problems here - there are Internet service providers almost everywhere, take a laptop with a modem, call and work. However, the supplier, say, in Novosibirsk, has no obligations to you if you connect to the Internet in Moscow. He does not receive money for services from you and, of course, will not provide access to the network. Either you need to conclude an appropriate contract with him, which is hardly reasonable if you find yourself on a two-day business trip, or call from Novosibirsk to Moscow.

Another Internet problem that has been widely discussed lately is security. If we are talking about a private network, it seems quite natural to protect the transmitted information from prying eyes. The unpredictability of information paths between many independent Internet nodes not only increases the risk that some overly curious network operator can put your data on their disk (technically this is not so difficult), but also makes it impossible to determine the location of the information leak. Encryption tools solve the problem only partially, since they are applicable mainly to mail, file transfer, etc. Solutions that allow you to encrypt information in real time at an acceptable speed (for example, when working directly with a remote database or file server) are inaccessible and expensive. Another aspect of the security problem is again related to the decentralization of the Internet - there is no one who can restrict access to the resources of your private network. Since this is an open system where everyone sees everyone, anyone can try to get into your office network and gain access to data or programs. There are, of course, means of protection (the name Firewall is accepted for them - in Russian, or more precisely in German, “firewall” - fire wall). However, they should not be considered a panacea - remember about viruses and antivirus programs. Any protection can be broken, as long as it pays off the cost of hacking. It should also be noted that you can make a system connected to the Internet inoperable without invading your network. There are known cases of unauthorized access to the management of network nodes, or simply using the features of the Internet architecture to disrupt access to a particular server. Thus, the Internet cannot be recommended as a basis for systems that require reliability and closedness. Connecting to the Internet within a corporate network makes sense if you need access to that huge information space, which is actually called the Network.

A corporate network is a complex system that includes thousands of diverse components: computers different types, from desktop to mainframes, system and application software, network adapters, hubs, switches and routers, cable system. The main task of system integrators and administrators is to ensure that this cumbersome and very expensive system copes as best as possible with processing the flow of information circulating between employees of the enterprise and allows them to make timely and rational decisions that ensure the survival of the enterprise in fierce competition. And since life does not stand still, the content of corporate information, the intensity of its flows and the methods of processing it are constantly changing. The latest example of a dramatic change in the technology of automated processing of corporate information is in plain sight - it is associated with the unprecedented growth in the popularity of the Internet in the last 2 - 3 years. The changes brought about by the Internet are multifaceted. The WWW hypertext service has changed the way information is presented to people by collecting on its pages all the popular types of information - text, graphics and sound. Internet transport - inexpensive and accessible to almost all enterprises (and, through telephone networks, to individual users) - has significantly simplified the task of building a territorial corporate network, while simultaneously highlighting the task of protecting corporate data while transmitting it through a highly accessible public network with a multimillion-dollar population. ".

Technologies used in corporate networks.

Before setting out the basics of the methodology for building corporate networks, it is necessary to give comparative analysis technologies that can be used in corporate networks.

Modern data transmission technologies can be classified according to data transmission methods. In general, there are three main methods of data transfer:

circuit switching;

message switching;

packet switching.

All other methods of interaction are, as it were, their evolutionary development. For example, if you imagine data transmission technologies as a tree, then the packet switching branch will be divided into frame switching and cell switching. Recall that packet switching technology was developed more than 30 years ago to reduce overhead and improve the performance of existing data transmission systems. The first packet switching technologies, X.25 and IP, were designed to handle poor quality links. With improved quality, it became possible to use a protocol such as HDLC for information transmission, which has found its place in Frame Relay networks. The desire to achieve greater productivity and technical flexibility was the impetus for the development of SMDS technology, the capabilities of which were then expanded by the standardization of ATM. One of the parameters by which technologies can be compared is the guarantee of information delivery. Thus, X.25 and ATM technologies guarantee reliable delivery of packets (the latter using the SSCOP protocol), while Frame Relay and SMDS operate in a mode where delivery is not guaranteed. Further, the technology can ensure that the data reaches its recipient in the order it was sent. Otherwise, order must be restored at the receiving end. Packet switched networks can focus on pre-connection establishment or simply transfer data to the network. In the first case, both permanent and switched virtual connections can be supported. Important parameters are also the presence of data flow control mechanisms, a traffic management system, mechanisms for detecting and preventing congestion, etc.

Technology comparisons can also be made based on criteria such as the efficiency of addressing schemes or routing methods. For example, the addressing used may be geographic (telephone numbering plan), WAN, or hardware specific. Thus, the IP protocol uses a logical address consisting of 32 bits, which is assigned to networks and subnets. The E.164 addressing scheme is an example of a geo-location-based scheme, and the MAC address is an example of a hardware address. X.25 technology uses the Logical Channel Number (LCN), and the switched virtual connection in this technology uses the X.121 addressing scheme. In Frame Relay technology, several virtual links can be “embedded” into one link, with a separate virtual link identified by a DLCI (Data-Link Connection Identifier). This identifier is specified in each transmitted frame. DLCI has only local significance; in other words, the sender can identify the virtual channel with one number, while the recipient can identify it with a completely different number. Dialup virtual connections in this technology rely on the E.164 numbering scheme. ATM cell headers contain unique VCI/VPI identifiers, which change as cells pass through intermediate switching systems. Dialup virtual connections in ATM technology can use the E.164 or AESA addressing scheme.

Packet routing in a network can be done statically or dynamically and can either be a standardized mechanism for a specific technology or act as a technical basis. Examples of standardized solutions include the dynamic routing protocols OSPF or RIP for IP. In relation to ATM technology, the ATM Forum has defined the protocol for routing requests to establish switched virtual connections, PNNI, distinctive feature which is recording information about the quality of service.

The ideal option for a private network would be to create communication channels only in those areas where they are needed, and transfer over them any network protocols that the running applications require. At first glance, this is a return to leased communication lines, but there are technologies for constructing data transmission networks that make it possible to organize channels within them that appear only at the right time and in the right place. Such channels are called virtual. A system that connects remote resources using virtual channels can naturally be called a virtual network. Today, there are two main virtual network technologies - circuit-switched networks and packet-switched networks. The first include the regular telephone network, ISDN and a number of other, more exotic technologies. Packet switched networks include X.25, Frame Relay and, more recently, ATM technologies. It is too early to talk about using ATM in geographically distributed networks. Other types of virtual (in various combinations) networks are widely used in the construction of corporate information systems.

Circuit-switched networks provide the subscriber with multiple communication channels with a fixed bandwidth per connection. The well-known telephone network provides one communication channel between subscribers. If you need to increase the number of simultaneously available resources, you have to install additional phone numbers, which is very expensive. Even if we forget about the low quality of communication, the limitation on the number of channels and the long connection establishment time do not allow using telephone communications as the basis of a corporate network. For connecting individual remote users, this is quite convenient and often the only available method.

Another example virtual network circuit switched is ISDN (Integrated Services Digital Network). ISDN provides digital channels(64 kbit/sec), through which both voice and data can be transmitted. A basic ISDN (Basic Rate Interface) connection includes two such channels and an additional control channel with a speed of 16 kbit/s (this combination is referred to as 2B+D). It is possible to use a larger number of channels - up to thirty (Primary Rate Interface, 30B+D), but this leads to a corresponding increase in the cost of equipment and communication channels. In addition, the costs of renting and using the network increase proportionally. In general, the limitations on the number of simultaneously available resources imposed by ISDN lead to the fact that this type of communication is convenient to use mainly as an alternative to telephone networks. In systems with a small number of nodes, ISDN can also be used as the main network protocol. You just have to keep in mind that access to ISDN in our country is still the exception rather than the rule.

An alternative to circuit-switched networks is packet-switched networks. When using packet switching, one communication channel is used in a time-sharing mode by many users - much the same as on the Internet. However, unlike networks like the Internet, where each packet is routed separately, packet switching networks require a connection to be established between end resources before information can be transmitted. After establishing a connection, the network “remembers” the route (virtual channel) along which information should be transmitted between subscribers and remembers it until it receives a signal to break the connection. For applications running on a packet switching network, virtual circuits look like regular communication lines - the only difference is that their throughput and introduced delays vary depending on the network load.

