large enterprise network). Before discussing the characteristic features of each of the listed types of networks, let us dwell on those factors that force enterprises to acquire their own computer network.

What does the use of networks give to an enterprise?

This question can be clarified as follows:

• When to deploy in an enterprise computer networks Is it preferable to use standalone computers or multi-machine systems?
• What new opportunities appear in an enterprise with the advent of a computer network?
• And finally, does a business always need a network?

Without going into details, the ultimate goal of using computer networks at the enterprise is to increase the efficiency of its work, which can be expressed, for example, in increased profits. Indeed, if, thanks to computerization, the production costs of an existing product were reduced, the development time for a new model was reduced, or the servicing of consumer orders was accelerated, this means that this enterprise really needed a network.

Conceptual advantage of networks, which follows from their belonging to distributed systems, before autonomously operating computers is their ability to perform parallel computing. Due to this, in a system with several processing nodes it is in principle possible to achieve productivity, exceeding the currently maximum possible performance of any individual, no matter how powerful, processor. Distributed systems potentially have best ratio performance/cost than centralized systems.

Another obvious and important advantage of distributed systems is their higher fault tolerance. Under fault tolerance it is necessary to understand the ability of the system to perform its functions (maybe not in full) in the event of failures of individual hardware elements and incomplete data availability. The basis for increased fault tolerance of distributed systems is redundancy. Redundancy of processing nodes (processors in multiprocessor systems or computers in networks) allows, if one node fails, to reassign tasks assigned to it to other nodes. To this end, a distributed system may have dynamic or static reconfiguration procedures. IN computer networks some data sets may be duplicated across external storage devices several computers on the network, so that if one of them fails, the data remains available.

The use of geographically distributed computing systems is more consistent with the distributed nature of application problems in some subject areas, such as automation technological processes, banking, etc. In all these cases, there are individual consumers of information dispersed over a certain territory - employees, organizations or technological installations. These consumers solve their problems autonomously, so they should be provided with their own computing means, but at the same time, since the problems they solve are logically closely interrelated, their computing means should be combined into common system. The optimal solution in this situation is to use a computer network.

For the user, distributed systems also provide advantages such as the ability to share data and devices, as well as the ability to flexibly distribute work throughout the system. This division of expensive peripheral devices- such as high-capacity disk arrays, color printers, plotters, modems, optical discs- in many cases is the main reason for deploying a network in an enterprise. A user of a modern computer network works at his computer, often without realizing that he is using the data of another powerful computer, located hundreds of kilometers away. He sends e-mail via a modem connected to a communications server shared by several departments in his business. The user gets the impression that these resources are connected directly to his computer, or "almost" connected, since working with them requires little additional action compared to using truly native resources.

IN Lately Another incentive for deploying networks began to prevail, much more important in modern conditions than saving money by sharing expensive equipment or programs between corporate employees. This motive was the desire to provide employees with prompt access to extensive corporate information. In conditions of fierce competition in any market sector, the winner is ultimately the company whose employees can quickly and correctly answer any customer question - about the capabilities of their products, about the conditions for their use, about solving various problems, etc. even a large enterprise good manager It is unlikely that he knows all the characteristics of each of the manufactured products, especially since their range can be updated every quarter, if not month. Therefore, it is very important that the manager has the opportunity from his computer connected to corporate network, say, in Magadan, transfer the client’s question to a server located in the central office of the enterprise in Novosibirsk, and promptly receive an answer that satisfies the client. In this case, the client will not contact another company, but will continue to use the services of this manager in the future.

Networking Leads to Improvement communications between employees of an enterprise, as well as its customers and suppliers. Networks reduce the need for businesses to use other forms of information transmission, such as telephone or regular mail. Often, the ability to organize e-mail is one of the reasons for deploying a computer network at an enterprise. New technologies that make it possible to transmit not only computer data, but also voice and video information over network communication channels are becoming increasingly widespread. Corporate network, which integrates data and multimedia information, can be used to organize audio and video conferences, in addition, its own internal telephone network can be created on its basis.

Benefits of using networks

1. The integral advantage is increasing the efficiency of the enterprise.
2. Ability to perform parallel computing, due to which productivity can be increased and fault tolerance.
3. Better suited to the distributed nature of some application problems.
4. Ability to share data and devices.
5. Possibility of flexible distribution of work throughout the system.
6. Quick access to extensive corporate information.
7. Improving communications.

Problems

1. The complexity of developing system and application software for distributed systems.
2. Performance issues and reliability data transmission over the network.
3. Security problem.

Of course, when using computer networks There are also problems associated mainly with organizing effective interaction between individual parts of a distributed system.

Firstly, there are problems with software: operating systems and applications. Programming for distributed systems is fundamentally different from programming for centralized systems. Thus, a network operating system, in general performing all the functions of managing local computer resources, in addition solves numerous tasks related to the provision of network services. The development of network applications is complicated by the need to organize the joint operation of their parts running on different machines. Ensuring the compatibility of software installed on network nodes also causes a lot of trouble.

Secondly, many problems are associated with transporting messages over communication channels between computers. The main tasks here are to ensure reliability (so that transmitted data is not lost or distorted) and performance (so that data exchange occurs with acceptable delays). In the structure of the total costs of a computer network, the costs of solving “transport issues” make up a significant part, while in centralized systems these problems are completely absent.

Third, there are security issues that are much more difficult to resolve on a network than on a standalone computer. In some cases, when security is especially important, it is better not to use the network.

There are many more pros and cons that can be cited, but the main proof of the effectiveness of using networks is the indisputable fact of their ubiquity. Today it is difficult to find an enterprise that does not have at least a single-segment network of personal computers; More and more networks with hundreds of workstations and dozens of servers are appearing; some large organizations are acquiring private global networks that unite their branches located thousands of kilometers away. In each specific case there were reasons for creating a network, but the general statement is also true: there is still something in these networks.

Department networks

Department networks- These are networks that are used by a relatively small group of employees working in one department of the enterprise. These employees handle some common tasks, such as accounting or marketing. It is believed that the department may have up to 100-150 employees.

The main purpose of the department network is separation local resources, such as applications, data, laser printers and modems. Typically, departmental networks have one or two file servers, no more than thirty users (Fig. 10.3) and are not divided into subnets. Most of an enterprise's traffic is localized in these networks. Departmental networks are usually created on the basis of one network technology - Ethernet, Token Ring. In such a network, one or at most two types of operating systems are most often used. A small number of users allows departmental networks to use peer-to-peer network operating systems, such as Windows 98.

Rice. 10.3.

Network management tasks at the departmental level are relatively simple: adding new users, troubleshooting simple failures, installing new nodes and installing new software versions. Such a network can be managed by an employee who devotes only part of his time to performing administrator duties. Most often, the department's network administrator does not have special training, but is the person in the department who understands computers best, and it naturally turns out that he is involved in network administration.

There is another type of network that is close to departmental networks - work group networks. Such networks include very small networks, including up to 10-20 computers. The characteristics of workgroup networks are practically no different from the characteristics of departmental networks described above. Properties such as network simplicity and homogeneity are most evident here, while departmental networks can in some cases approach the next largest type of network, campus networks.

Campus networks

Campus networks got their name from the English word campus - student town. It was on university campuses that there was often a need to combine several small networks into one large one. Now this name is not associated with college campuses, but is used to designate networks of any enterprises and organizations.

Campus networks(Fig. 10.4) combine many networks of different departments of one enterprise within a single building or one territory covering an area of ​​​​several square kilometers. However, global connections in campus networks are not used. Services on such a network include interoperability between departmental networks, access to shared enterprise databases, and access to shared fax servers, high-speed modems, and high-speed printers. As a result, employees of each department of the enterprise gain access to some files and network resources of other departments. Campus networks provide access to corporate databases no matter what types of computers they reside on.

Rice. 10.4.

It is at the campus network level that problems arise in integrating heterogeneous hardware and software. The types of computers, network operating systems, and network hardware in each department may vary. This leads to the complexity of managing campus networks. In this case, administrators must be more qualified, and the means of operational network management must be more effective.

Enterprise networks

Corporate networks also called enterprise-wide networks, which corresponds to the literal translation of the term "enterprise-wide networks" used in English literature to refer to this type of network. Enterprise networks ( corporate networks) combine a large number of computers in all areas of a separate enterprise. They can be intricately connected and capable of covering a city, region or even a continent. The number of users and computers can be measured in thousands, and the number of servers - in hundreds, the distances between networks individual territories there are some that have to be used corporate network Various types of computers will certainly be used - from mainframes to personal computers, several types of operating systems and many different applications. Heterogeneous parts corporate network should work as a single unit, providing users with as convenient and easy access to all necessary resources as possible.

Enterprise networks ( corporate networks) combine a large number of computers in all areas of a separate enterprise. For corporate network characteristic:

• scale - thousands of user computers, hundreds of servers, huge volumes of data stored and transmitted over communication lines, many different applications;
• high degree of heterogeneity - different types of computers, communications equipment, operating systems and applications;
• use of global connections - branch networks are connected using telecommunications means, including telephone channels, radio channels, and satellite communications.

Appearance corporate networks- this is a good illustration of the well-known postulate about the transition from quantity to quality. When individual networks of a large enterprise with branches in different cities and even countries are combined into a single network, many quantitative characteristics of the combined network cross a certain critical threshold, beyond which a new quality begins. Under these conditions, existing methods and approaches to solving traditional problems of smaller-scale networks for corporate networks turned out to be unsuitable. Tasks and problems came to the fore that were either of secondary importance or did not appear at all in the networks of work groups, departments, and even campuses. An example is the simplest (for small networks) task - maintaining credentials about network users.

The simplest way to solve this is to place each user's credentials in the local credentials database of each computer whose resources the user should have access to. When an access attempt is made, this data is retrieved from the local account database and access is granted or denied based on it. In a small network consisting of 5-10 computers and approximately the same number of users, this method works very well. But if there are several thousand users on the network, each of whom needs access to several dozen servers, then, obviously, this solution becomes extremely ineffective. The administrator must repeat the operation of entering the credentials of each user several dozen times (according to the number of servers). The user himself is also forced to repeat the logical login procedure every time he needs access to the resources of the new server. A good solution to this problem for a large network is to use a centralized help desk that stores the accounts of all users on the network in a database. The administrator performs the operation of entering user data into this database once, and the user performs the logical login procedure once, not to a separate server, but to the entire network.

When moving from a simpler type of network to a more complex one - from department networks to corporate network- the coverage area is increasing, maintaining computer connections is becoming more and more difficult. As the scale of the network increases, the requirements for its reliability, performance and functionality increase. An increasing amount of data circulates across the network, and it is necessary to ensure that it is safe and secure, as well as accessible. All this leads to the fact that corporate networks are built on the basis of the most powerful and diverse hardware and software.

