Questionnaire for Library users and Library personnel
- Do you use the existing Library?
Yes No
- What relation are you to the library?
Library staff User
- Do you use the existing PCs for work?
Yes No
- Do you use the existing PCs to find/order books within the library?
Yes No
- Do you feel more PCs are needed in the library?
Yes No
- Do you believe the Library PCs need an internet connection?
Yes No
- Please add any views you have on the current library system, and any improvements you feel would enhance the library system.
Other methods can be taken out in order to gain systems analysis of the specified problem as discussed above. Other techniques include;
- Interviews
- Observation
- Questionnaire, which I used to gain knowledge about what users might need.
(P4) Evaluation Record the findings of the analysis in a logical way
Question 1, filtered out any questionnaires that were of no value … 50 answered yes they did use the library, the rest were discarded
Question 2, relates to the Library personnel and user segment of my population, this question will show if the library personnel needs differ from users
Question 3, is aimed at visitors; this question finds that almost all users use the library resources for work
Question 4, found that just under half the user population used the library PC resources for book and library tools, in correlation to question 3 this shows most users whom come to the library use the PCs more for work then anything else.
Question 5, found that everyone wanting more PCs in the library
Question 6, also showed that almost everyone (18 people out of 20) wanting an internet connection
Question 7, found that a new system for the library booking and reserving system is wanted but no one suggested any way to implement this.
I could also use the feedback form that can be filled in form end users and implement a system in which these are returned to problem solve.
(P5) Task 3 -Design an outline solution to a specified problem
A network solution for my chosen subject, a library, will need to reach these requirements:
- Provide individual workstations within the library with Internet services, to the college campus and to printers.
- Efficiently run a library system with chosen software.
- Provide separate end-user groups each with appropriate security privileges.
- Provide a security plan to keep the network secure from internal and external threats
To create a complete network solution I need to have a better understanding of each of the library personnel’s routines and processes. I also need to research the existing library system software, to find out what it can presently do and what it is unable to do and also their requirements from a network. I need to find a way in which I can achieve this level of knowledge needed. I am going to visit both my local library in Kettering and also look at the college library. I will take with me notepads so that I can enquire about what everyday functions they perform and what kind of network they run. As well as writing down the obvious advantages and disadvantages, I will also ask them what problems they have run into, so that I can try and use them towards my network solution for my proposed library. I need to carry out all of these tasks, which will include research and various problem solving before I move onto Task 3. This is because by then I need to have decided most aspects of my library network system and I should by then understand the requirements fully.
Without some type of network, a library system would find it almost impossible to operate efficiently. This is because there should be some kind of database in the centre of all operations taken at the point of transaction between staff and the customer. There is the need for a constant flow of information back and forth between the library systems in order for the library to work on any level.
Any library would have to keep records of every separate transaction as well as having the ability to change, edit or modify any existing stock. As well as being able to maintain the book database, customer details should not be forgotten, each user of the library should have their own personal records so that the library knows their address or phone numbers should there be any need to contact them with an enquiry. The library would need to have their own database to keep track of which user has borrowed which book, as well as their loan history. This would all be on the library ‘database server’. Because this library system is physically integrated to the actual library network, processes such as the basic customer information and details data can be stored on the database itself and accessed by the library computers, automatically adding and deleting profiles as and when it is necessary, only but the correct group though.
My solution is increase the number of computers systems available to the end users and to provide some sort of network to provide the library users and staff to some kind of networking resource sharing, which can be of printers and of files.
Development
Users for the proposed new system
There are four end user types who will be using this library network structure, each of the groups will need to use the system for their own roles, responsibilities and requirements.
General public:
This group of users are the main purpose of the installation of a new system. It is this group that the library provides a service for so that users can borrow books from the library and use the library’s resources, including printers and internet access. The customer will only need limited access to the network so they can access the Internet and possibly the chance to use resources provided to them from the library, such resources can include applications or documents. Programs could include encyclopaedias or maybe a learning program for disabled users, which is important so that such a user can access these specific programs on any computer found on the network. The public might also need access to part of the library system software itself, so that they can search for whether a book is being held at the library and its availability. At this present time, I don’t think personal details need to be kept on the workstations nor on the public network, as the computers are being used as stand alone computers. This kind of information is kept in the main database and only accessible to the library staff and those above them.