The classic packet switching technology is the X.25 protocol. Nowadays it is customary to wrinkle your nose at these words and say: “it’s expensive, slow, outdated and not fashionable.” Indeed, today there are practically no X.25 networks using speeds above 128 kbit/s. The X.25 protocol includes powerful error correction capabilities, ensuring reliable delivery of information even over poor lines and is widely used where high-quality communication channels are not available. In our country they are not available almost everywhere. Naturally, you have to pay for reliability - in this case, the speed of network equipment and relatively large - but predictable - delays in the distribution of information. At the same time, X.25 is a universal protocol that allows you to transfer almost any type of data. "Natural" for X.25 networks is the operation of applications that use the OSI protocol stack. These include systems using the X.400 (email) and FTAM (file exchange) standards, as well as several others. Tools are available to implement interaction based on OSI protocols Unix systems. Another standard feature of X.25 networks is communication through regular asynchronous COM ports. Figuratively speaking, the X.25 network extends the cable connected to the serial port, bringing its connector to remote resources. Thus, almost any application that can be accessed through a COM port can be easily integrated into an X.25 network. Examples of such applications include not only terminal access to remote host computers, for example Unix machines, but also the interaction of Unix computers with each other (cu, uucp), systems based on Lotus Notes, cc:Mail and MS Mail email, etc. To combine LANs in nodes connected to the X.25 network, there are methods for packaging ("encapsulating") information packets from the local network into X.25 packets. Part of the service information is not transmitted, since it can be unambiguously restored on the recipient's side. The standard encapsulation mechanism is considered to be that described in RFC 1356. It allows various local network protocols (IP, IPX, etc.) to be transmitted simultaneously through one virtual connection. This mechanism (or the older IP-only RFC 877 implementation) is implemented in almost all modern routers. There are also methods for transferring other communication protocols over X.25, in particular SNA, used in IBM mainframe networks, as well as a number of proprietary protocols from various manufacturers. Thus, X.25 networks offer universal transport mechanism to transfer information between almost any application. In this case, different types of traffic are transmitted over one communication channel, without “knowing” anything about each other. With LAN aggregation over X.25, you can isolate separate parts of your corporate network from each other, even if they use the same communication lines. This makes it easier to solve security and access control problems that inevitably arise in complex information structures. In addition, in many cases there is no need to use complex routing mechanisms, shifting this task to the X.25 network. Today there are dozens of public wide-area X.25 networks in the world, their nodes are located in almost all large business, industrial and administrative centers . In Russia, X.25 services are offered by Sprint Network, Infotel, Rospak, Rosnet, Sovam Teleport and a number of other providers. In addition to connecting remote nodes, X.25 networks always provide access facilities for end users. In order to connect to any X.25 network resource, the user only needs to have a computer with an asynchronous serial port and a modem. At the same time, there are no problems with authorizing access in geographically remote nodes - firstly, X.25 networks are quite centralized and by concluding an agreement, for example, with the Sprint Network company or its partner, you can use the services of any of the Sprintnet nodes - and these are thousands of cities all over the world, including more than a hundred in the former USSR. Secondly, there is a protocol for interaction between different networks (X.75), which also takes into account payment issues. So, if your resource is connected to an X.25 network, you can access it both from your provider's nodes and through nodes on other networks - that is, from virtually anywhere in the world. From a security point of view, X.25 networks provide a number of very attractive opportunities. First of all, due to the very structure of the network, the cost of intercepting information in the X.25 network turns out to be high enough to already serve as good protection. The problem of unauthorized access can also be solved quite effectively using the network itself. If any - even however small - risk of information leakage turns out to be unacceptable, then, of course, it is necessary to use encryption tools, including in real time. Today, there are encryption tools created specifically for X.25 networks that allow operation at fairly high speeds - up to 64 kbit/s. Such equipment is produced by Racal, Cylink, Siemens. There are also domestic developments created under the auspices of FAPSI. The disadvantage of X.25 technology is the presence of a number of fundamental speed restrictions. The first of them is associated precisely with the developed capabilities of correction and restoration. These features cause delays in the transmission of information and require a lot of processing power and performance from X.25 equipment, as a result of which it simply cannot keep up with fast communication lines. Although there is equipment that has two-megabit ports, the speed they actually provide does not exceed 250 - 300 kbit/sec per port. On the other hand, for modern high-speed communication lines, X.25 correction tools turn out to be redundant and when they are used, equipment power often runs idle. The second feature that makes X.25 networks considered slow is the encapsulation features of LAN protocols (primarily IP and IPX). All other things being equal, LAN communications over X.25 are, depending on network parameters, 15-40 percent slower than using HDLC over a leased line. Moreover, the worse the communication line, the higher the performance loss. We are again dealing with obvious redundancy: LAN protocols have their own correction and recovery tools (TCP, SPX), but when using X.25 networks you have to do this again, losing speed.

It is on these grounds that X.25 networks are declared slow and obsolete. But before we say that any technology is obsolete, it should be indicated for what applications and under what conditions. On low-quality communication lines, X.25 networks are quite effective and provide significant benefits in price and capabilities compared to leased lines. On the other hand, even if we count on a rapid improvement in communication quality - a necessary condition for the obsolescence of X.25 - then even then the investment in X.25 equipment will not be wasted, since modern equipment includes the ability to migrate to Frame Relay technology.

Frame Relay networks

Frame Relay technology emerged as a means to realize the benefits of packet switching on high-speed communication lines. The main difference between Frame Relay networks and X.25 is that they eliminate error correction between network nodes. The tasks of restoring the flow of information are assigned to the terminal equipment and software of users. Naturally, this requires the use of sufficiently high-quality communication channels. It is believed that to successfully work with Frame Relay, the probability of an error in the channel should be no worse than 10-6 - 10-7, i.e. no more than one bad bit per several million. The quality provided by conventional analog lines is usually one to three orders of magnitude lower. The second difference between Frame Relay networks is that today almost all of them implement only the permanent virtual connection (PVC) mechanism. This means that when connecting to a Frame Relay port, you must determine in advance which remote resources you will have access to. The principle of packet switching - many independent virtual connections in one communication channel - remains here, but you cannot select the address of any network subscriber. All resources available to you are determined when you configure the port. Thus, on the basis of Frame Relay technology, it is convenient to build closed virtual networks used to transmit other protocols through which routing is carried out. A virtual network being "closed" means that it is completely inaccessible to other users on the same Frame Relay network. For example, in the USA, Frame Relay networks are widely used as backbones for the Internet. However, your private network can use Frame Relay virtual circuits on the same lines as Internet traffic - and be completely isolated from it. Like X.25 networks, Frame Relay provides a universal transmission medium for virtually any application. The main area of application of Frame Relay today is the interconnection of remote LANs. In this case, error correction and information recovery are carried out at the level of LAN transport protocols - TCP, SPX, etc. Losses for encapsulating LAN traffic in Frame Relay do not exceed two to three percent. Methods for encapsulating LAN protocols in Frame Relay are described in the specifications RFC 1294 and RFC 1490. RFC 1490 also defines the transmission of SNA traffic over Frame Relay. The ANSI T1.617 Annex G specification describes the use of X.25 over Frame Relay networks. In this case, all the addressing, correction and recovery functions of X are used. 25 - but only between end nodes implementing Annex G. Permanent connection over a Frame Relay network in this case looks like a “straight wire” over which X.25 traffic is transmitted. X.25 parameters (packet and window size) can be selected to obtain the lowest possible propagation delays and speed loss when encapsulating LAN protocols. The absence of error correction and complex packet switching mechanisms characteristic of X.25 allows information to be transmitted over Frame Relay with minimal delays. Additionally, it is possible to enable a prioritization mechanism that allows the user to have a guaranteed minimum information transfer rate for the virtual channel. This capability allows Frame Relay to be used to transmit latency-critical information such as voice and video in real time. This relatively new feature is becoming increasingly popular and is often the main reason for choosing Frame Relay as the backbone of a corporate network. It should be remembered that today Frame Relay network services are available in our country in no more than one and a half dozen cities, while X.25 is available in approximately two hundred. There is every reason to believe that as communication channels develop, Frame Relay technology will become increasingly widespread - primarily where X.25 networks currently exist. Unfortunately, there is no single standard describing the interaction various networks Frame Relay, so users are locked into one service provider. If it is necessary to expand the geography, it is possible to connect at one point to the networks of different suppliers - with a corresponding increase in costs. There are also private Frame Relay networks operating within one city or using long-distance - usually satellite - dedicated channels. Building private networks based on Frame Relay allows you to reduce the number of leased lines and integrate voice and data transmission.