A corporate network is a network whose main purpose is to support the operation of a specific enterprise that owns this network. Users of the corporate network are employees of this enterprise. Depending on the scale of the enterprise, as well as the complexity and variety of tasks being solved, department networks, campus networks and corporate networks (that is, a large enterprise network) are distinguished.

Department networks- These are networks that are used by a relatively small group of employees working in one department of the enterprise.

The main purpose of a department network is to share local resources such as applications, data, laser printers, and modems. Typically, departmental networks have one or two file servers, no more than thirty users and are not divided into subnets (Fig. 55). Most of an enterprise's traffic is localized in these networks. Departmental networks are usually created on the basis of one network technology - Ethernet, Token Ring. Such a network is characterized by one or at most two types of operating systems. A small number of users makes it possible for departments to use peer-to-peer network operating systems such as Microsoft's Windows.

There is another type of network, close to departmental networks - working group networks. Such networks include very small networks, including up to 10-20 computers. The characteristics of workgroup networks are practically no different from the characteristics of departmental networks. Properties such as network simplicity and homogeneity are most evident here, while departmental networks can in some cases approach the next largest type of network, campus networks.

Campus networks got their name from the English word “campus” - student town. It was on university campuses that there was often a need to combine several small networks into one large network. Now this name is not associated with college campuses, but is used to designate networks of any enterprises and organizations.

The main features of campus networks are that they combine many networks of different departments of one enterprise within a single building or within one territory covering an area of ​​​​several square kilometers (Fig. 56). However, global connections in campus networks are not used. The services of such a network include interactions between departmental networks. Access to shared enterprise databases, access to shared fax servers, high-speed modems and high-speed printers. As a result, employees of each department of the enterprise gain access to some files and network resources of other departments. An important service provided by campus networks has become access to corporate databases, regardless of what type of computer they are located on.

It is at the campus network level that problems arise in integrating heterogeneous hardware and software. The types of computers, network operating systems, and network hardware may vary from department to department. This leads to the complexity of managing campus networks. In this case, administrators must be more qualified, and the means of operational network management must be more advanced.

Corporate networks are also called enterprise-scale networks, which corresponds to the literal translation of the term “enterprise - wide network”. Enterprise-scale networks (corporate networks) connect a large number of computers in all areas of an individual enterprise. They can be intricately connected and cover a city, region or even a continent. The number of users and computers can be measured in thousands, and the number of servers - in hundreds; the distances between the networks of individual territories can be such that the use of global connections becomes necessary (Fig. 57). To connect remote local networks and individual computers in a corporate

networks use a variety of telecommunications tools, including telephone channels, radars, and satellite communications. A corporate network can be thought of as “islands” of local networks “floating” in a telecommunications environment. An indispensable attribute of such a complex and large-scale network is a high degree of heterogeneity (interogeneity) - it is impossible to satisfy the needs of thousands of users using the same type of hardware. A corporate network necessarily uses various types of computers - from mainframes to personal computers, several types of operating systems and many different applications. Heterogeneous parts of the corporate network should work as a single whole, providing users with the most convenient and simple access to all necessary resources.

The emergence of a corporate network is a good illustration of the well-known philosophical postulate about the transition from quantity to quality. When individual networks of a large enterprise with branches in different cities and even countries are combined into a single network, many quantitative characteristics of the combined network exceed a certain critical threshold, beyond which a new quality begins. Under these conditions, existing methods and approaches to solving traditional problems of smaller-scale networks for corporate networks turned out to be unsuitable. Tasks and problems came to the fore that in distributed networks of work groups, departments, and even campuses were either of secondary importance or did not appear at all.

In distributed local networks consisting of 1-20 computers and approximately the same number of users, the necessary information data is moved to the local database of each computer, the resources of which users must have access to, that is, the data is retrieved from the local accounting database and accessed based on it provided or not provided.

But if there are several thousand users on the network, each of whom needs access to several dozen servers, then, obviously, this solution becomes extremely ineffective, since the administrator must repeat the operation of entering the credentials of each user several dozen times (according to the number of servers). The user himself is also forced to repeat the logical login procedure every time he needs access to the resources of the new server. The solution to this problem for a large network is to use a centralized help desk, the database of which stores the necessary information. The administrator performs the operation of entering user data into this database once, and the user performs the logical login procedure once, not to a separate server, but to the entire network. As the scale of the network increases, the requirements for its reliability, performance and functionality increase. With ever-increasing volumes of data circulating across the network, the network must ensure that it is safe and secure as well as accessible. All this leads to the fact that corporate networks are built on the basis of the most powerful and diverse equipment and software.

Of course, corporate computing networks have their own problems. These problems are mainly associated with organizing effective interaction between individual parts of a distributed system.

Firstly, there are difficulties associated with software - operating systems and applications. Programming for distributed systems is fundamentally different from programming for centralized systems. Thus, a network operating system, performing all the functions of managing local computer resources, will solve its numerous tasks of providing network servers. The development of network applications is complicated by the need to organize the joint operation of their parts running on different machines. A lot of concern comes from ensuring the compatibility of software installed on network nodes.

Secondly, many problems are associated with transporting messages over communication channels between computers. The main objectives here are to ensure reliability (so that the provided data is not lost or distorted) and performance (so that data exchange occurs with acceptable delays). In the structure of the total costs of a computer network, the costs of solving “transport issues” make up a significant part, while in centralized systems these problems are completely absent.

Thirdly, there are security issues that are much more difficult to resolve on a computer network than on a stand-alone computer. In some cases, when security is especially important, it is better to avoid using the network altogether.

However, in general, the use of local (corporate networks) gives the enterprise the following opportunities:

Sharing expensive resources;

Improving switching;

Improving access to information;

Fast and high-quality decision making;

Freedom in the territorial placement of computers.

A corporate network (enterprise network) is characterized by:

Scale – thousands of user computers, hundreds of servers, huge volumes of data stored and transmitted over communication lines, many different applications;

High degree of heterogeneity (heterogeneity) – types of computers, communications equipment, operating systems and applications are different;

Using global connections – branch networks are connected using telecommunications means, including telephone channels, radio channels, and satellite communications.

Timely exchange of information within team members is an important component of the successful work of any company, regardless of its specifics and scale.

The spread of digital technologies in all industries contributes to the widespread implementation of corporate networks at different levels of business, from small firms to holding companies.

Design and construction of a corporate network

The popularity of corporate networks is due to a number of their advantages.

Reducing system downtime in the event of hardware, software and technical errors requires a stable, continuous exchange of data between all participants.

Special programs and fine-tuning of access rights to individual documents, functions and sections reduce the risk of information leakage and loss of confidential data. In addition, violators are easy to track using software solutions.

The process of designing a corporate network includes the unification of local networks of departments within the company and the creation of a material and technical base for further planning, organization and management of the core activities of the enterprise.

The construction of a corporate network is based on an agreed and developed architecture of data, platforms and applications, through which information is exchanged between users. Getting a functioning corporate network additionally involves developing tools for maintaining and protecting databases.

Companies creating corporate networks

Among the companies creating corporate networks, it is worth noting:

1. Altegra Sky is a Moscow company engaged in providing a full range of services related to the creation of an internal network, from drawing up the fundamental architecture to commissioning. The company purchases, installs, commissions all necessary equipment and conducts training events for its clients.


2. Universum is a Moscow-based provider of system integration services and the creation of secure local networks for wide-ranging enterprises. Specialization - installation and fine-tuning of all functional elements of local networks and ensuring uninterrupted operation.


3. Open Technologies is a provider of innovative solutions for data exchange within the company. The company's specialization is the creation of an optimal hierarchical structure that will ensure consistently high speed of transfer of documents, images and multimedia using the available server capacity.

Structure, architecture, technologies of enterprise corporate networks

The corporate network of an enterprise is characterized by two elements.

LAN is a local area network that provides stable exchange of necessary data and management of user access rights. To create it, you need hardware - structured cable networks, then SCS.

SCS is a telecommunications infrastructure - a collection of all computer devices of the company, between which data exchange occurs in real time.

Creating a corporate network consists of choosing:

• working group;


• modeling environments;


• software and hardware solutions for its creation;


• configuration and maintenance of the finished architecture.

Building an architecture and choosing a corporate network technology consists of several stages:

• selection of elementary objects included in the corporate data exchange network. As a rule, these are certain products, services of the company and information on them;


• selection of functional, information and resource models for the future network. At this stage, the “internal logic” of the functioning of the future network is determined;


• further, based on the already selected parameters, languages ​​and modeling methods are determined that can solve the assigned problems.

For example, when forming a corporate network for a small manufacturing company, the most accessible modeling languages ​​that do not require hardware power are used. Conversely, creating architecture for large companies with a wide range of activities requires the use of powerful tools.

Corporate local networks via VPN and Wi-Fi

VPN, or Virtual Private Network, is an option for creating a virtual network within an enterprise that uses the capabilities of the global network. The peculiarity of building such a network is the ability to access the Internet from anywhere in the world using a registered login and password.

The solution is popular among IT companies, design bureaus and other enterprises that hire employees for remote work. The disadvantage of this method of organizing a local network is the threat of unauthorized access and loss of user data.

Wi-Fi is a more technologically advanced and modern option for creating a corporate network that is not tied to hardware capacity and the physical location of users. Using routers, network access is configured for all employees, and you can “get into” the network from any device.

The main advantage of Wi-Fi is easy integration and scaling of the created network for any number of users. WITH using Wi-Fi dynamic redistribution of network bandwidth is carried out between individual nodes, depending on the level of applied load.

Corporate satellite network

Operation of this type a corporate local network is built on the use of the power of a HUB - a satellite terminal located in network control centers.

Each participant accesses the network using an IP address and a relay satellite that transmits a signal to other users.

This option for organizing a corporate network allows you to:

• quickly connect new users to the existing network;


• remotely monitor its functioning and compliance by participants with the security policy;


• guarantee data safety and fine-tuned privacy.

Satellite networks are the most stable, expensive and technologically advanced way to organize data exchange between employees of the same structure.

Corporate multiservice network

A feature of a multiservice network is the ability to transmit text, graphic, video and audio information using the same communication channels. As a rule, companies providing services for building multiservice networks create turnkey solutions that allow all necessary types of information to be transmitted via IP addresses.

In technical terms, separate subsystems are created that are designed to transmit certain types of information, while switches, routers and signal amplifiers are used to transmit data. Thus, the network is more stable, tolerates high load levels well and allows peripheral devices to access the central server as quickly as possible.

Corporate computer network

A computer network within a company is an adaptation of Internet technologies for use at the level of an individual company. The main purpose of building such networks is the joint use of information for internal corporate work: simultaneous access and editing of documents, data exchange.

The functioning of a computer network requires the use of an operating system that is compatible with all equipment and software connected to it. It is important to ensure rational distribution of information and provide employees with tools for planning and document management.

The stage of building the architecture of a corporate computer network involves constant communication with future users in order to identify their needs. A successfully built corporate computer network is a convenient software and hardware solution for use in daily work.

