Running head: BUILDING BLOCKS, LLC NETWORK UPGRADES 1

Building Blocks, LLC Network Upgrades

Jason M. Jeffares

Western Governors University

BUILDING BLOCKS, LLC NETWORK UPGRADES 2

Table of Contents

Proposal Overview......................................................................................................................................3
Problem Summary...................................................................................................................................3
IT Solution...............................................................................................................................................4
Implementation Plan................................................................................................................................5
Review of Other Work................................................................................................................................6
Relation of Artifacts to Project Development..........................................................................................9
Project Rationale.......................................................................................................................................10
Current Project Environment.....................................................................................................................11
Methodology.............................................................................................................................................13
Project Goals, Objectives, and Deliverables..............................................................................................14
Goals, Objectives, and Deliverables Table............................................................................................14
Goals, Objectives, and Deliverables Descriptions.................................................................................15
Project Timeline with Milestones..............................................................................................................17
Outcome....................................................................................................................................................18
References.................................................................................................................................................19
Appendix A...............................................................................................................................................20
Comcast Business Internet Speed Tiers.................................................................................................20
Appendix B...............................................................................................................................................21
Verizon Fios Business Service Tiers.....................................................................................................21
BUILDING BLOCKS, LLC NETWORK UPGRADES 3

Proposal Overview

Problem Summary

Consulting911 has been retained by Building Blocks, LLC – a local Architecture Firm to

evaluate their current Information Technology infrastructure and provide recommendations for

upgrades. Building Blocks began as a single person entity, working from the founder’s spare

bedroom in 2005. Over the past fifteen years, the firm has grown to 3 Architects and a support

staff of 5. The Managing Partner is in discussions with another individual to further expand the

firm to a total staff of 10.

The firm relocated to its current office location in late-2017; a converted 3-story row

home in the ever-growing H Street Corridor in Northwest D.C. When the firm relocated to this

location, the Managing Partner was in a rush to find internet services to service the building and

went with the first available provider he came across. While this service was adequate for the

needs of the firm at the time, technology needs, and the increase in staffing have outpaced the

limits of the current service.

Project staff from Consulting911 had a meeting with the staff from Building Blocks to

discuss their needs both in the office, and while visiting clients at their sites. Several issues

became common themes among most of the staff; most complaining primarily about the lagging

internet speeds, difficulty in sharing files with other members of the team, and the lack of any

ability to access office-based files when away from the office. The Managing Partner, and a

couple other staff members also mentioned overall internet security after reading about the

increasing number of cyber-attacks being perpetrated. This raised some flags about the safety

and integrity of the firm’s data, since their projects are the livelihood of all the staff, and

compromise or theft of their intellectual property could be their downfall.

BUILDING BLOCKS, LLC NETWORK UPGRADES 4

IT Solution

Following the preliminary discussions with the Building Blocks staff, there were four

areas for improvement that are slated for implementation and preliminary objectives:

1. Improve internet connectivity and increase available bandwidth

a. Consideration of available upgrades from current ISP

b. Consideration of an alternative ISP for a second connection

i. Twofold purpose – additional bandwidth, and redundancy

2. Improve network security from malicious cyber actors

a. Installation of a Network border firewall and Intrusion Prevention

System

b. Verifying and improving endpoint security with antivirus and malware

detection along with host-based Intrusion Detection

3. Implement remote access capabilities

a. Implementation of a VPN to allow for remote access to office-based

systems

4. Improve file sharing capabilities for intra-office and remote sites

a. Installation of a Network Attached Storage system

i. Accessible from office-based systems, as well as through VPN

access

Once these solutions have been implemented, the Managing Partner believes this will

result in a more productive and collaborative environment within the office, and result in better
BUILDING BLOCKS, LLC NETWORK UPGRADES 5

relations with the firm’s clients as more project information will be available while making site

visits during all stages of the design and construction process.

