You are on page 1of 13

SECTION 16716 IT CONVERGED NETWORK SYSTEM (ACTIVE COMPONENTS) PART 1 GENERAL 1.1 DESCRIPTION A. B.

The work shall consist of all active equipment, software, servers to operate all the converged project services. The active network equipment shall support high-speed standards based 10/100/1000 Mbps and 10 Gbps switched, multi-protocol, Ethernet network, providing converged IP services based on ANSI/TIA/EIA and ISO standards. Full redundancy shall be provided at all levels of the network infrastructure (Core and Edge layers) All network end-points and outlets shall support minimum of 10/100/1000 Mbps operation and Power Over Ethernet. Network cabling is covered in Section 16715 (VOICE AND DATA CABLING). IT contractor shall coordinate , check and approve the cabling system to make sure it can fulfill all IT requirement The network topology shall be a two-tier model with Edge and Core Layers. All switch interconnections shall be dual 10 Gbps. Supplemental LAN coverage shall be provided via 802.11a/b/g/n Wireless Access Point (WAP) devices within specific areas. Incoming services are provided by an outside carrier (STC), including, voice, data, internet, video & IPTV. Global Services for Mobility (GSM) are provided by STC, Mobily.

C. D. E.

F. G. H. I. 1.2

REFERENCES A. IEEE - Institute of Electrical and Electronic Engineers IEEE 802.1 IEEE 802.1S IEEE 802.1W IEEE 802.1X IEEE 802.1D IEEE 802.1P LAN Bridging and Management

ITCC in Riyadh Residential Complex J10-13300

16716-1

Converged Network System

IEEE 802.1Q IEEE 802.3 IEEE 802.3AD IEEE 802.3AF IEEE 802.3X IEEE 802.3U IEEE 802.3ABZ IEEE 802.3AN IEEE802.11 IEEE802.11a IEEE802.11b IEEE802.11g IEEE802.11n 1.3 Basic Criteria: A. Communication systems within the hotel will be required to support the business needs of the operations, namely Information Technology, Telecommunications and Electronic Systems using a common backbone and unified structured cabling system. A managed IP based Ethernet switching system will be utilized with core active equipment located in the main telecommunication Room at basement floor and edge active equipment located in deferent communication rooms at all floor. Hotel shall have a complete LAN system based on fiber optic and UTP CAT 6a cables using TCP/IP. All the communication system shall be IP based following the latest trend in the world market. The communication systems can be considered as three separate components of an integrated system:The Physical Layer: The Fiber Optic Backbone, Structured Cabling System and associated Equipment rooms and spaces. The Transport layer: The Active Network Hardware, Switches and Routers. The Application Layer: The Software Applications such as the Hotel PMS System and as per IHG specs. The system shall include, but not limited to: Transport layer (core switches, edge switches, VLANS) Network security Network management
16716-2 Converged Network System

Ethernet, CSMA/ CD Access Method

10 GBASE T Standards 2006 Wireless LANs

ITCC in Riyadh Residential Complex J10-13300

Wi-Fi Servers and Software B. Transport Layer The Transport layer is a term used to describe the active components of the data network. The design of the active network is based on a layer 3 cores and edge distribution topology. Core The core Ethernet switch equipment will be located in the main telecom Room. The core switch backplanes will in turn be connected via dual 10 Gb vertical fiber channel optical cabling to the communication rooms located on each floor. The core switch will be provided in a dual redundant configuration. Edge Dual redundant vertical fiber channel cables will be terminated to 10/100/1000Mbps Ethernet edge switches located in each comm. Room. The edge switch ports will in turn be connected via 10/100/1000Mbps category 6A UTP horizontal cabling to individual data outlets on that floor. Edge switches will be provided in a dual configuration of standard ports or Power over Ethernet (POE) ports as required for equipment such as Voice over IP telephony end points and Wi-Fi transmitters that derive their power from the data network. VLANS VLANS (Virtual LAN) are utilized within the switch software configuration in order to segregate services and increase security between users. The primary security consideration is to completely segregate the Guest network from the Administration network. Additionally, separate V-LANS will be configured for individual networks as follows:Administration LAN / P.O.S. / WiFi Guest WiFi Guest VoIP IPTV / HiTV C. Network Security A layered approach to Network Security shall be adopted as follows:Perimeter Individual network zones shall be firewalled and protected via software antivirus and intrusion detection applications. End point security shall be provided so as to validate and authorize wired or wireless connectivity.