Corporate social network

Creating a tool for transmitting messages and exchanging information within one company gives employees the opportunity to maintain contact between departments in real time. At the same time, the product is based on the principle of operation of ordinary social networks with “reduced” functionality, which does not distract the attention of employees from their professional duties.

Typically, access to corporate social network have company employees who are in the office or working remotely, while confidential work issues are discussed using secure communication protocols. This ensures prompt and secure communication between company departments without interrupting production and without the threat of data leakage.

Remote access to the corporate network

The basis for remote access to the capabilities of a corporate network is setting up the VPN protocol, which ensures the use of company servers by running a virtual machine.

The technology is based on a terminal server, free subnets and a secure guest network. There is no need for the user to purchase or configure additional programs: access via VPN is carried out in the “Team Viewer” application, compatible with all versions of Windows OS.

This solution is safe due to the possibility fine tuning access rights to data stored on company servers.

Security of corporate networks: threats and protection

Unauthorized access to data stored on corporate servers and the threat of their loss are two main dangers from which it is necessary to protect the enterprise network.

For these purposes the following are used:

• antivirus systems;


• prompt blocking of unauthorized access manually;


• fine tuning VPN networks, cutting off unauthorized users by entering a login and password.

Permanent protection is achieved using firewalls, monitoring the functioning of all network elements in real time.

Read our other articles:

Corporate information network

“A corporate network is a network whose main purpose is to support the operation of a specific enterprise that owns the network. Users of the corporate network are only employees of this enterprise." The primary purpose of a corporate network is to provide comprehensive information services to enterprise employees, in contrast to a simple local network, which provides only transport services for transmitting information flows in digital form.

Information flows in modern world are crucial. Today, no one needs to be convinced that for the successful operation of any corporate structure, a reliable and easily managed information system is necessary. Any enterprise has internal communications, ensuring interaction between management and structural divisions, and external relations with business partners, enterprises, and authorities. External and internal communications of an enterprise can be considered as informational. But at the same time, an enterprise can be considered as an organization of people united by common goals. To achieve these goals, various mechanisms are used to facilitate their implementation. One of these mechanisms is effective production management, based on the processes of obtaining information, processing it, making decisions and communicating them to performers. The most important part of management is decision making. To develop the right decision, complete, prompt and reliable information is required.

The completeness of information is characterized by its volume, which should be sufficient to make a decision. Information must be prompt, i.e. such that during its transmission and processing the state of affairs does not change. The reliability of information is determined by the degree to which its content corresponds to the objective state of affairs. Information must be received at the workplace of an enterprise manager or performer in a form that facilitates its perception and processing. But how to organize a high-quality information system at minimal costs? Which equipment should you prefer when choosing?

A significant part of the telecommunications equipment market is occupied by hardware designed to provide corporate structures intra-industrial communication and data transfer services. Moreover, these concepts can mean a fairly wide range of modern services. Using modern PBX technologies, it is possible to deploy a digital network with the integration of ISDN services and provide users with access to databases and the Internet, organize a minicellular communication system of the DECT standard, introduce a video conference or intercom mode.

Modern PBXs use digital technologies, a modular construction principle, have relatively high reliability, provide a full set of basic functions (call routing, administration, etc.), and provide the ability to connect additional equipment such as voice mail, billing systems, etc.

Any organization is a collection of interacting elements (divisions), each of which can have its own structure. The elements are interconnected functionally, i.e. they perform certain types of work within the framework of a single business process, as well as information, exchanging documents, faxes, written and oral orders, etc. In addition, these elements interact with external systems, and their interaction can also be both informational and functional. And this situation is true for almost all organizations, no matter what type of activity they are engaged in - for a government agency, bank, industrial enterprise, commercial firm, etc.

This general view of the organization allows us to formulate some general principles for building corporate information systems, i.e. information systems throughout the organization.

A corporate network is a system that provides information transfer between various applications used in the corporation's system. A corporate network is the network of an individual organization. A corporate network is any network that operates over the TCP/IP protocol and uses Internet communication standards, as well as service applications that provide data delivery to network users. For example, a company may create Web server for publishing announcements, production schedules and other official documents. Employees access necessary documents using Web content viewers.

Web servers on a corporate network can provide users with services similar to Internet services, for example, working with hypertext pages (containing text, hyperlinks, graphics and sound recordings), providing the necessary resources upon requests from web clients, and also providing access to databases.

A corporate network, as a rule, is geographically distributed, i.e. uniting offices, divisions and other structures located at a considerable distance from each other. The principles by which a corporate network is built are quite different from those used when creating a local network. This limitation is fundamental, and when designing a corporate network, all measures should be taken to minimize the volume of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process the information transferred over it. An example of a corporate network is shown in Figure 9.

The process of creating a corporate information system

We can highlight the main stages of the process of creating a corporate information system:

Conduct an information survey of the organization;

Based on the survey results, select the system architecture and hardware and software for its implementation; based on the survey results, select and/or develop key components of the information system;

Corporate database management system;

Automation system for business operations and document flow;

Electronic document management system;

Special software;

Decision support systems.

When designing a corporate information network the organization needed to be guided by the principles of consistency, standardization, compatibility, development and scalability, reliability, security and efficiency.

The principle of consistency implies that when designing and creating a CIS, its integrity must be maintained by creating reliable communication channels between subsystems.

The principle of standardization provides for the use of standard equipment and materials that comply with international standards ISO, FCC, and State Standards of the Republic of Kazakhstan.

Example of a corporate network

Figure 9

The principle of compatibility, directly related to the principle of standardization, ensures the compatibility of equipment, interfaces and data transfer protocols across the organization and the global network.

The principle of development (scalability) or openness of the CIS is that even at the design stage the CIS should be created as open system, allowing for the addition, improvement and updating of subsystems and components, and the connection of other systems. The development of the system will be carried out by replenishing it with new subsystems and components, modernizing existing subsystems and components, updating the means used computer technology, more perfect.

The principle of reliability is the duplication of important subsystems and components in order to ensure uninterrupted operation of the CIS, creating a supply of materials and equipment for prompt repair and replacement of equipment.

The principle of security of a CIS implies the use, when building a CIS, of software and hardware and organizational methods that exclude unauthorized access to equipment and retrieval of information from the CIS by external and internal objects and subjects that do not have special permission.

The principle of efficiency is to achieve a rational ratio between the costs of designing and creating a CIS and the target effects obtained as a result of the practical implementation and operation of the CIS. The economic essence of creation and implementation is to ensure effective and prompt exchange of information between divisions of the organization to resolve production and financial and economic issues, expressed in reducing the cost of telephone communications and postal items.

We will analyze the specific implementation of the above later at the stage of designing the computer information network of the organization under study.

Introduction. From the history of network technologies. 3

The concept of "Corporate networks". Their main functions. 7

Technologies used in creating corporate networks. 14

Structure of the corporate network. Hardware. 17

Methodology for creating a corporate network. 24

Conclusion. 33

List of used literature. 34

Introduction.

From the history of network technologies.

The history and terminology of corporate networks is closely related to the history of the origins of the Internet and the World Wide Web. Therefore, it does not hurt to remember how the very first network technologies appeared, which led to the creation of modern corporate (departmental), territorial and global networks.

The Internet began in the 60s as a project of the US Department of Defense. The increased role of the computer has given rise to the need for both sharing information between different buildings and local networks, and maintaining the overall functionality of the system in the event of failure of individual components. The Internet is based on a set of protocols that allow distributed networks to route and transmit information to each other independently; If one network node is unavailable for some reason, the information reaches its final destination through other nodes that are currently in working order. The protocol developed for this purpose is called Internetworking Protocol (IP). (The acronym TCP/IP means the same thing.)

Since then, the IP protocol has become generally accepted in military departments as a way to make information publicly available. Since many of these departments' projects were carried out in various research groups at universities around the country, and the method of exchanging information between heterogeneous networks proved to be very effective, the use of this protocol quickly expanded beyond the military departments. It began to be used in NATO research institutes and European universities. Today, the IP protocol, and therefore the Internet, is a universal global standard.

In the late eighties, the Internet faced a new problem. At first the information was either emails, or simple data files. Appropriate protocols have been developed for their transfer. Now, a whole series of new types of files have emerged, usually united under the name multimedia, containing both images and sounds, and hyperlinks, allowing users to navigate both within one document and between different documents containing related information.

In 1989, the Laboratory of Elementary Particle Physics of the European Center for Nuclear Research (CERN) successfully launched new project , the goal of which was to create a standard for transmitting this type of information over the Internet. The main components of this standard were multimedia file formats, hypertext files, as well as a protocol for receiving such files over the network. The file format was named HyperText Markup Language (HTML). It was a simplified version of the more general Standard General Markup Language (SGML). The request servicing protocol is called HyperText Transfer Protocol (HTTP). In general, it looks like this: a server running a program that serves the HTTP protocol (HTTP demon) sends HTML files upon request from Internet clients. These two standards formed the basis for a fundamentally new type of access to computer information. Standard multimedia files can now not only be obtained upon user request, but also exist and be displayed as part of another document. Since the file contains hyperlinks to other documents that may be located on other computers, the user can access this information with a light click of the mouse button. This fundamentally removes the complexity of accessing information in a distributed system. Multimedia files in this technology are traditionally called pages. A page is also the information that is sent to the client machine in response to each request. The reason for this is that a document usually consists of many separate parts, interconnected by hyperlinks. This division allows the user to decide for himself which parts he wants to see in front of him, saves his time and reduces network traffic. The software product that the user directly uses is usually called a browser (from the word browse - to graze) or a navigator. Most of them allow you to automatically retrieve and display a specific page that contains links to documents that the user accesses most often. This page is called the home page, and there is usually a separate button to access it. Each non-trivial document is usually provided with a special page, similar to the “Contents” section in a book. This is usually where you start studying a document, so it is also often called the home page. Therefore, in general, a home page is understood as some kind of index, an entry point to information of a certain type. Usually the name itself includes a definition of this section, for example, Microsoft Home Page. On the other hand, each document can be accessed from many other documents. The entire space of documents linking to each other on the Internet is called the World Wide Web (the acronyms WWW or W3). The document system is completely distributed, and the author does not even have the opportunity to trace all the links to his document that exist on the Internet. The server providing access to these pages may log all those who read such a document, but not those who link to it. The situation is the opposite of what exists in the world of printed products. In many research fields, there are periodically published indexes of articles on a topic, but it is impossible to track all those who read a given document. Here we know those who read (had access to) the document, but we do not know who referred to it. Another interesting feature is that with this technology it becomes impossible to keep track of all the information available through the WWW. Information appears and disappears continuously, in the absence of any central control. However, this is not something to be afraid of; the same thing happens in the world of printed products. We do not try to accumulate old newspapers if we have fresh ones every day, and the effort is negligible.