Implementation Plan

After an initial survey and assessment of the firm’s current Information Technology

infrastructure, the first item to consider will be looking at ISP service levels and begin the

requisition process for upgrades and new installations as those installation dates can require

advanced planning of up to a month from commitment to installation. Once the ISP installations

and upgrades have been planned, the plan can shift to hardware planning for the Firewall/IPS,

VPN, and NAS. Hardware can be sourced from any of Consulting911’s existing suppliers, or

from one of Building Blocks’ choosing; however, the supplier’s response to COVID-19 may

affect shipping lead times, so that should be considered when making a supplier selection.

After Firewall/IPS, VPN, and NAS hardware has been selected, initial configuration and

hardening can take place at Consulting911’s facility prior to installation at Building Blocks.

Partners at Building Blocks, along with Consulting911 staff have already agreed that final

installation and configuration of the new hardware installation will occur on a weekend so as to

not disrupt normal office operations during the week. In addition to the planned network outages

for the hardware installation, access will be needed to each workstation in the office to configure

the additional endpoint security as previously mentioned.

Given the initial uncertainty of the timing of the ISP installations, and should they need to

occur after the completion of the remainder of the project, Consulting911 staff will be available

when those installations occur to ensure a successful integration with the newly installed

hardware, assess the new bandwidth available to the office, and to conduct additional testing to
BUILDING BLOCKS, LLC NETWORK UPGRADES 6

ensure that the connections function as intended to provide redundancy as planned – in the event

of an outage of one service provider.

Review of Other Work

With the ever-growing need for enterprise network security, including intrusion detection

and prevention, there are numerous pieces of available hardware to accomplish this task from

numerous vendors. With so many available hardware options, this leads to many questions …

Which is better, an all-in-one Firewall/IPS, or separate devices? Do we really need a Firewall

and an IPS? What is the best device for our network? So many more questions exist, but HP, in a

2014 white paper answers the first two of the questions just posed in the opening line of the

paper, “Next-generation firewalls include intrusion prevention system (IPS) technology that can

detect and block cyber attacks. But they are not a complete substitute for a purpose-built next-

generation IPS. Effective network security requires both. (Hewlett Packard, 2014)”

The paper continues to point out several distinct factors play into the role that a Next-

Generation Firewall and an IPS combine to provide a more complete solution to network

security: 1. Network Location – edge vs. core; 2. Traffic inspection and control – external traffic

coming into private network vs. incoming and outgoing traffic in addition to in-network traffic;

3. Frost & Sullivan’s four phases of advanced persistent threats – Phases 1 & 4 vs. Phases 1

through 4.

As previously mentioned, data security and the protection of Building Blocks’ intellectual

property is paramount to the continued success of the firm. To date, there have not been any

instances of external threats, nor of any insider bad actors; the project intends to address the
BUILDING BLOCKS, LLC NETWORK UPGRADES 7

potential of these threats and provide the means to thwart attempts before they happen with the

increased security measures being considered.

Fortinet brings up other good points in their 2019 White paper about IPS and NGFW:

Performance is a key factor driving many companies to select standalone IPS rather than

functionality integrated into an NGFW. The additional load on a firewall appliance that

must now inspect packets and payloads for IPS will slow down network traffic. Signature

matching alone can reduce some NGFWs’ speed by as much as 30%. (Fortinet, 2019)

This should provide the decision makers at Building Blocks some additional guidance

when making considerations for new hardware for their installation. These statistics, along with

the ability of a stand-alone IPS to monitor internal network traffic provide additional reasoning

and logic for the separation of Firewall and IPS devices for the new hardware installation.

Threat intelligence and its integration into an IPS with Advanced Threat Prevention

(ATP) capabilities is another aspect of the device selection that should be considered. ATP and a

threat intelligence service, when integrated into an IPS, can be used to automatically update the

threat signatures used by the IPS, “which supplement the native functionality of the devices with

ongoing updates about zero-day and other emerging threats (Fortinet, 2019).”