Library staff:
These end users are responsible for loaning out borrowed books, edit details and collect fines. They need a higher level of access compared to the general public, so they can use the library system software to monitor customer details including modifying. These users also have to maintain the physical library, although these are not directly related to the network, they need access important data from the library software. These end users have the responsibility to keep the library running smoothly and to perform maintenance.
Library management:
These end users might also have to add, delete and modify customer details, as well as having to manage stock and perform routine tasks for the up keep of the library premises. They require full access to the library system software and to all of its functions, much like an administrator. The library management can consist of up to 10 people and they will also have the option to carry out the tasks just like the library staff do, checking in and out of books and monitor fines. They have the responsibility of overlooking all transactions, and everything to do with keeping both stock and details correct. This can also include adding new books to the system and keeping the library network system running smoothly and efficiently.
Network administrators:
These end users keep the physical network and network operating system up and running, as well as any additional library system software, like the software that has been written specifically for this organisation. They are in control of fixing all problems, big and small and also for the maintenance of carrying out routine administration tasks. They require full access to the network to perform their jobs correctly. They have the responsibility to keep the system up and running, keeping it secure and safe and to fix both network and individual customer problems.
I can incorporate the last two users as they have similar requirements and therefore eliminating the confusion between two separate permissions having to be set.
Security
Implications for security
If the whole library system includes and holds all records of transactions, then this is open to abuse. In my case, the library system is going to be connected to one single network, which definitely means there are security issues to consider. This is all under the one domain, being ‘LIBRARY.com’ and all nodes have their own internal IP address, connecting eventually to possibly 2 internet IP addresses that are connected to the ISA server, which splits my network up for internal use. Because there must be a physical link from any of the library workstation computers to every other device, there is the possibility that anyone and everyone can have unrestricted access to private information in which the library does not want to give library users access to.
This is the worst case scenario and can easily be configured to prevent this from happening. It is possible, with the right security measures to make the whole network secure. By using ‘permission rights’ it is possible to control everybody’s access patterns and privileges. For example the network administrator can give library users access ONLY to appropriate resources without them having any knowledge that the workstation is physically connected to any delicate information, because they wouldn’t actually see the rest if the network under their security group in which they have been placed by the administrator. There are many other methods that are used for security of the network I want to put in place, including IPsec, which I will discuss later on along with other techniques.
The only and main security feature I will be utilising is setting permissions for each user groups, this treats each user individually, without the trouble of having to configure them all separately. I will be showing this process of configuration in my practical part of this project.
I am going to have to set the Windows 2000 Professional operating system to ask the user to input their user login that is found on the membership ID card, so that the system can authorize the user and decide what user group they are part of. This in turn sets up and loads the appropriate security policy for the users experience on the workstation. They will have to abide to their permissions that the specific ‘user group’ has been set by the server machine, in which permissions were set, which will probably be the DHCP. This would be the same for the library personnel, although they would be under the user group ‘staff’. I will discuss groups a little later and will decide on security permissions later, but this is a very important stage in my network configuring.
Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
Permissions
Permissions are set where a user might be granted read access to a file, meaning that the user can read the file but cannot modify or delete it. Because of only two distinct end-user types, the library staff and the public, only two permission levels will need to be implemented, security wise the network can be designed to be extremely secure. I will connect all of the possible workstations to the library network so then they have the possibility of being part of the system or being a standalone PC depending on the kind of use it is intended for. An example of this would be if the workstation need be set up for a disabled user, in which case the normal computer procedure would be inadequate. This computer must have the options and features to support such users, but also have internet access meaning it must in someway be connected to the network.
Groups
I am going to have TWO groups, customers and staff. The user’s related groups themselves will be the entity that will be configured for these rights and not the specific machine that they are working on. This is because the user that uses the system will be part of a group, if they are not then the default action that will happen is for the prevention of access as they do not have the privileges. This I feel is going to work for my organisation although it might not work any where else as the computers can be worked upon by anyone.