ITCC in Riyadh Residential Complex J10-13300

16716-3

Converged Network System

Core Network access control shall be provided incorporating Host ID and MAC based filtering to ensure that unauthorized communication is disconnected D. Network Management A centralized Network Management System shall be provided in order to manage the network configuration as well as providing wired and wireless device information, system manageability and system wide awareness of changes in the network. The Network Management System shall provide the following capabilities:Discovery of network devices and calculate Layer 2 relationships to provide views of the network by different views including LAN edge view and a general Layer 2 view. Topology maps to indicate the discovery and Simple Network Management Protocol (SNMP) status of network devices. Tools for creating, deleting and editing VLANs. User tracking functions to correlate MAC address and IP address to switch ports. Path analysis tools to perform path analysis for Layer 2 and Layer 3 devices using the device host name or IP address. Change monitoring log recording users and applications which are active on the network. E. Wi-Fi Full Wi-Fi Coverage according to wireless standard IEEE 802.11 shall be provided in all public areas, lobbies and lounges, food & beverage outlets, meeting rooms, administration areas barking areas and all guest rooms. Voice over Wi-Fi shall be used to provide staff and customers with mobile telephone service. Security segregation between wireless networks shall be provided via VLAN and SSID (Service Set Identifier) allocation. All wireless access points shall be password protected and only accessible through Secure Sockets Layer (SSL) connection. Wi-Fi access points will in many cases be located above ceilings and it should be noted that access panels will be required for service and maintenance. The Wi-Fi distribution will employ a minimum of three channels and will be designed so as to avoid overlap. F. Server and Software Servers
ITCC in Riyadh Residential Complex J10-13300

All servers shall be in the server room within cabinets Servers shall have the latest operating system patches installed. Access to server must be controlled by a user logon and password Servers must be backed up as per operator standards

16716-4

Converged Network System

Software 1.4 SUBMITTALS: A. B. Product Data: Include data on features, ratings, and performance for each component specified. Shop Drawings: Include dimensioned plan and elevation views of each individual component. Show equipment assemblies, method of field assembly, workspace requirements, and access for cable connections. Wiring Diagrams: Show typical wiring schematics including workstation outlets, jack and jack assemblies, patch cords, patch panels, fiber-optic boxes and other equipments. Samples: For workstation outlets (TO), jacks, jack assemblies, and faceplates for color selection and evaluation of technical features. Switches specification and data sheet (if applicable). Software applications shall run over the data network for deferent business applications as per operator requirements and standards Anti-virus software will be used on all servers, desktop and laptops Anti-virus definition will be updated on a daily basis All software running on servers, desktop and laptops must be licensed A detailed manual must be available showing the emergency plan case of system failure The emergency plan must be tested and updated as per operator standards to ensure accuracy

C.

D. E. 1.5

TRANSPORTATION, HANDLING AND STORAGE: A. B. Deliver equipment and components in factory-fabricated containers or wrappings, which properly protect equipment from damage. Store equipment and components in original packaging. Store inside in a wellventilated space protected from weather, moisture, soiling, humidity, and extreme temperatures. Handle equipment and components carefully to prevent damage, breaking, and scoring of finishes. Do not install damaged units or components; replace with new.

C. 1.6

WARRANTY: A. The manufacturer must guarantee to the End User that the products referenced within the specific Warranty Modules (Class E System) when correctly installed in accordance with installation guidelines: 1. 2. Will be free from product defects in materials and workmanship Are guaranteed to exceed the Class E Channel and Permanent Link requirements as specified in ISO/IEC 11801:2002
16716-5 Converged Network System

ITCC in Riyadh Residential Complex J10-13300

3.