Another integral part of the upgrade project for Building Blocks is file sharing and its

accessibility from within the office and remotely. Remote access to office-based resources will

be accomplished using a VPN, which for ease of configuration will be integrated into the new

firewall that is to be included with this upgrade project. Back to the file sharing … Network

Attached Storage (NAS) or Storage-Area Network (SAN)? Both options have their pros and
BUILDING BLOCKS, LLC NETWORK UPGRADES 8

cons. A 2018 blog post from Enterprise Storage begins to scratch the surface of the two and

provides a bit more insight as to which may be more appropriate for our current project and

installation needs. “NAS is a file-level data storage device attached to a TCP/IP network, usually

Ethernet.” Compare this to “SAN is a dedicated high-performance network for consolidated

block-level storage. The network interconnects storage devices, switches, and hosts.” …

furthermore, “NAS is not typically as fast as block-based SAN, but high-speed LANs can

overcome most performance and latency issues.” Yes, Building Blocks is an architecture firm

that often deals with large Computer-Aided Drawing files, but can the extra cost for a SAN be

justified for the current installation?

SANs are the higher performers for environments that need high-speed traffic such as

high transaction databases and ecommerce websites. NAS generally has lower throughput

and higher latency because of its slower file system layer, but high-speed networks can

make up for performance losses within NAS (Enterprise Storage, 2018).

Building Blocks is not running a high transaction database, nor are they running an

ecommerce website, so a NAS implementation should be sufficient for their purposes.

One should not depart from the topic of file sharing and availability without discussing

RAID. Data security revolves around the C-I-A Triad – Confidentiality, Integrity, Availability.

The availability of data is paramount for any business, hence the need to discuss a RAID

configuration as part of the file sharing aspect of this installation. In a 2005 White Paper,

Adaptec opens with “Data is the most valuable asset of any business today. Lost data means lost

business.” Let’s face it … we all know that hard drives fail. For this reason, a simple RAID-0
BUILDING BLOCKS, LLC NETWORK UPGRADES 9

array is out of the question here, because the failure of 1 drive in the array leads to total data loss

for the entire array. RAID-1 and RAID-5 allow for 1 drive in the array to fail, but when one of

these are combined into a larger RAID-0 array, creating a RAID-10 or RAID-50 implementation,

the fault tolerance increases. Adaptec compares the varying types of RAID implementations in

their 2005 white paper, and details typical applications of those varying types. Based on the

Adaptec white paper, file server implementations, such as the one being considered for Building

Blocks, are best suited to a RAID-50 implementation, suffering little performance degradation

even in the event of disk failures in the array.

Relation of Artifacts to Project Development

The selected articles and white papers provide direction for various aspects of the project

and its main objectives. The Fortinet and HP white papers provide some direction to the project

by guiding a decision about a combined Firewall/IPS or separate devices. The Enterprise Storage

article provides insight to the selection of a storage solution, while the Adaptec white paper

provides guidance on the selection of a RAID implementation for the selected storage solution –

which provides redundancy to ensure availability of Building Blocks’ data despite failure of a

hard drive in the storage array.

While the staff of Consulting911 has their own preferences of product, and ideas for their

own ways to implement these objectives, the choice ultimately rests with the Building Blocks

staff, and their preferences. These artifacts, along with discussion with Consulting911 staff, are

intended to assist with the selection of products and solutions that work in the best interest of

Building Blocks’ work practices. In the event that Building Blocks’ staff is unsure about what

product, solution, or implementation method to choose, additional discussion can be arranged to

BUILDING BLOCKS, LLC NETWORK UPGRADES 10

help guide a decision for what solutions will work best and be of the most benefit now and to

“future proof” the installation – making today’s investment most beneficial as far into the future

as possible.

Project Rationale

Building Blocks began to consider this project in the closing months of 2019, as more

office staff began to complain about lagging internet, and difficulty in sharing files with other

team members. The project was tabled due to the hectic nature of the holidays and was pushed

off until after the beginning of the new year. 2020 started slower than expected for Building

Blocks, and the issues subsided due to the lower-than-normal volume of work, moving the

investment in the technology upgrades down the spending priority list. The project had to be

further postponed due to the COVID-19 pandemic that has crippled many businesses, including

Building Blocks, for most of the year. In preparation for business to pick back up, and to

facilitate better remote-working conditions, Building Blocks’ Managing Partner made the

decision to pull from the firm’s strategic financial reserves and move ahead with this project

during this extended low-workload period.