Structure of the corporate network. Hardware.

When building a geographically distributed network, all the technologies described above can be used. To connect remote users, the simplest and most affordable option is to use telephone communication. Where possible, may be used ISDN networks. To connect network nodes in most cases, global data networks are used. Even where it is possible to lay dedicated lines (for example, within the same city), the use of packet switching technologies makes it possible to reduce the number of necessary communication channels and, importantly, ensure compatibility of the system with existing global networks. Connecting your corporate network to the Internet is justified if you need access to relevant services. It is worth using the Internet as a data transmission medium only when other methods are unavailable and financial considerations outweigh the requirements of reliability and security. If you will use the Internet only as a source of information, it is better to use dial-on-demand technology, i.e. this method of connection, when a connection to an Internet node is established only on your initiative and for the time you need. This dramatically reduces the risk of unauthorized entry into your network from the outside. The simplest way To ensure such a connection - use dialing to the Internet node via a telephone line or, if possible, via ISDN. Another, more reliable way provide connection on demand - use a leased line and the X.25 protocol or - which is much preferable - Frame Relay. In this case, the router on your side should be configured to break the virtual connection if there is no data for a certain time and re-establish it only when data appears on your side. Widespread connection methods using PPP or HDLC do not provide this opportunity. If you want to provide your information on the Internet - for example, install WWW or FTP server, the on-demand connection is not applicable. In this case, you should not only use access restriction using a Firewall, but also isolate the Internet server from other resources as much as possible. A good solution is to use a single Internet connection point for the entire geographically distributed network, the nodes of which are connected to each other using X.25 or Frame Relay virtual channels. In this case, access from the Internet is possible to a single node, while users in other nodes can access the Internet using an on-demand connection.

To transfer data within a corporate network, it is also worth using virtual channels of packet switching networks. The main advantages of this approach - versatility, flexibility, security - were discussed in detail above. Both X.25 and Frame Relay can be used as a virtual network when building a corporate information system. The choice between them is determined by the quality of communication channels, the availability of services at connection points and, last but not least, financial considerations. Today, the costs of using Frame Relay for long-distance communications are several times higher than for X.25 networks. On the other hand, higher data transfer speeds and the ability to simultaneously transmit data and voice may be decisive arguments in favor of Frame Relay. In those areas of the corporate network where leased lines are available, Frame Relay technology is more preferable. In this case, it is possible to both combine local networks and connect to the Internet, as well as use those applications that traditionally require X.25. In addition, telephone communication between nodes is possible via the same network. For Frame Relay, it is better to use digital communication channels, but even on physical lines or voice-frequency channels you can create a quite effective network by installing the appropriate channel equipment. Good results are obtained by using Motorola 326x SDC modems, which have unique capabilities for data correction and compression in synchronous mode. Thanks to this, it is possible - at the cost of introducing small delays - to significantly increase the quality of the communication channel and achieve effective speeds of up to 80 kbit/sec and higher. On short physical lines, short-range modems can also be used, providing fairly high speeds. However, high line quality is required here, since short-range modems do not support any error correction. RAD short-range modems are widely known, as well as PairGain equipment, which allows you to achieve speeds of 2 Mbit/s on physical lines about 10 km long. To connect remote users to the corporate network, access nodes of X.25 networks, as well as their own communication nodes, can be used. In the latter case, the required amount must be allocated telephone numbers(or ISDN channels), which may be too expensive. If you need to connect a large number of users at the same time, then using X.25 network access nodes may be a cheaper option, even within the same city.

A corporate network is a rather complex structure that uses various types of communications, communication protocols and methods of connecting resources. From the point of view of ease of construction and manageability of the network, one should focus on the same type of equipment from one manufacturer. However, practice shows that there are no suppliers offering the most effective solutions for all emerging problems. A working network is always the result of a compromise - either it is a homogeneous system, suboptimal in terms of price and capabilities, or a more complex combination of products from different manufacturers to install and manage. Next, we will look at network building tools from several leading manufacturers and give some recommendations for their use.

All data transmission network equipment can be divided into two large classes -

1. peripheral, which is used to connect end nodes to the network, and

2. backbone or backbone, which implements the main functions of the network (channel switching, routing, etc.).

There is no clear boundary between these types - the same devices can be used in different capacities or combine both functions. It should be noted that backbone equipment is usually subject to increased requirements in terms of reliability, performance, number of ports and further expandability.

Peripheral equipment is a necessary component of any corporate network. The functions of backbone nodes can be taken over by a global data transmission network to which resources are connected. As a rule, backbone nodes appear as part of a corporate network only in cases where leased communication channels are used or when own access nodes are created. Peripheral equipment of corporate networks, in terms of the functions they perform, can also be divided into two classes.

Firstly, these are routers, which are used to connect homogeneous LANs (usually IP or IPX) through global data networks. In networks that use IP or IPX as the main protocol - in particular, on the Internet - routers are also used as backbone equipment that ensures the joining of various communication channels and protocols. Routers can be implemented either as stand-alone devices or as software based on computers and special communication adapters.

The second widely used type of peripheral equipment is gateways), which implement the interaction of applications running in different types of networks. Corporate networks primarily use OSI gateways, which provide LAN connectivity to X.25 resources, and SNA gateways, which provide connectivity to IBM networks. A full-featured gateway is always a hardware-software complex, since it must provide the necessary software interfaces. Cisco Systems Routers Among the routers, perhaps the best known are the products of Cisco Systems, which implement a wide range of tools and protocols used in the interaction of local networks. Cisco equipment supports a variety of connection methods, including X.25, Frame Relay and ISDN, allowing you to create quite complex systems. In addition, among the Cisco router family there are excellent remote access servers for local networks, and some configurations partially implement gateway functions (what is called Protocol Translation in Cisco terms).

The main application area for Cisco routers is complex networks using IP or, less commonly, IPX as the main protocol. In particular, Cisco equipment is widely used in Internet backbones. If your corporate network is designed primarily to connect remote LANs and requires complex IP or IPX routing across heterogeneous links and data networks, then using Cisco equipment will most likely optimal choice. Tools for working with Frame Relay and X.25 are implemented in Cisco routers only to the extent that is needed to combine local networks and access them. If you want to build your system based on packet-switched networks, then Cisco routers can work in it only as purely peripheral equipment, and many of the routing functions are redundant and, accordingly, the price is too high. The most interesting for use in corporate networks are the Cisco 2509, Cisco 2511 access servers and the new Cisco 2520 series devices. Their main area of application is access for remote users to local networks via telephone lines or ISDN with dynamic IP address assignment (DHCP). Motorola ISG Equipment Among the equipment designed to work with X.25 and Frame Relay, the most interesting are the products manufactured by the Motorola Corporation Information Systems Group (Motorola ISG). Unlike backbone devices used in global data networks (Northern Telecom, Sprint, Alcatel, etc.), Motorola equipment is capable of operating completely autonomously, without a special network management center. The range of capabilities important for use in corporate networks is much wider for Motorola equipment. Of particular note are the developed means of hardware and software modernization, which make it possible to easily adapt the equipment to specific conditions. All Motorola ISG products can operate as X.25/Frame Relay switches, multi-protocol access devices (PAD, FRAD, SLIP, PPP, etc.), support Annex G (X.25 over Frame Relay), provide SNA protocol conversion (SDLC/ QLLC/RFC1490). Motorola ISG equipment can be divided into three groups, differing in the set of hardware and scope of application.