Supports the following application (not limited): 10BASE T Ethernet 100BASET Fast Ethernet 1000BASE TX Gigabit Ethernet 10GBASE-T 155Mbit ATM 1000Mbit ATM (CB1G) 10GBASE-T

4. B.

For a duration of 20 years

All components including the patch cords have to be produced by the same cabling system manufacturer to ensure warranted performances and applications against the standards.

1.7

QUALITY ASSURANCE: A. Manufacturer's Qualifications: The items provided under this contract will be from manufacturers that have a minimum of 5 years experience in producing the types of systems and equipment specified. Installer Qualifications: Specialist subcontractor with at least 5 years of successful installation experience with projects utilizing data system similar to that required for this project. Subcontractor shall be subject to approval of Engineer. Materials and installation shall comply with the specified Codes and Standards. Single Source Responsibility: All components and accessories shall be product of single manufacturer except for cables.

B.

C. D. 1.8

ENVIRONMENTAL REQUIREMENTS: A. Connecting hardware shall be rated for operation under ambient conditions of 0 to 60 degrees C and in the range of 0 to 95 percent relative humidity, noncondensing.

PART 2 PRODUCTS 2.1 GENERAL REQUIREMENTS A. All Data equipment shall be rack mounted in standard 19-inch racks within racks and cabinets. Contractor is responsible for providing fans, shelves, drawers, special power wiring, earth connections, surge suppression, patch panels, patch cords, cables, connectors, appurtenances, and adapters of any kind necessary to accommodate the system installation, operation, testing, or maintenance. Contractor shall provide the appropriate factory or custom rack mount adapters for all equipment installed in the equipment rack, whether specifically itemized or not. Contractor shall cover unused slots using blank panels. 1. Each active device shall be accessible from a network console or auxiliary RS-232 port.

ITCC in Riyadh Residential Complex J10-13300

16716-6

Converged Network System

2. 3. 4. 5. 6. 7. 2.2

Each active device shall be capable of generating Simple Network Management Protocol SNMP and SNMPv2 alarms. Multimedia and multicast support shall be provided through use of Internet Group Management Protocol (IGMP). Virtual Local Area Network (VLAN) creation shall be provided based on both port and MAC addresses. Support port mirroring shall be provided. All software for the interconnectivity of LAN devises shall be provided. A Network Management system shall be provided.

NETWORK MANAGEMENT SOFTWARE A. A central network management system shall be provided in order to enable system wide administration and monitoring of the network. The system shall be an industry standard operating system. The application shall be provided, pre loaded onto a 1 GHz single CPU server running Windows 2008 or higher. The Network Management system shall provide the following minimum level of features:1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Discovery of all connected network devices and calculation of Layer 2 relationships Network views including LAN edge view, and Layer 2 view. Simple Network Management Protocol (SNMP) status of all network devices Layer 2 and Layer 3 device path-analysis and map or table Automated fault detection Creation, editing and deletion of network VLANS Mapping of device MAC, IP address and user ID to switch ports Monitoring and log file creation Device reporting to include software versions, memory availability, slot availability and Boot ROM Scheduling of software and configuration updates to selected devices.

2.3

CORE SWITCHES A. Individual dual redundant Core Switches shall be provided for the guest and administration networks and installed in MDF room locations as indicated in the drawings. It is essential that the Core Switches fully support the TVoIP, Digital Signage and NPVR multimedia applications and are capable of Protocol Independent Multicast
16716-7 Converged Network System

B.

ITCC in Riyadh Residential Complex J10-13300

(PIM), Source-Specific Multicast (SSM), Pragmatic General Multicast (PGM), Fast Leave / Fast Join and IGMP V1 & V2 Snooping protocols. C. Contractor shall be entirely responsible for complete compatibility between the network equipment and the services that are required to run on the network. 1. The Core Switches shall provide the following minimum performance and features:a) b) c) d) e) f) g) h) i) j) 2. Dual with redundant power supplies Passive backplane architecture 9-slot (minimum) modular Chassis. Minimum 720-Gbps architecture. Minimum hardware based forwarding rate on Layers 2, 3 and 4 of 350 Mpps. RIP, OSPF and BGP routing protocol Support IPv6 hardware support MPLS hardware support Support of multicast and broadcast suppression Support of minimum 500,000 IPv4 routes

The Core Switches shall provide the following minimum QoS features:a) b) c) d) e) f) g) QoS configurable per port. Support for eight queues per port. Strict priority queuing. IP differentiated services code point (DSCP). Classification and marking based on IP Type of Service (ToS) or DSCP. Classification and marking based on full Layer 3 and Layer 4 headers. Input and output policing based on Layer 3 and Layer 4 headers.