I have to ask myself certain questions, such as, why should different users need separate resources? This is because of the access required by the different groups are not going to be uniform along all of the users. A customer will not and should not be given access to system configuration in any way as it is not their place to be tampering. They are using the system entirely as a resource, and the same applies for network management who do want to have these permissions to edit configuration settings
My library has two main users and therefore will need to have two groups. These user groups can span across to other LAN’s as long as they are within the same domain. There is the possibility of different domains and using tree and forest rules or practise but this would not be necessary for my library system that I want to create. This would allow the two user groups to share and access resources, the same as if they were part of the LAN that is directly connected via my extended star topology with my servers. A lot will depend on compatibility between the two remote LAN’s but this shouldn’t be a problem if the idea of branches connection was thought about carefully, like making sure the network operating system is being used and will also depend exactly how the folders and files are accessed.
One method is to have folders only accessible to certain user groups, with all files and data inside only accessible by that group who has rights to the folder. This would allow individual folders for users and file sharing within user groups. This also applies to resources such as a printer; software server side could be set to only allow certain user groups to print from that particular printer, that printer would be invisible to the other user groups in the operating system environment to avoid confusion. This will be controlled by my dedicated print server in my system.
The way in which access can be given to other branches would be described when looking at my main diagram of my proposed system. That shows how there is the possibility of a different LAN could access resources over the internet or in a different location, even from different floors by using distribution boxes that can transport between floors. However, my system uses the SAME DOMAIN, as it is not a tree and therefore not a forest. The fact it is part of the same domain, means user groups apply and therefore the sharing methods of giving users from the same department (this case a library) in different branches across the county, would be able to access resources by using file/folder structures and user groups set by the appropriate server, whether it be ISA for the IP addressing scheme or the print server.
The library only needs to house up to twenty workstations, using an appropriate address scheme, only one outside IP address will need to be registered to allow all these machines to independently access the internet through the libraries network. If this network was to remain private and offline, then IPs could be assigned at random as long as each one is different. But because this network will be online, connected to the Internet, the IP address needs to be registered to avoid having multiple addresses.
There are three classes of IP address used currently,
- Class A - supports 16 million hosts on each of 126 networks
- Class B - supports 65,000 hosts on each of 16,000 networks
- Class C - supports 254 hosts on each of 2 million networks (Because a segment of an IP can hold a maximum of 255 numeric numbers.)
Having a class C IP address scheme for this environment will be suitable for my project as it will only use one domain and having a higher class will create more time-consuming work into IP addresses which I don’t need to use.
Implementing a network includes installing; setting up, and maintaining the whole network process, therefore constant resources are required.
Skilled manpower would be the most important resource at first, although after the initial install only two administrators would be required for the most part. Therefore other personnel could be hired just to install and set-up the network.
This would also include Carpenters to take up floor boards and carpets and Network Cable Installers to wire and thread the cables into the building as these cables cannot just be left scattered across the floor after the testing process has been completed. Partly because
Extensive time, if considered a resource would be needed for installing and configuration of a network, as even with a comprehensive schedule, networks are prone for teething problems and set backs are most likely to occur.
As discussed earlier, the library environment will be divided into two distinct groups, Administrators, Library personnel, and users. Administrators will be given full control over every aspect of the network in their own group inside the active directory, separate from the other two groups as they will be root users. Library personnel will be given read/write, manage and modify privileges to printers and the application server but no access to the database servers or any network services including the active directory. Therefore they will not be able to add or remove users or change anybody’s passwords except their own accounts.
Users will be given read and execute permissions for the folder with the client version of the micro library system installed to. Read/write modifies permissions to their personnel folder and full control over printers.
No other workstations will be allowed to be introduced to the network. This will be ensured by eliminating any redundant network ports or keeping them locked away, also by the use of the DHCP scope, keeping it small enough to block any other intruding devices but large enough to allow for expansion.
(P6) Task 4 - Produce a test plan for the inputs to the completed systems design.
For my test plan, I set up a simple network reflecting the domain structure and the essential network services such as DNS and DHCP for example. I created some example user accounts and groups to demonstrate access to resources. Be sure to test that user accounts can only access the resources that you planned for. Configure some accounts so that they can be used to perform limited administrative tasks. Modify your plan in the light of your experience and add any comments relating to your experiences that could be used to inform others of problems to avoid and solutions to employ if problems do occur.