Even though the firm’s current workload is low, there are still projects in progress with

deadlines that still need to be met. A few members of the staff have firm-provided laptops that

they are still able to work from while working from the office. However, there is one big

downside to working from a laptop – they lack the processing power required to efficiently run

the Computer-Aided Drawing software used in today’s Architectural processes. This had led

most of the firm’s Architects to move back to pencil and paper – spread out on the dining room

table at home, hoping the kids don’t come through and spill the mid-afternoon snack and drink
BUILDING BLOCKS, LLC NETWORK UPGRADES 11

on the drawing that’s been in process for the last three weeks. With a remote connection, and a

couple of external monitors, the firm’s architects can begin to take up a sense of normalcy with

their CAD system, but there’s one other limiting factor to the effectiveness of this solution – the

internet connection speed at the office: it is insufficient to support a stable remote desktop

connection session.

In addition to addressing the connection issues to the office, significant emphasis was

placed on the need for additional security to protect Building Blocks’ intellectual property. While

Building Blocks is a small, local firm, the threat of malicious cyber actors cannot be discounted –

especially in today’s ever-changing cyber landscape.

Even though Building Blocks’ current workload is less than usual, and most of the work

is being done away from their normal office space, collaboration on active projects still must

take place to ensure that the current deadlines can be met. This shift in collaboration methods

brought forth the thoughts from Building Blocks’ Managing Partner about the installation of a

centralized file-sharing implementation at the office. Combined with the other aspects of the

project slated for installation, the file sharing solution serves as an additional way for more

effective collaboration from inside the office walls, as well as remotely.

Current Project Environment

Building Blocks, LLC is a local architecture firm that moved to its current office space in

late 2017 – a renovated and refurbished three-story brick row home, built c. 1900. As part of the

renovation and conversion from residential to office space, CAT-6 network cable was installed

throughout the space, and run to a small, central rack space on the ground level. This network

rack was installed with a patch panel, which was clearly labeled to facilitate ease of use in
BUILDING BLOCKS, LLC NETWORK UPGRADES 12

expansion of network resources throughout the office space. The patch panel is currently in use,

with connections being made to the desktop computers currently in use by Building Blocks’ staff

members. These connections are currently being made directly to the ISP provided equipment,

which is also serving as the office’s primary Wi-Fi access point. Aside from the existing cabling,

patch panel, and the ISP-provided hardware the IT infrastructure is generally non-existent at

Building Blocks’ office, creating many opportunities for improvement.

After some additional investigation, there are significant Wi-Fi connection issues on the

second and third floors of the office space – later realizing that it is the placement of the

hardware that is the cause. Additional discussions with the Managing Partner of Building Blocks

has already prompted a request to expand the project and include measures to remediate the Wi-

Fi issues with standalone access points on all three floors of the office space – since because of

the hardware installation in the original scope of the project would discontinue the direct use of

the ISP provided hardware for provision of Wi-Fi service and DHCP network routing.

Further review of Building Blocks’ IT infrastructure reveals that there is no current

implementation of a hardware firewall, or any kind of network attached storage. All internet

service for the office is being served through the ISP-provided hardware, as well as providing

DHCP and Wi-Fi services. This hardware will remain in place unless an upgrade is required by

the ISP as part of the service level upgrade being considered. Hardware for a secondary ISP will

be installed parallel to this existing hardware – providing additional bandwidth and redundancy

for the office. ISP-provided hardware will be remaining in place, only serving as an interface to

the providers’ networks, with DHCP and Wi-Fi services being moved to hardware inside the

firewall being installed as part of this project.

BUILDING BLOCKS, LLC NETWORK UPGRADES 13

Methodology

Consulting911 will use a PDCA or PDSA methodology for this project, as it does of most

of the other projects undertaken by the firm. The firm’s manager is most familiar with this

methodology from its use in prior work experience and have integrated its usage into normal

business practice with Consulting911. Some view this methodology as Plan, Do, Check, Act;

some view it as Plan, Do, Check, Adjust; others as Plan, Do, Study, Act. At Consulting911 we

have modified it to our own version – Plan, Do, Study, Adjust: making our plan, executing our

plan, studying the result, and adjusting our methods. If the initial result is not satisfactory to our

client, we will pick up where we left off, and proceed through the cycle again, adjusting our

strategies until all parties are satisfied with the outcome.