3.

The Core Switches shall provide support for the following protocols:a) b) c) Layer 2 switch ports and VLAN trunks. IEEE 802.1Q VLAN encapsulation. Support for 1900 VLANs per switch.
16716-8 Converged Network System

ITCC in Riyadh Residential Complex J10-13300

d) e) f) g) 4.

IGMP Snooping v1 and v2. Link aggregation across line cards. Link Aggregation Control Protocol (LACP). Jumbo Frames (up to 9216 bytes).

The Core Switches shall provide support for the following Security Features:a) b) c) d) e) f) g) h) F TACACS+ or RADIUS, to enable centralized control of the switch and restrict unauthorized users from altering the configuration. Standard and extended Access Control Lists (ACL) on all ports. 802.1x user authentication (with VLAN assignment, voice VLAN, port security, and user VLAN extensions). 802.1x accounting. VLAN ACL (VACL). Port ACL (PACL). Port security SSHv1 and SSHv2

5. 2.4

The Core Switches shall be Cisco Catalyst 6500 Series, Extreme Networks or equal and approved alternative.

EDGE SWITCHES A. B. C. Edge Switches shall be provided and installed in IDF room locations as indicated in the drawings. The Edge Switches shall be enterprise class supporting 802.3af (Power over Ethernet on all ports). It is essential that the Edge Switches fully support the TVoIP, Digital Signage and NPVR multimedia applications and conform to are capable of Protocol Independent Multicast (PIM), Source-Specific Multicast (SSM), Pragmatic General Multicast (PGM), Fast Leave / Fast Join and IGMP V1 & V2 Snooping protocols. 1. The Edge Switches shall provide the following minimum performance and features:a) b) c) Minimum hardware based forwarding rate of 320 Mpps. 5 G Switch fabric. Dual 1 GB Ethernet ports on Single mode fiber.
16716-9 Converged Network System

ITCC in Riyadh Residential Complex J10-13300

d) e) f) 2.

Minimum 16,000 MAC address. Link aggregation. Redundant power supply.

The Edge Switches shall provide support for the following protocols:a) b) c) d) e) f) Layer 2 switch ports and VLAN trunks. IEEE 802.1Q VLAN encapsulation Minimum 256 VLAN per switch Per-VLAN Spanning Tree (PVST). Spanning-tree fast port startup. 802.1s, 802.1w and 802.3ad support.

3.

The Edge Switches shall provide the following minimum QoS features:a) b) c) d) e) f) Traffic Management. Support for eight queues per port Strict priority queuing DSCP (IP Differentiated Services Code Point) Classification type of service (ToS) or DSCP. Per port and per VLAN QoS configuration

4. 2.5

The Edge Switches shall be Cisco Catalyst 3750 Series, Extreme Networks or equal and approved alternative.

WIRELESS ACCESS POINTS A. B. C. The wireless access points shall be IEEE 802.11a/b/g/n compliant and derive their power from the network. The points shall provide both AES and TKIP encryption protocols shall be low profile and unobtrusive with built in antennae. Note: Wireless coverage shall be provided for all areas including back of house, back of house corridors and administration offices. 1. The wireless access point shall provide the following minimum features:a) b) c) Dual 802.11a, 802.11g and 802.11n operation Support for Voice Over WiFi Provision of up to 300 Mbps
16716-10 Converged Network System

ITCC in Riyadh Residential Complex J10-13300

d) e) f) g) h) i) j) k) 2. 2.6

Backward compatibility with legacy 802.11b clients. Support of up to s 15 non overlapping Channels Low profile design with integrated antenna Hardware-Assisted AES Encryption IEEE 802.11iWPA2 Certification WPA Certification Support for PoE to IEEE 802.3af

The Wireless Access Points shall be Cisco Aironet Series or equal and approved alternative.