Client software products that receive and display HTML files are called browsers. The first graphical browser was called Mosaic, and it was made at the University of Illinois. Many of the modern browsers are based on this product. However, due to the standardization of protocols and formats, any compatible software product can be used. Viewing systems exist on most major client systems capable of supporting smart windows. These include MS/Windows, Macintosh, X-Window and OS/2 systems. There are also viewing systems for those operating systems where windows are not used - they display text fragments of documents that are accessed.

The presence of viewing systems on such disparate platforms is of great importance. The operating environments on the author's machine, server, and client are independent of each other. Any client can access and view documents created with using HTML and corresponding standards, and transmitted through an HTTP server, regardless of the operating environment in which they were created or where they came from. HTML also supports form development and feedback functions. This means that the user interface for both querying and retrieving data goes beyond point-and-click.

Many stations, including Amdahl, have written interfaces to interoperate between HTML forms and legacy applications, creating a universal front-end user interface for the latter. This makes it possible to write client-server applications without thinking about client level coding. In fact, programs are already emerging that treat the client as a viewing system. An example is Oracle's WOW interface, which replaces Oracle Forms and Oracle Reports. Although this technology is still very young, it already has the potential to change the landscape of information management in the same way that the use of semiconductors and microprocessors changed the world of computers. It allows you to turn functions into separate modules and simplify applications, taking us to new level integration, which is more consistent with the business functions of the enterprise.

Information overload is the curse of our time. Technologies that were created to alleviate this problem have only made it worse. This is not surprising: it is worth looking at the contents of the trash bins (regular or electronic) of an ordinary employee dealing with information. Even if you don't count the inevitable heaps of advertising "junk" in the mail, most of the information is sent to such an employee simply "in case" he needs it. Add to this “untimely” information that will most likely be needed later, and here you have the main contents of the trash can. An employee will likely store half of the information that "might be needed" and all of the information that will likely be needed in the future. When the need arises, he will have to deal with a bulky, poorly structured archive of personal information, and at this stage additional difficulties may arise due to the fact that it is stored in files of different formats on different media. The advent of photocopiers made the situation with information “that might suddenly be needed” even worse. The number of copies, instead of decreasing, is only increasing. Email only made the problem worse. Today, a “publisher” of information can create his own, personal mailing list and, using one command, send an almost unlimited number of copies “in case” they may be needed. Some of these information distributors realize that their lists are no good, but instead of correcting them, they put a note at the beginning of the message that reads something like: "If you are not interested..., destroy this message." The letter will still be blocked Mailbox, and the recipient will in any case have to spend time familiarizing himself with it and destroying it. The exact opposite of "maybe useful" information is "timely" information, or information for which there is a demand. Computers and networks were expected to help in working with this type of information, but so far they have not been able to cope with this. Previously, there were two main methods of delivering timely information.

When using the first of them, information was distributed between applications and systems. To gain access to it, the user had to study and then constantly carry out many complex access procedures. Once access was granted, each application required its own interface. Faced with such difficulties, users usually simply refused to receive timely information. They were able to master access to one or two applications, but they were no longer sufficient for the rest.

To solve this problem, some enterprises have attempted to accumulate all distributed information on one main system. As a result, the user received a single access method and a single interface. However, since in this case all enterprise requests were processed centrally, these systems grew and became more complex. More than ten years have passed, and many of them are still not filled with information due to the high cost of entering and maintaining it. There were other problems here too. The complexity of such unified systems made them difficult to modify and use. To support discrete transaction process data, tools were developed to manage such systems. Over the past decade, the data we deal with has become much more complex, making the information support process more difficult. The changing nature of information needs, and how difficult it is to change in this area, has given rise to these large, centrally managed systems that are holding back requests at the enterprise level.

Web technology offers a new approach to on-demand information delivery. Since it supports the authorization, publication and management of distributed information, new technology does not lead to the same complexities as older centralized systems. Documents are created, maintained, and published directly by the authors, without having to ask programmers to create new data entry forms and reporting programs. With new browsing systems, the user can access and view information from distributed sources and systems using a simple, unified interface without having any idea about the servers they are actually accessing. These simple technological changes will revolutionize information infrastructures and fundamentally change how our organizations operate.

The main distinguishing feature of this technology is that control of the flow of information is in the hands not of its creator, but of the consumer. If the user can easily retrieve and review information as needed, it no longer has to be sent to them "just in case" it is needed. The publishing process can now be independent of automatic information dissemination. This includes forms, reports, standards, meeting scheduling, sales enablement tools, training materials, schedules, and a host of other documents that tend to fill our trash bins. For the system to work, as stated above, we need not only a new information infrastructure, but also a new approach, a new culture. As creators of information, we must learn to publish it without disseminating it, and as users, we must learn to be more responsible in identifying and monitoring our information needs, actively and efficiently obtaining information when we need it.

The concept of "Corporate networks". Their main functions.

Before we talk about private (corporate) networks, we need to define what these words mean. Recently, this phrase has become so widespread and fashionable that it has begun to lose its meaning. In our understanding, a corporate network is a system that ensures the transfer of information between various applications used in the corporate system. Based on this completely abstract definition, we will consider various approaches to creating such systems and try to fill the concept of a corporate network with concrete content. At the same time, we believe that the network should be as universal as possible, that is, allow the integration of existing and future applications with the lowest possible costs and restrictions.

A corporate network, as a rule, is geographically distributed, i.e. uniting offices, divisions and other structures located at a considerable distance from each other. Often corporate network nodes are located in different cities and sometimes countries. The principles by which such a network is built are quite different from those used when creating a local network, even covering several buildings. The main difference is that geographically distributed networks use fairly slow (today tens and hundreds of kilobits per second, sometimes up to 2 Mbit/s) leased communication lines. If when creating a local network the main costs are for the purchase of equipment and laying cables, then in geographically distributed networks the most significant element of the cost is the rental fee for the use of channels, which grows rapidly with the increase in the quality and speed of data transmission. This limitation is fundamental, and when designing a corporate network, all measures should be taken to minimize the volume of transmitted data. Otherwise, the corporate network should not impose restrictions on which applications and how they process information transferred over it.

By applications we mean here system software - databases, postal systems, computing resources, file service, etc. - as well as the tools with which the end user works. The main tasks of a corporate network are the interaction of system applications located in various nodes and access to them by remote users.

The first problem that has to be solved when creating a corporate network is the organization of communication channels. If within one city you can count on renting dedicated lines, including high-speed ones, then when moving to geographically distant nodes, the cost of renting channels becomes simply astronomical, and their quality and reliability often turn out to be very low. A natural solution to this problem is to use already existing wide area networks. In this case, it is enough to provide channels from offices to the nearest network nodes. The global network will take on the task of delivering information between nodes. Even when creating a small network within one city, you should keep in mind the possibility of further expansion and use technologies that are compatible with existing global networks.

Often the first, or even the only, such network that comes to mind is the Internet. Using the Internet in corporate networks Depending on the tasks being solved, the Internet can be considered at different levels. For the end user, this is primarily a worldwide system for providing information and postal services. The combination of new technologies for accessing information, united by the concept of the World Wide Web, with a cheap and publicly available global computer communications system, the Internet, has actually given birth to a new mass media, which is often simply called the Net. Anyone who connects to this system perceives it simply as a mechanism that gives access to certain services. The implementation of this mechanism turns out to be absolutely insignificant.

When using the Internet as the basis for a corporate data network, it turns out that interesting thing. It turns out that the Network is not a network at all. This is exactly the Internet - interconnection. If we look inside the Internet, we see that information flows through many completely independent and mostly non-commercial nodes, connected through a wide variety of channels and data networks. The rapid growth of services provided on the Internet leads to overload of nodes and communication channels, which sharply reduces the speed and reliability of information transfer. At the same time, Internet service providers do not bear any responsibility for the functioning of the network as a whole, and communication channels are developing extremely unevenly and mainly where the state considers it necessary to invest in it. Accordingly, there are no guarantees about the quality of the network, the speed of data transfer, or even simply the reachability of your computers. For tasks in which reliability and guaranteed time of information delivery are critical, the Internet is far from The best decision. In addition, the Internet binds users to one protocol - IP. This is good when we use standard applications that work with this protocol. Using any other systems with the Internet turns out to be difficult and expensive. If you need to provide mobile users with access to your private network, the Internet is also not the best solution.

It would seem that there shouldn’t be any big problems here - there are Internet service providers almost everywhere, take a laptop with a modem, call and work. However, the supplier, say, in Novosibirsk, has no obligations to you if you connect to the Internet in Moscow. He does not receive money for services from you and, of course, will not provide access to the network. Either you need to conclude an appropriate contract with him, which is hardly reasonable if you find yourself on a two-day business trip, or call from Novosibirsk to Moscow.

Another Internet problem that has been widely discussed lately is security. If we are talking about a private network, it seems quite natural to protect the transmitted information from prying eyes. The unpredictability of information paths between many independent Internet nodes not only increases the risk that some overly curious network operator can put your data on their disk (technically this is not so difficult), but also makes it impossible to determine the location of the information leak. Encryption tools solve the problem only partially, since they are applicable mainly to mail, file transfer, etc. Solutions that allow you to encrypt information in real time at an acceptable speed (for example, when working directly with a remote database or file server) are inaccessible and expensive. Another aspect of the security problem is again related to the decentralization of the Internet - there is no one who can restrict access to the resources of your private network. Since this is an open system where everyone sees everyone, anyone can try to get into your office network and gain access to data or programs. There are, of course, means of protection (the name Firewall is accepted for them - in Russian, or more precisely in German, “firewall” - fire wall). However, they should not be considered a panacea - remember about viruses and antivirus programs. Any protection can be broken, as long as it pays off the cost of hacking. It should also be noted that you can make a system connected to the Internet inoperable without invading your network. There are known cases of unauthorized access to the management of network nodes, or simply using the features of the Internet architecture to disrupt access to a particular server. Thus, the Internet cannot be recommended as a basis for systems that require reliability and closedness. Connecting to the Internet within a corporate network makes sense if you need access to that huge information space, which is actually called the Network.

A corporate network is a complex system that includes thousands of different components: computers of various types, from desktops to mainframes, system and application software, network adapters, hubs, switches and routers, and cable system. The main task system integrators and administrators is to ensure that this cumbersome and very expensive system copes as best as possible with processing the flow of information circulating between the employees of the enterprise and allows them to make timely and rational decisions that ensure the survival of the enterprise in fierce competition. And since life does not stand still, the content of corporate information, the intensity of its flows and the methods of processing it are constantly changing. The latest example of a dramatic change in the technology of automated processing of corporate information is in plain sight - it is associated with the unprecedented growth in the popularity of the Internet in the last 2 - 3 years. The changes brought about by the Internet are multifaceted. The WWW hypertext service has changed the way information is presented to people by collecting on its pages all the popular types of information - text, graphics and sound. Internet transport - inexpensive and accessible to almost all enterprises (and, through telephone networks, to individual users) - has significantly simplified the task of building a territorial corporate network, while simultaneously highlighting the task of protecting corporate data while transmitting it through a highly accessible public network with a multimillion-dollar population. ".