A comprehensive evaluation of Building Blocks’ current technology infrastructure will

take place after the acceptance of the project proposal from the Managing Partner of Building

Blocks. The initial step of the project will begin with the selection of an upgrade to the existing

internet services coming into the office. Hopefully, this can be accomplished with the provider

adjusting the configuration on the back end, with no other action required at the equipment

already installed at Building Blocks’ office. However, if there is additional hardware needed or if

the existing hardware requires replacement, then a service appointment will be scheduled as soon

as possible. In addition to the upgraded service from the current ISP, services from a secondary

ISP will be researched and planned for installation at the earliest available date.

Product selection will follow, and recommendations provided to the Managing Partner

for final selection. After the final selection of the products to complete the project, they will be

ordered from one of Consulting911’s existing vendors. While waiting on the hardware to arrive,

initial configuration plans will be formulated to expedite the device configuration upon its arrival
BUILDING BLOCKS, LLC NETWORK UPGRADES 14

at Consulting911. Initial device configuration and testing will occur at Consulting911’s office

prior to installation in Building Blocks’ office. Connectivity and configuration verification will

occur after each segment of the new hardware has been installed to ensure functionality and

mitigate any issues as they occur.

After all hardware has been installed and verified to be functioning appropriately,

Building Blocks’ Managing Partner will again ensure that all project goals and objectives have

been met and provide closure to the project.

Project Goals, Objectives, and Deliverables

Goals, Objectives, and Deliverables Table

Goal Supporting objectives Deliverables enabling the project objectives

i. Review current service level from current
ISP
ii. Review available upgrades from current
a. Evaluate current ISP ISP
iii. Order upgraded service
Upgrade
Internet iv. Provide Customer with updated SLA for
1 ISP
connectivity
to office i. Review available services from a
secondary ISP
ii. Order installation of new service from
b. Evaluate secondary ISP
secondary ISP
iii. Provide Customer with SLA from new
ISP
2 Improve i. Select product based on current and future
network needs
security ii. Configure and test product prior to
installation at Customer site
a. Install and configure network
iii. Install at Customer site, and verify
border firewall
configuration and connectivity after
installation
iv. Provide product documentation and
training to Customer after installation
b. Install and configure network i. Select product based on current and future
Intrusion Prevention System needs
ii. Configure and test product prior to
installation at Customer site
iii. Install at Customer site, and verify
BUILDING BLOCKS, LLC NETWORK UPGRADES 15

configuration and connectivity after

installation
iv. Provide product documentation and
training to Customer after installation
i. Select product based on current and future
needs
ii. Install product on all company assets, to
c. Install and configure Endpoint
ensure protection
Antivirus & Host-based Intrusion
iii. Configure automatic product updates to
Detection System
ensure continuous protection
iv. Provide product documentation and
training to Customer after installation
i. Select product based on current and future
needs
a. Install and configure VPN ii. Install and configure product to ensure
services reliable connectivity
iii. Provide product documentation and
Implement
server-side training to Customer
3 Remote
i. Install and configure client-side software
Access
on all company assets
b. Configure user’s hardware to ii. Provide end-user training to all company
access VPN staff
iii. Provide client-side documentation to
Customer
i. Select NAS product, and supporting drive
hardware for current and future needs
ii. Install and configure NAS hardware with
supporting drives, along with ensuring
a. Install and configure NAS with correct RAID configuration
RAID iii. Conduct drive failover testing to ensure
proper functionality in the event of an actual
Improve File
drive failure
4 Sharing
iv. Provide product documentation and
capabilities
training to Customer
i. Configure all company hardware to access
new NAS implementation
b. Configure user’s hardware to ii. Ensure all company employees are
access NAS familiar with how to access NAS
iii. Assist in file migration, from collection
of company resources to new NAS structure

Goals, Objectives, and Deliverables Descriptions

The first goal of this project is to upgrade the internet services for Building Blocks’

office. Two primary objectives will accomplish this goal, each with similar deliverables. The two

objectives are evaluations of the current ISP, along with evaluation of a new ISP. Successful
BUILDING BLOCKS, LLC NETWORK UPGRADES 16

completion of this goal will be measured by the completion of a service-level upgrade from the

current ISP, and an installation of new service from a secondary ISP.