INTERNET GATEWAY A. Broadband Internet access Gateway is typically provided by the Internet service provider (ISP). In the case where the provider does not supply such equipment, an internet Gateway with the following features is required: 1. 2. 3. 4. 2 x 0/100 LAN interfaces 2 x ADSL interfaces Advanced routing, security and QoS services Integrated Firewall with NAT / PAT functionality

2.7

HIGH SPEED INTERNET ACCESS A. B. C. D. E. All Hotel guest rooms shall be provided with high speed internet access via a VLAN on the building LAN. Physical connection shall be via a dedicated network outlet port located adjacent to the guest room desk. Access to HSIA shall be made available in all Hotel and Mall public areas, lobbies and lounges via the wireless LAN. The system shall auto configure on connection and require zero configuration from the user. The system shall be configurable as a free service or a billable service. Payment methods will include the use of pre paid cards, on line credit card payment or addition to guest folio. The billing system shall support the following facilities:1. Support for billing via Micros-Fidelio
16716-11 Converged Network System

F.

ITCC in Riyadh Residential Complex J10-13300

2. 2.8

RADIUS authentication and authorization

FIREWALL SECURITY DEVICE A. Contractor shall provide individual Firewall Security Devices for the Mall and Hotel in order to provide the respective networks with secure connectivity, protection from malware and malicious attack and to enable the establishment and enforcement of an application policy within the development. The specification of the Firewall Security Device shall be as follows:1. 2. 3. 4. 5. 6. 7. 8. C. Support of multiple 10/100 Ethernet interfaces. Support of VLAN. Support of VPN Support of Client VPN Services Support of Site to Site VPN Support of throughput up to 100 Mbps Support of 3 DES throughput up to 10 Mbps Support of active/active or active/standby failover.

B.

The Firewall Security Device shall be the Cisco PIX 515 Series or equal and approved alternative.

2.9

DMZ A. A DMZ (perimeter network) shall be provided and located between the internal network and the internet access gateway such that secure connections from the internal network (e-mail, web and DNS servers) and the external network to the DMZ are permitted, whereas connections from the DMZ are only permitted to the external network. The DMZ shall be configured using two firewalls such that the DMZ is connected to firewalls, one firewall connected to the internal network and the other firewall connected to the external network.

B.

2.10

INTRUSION PROTECTION A. B. An Intrusion Protection module shall be supplied. The IP module shall detect, classify, and stop malicious traffic. The specification of the Intrusion Protection module shall be as follows:1. 2. 3. Minimum 100 Mbps traffic throughput Multiple 10/100 monitoring interfaces. IDS and IPS service
16716-12 Converged Network System

ITCC in Riyadh Residential Complex J10-13300

4. C.

Embedded web based management / administrative software tool.

The Intrusion Protection Module shall be the Cisco Catalyst IDSM Series or equal and approved alternative.

PART 3 - EXECUTION 3.1 INSTALLATION: A. B. C. D. E. The entire system shall be installed by specialist subcontractor approved by the Engineer. Installation shall be in accordance with the approved drawings and manufacturer's written instructions. Check that all test for Section 16715 (Voice and data cabling) has been carried out as specified. Check certification and guarantees and test reports of section 16715 are provided. All systems on this project are using the same infrastructures and unified IT network. IT contractor to coordinate with all system supplier/contractors to provide the necessary services and check compatibility of all system to the IT network. Test all the security of the system as per security software/hardware manufacturer.

F. 3.2

TESTING A. General: After installation of entire system and prior to acceptance of work, manufacturers standard tests to be conducted in the presence of the Engineer to show proper Operation of each equipment and the system entirely. All test certificates shall be prepared and submitted officially before the acceptance. END OF SECTION

B.

ITCC in Riyadh Residential Complex J10-13300

16716-13

Converged Network System