Technologies used in corporate networks.

Before setting out the basics of the methodology for building corporate networks, it is necessary to provide a comparative analysis of technologies that can be used in corporate networks.

Modern data transmission technologies can be classified according to data transmission methods. In general, there are three main methods of data transfer:

circuit switching;

message switching;

packet switching.

All other methods of interaction are, as it were, their evolutionary development. For example, if you imagine data transmission technologies as a tree, then the packet switching branch will be divided into frame switching and cell switching. Recall that packet switching technology was developed more than 30 years ago to reduce overhead and improve performance. existing systems data transmission. The first packet switching technologies, X.25 and IP, were designed to handle poor quality links. With improved quality, it became possible to use a protocol such as HDLC for information transmission, which has found its place in Frame Relay networks. The desire to achieve greater productivity and technical flexibility was the impetus for the development of SMDS technology, the capabilities of which were then expanded by the standardization of ATM. One of the parameters by which technologies can be compared is the guarantee of information delivery. Thus, X.25 and ATM technologies guarantee reliable delivery of packets (the latter using the SSCOP protocol), while Frame Relay and SMDS operate in a mode where delivery is not guaranteed. Further, the technology can ensure that the data reaches its recipient in the order it was sent. Otherwise, order must be restored at the receiving end. Packet switched networks can focus on pre-connection establishment or simply transfer data to the network. In the first case, both permanent and switched virtual connections can be supported. Important parameters also include the presence of data flow control mechanisms, traffic management systems, mechanisms for detecting and preventing congestion, etc.

Technology comparisons can also be made based on criteria such as the efficiency of addressing schemes or routing methods. For example, the addressing used may be geographic (telephone numbering plan), WAN, or hardware specific. Thus, the IP protocol uses a logical address consisting of 32 bits, which is assigned to networks and subnets. The E.164 addressing scheme is an example of a geo-location-based scheme, and the MAC address is an example of a hardware address. X.25 technology uses the Logical Channel Number (LCN), and the switched virtual connection in this technology uses the X.121 addressing scheme. In Frame Relay technology, several virtual links can be “embedded” into one link, with a separate virtual link identified by a DLCI (Data-Link Connection Identifier). This identifier is specified in each transmitted frame. DLCI has only local significance; in other words, the sender can identify the virtual channel with one number, while the recipient can identify it with a completely different number. Dialup virtual connections in this technology rely on the E.164 numbering scheme. ATM cell headers contain unique VCI/VPI identifiers, which change as cells pass through intermediate switching systems. Dialup virtual connections in ATM technology can use the E.164 or AESA addressing scheme.

Packet routing in a network can be done statically or dynamically and can either be a standardized mechanism for a specific technology or act as a technical basis. Examples of standardized solutions include the dynamic routing protocols OSPF or RIP for IP. In relation to ATM technology, the ATM Forum has defined the protocol for routing requests to establish switched virtual connections, PNNI, distinctive feature which is recording information about the quality of service.

The ideal option for a private network would be to create communication channels only in those areas where they are needed, and transfer over them any network protocols that the running applications require. At first glance, this is a return to leased communication lines, but there are technologies for constructing data transmission networks that make it possible to organize channels within them that appear only at the right time and in the right place. Such channels are called virtual. A system that connects remote resources using virtual channels can naturally be called a virtual network. Today, there are two main virtual network technologies - circuit-switched networks and packet-switched networks. The first include the regular telephone network, ISDN and a number of other, more exotic technologies. Packet switched networks include X.25, Frame Relay and, more recently, ATM technologies. It is too early to talk about using ATM in geographically distributed networks. Other types of virtual (in various combinations) networks are widely used in the construction of corporate information systems.

Circuit-switched networks provide the subscriber with multiple communication channels with a fixed bandwidth per connection. The well-known telephone network provides one communication channel between subscribers. If you need to increase the number of simultaneously available resources, you have to install additional phone numbers, which is very expensive. Even if we forget about the low quality of communication, the limitation on the number of channels and the long connection establishment time do not allow using telephone communications as the basis of a corporate network. For connecting individual remote users, this is quite convenient and often the only available method.

Another example of a circuit-switched virtual network is ISDN (Integrated Services Digital Network). ISDN provides digital channels(64 kbit/sec), through which both voice and data can be transmitted. A basic ISDN (Basic Rate Interface) connection includes two such channels and an additional control channel with a speed of 16 kbit/s (this combination is referred to as 2B+D). It is possible to use a larger number of channels - up to thirty (Primary Rate Interface, 30B+D), but this leads to a corresponding increase in the cost of equipment and communication channels. In addition, the costs of renting and using the network increase proportionally. In general, the limitations on the number of simultaneously available resources imposed by ISDN lead to the fact that this type of communication is convenient to use mainly as an alternative to telephone networks. In systems with a small number of nodes, ISDN can also be used as the main network protocol. You just have to keep in mind that access to ISDN in our country is still the exception rather than the rule.

An alternative to circuit-switched networks is packet-switched networks. When using packet switching, one communication channel is used in a time-sharing mode by many users - much the same as on the Internet. However, unlike networks like the Internet, where each packet is routed separately, packet switching networks require a connection to be established between end resources before information can be transmitted. After establishing a connection, the network “remembers” the route (virtual channel) along which information should be transmitted between subscribers and remembers it until it receives a signal to break the connection. For applications running on a packet switching network, virtual circuits look like regular communication lines - the only difference is that their throughput and introduced delays change depending on the network load.

The classic packet switching technology is the X.25 protocol. Nowadays it is customary to wrinkle your nose at these words and say: “it’s expensive, slow, outdated and not fashionable.” Indeed, today there are practically no X.25 networks using speeds above 128 kbit/s. The X.25 protocol includes powerful error correction capabilities, ensuring reliable delivery of information even over poor lines and is widely used where high-quality communication channels are not available. In our country they are not available almost everywhere. Naturally, you have to pay for reliability - in this case, the speed of network equipment and relatively large - but predictable - delays in the distribution of information. At the same time, X.25 is a universal protocol that allows you to transfer almost any type of data. "Natural" for X.25 networks is the operation of applications that use the OSI protocol stack. These include systems using the X.400 (email) and FTAM (file exchange) standards, as well as several others. Tools are available to implement interaction based on OSI protocols Unix systems. Another standard feature of X.25 networks is communication through regular asynchronous COM ports. Figuratively speaking, the X.25 network extends the cable connected to serial port, bringing its connector to remote resources. Thus, almost any application that can be accessed through a COM port can be easily integrated into an X.25 network. Examples of such applications include not only terminal access to remote host computers, such as Unix machines, but also the interaction of Unix computers with each other (cu, uucp), Lotus Notes-based systems, cc:Mail and MS e-mail Mail, etc. To combine LANs in nodes connected to the X.25 network, there are methods for packaging ("encapsulating") information packets from the local network into X.25 packets. Part of the service information is not transmitted, since it can be unambiguously restored on the recipient's side. The standard encapsulation mechanism is considered to be that described in RFC 1356. It allows various local network protocols (IP, IPX, etc.) to be transmitted simultaneously through one virtual connection. This mechanism (or the older IP-only RFC 877 implementation) is implemented in almost all modern routers. There are also methods for transferring other communication protocols over X.25, in particular SNA, used in IBM mainframe networks, as well as a number of proprietary protocols from various manufacturers. Thus, X.25 networks offer a universal transport mechanism for transferring information between virtually any application. In this case, different types of traffic are transmitted over one communication channel, without “knowing” anything about each other. With LAN aggregation over X.25, you can isolate separate parts of your corporate network from each other, even if they use the same communication lines. This makes it easier to solve security and access control problems that inevitably arise in complex information structures. In addition, in many cases there is no need to use complex routing mechanisms, shifting this task to the X.25 network. Today there are dozens of global X.25 networks in the world common use , their nodes are located in almost all major business, industrial and administrative centers. In Russia, X.25 services are offered by Sprint Network, Infotel, Rospak, Rosnet, Sovam Teleport and a number of other providers. In addition to connecting remote nodes, X.25 networks always provide access facilities for end users. In order to connect to any X.25 network resource, the user only needs to have a computer with an asynchronous serial port and a modem. At the same time, there are no problems with authorizing access in geographically remote nodes - firstly, X.25 networks are quite centralized and by concluding an agreement, for example, with the Sprint Network company or its partner, you can use the services of any of the Sprintnet nodes - and these are thousands of cities all over the world, including more than a hundred in the former USSR. Secondly, there is a protocol for interaction between different networks (X.75), which also takes into account payment issues. So, if your resource is connected to an X.25 network, you can access it both from your provider's nodes and through nodes on other networks - that is, from virtually anywhere in the world. From a security point of view, X.25 networks provide a number of very attractive opportunities. First of all, due to the very structure of the network, the cost of intercepting information in the X.25 network turns out to be high enough to already serve as good protection. The problem of unauthorized access can also be solved quite effectively using the network itself. If any - even however small - risk of information leakage turns out to be unacceptable, then, of course, it is necessary to use encryption tools, including in real time. Today, there are encryption tools created specifically for X.25 networks that allow operation at fairly high speeds - up to 64 kbit/s. Such equipment is produced by Racal, Cylink, Siemens. There are also domestic developments created under the auspices of FAPSI. The disadvantage of X.25 technology is the presence of a number of fundamental speed restrictions. The first of them is associated precisely with the developed capabilities of correction and restoration. These features cause delays in the transmission of information and require a lot of processing power and performance from X.25 equipment, as a result of which it simply cannot keep up with fast communication lines. Although there is equipment that has two-megabit ports, the speed they actually provide does not exceed 250 - 300 kbit/sec per port. On the other hand, for modern high-speed communication lines, X correction means. 25 turn out to be redundant and when using them, the equipment’s power often runs idle. The second feature that makes X.25 networks considered slow is the encapsulation features of LAN protocols (primarily IP and IPX). All other things being equal, LAN communications over X.25 are, depending on network parameters, 15-40 percent slower than using HDLC over a leased line. Moreover, the worse the communication line, the higher the performance loss. Once again we are dealing with obvious redundancy: LAN protocols have own funds correction and recovery (TCP, SPX), however, when using X.25 networks, you have to do this again, losing speed.

It is on these grounds that X.25 networks are declared slow and obsolete. But before we say that any technology is obsolete, it should be indicated for what applications and under what conditions. On low-quality communication lines, X.25 networks are quite effective and provide significant benefits in price and capabilities compared to leased lines. On the other hand, even if we count on a rapid improvement in communication quality - a necessary condition for the obsolescence of X.25 - then the investment in X.25 equipment will not be lost, since modern equipment includes the ability to migrate to Frame Relay technology.