The first group, designed to work as peripheral devices, is the Vanguard series. It includes Vanguard 100 (2-3 ports) and Vanguard 200 (6 ports) serial access nodes, as well as Vanguard 300/305 routers (1-3 serial ports and an Ethernet/Token Ring port) and Vanguard 310 ISDN routers. Routers Vanguard, in addition to a set of communication capabilities, includes the transmission of IP, IPX and Appletalk protocols over X.25, Frame Relay and PPP. Naturally, at the same time, the gentleman’s set necessary for any modern router is supported - the RIP and OSPF protocols, filtering and access restriction tools, data compression, etc.

The next group of Motorola ISG products includes the Multimedia Peripheral Router (MPRouter) 6520 and 6560 devices, which differ mainly in performance and expandability. In the basic configuration, the 6520 and 6560 have, respectively, five and three serial ports and an Ethernet port, and the 6560 has all high-speed ports (up to 2 Mbps), and the 6520 has three ports with speeds up to 80 kbps. MPRouter supports all communication protocols and routing capabilities available for Motorola ISG products. The main feature of MPRouter is the ability to install a variety of additional cards, which is reflected in the word Multimedia in its name. There are serial port cards, Ethernet/Token Ring ports, ISDN cards, and Ethernet hub. The most interesting feature of MPRouter is voice over Frame Relay. To do this, special boards are installed in it, allowing the connection of conventional telephone or fax machines, as well as analog (E&M) and digital (E1, T1) PBXs. The number of simultaneously serviced voice channels can reach two or more dozen. Thus, MPRouter can be used simultaneously as a voice and data integration tool, a router and an X.25/Frame Relay node.

The third group of Motorola ISG products is backbone equipment for global networks. These are expandable devices of the 6500plus family, with fault-tolerant design and redundancy, designed to create powerful switching and access nodes. They include various sets of processor modules and I/O modules, allowing for high-performance nodes with from 6 to 54 ports. In corporate networks, such devices can be used to build complex systems with a large number of connected resources.

It is interesting to compare Cisco and Motorola routers. We can say that for Cisco routing is primary, and communication protocols are only a means of communication, while Motorola focuses on communication capabilities, considering routing as another service implemented using these capabilities. In general, the routing capabilities of Motorola products are poorer than those of Cisco, but they are quite sufficient for connecting end nodes to the Internet or a corporate network.

The performance of Motorola products, all other things being equal, is perhaps even higher, and at a lower price. Thus, Vanguard 300, with a comparable set of capabilities, turns out to be approximately one and a half times cheaper than its closest analogue, Cisco 2501.

Eicon Technology Solutions

In many cases, it is convenient to use solutions from the Canadian company Eicon Technology as peripheral equipment for corporate networks. The basis of Eicon solutions is the universal communication adapter EiconCard, which supports a wide range of protocols - X.25, Frame Relay, SDLC, HDLC, PPP, ISDN. This adapter is installed in one of the computers on the local network, which becomes a communication server. This computer can be used for other tasks as well. This is possible due to the fact that EiconCard has enough powerful processor and its own memory and is capable of processing network protocols without loading the communication server. Eicon software allows you to build both gateways and routers based on EiconCard, running almost all operating systems on Intel platform. Here we will look at the most interesting of them.

The Eicon family of solutions for Unix includes the IP Connect Router, X.25 Connect Gateways and SNA Connect. All of these products can be installed on a computer running SCO Unix or Unixware. IP Connect allows IP traffic to be carried over X.25, Frame Relay, PPP or HDLC and is compatible with equipment from other manufacturers, including Cisco and Motorola. The package includes a Firewall, data compression tools and SNMP management tools. The main application of IP Connect is connecting application servers and Unix-based Internet servers to a data network. Naturally, the same computer can also be used as a router for the entire office in which it is installed. There are a number of advantages to using an Eicon router instead of pure hardware devices. Firstly, it is easy to install and use. From the operating system point of view, EiconCard with IP Connect installed looks like another network card. This makes setting up and administering IP Connect fairly simple for anyone who has been around Unix. Secondly, directly connecting the server to the data network allows you to reduce the load on the office LAN and provide that very single point of connection to the Internet or to the corporate network without installing additional network cards and routers. Third, this "server-centric" solution is more flexible and extensible than traditional routers. There are a number of other benefits that come with using IP Connect with other Eicon products.

X.25 Connect is a gateway that allows LAN applications to communicate with X.25 resources. This product allows you to connect Unix users and DOS/Windows and OS/2 workstations to remote systems email, databases and other systems. By the way, it should be noted that Eicon gateways today are perhaps the only common product on our market that implements the OSI stack and allows you to connect to X.400 and FTAM applications. In addition, X.25 Connect allows you to connect remote users to a Unix machine and terminal applications on local network stations, as well as organize interaction between remote Unix computers via X.25. Using standard Unix capabilities together with X.25 Connect, it is possible to implement protocol conversion, i.e. translation of Unix Telnet access into an X.25 call and vice versa. It is possible to connect a remote X.25 user using SLIP or PPP to a local network and, accordingly, to the Internet. In principle, similar protocol translation capabilities are available in Cisco routers running IOS Enterprise software, but the solution is more expensive than Eicon and Unix products combined.

Another product mentioned above is SNA Connect. This is a gateway designed to connect to the IBM mainframe and AS/400. It is typically used in conjunction with user software—5250 and 3270 terminal emulators and APPC interfaces—also manufactured by Eicon. Analogues of the solutions discussed above exist for other operating systems - Netware, OS/2, Windows NT and even DOS. Particularly worth mentioning is Interconnect Server for Netware, which combines all of the above capabilities with remote configuration and administration tools and a client authorization system. It includes two products - Interconnect Router, which allows routing of IP, IPX and Appletalk and is, in our opinion, the most successful solution for connecting remote Novell Netware networks, and Interconnect Gateway, which provides, in particular, powerful SNA connectivity. Another Eicon product designed to work in the Novell Netware environment is WAN Services for Netware. This is a set of tools that allow you to use Netware applications on X.25 and ISDN networks. Using it in conjunction with Netware Connect allows remote users to connect to the LAN via X.25 or ISDN, as well as provide X.25 egress from the LAN. There is an option to ship WAN Services for Netware with Novell's Multiprotocol Router 3.0. This product is called Packet Blaster Advantage. A Packet Blaster ISDN is also available, which works not with the EiconCard, but with ISDN adapters also supplied by Eicon. In this case, various connection options are possible - BRI (2B+D), 4BRI (8B+D) and PRI (30B+D). To work with Windows applications NT is intended for the product WAN Services for NT. It includes an IP Router, tools for connecting NT applications to X.25 networks, support for Microsoft SNA Server, and tools for remote users to access a local area network over X.25 using Remote Access Server. To connect Windows server NT to an ISDN network, an Eicon ISDN adapter can also be used in conjunction with the ISDN Services for Netware software.

Methodology for building corporate networks.

Now that we have listed and compared the main technologies that a developer can use, let's move on to the basic issues and methods used in network design and development.

Network requirements.

Network designers and network administrators always strive to ensure that three basic network requirements are met:

scalability;

performance;

controllability.

Good scalability is necessary so that both the number of users on the network and the application software can be changed without much effort. High network performance is required for normal operation most modern applications. Finally, the network must be manageable enough to be reconfigured to meet the organization's ever-changing needs. These requirements reflect a new stage in the development of network technologies - the stage of creating high-performance corporate networks.

The uniqueness of new software and technologies complicates the development of enterprise networks. Centralized resources, new classes of programs, different principles of their application, changes in the quantitative and qualitative characteristics of the information flow, an increase in the number of concurrent users and an increase in the power of computing platforms - all these factors must be taken into account in their entirety when developing a network. Nowadays there are a large number of technological and architectural solutions on the market, and choosing the most suitable one is a rather difficult task.

In modern conditions, for proper network design, development and maintenance, specialists must consider the following issues:

o Change of organizational structure.

When implementing a project, you should not “separate” software specialists and network specialists. When developing networks and the entire system as a whole, a single team of specialists from different fields is needed;

o Use of new software tools.

It is necessary to become familiar with new software at an early stage of network development so that the necessary adjustments can be made in a timely manner to the tools planned for use;

o Research different solutions.

It is necessary to evaluate various architectural decisions and their possible impact on the operation of the future network;

o Checking networks.