From my test experience I found that mostly my project plan is correct except for a few minor issues. From my test plan I suggested giving unauthorized users full access to the printers. But in actual fact giving visitors this privilege allows them to change properties and disable the printers, also it will allow them to cancel other peoples documents. But from my tests I have found it is possible to give permissions to only print and not control any other function over the printer, which shall be included in the project plan.
We experienced a problem with the DHCP service not operating properly before any IP scopes were set. Terminating the service and then re-starting it rectified this. This problem didn’t occur again after then IP addresses were set.
To avoid running out of IP addresses I suggest adding a few redundant Ips into the DHCP scope. The library will use 30 workstations to begin with, but to allow for expansion I suggest making a scope house 50 available IP’s, say from 192.168.0.1 to 192.168.0. 51
In my test six users were created in the active directory, Jason Mann, George, Sam, Craig, Frank and Dave.
A group called print operators was created, (With users Jason and George as members) Full control over printers including Print / Manage Printer / Manage documents. This group was successful and had no problems with accessing the printer. This group represented Library personnel.
User Craig was also entered to the printer’s security properties and allowed Print and Manage documents permissions to this printer and was successful in pausing and canceling a job on this printer. This permission policy will be given to visitors but only on the four public printers. The one other printer, which is kept for library personnel, will deny any access for the whole library users group. User Frank tested this by having his permissions revoked and was denied access by Windows.
User Sam from a client workstation created a folder called books. He was given Full permissions (Read write execute) from the one level up folder. This shows that permissions can be given in a hierarchical format, so if a user has permissions to a root folder all the folders inside will also share the same permission for this user.
The actual install of Windows 2000 professional is a time consuming process, especially as this needs to be repeated for each workstation. Instead of using the conventional method of manually installing on each workstation as I did on my tests, the library could set up a server first, and then perform a network install of Windows 2000 professional to each workstation.
Conclusion
The Library Premises
The library in which I am installing my network is medium sized, with only two large areas. I only have one section in which to work in, being the open area of the library floor space. The library is split into two areas, one where the books are shelved and stored, the other being open and used for various tasks such as customer desk where the general public sign in and out books as well as where the public use computers situated along the wall. The workstations that I want to implement are going to be set up along the walls and on designated benches.
The cat5 network cable will run along the wall covered by installation plastic to create a tidy environment. These will then be sent to the relevant workgroup switch which is going to be situated in the main library office.
Shielded twisted pair has been opted instead of standard unshielded twisted par throughout the network, thus removing most electronic interference disrupting the network. As an added precaution the use of mobile hone will be forbidden inside the library. Mobile phones use multiple frequencies to broadcast even when they are idle and have a reputation for general electrical interference.
The actual building itself doesn’t need any major modifications to keep the network sound, mainly because of the nature of the network not using any wireless technologies and using Shielded cable. The only exception is for wiring under the floorboards and through walls.
The same will apply for the staff computers. This will consist of around five workstations behind the main entrance desks in my library and will be connected to their own workgroup switch, which will be situated in the main office. This fact that there is a separate workgroup switch dos not affect its purpose, as it only provides the physical port connection to the network and devices. As I have stressed in my project plan, the access granted depends entirely the user group in which the user in.
The office is the main station as to where my equipment will be joined together and maintained. The office will have the two switches connected directly to my server machine, which will be on constantly throughout the operation. There is no need for a scrabble of wires as these will be arranged neatly with cable ties and appropriate shielding. The shielding does not have to worry about electrical interference as there is no source around my library. All that is important is that I have chosen the correct media to transfer my data and that the equipment is organised so that should problems arise, things are simple to understand. Other equipment such as firewall and routers are also found in the office, so is the DSL connection and network attached storage.
The placement of relevant servers is an important factor to consider, but so is the surrounding environment. I feel that my library office is sufficient enough for security and maintenance procedures that might take place in the future months after my system goes live. All servers, including interconnection devices should be correctly stored, preferably with a cool air flow and security on the door entrance. The rooms size must be spacious should the introduction of web servers be a reality in the future. I have everything on target at the moment, with my main server machine and its Windows 2000 Server OS controlling everything to do with configuration of my network including DHCP and sharing resources with permissions set.