Frame Relay networks

Frame Relay technology emerged as a means to realize the benefits of packet switching on high-speed communication lines. The main difference between Frame Relay networks and X.25 is that they eliminate error correction between network nodes. The tasks of restoring the flow of information are assigned to the terminal equipment and software of users. Naturally, this requires the use of sufficiently high-quality communication channels. It is believed that to successfully work with Frame Relay, the probability of an error in the channel should be no worse than 10-6 - 10-7, i.e. no more than one bad bit per several million. The quality provided by conventional analog lines is usually one to three orders of magnitude lower. The second difference between Frame Relay networks is that today almost all of them implement only the permanent virtual connection (PVC) mechanism. This means that when connecting to a Frame Relay port, you must determine in advance which remote resources you will have access to. The principle of packet switching - many independent virtual connections in one communication channel - remains here, but you cannot select the address of any network subscriber. All resources available to you are determined when you configure the port. Thus, on the basis of Frame Relay technology, it is convenient to build closed virtual networks used to transmit other protocols through which routing is carried out. A virtual network being "closed" means that it is completely inaccessible to other users on the same Frame Relay network. For example, in the USA, Frame Relay networks are widely used as backbones for the Internet. However, your private network can use Frame Relay virtual circuits on the same lines as Internet traffic - and be completely isolated from it. Like X.25 networks, Frame Relay provides a universal transmission medium for virtually any application. The main area of ​​application of Frame Relay today is the interconnection of remote LANs. In this case, error correction and information recovery are carried out at the level of LAN transport protocols - TCP, SPX, etc. Losses for encapsulating LAN traffic in Frame Relay do not exceed two to three percent. Methods for encapsulating LAN protocols in Frame Relay are described in the specifications RFC 1294 and RFC 1490. RFC 1490 also defines the transmission of SNA traffic over Frame Relay. The ANSI T1.617 Annex G specification describes the use of X.25 over Frame Relay networks. In this case, all the addressing, correction and recovery functions of X are used. 25 - but only between end nodes that implement Annex G. The permanent connection through the Frame Relay network in this case looks like a "straight wire" along which X.25 traffic is transmitted. X.25 parameters (packet and window size) can be selected to obtain the lowest possible propagation delays and speed loss when encapsulating LAN protocols. The absence of error correction and complex packet switching mechanisms characteristic of X.25 allows information to be transmitted over Frame Relay with minimal delays. Additionally, it is possible to enable a prioritization mechanism that allows the user to have a guaranteed minimum information transfer rate for the virtual channel. This capability allows Frame Relay to be used to transmit latency-critical information such as voice and video in real time. This one is comparatively new opportunity is becoming increasingly popular and is often the main argument when choosing Frame Relay as the basis of a corporate network. It should be remembered that today Frame Relay network services are available in our country in no more than one and a half dozen cities, while X.25 is available in approximately two hundred. There is every reason to believe that as communication channels develop, Frame Relay technology will become increasingly widespread - primarily where X.25 networks currently exist. Unfortunately, there is no single standard that describes the interaction of different Frame Relay networks, so users are locked into one service provider. If it is necessary to expand the geography, it is possible to connect at one point to the networks of different suppliers - with a corresponding increase in costs. There are also private Frame Relay networks operating within one city or using long-distance - usually satellite - dedicated channels. Building private networks based on Frame Relay allows you to reduce the number of leased lines and integrate voice and data transmission.

Structure of the corporate network. Hardware.

When building a geographically distributed network, all the technologies described above can be used. To connect remote users, the simplest and most affordable option is to use telephone communication. Where possible, ISDN networks may be used. To connect network nodes in most cases, global data networks are used. Even where it is possible to lay dedicated lines (for example, within the same city), the use of packet switching technologies makes it possible to reduce the number of necessary communication channels and, importantly, ensure compatibility of the system with existing global networks. Connecting your corporate network to the Internet is justified if you need access to relevant services. It is worth using the Internet as a data transmission medium only when other methods are unavailable and financial considerations outweigh the requirements of reliability and security. If you will use the Internet only as a source of information, it is better to use dial-on-demand technology, i.e. this method of connection, when a connection to an Internet node is established only on your initiative and for the time you need. This dramatically reduces the risk of unauthorized entry into your network from the outside. The simplest way To ensure such a connection - use dialing to the Internet node via a telephone line or, if possible, via ISDN. Another, more reliable way provide connection on demand - use a leased line and the X.25 protocol or - which is much preferable - Frame Relay. In this case, the router on your side should be configured to break the virtual connection if there is no data for a certain time and re-establish it only when data appears on your side. Widespread connection methods using PPP or HDLC do not provide this opportunity. If you want to provide your information on the Internet - for example, install WWW or FTP server, the on-demand connection is not applicable. In this case, you should not only use access restriction using a Firewall, but also isolate the Internet server from other resources as much as possible. A good solution is to use a single Internet connection point for the entire geographically distributed network, the nodes of which are connected to each other using X.25 or Frame Relay virtual channels. In this case, access from the Internet is possible to a single node, while users in other nodes can access the Internet using an on-demand connection.

To transfer data within a corporate network, it is also worth using virtual channels of packet switching networks. The main advantages of this approach - versatility, flexibility, security - were discussed in detail above. Both X.25 and Frame Relay can be used as a virtual network when building a corporate information system. The choice between them is determined by the quality of communication channels, the availability of services at connection points and, last but not least, financial considerations. Today's costs using Frame Relay for long-distance communication turns out to be several times higher than for X.25 networks. On the other hand, higher data transfer speeds and the ability to simultaneously transmit data and voice may be decisive arguments in favor of Frame Relay. In those areas of the corporate network where leased lines are available, Frame Relay technology is more preferable. In this case, it is possible to both combine local networks and connect to the Internet, as well as use those applications that traditionally require X.25. In addition, over the same network it is possible telephone communications between nodes. For Frame Relay, it is better to use digital communication channels, but even on physical lines or voice-frequency channels you can create a quite effective network by installing the appropriate channel equipment. Good results are obtained by using Motorola 326x SDC modems, which have unique capabilities for data correction and compression in synchronous mode. Thanks to this, it is possible - at the cost of introducing small delays - to significantly increase the quality of the communication channel and achieve effective speeds of up to 80 kbit/sec and higher. On short physical lines, short-range modems can also be used, providing fairly high speeds. However, it is necessary here high quality lines, since short-range modems do not support any error correction. RAD short-range modems are widely known, as well as PairGain equipment, which allows you to achieve speeds of 2 Mbit/s on physical lines about 10 km long. To connect remote users to the corporate network, access nodes of X.25 networks, as well as their own communication nodes, can be used. In the latter case, the required amount must be allocated telephone numbers(or ISDN channels), which may be too expensive. If you need to connect a large number of users at the same time, then using X.25 network access nodes may be a cheaper option, even within the same city.

A corporate network is a rather complex structure that uses various types of communications, communication protocols and methods of connecting resources. From the point of view of ease of construction and manageability of the network, one should focus on the same type of equipment from one manufacturer. However, practice shows that there are no suppliers offering the most effective solutions for all emerging problems. A working network is always the result of a compromise - either it is a homogeneous system, suboptimal in terms of price and capabilities, or a more complex combination of products from different manufacturers to install and manage. Next, we will look at network building tools from several leading manufacturers and give some recommendations for their use.

All data transmission network equipment can be divided into two large classes -

1. peripheral, which is used to connect end nodes to the network, and

2. backbone or backbone, which implements the main functions of the network (channel switching, routing, etc.).

There is no clear boundary between these types - the same devices can be used in different capacities or combine both functions. It should be noted that backbone equipment is usually subject to increased requirements in terms of reliability, performance, number of ports and further expandability.

Peripheral equipment is necessary component any corporate network. The functions of backbone nodes can be taken over by a global data transmission network to which resources are connected. As a rule, backbone nodes appear as part of a corporate network only in cases where leased communication channels are used or when own access nodes are created. Peripheral equipment of corporate networks, in terms of the functions they perform, can also be divided into two classes.

Firstly, these are routers, which are used to connect homogeneous LANs (usually IP or IPX) through global data networks. In networks that use IP or IPX as the main protocol - in particular, on the Internet - routers are also used as backbone equipment that ensures the joining of various communication channels and protocols. Routers can be implemented either as stand-alone devices or as software based on computers and special communication adapters.

The second widely used type of peripheral equipment is gateways), which implement the interaction of applications running in different types of networks. Corporate networks primarily use OSI gateways, which provide LAN connectivity to X.25 resources, and SNA gateways, which provide connectivity to IBM networks. A full-featured gateway is always a hardware-software complex, since it must provide the software interfaces necessary for applications. Cisco Systems Routers Among the routers, perhaps the best known are the products of Cisco Systems, which implement a wide range of tools and protocols used in the interaction of local networks. Cisco equipment supports a variety of connection methods, including X.25, Frame Relay and ISDN, allowing you to create quite complex systems. In addition, among the Cisco router family there are excellent remote access servers for local networks, and some configurations partially implement gateway functions (what is called Protocol Translation in Cisco terms).

The main application area for Cisco routers is complex networks using IP or, less commonly, IPX as the main protocol. In particular, Cisco equipment is widely used in Internet backbones. If your corporate network is designed primarily to connect remote LANs and requires complex IP or IPX routing across heterogeneous links and data networks, then using Cisco equipment will most likely optimal choice. Tools for working with Frame Relay and X.25 are implemented in Cisco routers only to the extent that is needed to combine local networks and access them. If you want to build your system based on packet-switched networks, then Cisco routers can work in it only as purely peripheral equipment, and many of the routing functions are redundant and, accordingly, the price is too high. The most interesting for use in corporate networks are the Cisco 2509, Cisco 2511 access servers and the new Cisco 2520 series devices. Their main area of ​​application is access for remote users to local networks via telephone lines or ISDN with dynamic IP address assignment (DHCP). Motorola ISG Equipment Among the equipment designed to work with X.25 and Frame Relay, the most interesting are the products manufactured by the Motorola Corporation Information Systems Group (Motorola ISG). Unlike backbone devices used in global data networks (Northern Telecom, Sprint, Alcatel, etc.), Motorola equipment is capable of operating completely autonomously, without a special network management center. The range of capabilities important for use in corporate networks is much wider for Motorola equipment. Of particular note are the developed means of hardware and software modernization, which make it possible to easily adapt the equipment to specific conditions. All Motorola ISG products can operate as X.25/Frame Relay switches, multi-protocol access devices (PAD, FRAD, SLIP, PPP, etc.), support Annex G (X.25 over Frame Relay), provide SNA protocol conversion (SDLC/ QLLC/RFC1490). Motorola ISG equipment can be divided into three groups, differing in the set of hardware and scope of application.

The first group, designed to work as peripheral devices, is the Vanguard series. It includes Vanguard 100 (2-3 ports) and Vanguard 200 (6 ports) serial access nodes, as well as Vanguard 300/305 routers (1-3 serial ports and an Ethernet/Token Ring port) and Vanguard 310 ISDN routers. Routers Vanguard, in addition to a set of communication capabilities, includes the transmission of IP, IPX and Appletalk protocols over X.25, Frame Relay and PPP. Naturally, at the same time, the gentleman’s set necessary for any modern router is supported - the RIP and OSPF protocols, filtering and access restriction tools, data compression, etc.