It is necessary to test the entire network or parts of it in the early stages of development. To do this, you can create a network prototype that will allow you to evaluate the correctness of the decisions made. This way you can prevent the appearance of various types of " bottlenecks" and determine the applicability and approximate performance of different architectures;

o Selection of protocols.

To choose the right network configuration, you need to evaluate the capabilities of different protocols. It is important to determine how network operations that optimize the performance of one program or software package may affect the performance of others;

o Selecting a physical location.

When choosing a location to install servers, you must first determine the location of the users. Is it possible to move them? Will their computers be connected to the same subnet? Will users have access to the global network?

o Calculation of critical time.

It is necessary to determine the acceptable response time of each application and possible periods of maximum load. It is important to understand how emergency situations can affect network performance and determine whether a reserve is needed to organize the continuous operation of the enterprise;

o Analysis of options.

It is important to analyze the different uses of software on the network. Centralized storage and processing of information often creates additional load at the center of the network, and distributed computing may require the strengthening of local workgroup networks.

Today there is no ready-made, debugged universal methodology, following which you can automatically carry out the entire range of activities for the development and creation of a corporate network. First of all, this is due to the fact that there are no two absolutely identical organizations. In particular, each organization is characterized by a unique leadership style, hierarchy, and business culture. And if we take into account that the network inevitably reflects the structure of the organization, then we can safely say that no two identical networks exist.

Network architecture

Before you begin building a corporate network, you must first determine its architecture, functional and logical organization, and take into account the existing telecommunications infrastructure. A well-designed network architecture helps evaluate the feasibility of new technologies and applications, serves as a foundation for future growth, guides the choice of network technologies, helps avoid unnecessary costs, reflects the connectivity of network components, significantly reduces the risk of incorrect implementation, etc. The network architecture forms the basis of the technical specifications for the created network. It should be noted that network architecture differs from network design in that it does not, for example, define the exact schematic diagram networks and does not regulate the placement of network components. Network architecture, for example, determines whether some parts of the network will be built on Frame Relay, ATM, ISDN, or other technologies. The network design must contain specific instructions and estimates of parameters, for example, the required throughput value, the actual bandwidth, the exact location of communication channels, etc.

There are three aspects, three logical components, in the network architecture:

principles of construction,

network templates

and technical positions.

Design principles are used in network planning and decision making. Principles are a set simple instructions, which describe in sufficient detail all the issues of constructing and operating a deployed network over a long period of time. As a rule, the formation of principles is based on the corporate goals and basic business practices of the organization.

The principles provide the primary link between corporate development strategy and network technologies. They serve to develop technical positions and network templates. When developing a technical specification for a network, the principles of constructing a network architecture are set out in a section that defines the general goals of the network. The technical position can be viewed as a target description that determines the choice between competing alternative network technologies. The technical position clarifies the parameters of the selected technology and provides a description of a single device, method, protocol, service provided, etc. For example, when choosing a LAN technology, speed, cost, quality of service, and other requirements must be taken into account. Developing technical positions requires in-depth knowledge of networking technologies and careful consideration of the organization's requirements. The number of technical positions is determined by the given level of detail, the complexity of the network and the size of the organization. The network architecture can be described in the following technical terms:

Network transport protocols.

What transport protocols should be used to transfer information?

Network routing.

What routing protocol should be used between routers and ATM switches?

Quality of service.

How will the ability to choose the quality of service be achieved?

Addressing in IP networks and addressing domains.

What addressing scheme should be used for the network, including registered addresses, subnets, subnet masks, forwarding, etc.?

Switching in local networks.

What switching strategy should be used in local area networks?

Combining switching and routing.

Where and how switching and routing should be used; how should they combine?

Organization of a city network.

How should branches of an enterprise located, say, in the same city communicate?

Organization of a global network.

How should enterprise branches communicate over a global network?

Remote access service.

How do users of remote branches gain access to the enterprise network?

Network patterns are a set of models of network structures that reflect the relationships between network components. For example, for a particular network architecture, a set of templates is created to “reveal” the network topology of a large branch or wide area network, or to show the distribution of protocols across layers. Network patterns illustrate a network infrastructure that is described by a complete set of technical positions. Moreover, in a well-thought-out network architecture In terms of detail, network templates can be as close in content as possible to technical items. In fact, network templates are a description of the functional diagram of a network section that has specific boundaries; the following main network templates can be distinguished: for a global network, for a metropolitan network, for a central office, for a large branch of an organization, for a department. Other templates can be developed for sections of the network that have any special features.

The described methodological approach is based on studying a specific situation, considering the principles of building a corporate network in their entirety, analyzing its functional and logical structure, developing a set of network templates and technical positions. Various implementations of corporate networks may include certain components. In general, a corporate network consists of various branches connected by communication networks. They can be wide area (WAN) or metropolitan (MAN). Branches can be large, medium and small. A large department can be a center for processing and storing information. A central office is allocated from which the entire corporation is managed. Small departments include various service departments (warehouses, workshops, etc.). Small branches are essentially remote. The strategic purpose of the remote branch is to house sales and technical support closer to the consumer. Customer communications, which significantly impact corporate revenue, will be more productive if all employees have the ability to access corporate data at any time.

At the first step of building a corporate network, the proposed functional structure is described. The quantitative composition and status of offices and departments is determined. The need to deploy your own private communication network is justified or the choice of a service provider that is able to meet the requirements is made. The development of a functional structure is carried out taking into account the financial capabilities of the organization, long-term development plans, the number of active network users, running applications, and the required quality of service. The development is based on the functional structure of the enterprise itself.

The second step is to determine the logical structure of the corporate network. The logical structures differ from each other only in the choice of technology (ATM, Frame Relay, Ethernet...) for building the backbone, which is the central link of the corporation’s network. Let's consider logical structures built on the basis of cell switching and frame switching. The choice between these two methods of transmitting information is made based on the need to provide guaranteed quality of service. Other criteria may be used.

The data transmission backbone must satisfy two basic requirements.

o The ability to connect a large number of low-speed workstations to a small number of powerful, high-speed servers.

o Acceptable speed of response to customer requests.

An ideal highway should have high reliability of data transmission and a developed control system. A management system should be understood, for example, as the ability to configure the backbone taking into account all local features and maintaining reliability at such a level that even if some parts of the network fail, the servers remain available. The listed requirements will probably determine several technologies, and the final choice of one of them remains with the organization itself. You need to decide what is most important - cost, speed, scalability or quality of service.

The logical structure with cell switching is used in networks with real-time multimedia traffic (video conferencing and high-quality voice transmission). At the same time, it is important to soberly assess how necessary such an expensive network is (on the other hand, even expensive networks are sometimes not able to satisfy some requirements). If this is so, then it is necessary to take the logical structure of the frame switching network as a basis. The logical switching hierarchy, combining two levels of the OSI model, can be represented as a three-level diagram:

The lower level is used to combine local Ethernet networks,

The middle layer is either an ATM local network, a MAN network, or a WAN backbone communication network.

The top level of this hierarchical structure is responsible for routing.

The logical structure allows you to identify all possible communication routes between individual sections of the corporate network

Backbone based on cell switching

When using cell switching technology to build a network backbone, combining all Ethernet switches workgroup level is implemented by high-performance ATM switches. Operating at Layer 2 of the OSI reference model, these switches transmit 53-byte fixed-length cells instead of variable-length Ethernet frames. This networking concept implies that the switch Ethernet level The workgroup must have an ATM segment-and-assemble (SAR) output port that converts variable-length Ethernet frames into fixed-length ATM cells before passing the information to the ATM backbone switch.

For wide area networks, core ATM switches are capable of connecting remote regions. Also operating at Layer 2 of the OSI model, these WAN switches can use T1/E1 links (1.544/2.0Mbps), T3 links (45Mbps) or SONET OC-3 links (155Mbps). To provide urban communications, a MAN network can be deployed using ATM technology. The same ATM backbone network can be used to communicate between telephone exchanges. In the future, as part of the client/server telephony model, these stations may be replaced by voice servers on the local network. In this case, the ability to guarantee quality of service in ATM networks becomes very important when organizing communications with client personal computers.