The second goal of the project is to improve the firm’s security stance and internet

security. There are three objectives planned to meet this goal:

1. Installation of a network border firewall

2. Installation of a Network Intrusion Prevention System

3. Installation of antivirus software, and configuration of host-based Intrusion Detection

System

Deliverables for these three objectives are fundamentally identical: provide a complete

installation of the three systems, ensure connectivity through them, conduct testing to ensure

proper functionality, and supplying the customer with documentation and training on the

functions of the newly installed systems.

A third goal of the project is to implement remote accessibility to office resources.

Implementation of a VPN system serves to satisfy this goal. Server and client configurations

must be performed to ensure functionality across all types of customer-supplied device hardware.

Implementation will culminate with connectivity testing and staff training on the features and

usage of the newly implemented system.

Finally, a request was made to implement an office-wide file sharing system. A Network-

Attached Storage system will be installed and configured with RAID to ensure redundancy and

continuous availability in the event of a drive failure. Success in this area will be measured by

the ability of all staff members to access the shared system from their device of choice from

within the office, as well as remotely through the VPN.

BUILDING BLOCKS, LLC NETWORK UPGRADES 17

Project Timeline with Milestones

Milestone or Duration Projected start date Anticipated end date

deliverable (hours or days)
Initial assessment of

Building Blocks’ IT 1 day 11/30 11/30

infrastructure

Evaluate

infrastructure

assessment; research

solution 2 days 12/1 12/2

recommendations for

both hardware and

ISP

Present

recommendations to

Managing Partner,
3 days 12/3 12/7
allowing time to

review and accept

product proposals

Contact ISPs to

schedule upgrade and 4 hours 12/7 12/7

installation

TBD – determined by
ISP Installations 2 days
provider availability
BUILDING BLOCKS, LLC NETWORK UPGRADES 18

Place order for new

1 hour 12/7 12/7
hardware selections

Wait for hardware

7-10 days 12/8 12/18 – 12/23
delivery

Initial hardware 2-3 days 12/28 12/30

configuration and

testing

Hardware installation 1 – 2 days 1/2/2021 1/3/2021

at Building Blocks’

office

Staff training for

1 day 1/4/2021 1/5/2021
VPN and NAS

Project wrap-up 1 day 1/8/2021 1/8/2021

Outcome

Once completed, Building Blocks, LLC will have a faster, more secure connection to the

internet, as well as the ability to remotely access the firm’s resources while away from the office,

and more effectively share files within the office staff. Overall success of the project will be

measured by the continued connectivity after the new hardware installations, but also by a

measured improvement in the downstream bandwidth available to users in the office. Based on

initial reports of current bandwidth, after the upgrade and new installation users should expect a

75-100% increase in available bandwidth.

BUILDING BLOCKS, LLC NETWORK UPGRADES 19

References

Adaptec. (2005). Which RAID Level is Right for Me? [White paper].

https://www.adaptec.com/nr/rdonlyres/874d145e-f64f-4804-9e27-

037bc5a9dce0/0/3994_raid_whichone_v112.pdf

Enterprise Storage. (May 8, 2018). NAS vs. SAN: Differences and Use Cases.

https://www.enterprisestorageforum.com/storage-networking/nas-vs.-san-differences-

and-use-cases.html

Fortinet. (2019). A Definitive Guide To The IPS Technology Landscape: Essential Solution to

Selection Criteria [White paper].

https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-a-definitive-guide-

to-the-ips-technology-landscape.pdf

Hewlett-Packard Development Company, LP. (2014). Next-generation IPS and Firewall: Why

you need both [White paper]. https://www.binss.de/wp-content/uploads/Next-Generation-

IPS-and-Firewall.pdf
BUILDING BLOCKS, LLC NETWORK UPGRADES 20

Appendix A

Comcast Business Internet Speed Tiers

BUILDING BLOCKS, LLC NETWORK UPGRADES 21

Appendix B

Verizon Fios Business Service Tiers