The next group of Motorola ISG products includes the Multimedia Peripheral Router (MPRouter) 6520 and 6560 devices, which differ mainly in performance and expandability. In the basic configuration, the 6520 and 6560 have, respectively, five and three serial ports and an Ethernet port, and the 6560 has all high-speed ports (up to 2 Mbps), and the 6520 has three ports with speeds up to 80 kbps. MPRouter supports all communication protocols and routing capabilities available for Motorola ISG products. The main feature of MPRouter is the ability to install a variety of additional fees, which is reflected by the word Multimedia in its name. There are serial port cards, Ethernet/Token Ring ports, ISDN cards, and Ethernet hub. The most interesting feature of MPRouter is voice over Frame Relay. To do this, special boards are installed in it, allowing the connection of conventional telephone or fax machines, as well as analog (E&M) and digital (E1, T1) PBXs. The number of simultaneously serviced voice channels can reach two or more dozen. Thus, MPRouter can be used simultaneously as a voice and data integration tool, a router and an X.25/Frame Relay node.

The third group of Motorola ISG products is backbone equipment for global networks. These are expandable devices of the 6500plus family, with fault-tolerant design and redundancy, designed to create powerful switching and access nodes. They include various sets of processor modules and I/O modules, allowing for high-performance nodes with from 6 to 54 ports. In corporate networks, such devices can be used to build complex systems with a large number of connected resources.

It is interesting to compare Cisco and Motorola routers. We can say that for Cisco routing is primary, and communication protocols are only a means of communication, while Motorola focuses on communication capabilities, considering routing as another service implemented using these capabilities. In general, the routing capabilities of Motorola products are poorer than those of Cisco, but they are quite sufficient for connecting end nodes to the Internet or a corporate network.

The performance of Motorola products, all other things being equal, is perhaps even higher, and at a lower price. Thus, Vanguard 300, with a comparable set of capabilities, turns out to be approximately one and a half times cheaper than its closest analogue, Cisco 2501.

Eicon Technology Solutions

In many cases, it is convenient to use solutions from the Canadian company Eicon Technology as peripheral equipment for corporate networks. The basis of Eicon solutions is the universal communication adapter EiconCard, which supports a wide range of protocols - X.25, Frame Relay, SDLC, HDLC, PPP, ISDN. This adapter is installed in one of the computers on the local network, which becomes a communication server. This computer can be used for other tasks as well. This is possible due to the fact that EiconCard has enough powerful processor and its own memory and is capable of processing network protocols without loading the communication server. Eicon software allows you to build both gateways and routers based on EiconCard, running almost all operating systems on Intel platform. Here we will look at the most interesting of them.

The Eicon family of solutions for Unix includes the IP Connect Router, X.25 Connect Gateways and SNA Connect. All of these products can be installed on a computer running SCO Unix or Unixware. IP Connect allows IP traffic to be carried over X.25, Frame Relay, PPP or HDLC and is compatible with equipment from other manufacturers, including Cisco and Motorola. The package includes a Firewall, data compression tools and SNMP management tools. The main application of IP Connect is connecting application servers and Unix-based Internet servers to a data network. Naturally, the same computer can also be used as a router for the entire office in which it is installed. There are a number of advantages to using an Eicon router instead of pure hardware devices. Firstly, it is easy to install and use. From the operating system point of view, EiconCard with IP Connect installed looks like another network card. This makes setting up and administering IP Connect fairly simple for anyone who has been around Unix. Secondly, directly connecting the server to the data network allows you to reduce the load on the office LAN and provide that very single point of connection to the Internet or to the corporate network without installing additional network cards and routers. Third, this "server-centric" solution is more flexible and extensible than traditional routers. There are a number of other benefits that come with using IP Connect with other Eicon products.

X.25 Connect is a gateway that allows LAN applications to communicate with X.25 resources. This product allows you to connect Unix users and DOS/Windows and OS/2 workstations to remote email systems, databases and other systems. By the way, it should be noted that Eicon gateways today are perhaps the only common product on our market that implements the OSI stack and allows you to connect to X.400 and FTAM applications. In addition, X.25 Connect allows you to connect remote users to a Unix machine and terminal applications on local network stations, as well as organize interaction between remote Unix computers via X.25. Using standard Unix capabilities together with X.25 Connect, it is possible to implement protocol conversion, i.e. translation of Unix Telnet access into an X.25 call and vice versa. It is possible to connect a remote X.25 user using SLIP or PPP to a local network and, accordingly, to the Internet. In principle, similar protocol translation capabilities are available in Cisco routers running IOS Enterprise software, but the solution is more expensive than Eicon and Unix products combined.

Another product mentioned above is SNA Connect. This is a gateway designed to connect to the IBM mainframe and AS/400. It is typically used in conjunction with user software—5250 and 3270 terminal emulators and APPC interfaces—also manufactured by Eicon. Analogues of the solutions discussed above exist for other operating systems - Netware, OS/2, Windows NT and even DOS. Particularly worth mentioning is Interconnect Server for Netware, which combines all of the above capabilities with remote configuration and administration tools and a client authorization system. It includes two products - Interconnect Router, which allows routing of IP, IPX and Appletalk and is, in our opinion, the most successful solution for connecting remote Novell Netware networks, and Interconnect Gateway, which provides, in particular, powerful SNA connectivity. Another Eicon product designed to work in the Novell Netware environment is WAN Services for Netware. This is a set of tools that allow you to use Netware applications on X.25 and ISDN networks. Using it in conjunction with Netware Connect allows remote users to connect to the LAN via X.25 or ISDN, as well as provide X.25 egress from the LAN. There is an option to ship WAN Services for Netware with Novell's Multiprotocol Router 3.0. This product is called Packet Blaster Advantage. A Packet Blaster ISDN is also available, which works not with the EiconCard, but with ISDN adapters also supplied by Eicon. In this case, various connection options are possible - BRI (2B+D), 4BRI (8B+D) and PRI (30B+D). To work with Windows applications NT is intended for the product WAN Services for NT. It includes an IP Router, tools for connecting NT applications to X.25 networks, support for Microsoft SNA Server, and tools for remote users to access a local network via X.25 using Remote Access Server. An Eicon ISDN adapter can also be used in conjunction with ISDN Services for Netware software to connect a Windows NT server to an ISDN network.

Methodology for building corporate networks.

Now that we have listed and compared the main technologies that a developer can use, let's move on to the basic issues and methods used in network design and development.

Network requirements.

Network designers and network administrators always strive to ensure that three basic network requirements are met, namely:

scalability;

performance;

controllability.

Good scalability is necessary so that both the number of users on the network and the application software can be changed without much effort. High network performance is required for most modern applications to function properly. Finally, the network must be manageable enough to be reconfigured to meet the organization's ever-changing needs. These requirements reflect a new stage in the development of network technologies - the stage of creating high-performance corporate networks.

Uniqueness of new software and technology complicates the development of enterprise networks. Centralized resources, new classes of programs, different principles of their application, changes in the quantitative and qualitative characteristics of the information flow, an increase in the number of concurrent users and an increase in the power of computing platforms - all these factors must be taken into account in their entirety when developing a network. Nowadays there are a large number of technological and architectural solutions on the market, and choosing the most suitable one is a rather difficult task.

In modern conditions, for proper network design, development and maintenance, specialists must consider the following issues:

o Change of organizational structure.

When implementing a project, you should not “separate” software specialists and network specialists. When developing networks and the entire system as a whole, a single team of specialists from different fields is needed;

o Use of new software tools.

It is necessary to become familiar with new software at an early stage of network development so that the necessary adjustments can be made in a timely manner to the tools planned for use;

o Research different solutions.

It is necessary to evaluate various architectural decisions and their possible impact on the operation of the future network;

o Checking networks.

It is necessary to test the entire network or parts of it in the early stages of development. To do this, you can create a network prototype that will allow you to evaluate the correctness of the decisions made. This way you can prevent the emergence of various kinds of bottlenecks and determine the applicability and approximate performance of different architectures;

o Selection of protocols.

To choose the right network configuration, you need to evaluate the capabilities various protocols. It is important to determine how network operations that optimize the performance of one program or software package may affect the performance of others;

o Selecting a physical location.

When choosing a location to install servers, you must first determine the location of the users. Is it possible to move them? Will their computers be connected to the same subnet? Will users have access to the global network?

o Calculation of critical time.

It is necessary to determine the acceptable response time of each application and possible periods of maximum load. It is important to understand how emergency situations can affect network performance and determine whether a reserve is needed to organize the continuous operation of the enterprise;

o Analysis of options.

It is important to analyze the different uses of software on the network. Centralized storage and processing of information often creates additional load at the center of the network, and distributed computing may require the strengthening of local workgroup networks.

Today there is no ready-made, streamlined universal methodology, following which you can automatically carry out the entire range of activities for the development and creation of a corporate network. First of all, this is due to the fact that there are no two absolutely identical organizations. In particular, each organization is characterized by a unique leadership style, hierarchy, and business culture. And if we take into account that the network inevitably reflects the structure of the organization, then we can safely say that no two identical networks exist.

Network architecture

Before you begin building a corporate network, you must first determine its architecture, functional and logical organization, and take into account the existing telecommunications infrastructure. A well-designed network architecture helps evaluate the feasibility of new technologies and applications, serves as a foundation for future growth, guides the choice of network technologies, helps avoid unnecessary costs, reflects the connectivity of network components, significantly reduces the risk of incorrect implementation, etc. The network architecture is laid as the basis terms of reference to the created network. It should be noted that network architecture differs from network design in that, for example, it does not define the exact schematic diagram of the network and does not regulate the placement of network components. Network architecture, for example, determines whether some parts of the network will be built on Frame Relay, ATM, ISDN, or other technologies. The network design must contain specific instructions and estimates of parameters, for example, the required throughput value, the actual bandwidth, the exact location of communication channels, etc.

There are three aspects, three logical components, in the network architecture:

principles of construction,

network templates

and technical positions.

Design principles are used in network planning and decision making. Principles are a set simple instructions, which describe in sufficient detail all the issues of constructing and operating a deployed network over a long period of time. As a rule, the formation of principles is based on the corporate goals and basic business practices of the organization.

The principles provide the primary link between corporate development strategy and network technologies. They serve to develop technical positions and network templates. When developing a technical specification for a network, the principles of constructing a network architecture are set out in a section that defines the general goals of the network. The technical position can be viewed as a target description that determines the choice between competing alternative network technologies. The technical position clarifies the parameters of the selected technology and provides a description of a single device, method, protocol, service provided, etc. For example, when choosing a LAN technology, speed, cost, quality of service, and other requirements must be taken into account. Developing technical positions requires in-depth knowledge of networking technologies and careful consideration of the organization's requirements. The number of technical positions is determined by the given level of detail, the complexity of the network and the size of the organization. The network architecture can be described in the following technical terms:

Network transport protocols.