Routing

As already noted, routing is the third and highest level in hierarchical structure networks. Routing, which operates at Layer 3 of the OSI reference model, is used to organize communication sessions, which include:

o Communication sessions between devices located in different virtual networks (each network is usually a separate IP subnet);

o Communication sessions that pass through wide area/city

One strategy for building a corporate network is to install switches at the lower levels of the overall network. Local networks are then connected using routers. Routers are required to divide a large organization's IP network into many separate IP subnets. This is necessary to prevent "broadcast explosion" associated with protocols such as ARP. To contain the spread of unwanted traffic across the network, all workstations and servers must be divided into virtual networks. In this case, routing controls communication between devices belonging to different VLANs.

Such a network consists of routers or routing servers (logical core), a network backbone based on ATM switches and a large number of Ethernet switches located on the periphery. With the exception of special cases, such as video servers that connect directly to the ATM backbone, all workstations and servers must be connected to Ethernet switches. This type of network construction will allow you to localize internal traffic within workgroups and prevent such traffic from being pumped through backbone ATM switches or routers. The aggregation of Ethernet switches is carried out by ATM switches, usually located in the same compartment. It should be noted that multiple ATM switches may be required to provide enough ports to connect all the Ethernet switches. As a rule, in this case, 155 Mbit/s communication is used over multimode fiber optic cable.

Routers are located away from the backbone ATM switches, since these routers need to be moved beyond the routes of the main communication sessions. This design makes routing optional. This depends on the type of communication session and the type of traffic on the network. Routing should be avoided when transmitting real-time video information, as it can introduce unwanted delays. Routing is not needed for communication between devices located on the same virtual network, even if they are located in different buildings within a large enterprise.

In addition, even in situations where routers are required for certain communications, placing routers away from backbone ATM switches can minimize the number of routing hops (a routing hop is the portion of the network from a user to the first router or from one router to another). This not only reduces latency, but also reduces the load on routers. Routing has become widespread as a technology for connecting local networks in a global environment. Routers provide a variety of services designed for multi-level control of the transmission channel. This includes a general addressing scheme (at the network layer) that is independent of how the addresses of the previous layer are formed, as well as conversion from one control layer frame format to another.

Routers make decisions about where to route incoming data packets based on the address information they contain. network layer. This information is retrieved, analyzed, and compared with the contents of routing tables to determine which port a particular packet should be sent to. The link layer address is then extracted from the network layer address if the packet is to be sent to a segment of a network such as Ethernet or Token Ring.

In addition to processing packets, routers simultaneously update routing tables, which are used to determine the destination of each packet. Routers create and maintain these tables dynamically. As a result, routers can automatically respond to changes in network conditions, such as congestion or damage to communication links.

Determining a route is quite a difficult task. In a corporate network, ATM switches must function in much the same way as routers: information must be exchanged based on the network topology, available routes, and transmission costs. The ATM switch critically needs this information to select the best route for a particular communication session initiated by end users. In addition, determining a route is not limited to just deciding on the path along which a logical connection will pass after generating a request for its creation.

The ATM switch can select new routes if for some reason the communication channels are unavailable. At the same time, ATM switches must provide network reliability at the router level. To create an expandable network with high cost efficiency, it is necessary to transfer routing functions to the network periphery and provide traffic switching in its backbone. ATM is the only network technology that can do this.

To select a technology, you need to answer the following questions:

Does the technology provide adequate quality of service?

Can she guarantee the quality of service?

How expandable will the network be?

Is it possible to choose a network topology?

Are the services provided by the network cost-effective?

How effective will the management system be?

The answers to these questions determine the choice. But, in principle, they can be used in different parts of the network different technologies. For example, if certain areas require support for real-time multimedia traffic or a speed of 45 Mbit/s, then ATM is installed in them. If a section of the network requires interactive processing of requests, which does not allow significant delays, then it is necessary to use Frame Relay, if such services are available in this geographic area (otherwise, you will have to resort to the Internet).

Thus, a large enterprise may connect to the network via ATM, while branch offices connect to the same network via Frame Relay.

When creating a corporate network and selecting network technology with appropriate software and hardware, the price/performance ratio must be taken into account. It's hard to expect high speeds from cheap technologies. On the other hand, it makes no sense to use the most complex technologies for the simplest tasks. Different technologies should be properly combined to achieve maximum efficiency.

When choosing a technology, the type of cabling system and the required distances should be taken into account; compatibility with already installed equipment (significant cost minimization can be achieved if new system it is possible to turn on already installed equipment.

Generally speaking, there are two ways to build a high-speed local network: evolutionary and revolutionary.

The first way is based on expanding the good old frame relay technology. The speed of the local network can be increased within the framework of this approach by upgrading the network infrastructure, adding new communication channels and changing the method of packet transmission (which is what is done in switched Ethernet). Regular Ethernet network shares bandwidth, that is, the traffic of all network users competes with each other, claiming the entire throughput network segment. Switched Ethernet creates dedicated routes, giving users real bandwidth of 10 Mbit/s.

The revolutionary path involves the transition to radically new technologies, for example, ATM for local networks.

Extensive practice in building local networks has shown that the main issue is quality of service. This is what determines whether the network can work successfully (for example, with applications such as video conferencing, which are increasingly used around the world).

Conclusion.

Whether or not to have your own communication network is a “private matter” for each organization. However, if building a corporate (departmental) network is on the agenda, it is necessary to conduct a deep, comprehensive study of the organization itself, the problems it solves, draw up a clear document flow chart in this organization and, on this basis, begin to select the most appropriate technology. One example of building corporate networks is the currently widely known Galaktika system.

List of used literature:

1. M. Shestakov “Principles of building corporate data networks” - “Computerra”, No. 256, 1997

2. Kosarev, Eremin " Computer systems and networks", Finance and Statistics, 1999.

3. Olifer V. G., Olifer N. D. “Computer networks: principles, technologies, protocols”, St. Petersburg, 1999

4. Materials from the site rusdoc.df.ru

INTRODUCTION
2
2
3
4
4
5
6 Fiber connection
6
CONCLUSION
11

Files: 1 file

INTRODUCTION
1 The concept of “Corporate networks”
2 Corporate network structure
3 Corporate network equipment
4 Multi-layered view of the corporate network
5 Communication channels of the corporate network
6 Fiber connection
CONCLUSION
LIST OF REFERENCES USED APPENDIX

Introduction

Enterprise network management systems have not been around for very long. One of the first systems for this purpose that became widespread was the SunNet Manager software product, released in 1989 by SunSoft. SunNet Manager was focused on managing communications equipment and monitoring network traffic. These are the functions most often referred to when talking about a network management system. In addition to network management systems, there are also management systems for other elements of the corporate network: OS management systems, DBMS, corporate applications. Management systems for telecommunication networks are also used: telephone networks, as well as primary networks of PDH and SDH technologies.

Regardless of the control object, it is desirable that the control system perform a number of functions that are defined by international standards that summarize the experience of using control systems in various fields. There are ITU-T X.700 recommendations and the closely related ISO 7498-4 standard, which divide the management system tasks into five functional groups:

 network configuration and naming management;

 error handling;

 performance and reliability analysis;

 security management;

 accounting of network operation.

1. The concept of “Corporate networks”

A corporate network is a system that provides information transfer between various applications used in the corporation's system. A corporate network includes thousands of a wide variety of components: computers of various types, system and application software, network adapters, hubs, switches and routers, and cabling systems. The main task of system integrators and administrators is to ensure that this cumbersome and very expensive system copes as best as possible with processing the flow of information circulating between employees of the enterprise and allows them to make timely and rational decisions that ensure the survival of the enterprise in fierce competition. And since life does not stand still, the content of corporate information, the intensity of its flows and the methods of processing it are constantly changing. The latest example of a dramatic change in the technology of automated processing of corporate information is in plain sight - it is associated with the unprecedented growth in the popularity of the Internet in the last 2 - 3 years.

A corporate network, as a rule, is geographically distributed, i.e. uniting offices, divisions and other structures located at a considerable distance from each other. The principles by which a corporate network is built are quite different from those used when creating a local network. This limitation is fundamental, and when designing a corporate network, all measures should be taken to minimize the volume of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process information transferred over it.

We can highlight the main stages of the process of creating a corporate information system:

 conduct an information survey of the organization;

 based on the survey results, select the system architecture and hardware software its implementation. based on the survey results, select and develop key components of the information system;

 corporate database management system;

 system for automating business operations and document flow;

 control system electronic documents;

 special software;

 decision support systems.

2. Corporate network structure

To connect remote users to the corporate network, the simplest and most affordable option is to use telephone communication. Where possible, ISDN networks may be used. To connect network nodes in most cases, global data networks are used. Even where it is possible to lay dedicated lines (for example, within the same city), the use of packet switching technologies makes it possible to reduce the number of necessary communication channels and, importantly, ensure compatibility of the system with existing global networks.

Connecting your corporate network to the Internet is justified if you need access to relevant services. It is worth using the Internet as a data transmission medium only when other methods are unavailable and financial considerations outweigh the requirements of reliability and security. If you will use the Internet only as a source of information, it is better to use dial-on-demand technology, i.e. this method of connection, when a connection to an Internet node is established only on your initiative and for the time you need. This dramatically reduces the risk of unauthorized entry into your network from the outside.

The structure of the corporate network is shown in Figure 1.

Figure 1 – Corporate network

3. Corporate network equipment

A corporate network is a rather complex structure that uses various types of communications, communication protocols and methods of connecting resources.

All equipment of data transmission networks can be divided into two large classes - peripheral, which is used to connect end nodes to the network, and backbone or core, which implements the main functions of the network (channel switching, routing, etc.). There is no clear boundary between these types - the same devices can be used in different capacities or combine both functions. It should be noted that backbone equipment is usually subject to increased requirements in terms of reliability, performance, number of ports and further expandability. Peripheral equipment is a necessary component of any corporate network. The functions of backbone nodes can be taken over by a global data transmission network to which resources are connected. As a rule, backbone nodes appear as part of a corporate network only in cases where leased communication channels are used or when own access nodes are created.

4. Multi-layered view of the corporate network

It is useful to think of an enterprise network as a complex system consisting of several interacting layers. At the base of the pyramid, representing the corporate network, there is a layer of computers - centers for storing and processing information, and a transport subsystem (Figure 2), which ensures reliable transmission of information packets between computers.

Figure 2 - Hierarchy of corporate network layers

A layer of network operating systems operates above the transport system, which organizes the work of applications on computers and provides the resources of its computer for general use through the transport system.

Various applications work on top of the operating system, but due to the special role of database management systems, which store basic corporate information in an organized form and perform basic search operations on it, this class of system applications is usually allocated to a separate layer of the corporate network.

At the next level, there are system services that, using the DBMS as a tool for searching for the necessary information among millions and billions of bytes stored on disks, provide end users with this information in a form convenient for decision-making, and also perform some procedures common to enterprises of all types information processing. These services include the WorldWideWeb service, e-mail systems, collaborative systems, and many others.

And finally, the top level of the corporate network is represented by special software systems that perform tasks specific to a given enterprise or enterprises of this type. Examples of such systems include bank automation systems, accounting systems, computer-aided design, process control systems, etc.

The ultimate goal of a corporate network is embodied in the top-level application programs, but for their successful operation it is absolutely necessary that the subsystems of other layers clearly perform their functions.

5. Corporate network communication channels

The first problem that has to be solved when creating a corporate network is the organization of communication channels. Communication channels are created along communication lines using complex electronic equipment and communication cables.

A communication cable is a long product in the electrical industry. There are many different modifications of LAN cables:

 thin coaxial cables;

- thick coaxial cables;

 shielded twisted pairs that look like electrical wiring;

 unshielded twisted pairs;

 fiber optic cables, which can operate over longer distances and at higher speeds than other types of cables. However, their wiring and network adapters are quite expensive.

Communication lines are built from communication cables (and a host of other things). The length of communication lines ranges from tens of meters to tens of thousands of kilometers. Any more or less serious communication line, in addition to cables, includes: trenches, wells, couplings, crossings of rivers, seas and oceans, as well as lightning protection (as well as other types of protection) of lines.

Communication channels are organized along already built communication lines. In this case, the channels, by the nature of the transmitted signals, can be analog or digital. So, on one communication line you can simultaneously create both analog and digital channels that operate separately. Moreover, if the line, as a rule, is built and commissioned all at once, then the channels are introduced gradually. Already along the line it is possible to provide communication, but such use of extremely expensive structures is very ineffective. Therefore, channelization equipment is used. The number of channels is increased gradually, installing more and more powerful channelization equipment (sometimes called multiplexing, especially in relation to digital channels).

6. Fiber optic connection.

6.1 Optical communication systems.

Fiber optic communication lines are a type of communication in which information is transmitted along optical dielectric waveguides, known as optical fiber.

Optical fiber is currently considered the most advanced physical medium for transmitting information, as well as the most promising medium for transmitting large flows of information over long distances. The reasons to think so arise from a number of features inherent in optical waveguides.

6.2 Physical features.

1. Broadband optical signals due to the extremely high carrier frequency (Fo=10**14 Hz). This means that according to optical line Communications can transmit information at a speed of about 10**12 bit/s or Terabit/s. Data transmission speed can be increased by transmitting information in two directions at once, since light waves can propagate independently of each other in one fiber.

2. Very low (compared to other media) attenuation of the light signal in the fiber. The best fiber samples have an attenuation of 0.22 dB/km at a wavelength of 1.55 microns, which makes it possible to build communication lines up to 100 km long without signal regeneration.

large enterprise network). Before discussing the characteristic features of each of the listed types of networks, let us dwell on those factors that force enterprises to acquire their own computer network.

What does the use of networks give to an enterprise?

This question can be clarified as follows:

When to deploy in an enterprise computer networks Is it preferable to use standalone computers or multi-machine systems?
What new opportunities appear at the enterprise with the advent computer network?
And finally, does a business always need a network?

Without going into details, the ultimate goal of using computer networks at the enterprise is to increase the efficiency of its work, which can be expressed, for example, in increased profits. Indeed, if, thanks to computerization, the production costs of an existing product were reduced, the development time for a new model was reduced, or the servicing of consumer orders was accelerated, this means that this enterprise really needed a network.

Conceptual advantage of networks, which follows from their belonging to distributed systems, before autonomously operating computers is their ability to perform parallel computing. Due to this, in a system with several processing nodes it is in principle possible to achieve productivity, exceeding the currently maximum possible performance of any individual, no matter how powerful, processor. Distributed systems potentially have best ratio performance/cost than centralized systems.

Another obvious and important advantage of distributed systems is their higher fault tolerance. Under fault tolerance it is necessary to understand the ability of the system to perform its functions (maybe not in full) in the event of failures of individual hardware elements and incomplete data availability. The basis for increased fault tolerance of distributed systems is redundancy. Redundancy of processing nodes (processors in multiprocessor systems or computers in networks) allows, if one node fails, to reassign tasks assigned to it to other nodes. To this end, a distributed system may have dynamic or static reconfiguration procedures. IN computer networks some data sets may be duplicated across external storage devices several computers on the network, so that if one of them fails, the data remains available.

The use of geographically distributed computing systems is more consistent with the distributed nature of application problems in some subject areas, such as automation technological processes , banking, etc. In all these cases, there are individual consumers of information dispersed over a certain territory - employees, organizations or technological installations. These consumers solve their problems autonomously, so they should be provided with their own computing means, but at the same time, since the problems they solve are logically closely interrelated, their computing means should be combined into common system. The optimal solution in this situation is to use a computer network.

For the user, distributed systems also provide advantages such as the ability to share data and devices, as well as the ability to flexibly distribute work throughout the system. This division of expensive peripheral devices- such as high-capacity disk arrays, color printers, plotters, modems, optical drives - in many cases this is the main reason for deploying a network in an enterprise. A user of a modern computer network works at his computer, often without realizing that he is using the data of another powerful computer located hundreds of kilometers away. He sends e-mail via a modem connected to a communications server shared by several departments in his business. The user gets the impression that these resources are connected directly to his computer, or "almost" connected, since working with them requires little additional action compared to using truly native resources.