What transport protocols should be used to transfer information?

Network routing.

What routing protocol should be used between routers and ATM switches?

Quality of service.

How will the ability to choose the quality of service be achieved?

Addressing in IP networks and addressing domains.

What addressing scheme should be used for the network, including registered addresses, subnets, subnet masks, forwarding, etc.?

Switching in local networks.

What switching strategy should be used in local area networks?

Combining switching and routing.

Where and how switching and routing should be used; how should they combine?

Organization of a city network.

How should branches of an enterprise located, say, in the same city communicate?

Organization of a global network.

How should enterprise branches communicate over a global network?

Remote access service.

How do users of remote branches gain access to the enterprise network?

Network patterns are a set of models of network structures that reflect the relationships between network components. For example, for a particular network architecture, a set of templates is created to “reveal” the network topology of a large branch or wide area network, or to show the distribution of protocols across layers. Network patterns illustrate a network infrastructure that is described by a complete set of technical positions. Moreover, in a well-designed network architecture, network templates can be as close in content to technical items as possible in terms of detail. In fact, network templates are a description of the functional diagram of a network section that has specific boundaries; the following main network templates can be distinguished: for a global network, for a metropolitan network, for a central office, for a large branch of an organization, for a department. Other templates can be developed for sections of the network that have any special features.

The described methodological approach is based on studying a specific situation, considering the principles of building a corporate network in their entirety, analyzing its functional and logical structure, developing a set of network templates and technical positions. Various implementations of corporate networks may include certain components. In general, a corporate network consists of various branches connected by communication networks. They can be wide area (WAN) or metropolitan (MAN). Branches can be large, medium and small. A large department can be a center for processing and storing information. A central office is allocated from which the entire corporation is managed. Small departments include various service departments (warehouses, workshops, etc.). Small branches are essentially remote. The strategic purpose of the remote branch is to house sales and technical support closer to the consumer. Customer communications, which significantly impact corporate revenue, will be more productive if all employees have the ability to access corporate data at any time.

At the first step of building a corporate network, the proposed functional structure is described. The quantitative composition and status of offices and departments is determined. The need to deploy your own private communication network is justified or the choice of a service provider that is able to meet the requirements is made. The development of a functional structure is carried out taking into account the financial capabilities of the organization, long-term development plans, the number of active network users, running applications, and the required quality of service. The development is based on the functional structure of the enterprise itself.

The second step is to determine the logical structure of the corporate network. The logical structures differ from each other only in the choice of technology (ATM, Frame Relay, Ethernet...) for building the backbone, which is the central link of the corporation's network. Let's consider logical structures built on the basis of cell switching and frame switching. The choice between these two methods of transmitting information is made based on the need to provide guaranteed quality of service. Other criteria may be used.

The data transmission backbone must satisfy two basic requirements.

o The ability to connect a large number of low-speed workstations to a small number of powerful, high-speed servers.

o Acceptable speed of response to customer requests.

An ideal highway should have high reliability of data transmission and a developed control system. A management system should be understood, for example, as the ability to configure the backbone taking into account all local features and maintaining reliability at such a level that even if some parts of the network fail, the servers remain available. The listed requirements will probably determine several technologies, and the final choice of one of them remains with the organization itself. You need to decide what is most important - cost, speed, scalability or quality of service.

The logical structure with cell switching is used in networks with real-time multimedia traffic (video conferencing and high-quality voice transmission). At the same time, it is important to soberly assess how necessary such an expensive network is (on the other hand, even expensive networks are sometimes not able to satisfy some requirements). If this is so, then it is necessary to take the logical structure of the frame switching network as a basis. The logical switching hierarchy, combining two levels of the OSI model, can be represented as a three-level diagram:

The lower level is used to combine local Ethernet networks,

The middle layer is either an ATM local network, a MAN network, or a WAN backbone communication network.

The top level of this hierarchical structure is responsible for routing.

The logical structure allows you to identify all possible communication routes between individual sections of the corporate network

Backbone based on cell switching

When mesh switching technology is used to build a network backbone, the interconnection of all workgroup-level Ethernet switches is carried out by high-performance ATM switches. Operating at Layer 2 of the OSI reference model, these switches transmit 53-byte fixed-length cells instead of variable-length Ethernet frames. This networking concept requires the workgroup Ethernet switch to have a segment-and-reassemble (SAR) ATM output port that converts variable-length Ethernet frames into fixed-length ATM cells before forwarding the information to the backbone ATM switch.

For wide area networks, core ATM switches are capable of connecting remote regions. Also operating at Layer 2 of the OSI model, these WAN switches can use T1/E1 links (1.544/2.0Mbps), T3 links (45Mbps) or SONET OC-3 links (155Mbps). To provide urban communications, a MAN network can be deployed using ATM technology. The same backbone network ATM can be used to communicate between telephone exchanges. In the future, as part of the client/server telephony model, these stations may be replaced by voice servers on the local network. In this case, the ability to guarantee quality of service in ATM networks becomes very important when organizing communications with client personal computers.

Routing

As already noted, routing is the third and highest level in the hierarchical structure of the network. Routing, which operates at Layer 3 of the OSI reference model, is used to organize communication sessions, which include:

o Communication sessions between devices located in different virtual networks (each network is usually a separate IP subnet);

o Communication sessions that pass through wide area/city

One strategy for building a corporate network is to install switches at the lower levels of the overall network. Local networks are then connected using routers. Routers are required to divide a large organization's IP network into many separate IP subnets. This is necessary to prevent "broadcast explosion" associated with protocols such as ARP. To contain the spread of unwanted traffic across the network, all workstations and servers must be divided into virtual networks. In this case, routing controls communication between devices belonging to different VLANs.

Such a network consists of routers or routing servers (logical core), a network backbone based on ATM switches and a large number of Ethernet switches located on the periphery. With the exception of special cases, such as video servers that connect directly to the ATM backbone, all workstations and servers must be connected to Ethernet switches. This type of network construction will allow you to localize internal traffic within workgroups and prevent such traffic from being pumped through backbone ATM switches or routers. The aggregation of Ethernet switches is carried out by ATM switches, usually located in the same compartment. It should be noted that multiple ATM switches may be required to provide enough ports to connect all the Ethernet switches. As a rule, in this case, 155 Mbit/s communication is used over multimode fiber optic cable.

Routers are located away from the backbone ATM switches, since these routers need to be moved beyond the routes of the main communication sessions. This design makes routing optional. This depends on the type of communication session and the type of traffic on the network. Routing should be avoided when transmitting real-time video information, as it can introduce unwanted delays. Routing is not needed for communication between devices located on the same virtual network, even if they are located in different buildings within a large enterprise.

In addition, even in situations where routers are required for certain communications, placing routers away from backbone ATM switches can minimize the number of routing hops (a routing hop is the portion of the network from a user to the first router or from one router to another). This not only reduces latency, but also reduces the load on routers. Routing has become widespread as a technology for connecting local networks in a global environment. Routers provide a variety of services designed for multi-level control of the transmission channel. This includes a general addressing scheme (at the network layer) that is independent of how the addresses of the previous layer are formed, as well as conversion from one control layer frame format to another.

Routers make decisions about where to route incoming data packets based on the network layer address information they contain. This information is retrieved, analyzed, and compared with the contents of routing tables to determine which port a particular packet should be sent to. The link layer address is then extracted from the network layer address if the packet is to be sent to a segment of a network such as Ethernet or Token Ring.

In addition to processing packets, routers simultaneously update routing tables, which are used to determine the destination of each packet. Routers create and maintain these tables dynamically. As a result, routers can automatically respond to changes in network conditions, such as congestion or damage to communication links.

Determining a route is quite a difficult task. In a corporate network, ATM switches must function in much the same way as routers: information must be exchanged based on the network topology, available routes, and transmission costs. The ATM switch critically needs this information to select the best route for a particular communication session initiated by end users. In addition, determining a route is not limited to just deciding on the path along which a logical connection will pass after generating a request for its creation.

The ATM switch can select new routes if for some reason the communication channels are unavailable. At the same time, ATM switches must provide network reliability at the router level. To create an expandable network with high cost efficiency, it is necessary to transfer routing functions to the network periphery and provide traffic switching in its backbone. ATM is the only network technology that can do this.

To select a technology, you need to answer the following questions:

Does the technology provide adequate quality of service?

Can she guarantee the quality of service?

How expandable will the network be?

Is it possible to choose a network topology?

Are the services provided by the network cost-effective?

How effective will the management system be?

The answers to these questions determine the choice. But, in principle, they can be used in different parts of the network different technologies. For example, if certain areas require support for real-time multimedia traffic or a speed of 45 Mbit/s, then ATM is installed in them. If a section of the network requires interactive processing of requests, which does not allow significant delays, then it is necessary to use Frame Relay, if such services are available in this geographic area (otherwise, you will have to resort to the Internet).

Thus, a large enterprise may connect to the network via ATM, while branch offices connect to the same network via Frame Relay.

When creating a corporate network and choosing a network technology with the appropriate software and hardware, you should consider the price/performance ratio. It's hard to expect high speeds from cheap technologies. On the other hand, it makes no sense to use the most complex technologies for the simplest tasks. Different technologies should be properly combined to achieve maximum efficiency.

When choosing a technology, the type of cabling system and the required distances should be taken into account; compatibility with already installed equipment (significant cost minimization can be achieved if new system it is possible to turn on already installed equipment.

Generally speaking, there are two ways to build a high-speed local network: evolutionary and revolutionary.

The first way is based on expanding the good old frame relay technology. The speed of the local network can be increased within the framework of this approach by upgrading the network infrastructure, adding new communication channels and changing the method of packet transmission (which is what is done in switched Ethernet). Regular Ethernet network shares bandwidth, that is, the traffic of all network users competes with each other, claiming the entire bandwidth of the network segment. Switched Ethernet creates dedicated routes, giving users real bandwidth of 10 Mbit/s.

The revolutionary path involves the transition to radically new technologies, for example, ATM for local networks.

Extensive practice in building local networks has shown that the main issue is quality of service. This is what determines whether the network can work successfully (for example, with applications such as video conferencing, which are increasingly used around the world).

Conclusion.

Whether or not to have your own communication network is a “private matter” for each organization. However, if building a corporate (departmental) network is on the agenda, it is necessary to conduct a deep, comprehensive study of the organization itself, the problems it solves, draw up a clear document flow chart in this organization and, on this basis, begin to select the most appropriate technology. One example of building corporate networks is the currently widely known Galaktika system.

List of used literature:

1. M. Shestakov “Principles of building corporate data networks” - “Computerra”, No. 256, 1997

2. Kosarev, Eremin “Computer systems and networks”, Finance and Statistics, 1999.

3. Olifer V. G., Olifer N. D. “Computer networks: principles, technologies, protocols”, St. Petersburg, 1999

4. Materials from the site rusdoc.df.ru