Recently, another incentive for deploying networks has become dominant, one that is much more important in modern conditions than saving money by sharing expensive equipment or programs among corporate employees. This motive was the desire to provide employees with prompt access to extensive corporate information. In conditions of fierce competition in any market sector, the winner is ultimately the company whose employees can quickly and correctly answer any customer question - about the capabilities of their products, about the conditions for their use, about solving various problems, etc. even a large enterprise good manager It is unlikely that he knows all the characteristics of each of the manufactured products, especially since their range can be updated every quarter, if not month. Therefore, it is very important that the manager has the opportunity from his computer connected to corporate network, say, in Magadan, transfer the client’s question to a server located in the central office of the enterprise in Novosibirsk, and promptly receive an answer that satisfies the client. In this case, the client will not contact another company, but will continue to use the services of this manager in the future.

Networking Leads to Improvement communications between employees of an enterprise, as well as its customers and suppliers. Networks reduce the need for businesses to use other forms of information transmission, such as telephone or regular mail. Often, the ability to organize e-mail is one of the reasons for deploying a computer network at an enterprise. New technologies that make it possible to transmit not only computer data, but also voice and video information over network communication channels are becoming increasingly widespread. Corporate network, which integrates data and multimedia information, can be used to organize audio and video conferences, in addition, its own internal telephone network can be created on its basis.

Benefits of using networks

The integral advantage is increasing the efficiency of the enterprise.
Ability to perform parallel computing, due to which productivity can be increased and fault tolerance.
Better suited to the distributed nature of some application problems.
Ability to share data and devices.
Possibility of flexible distribution of work throughout the system.
Quick access to extensive corporate information.
Improving communications.

Problems

The complexity of developing system and application software for distributed systems.
Performance issues and reliability data transmission over the network.
Security problem.

Of course, when using computer networks There are also problems associated mainly with organizing effective interaction between individual parts of a distributed system.

Firstly, there are problems with software: operating systems and applications. Programming for distributed systems is fundamentally different from programming for centralized systems. Thus, a network operating system, in general performing all the functions of managing local computer resources, in addition solves numerous tasks related to the provision of network services. Network application development is complicated by the need to organize working together their parts running on different machines. Ensuring the compatibility of software installed on network nodes also causes a lot of trouble.

Secondly, many problems are associated with transporting messages over communication channels between computers. The main tasks here are to ensure reliability (so that transmitted data is not lost or distorted) and performance (so that data exchange occurs with acceptable delays). In the structure of the total costs of a computer network, the costs of solving “transport issues” make up a significant part, while in centralized systems these problems are completely absent.

Third, there are security issues that are much more difficult to resolve on a network than on a standalone computer. In some cases, when security is especially important, it is better not to use the network.

There are many more pros and cons that can be cited, but the main proof of the effectiveness of using networks is the indisputable fact of their ubiquity. Today it is difficult to find an enterprise that does not have at least a single-segment network personal computers; More and more networks with hundreds of workstations and dozens of servers are appearing; some large organizations are acquiring private global networks that unite their branches located thousands of kilometers away. In each specific case there were reasons for creating a network, but the general statement is also true: there is still something in these networks.

Department networks

Department networks- These are networks that are used by a relatively small group of employees working in one department of the enterprise. These employees handle some common tasks, such as accounting or marketing. It is believed that the department may have up to 100-150 employees.

The main purpose of the department network is separation local resources such as applications, data, laser printers and modems. Typically, departmental networks have one or two file servers, no more than thirty users (Fig. 10.3) and are not divided into subnets. Most of an enterprise's traffic is localized in these networks. Departmental networks are usually created on the basis of one network technology - Ethernet, Token Ring. In such a network, one or at most two types of operating systems are most often used. A small number of users allows departmental networks to use peer-to-peer network operating systems, such as Windows 98.

Rice. 10.3.

Network management tasks at the departmental level are relatively simple: adding new users, troubleshooting simple failures, installing new nodes and installing new software versions. Such a network can be managed by an employee who devotes only part of his time to performing administrator duties. Most often, the department's network administrator does not have special training, but is the person in the department who understands computers best, and it naturally turns out that he is involved in network administration.

There is another type of network that is close to departmental networks - work group networks. Such networks include very small networks, including up to 10-20 computers. The characteristics of workgroup networks are practically no different from the characteristics of departmental networks described above. Properties such as network simplicity and homogeneity are most evident here, while departmental networks can in some cases approach the next largest type of network, campus networks.

Campus networks

Campus networks got their name from the English word campus - student town. It was on university campuses that there was often a need to combine several small networks into one large one. Now this name is not associated with college campuses, but is used to designate networks of any enterprises and organizations.

Campus networks(Fig. 10.4) combine many networks of different departments of one enterprise within a single building or one territory covering an area of several square kilometers. However, global connections in campus networks are not used. Services on such a network include interoperability between departmental networks, access to shared enterprise databases, and access to shared fax servers, high-speed modems, and high-speed printers. As a result, employees of each department of the enterprise gain access to some files and network resources of other departments. Campus networks provide access to corporate databases no matter what types of computers they reside on.

Rice. 10.4.

It is at the campus network level that problems arise in integrating heterogeneous hardware and software. The types of computers, network operating systems, and network hardware in each department may vary. This leads to the complexity of managing campus networks. In this case, administrators must be more qualified, and the means of operational network management must be more effective.

Enterprise networks

Corporate networks also called enterprise-wide networks, which corresponds to the literal translation of the term "enterprise-wide networks" used in English literature to refer to this type of network. Enterprise networks ( corporate networks) combine a large number of computers in all areas of a separate enterprise. They can be intricately connected and capable of covering a city, region or even a continent. The number of users and computers can be measured in thousands, and the number of servers - in hundreds; the distances between the networks of individual territories are such that it is necessary to use corporate network Various types of computers will certainly be used - from mainframes to personal computers, several types of operating systems and many different applications. Heterogeneous parts corporate network should work as a single unit, providing users with as convenient and easy access to all necessary resources as possible.

Enterprise networks ( corporate networks) combine a large number of computers in all areas of a separate enterprise. For corporate network characteristic:

scale - thousands of user computers, hundreds of servers, huge volumes of data stored and transmitted over communication lines, many different applications;
high degree of heterogeneity - different types of computers, communications equipment, operating systems and applications;
use of global connections - branch networks are connected using telecommunications means, including telephone channels, radio channels, and satellite communications.

Appearance corporate networks- this is a good illustration of the well-known postulate about the transition from quantity to quality. When individual networks of a large enterprise with branches in different cities and even countries are combined into a single network, many quantitative characteristics of the combined network cross a certain critical threshold, beyond which a new quality begins. In these conditions existing methods and approaches to solving traditional problems of smaller-scale networks for corporate networks turned out to be unsuitable. Tasks and problems came to the fore that were either of secondary importance or did not appear at all in the networks of work groups, departments, and even campuses. An example is the simplest (for small networks) task - maintaining credentials about network users.

The simplest way to solve this is to place each user's credentials in the local credentials database of each computer whose resources the user should have access to. When an access attempt is made, this data is retrieved from the local account database and access is granted or denied based on it. In a small network consisting of 5-10 computers and approximately the same number of users, this method works very well. But if there are several thousand users on the network, each of whom needs access to several dozen servers, then, obviously, this solution becomes extremely ineffective. The administrator must repeat the operation of entering the credentials of each user several dozen times (according to the number of servers). The user himself is also forced to repeat the logical login procedure every time he needs access to the resources of the new server. A good solution to this problem for a large network is to use a centralized help desk, in the database of which are stored Accounts all network users. The administrator performs the operation of entering user data into this database once, and the user performs the logical login procedure once, not to a separate server, but to the entire network.

When moving from a simpler type of network to a more complex one - from department networks to corporate network- the coverage area is increasing, maintaining computer connections is becoming more and more difficult. As the scale of the network increases, the requirements for its reliability, performance and functionality increase. An increasing amount of data circulates across the network, and it is necessary to ensure that it is safe and secure, as well as accessible. All this leads to the fact that corporate networks are built on the basis of the most powerful and diverse hardware and software.

Popular in the category: