1
00:00:00,330 --> 00:00:01,260
In this lesson,

2
00:00:01,260 --> 00:00:03,180
we're going to cover the common documentation

3
00:00:03,180 --> 00:00:05,730
that you are going to use in your enterprise networks.

4
00:00:05,730 --> 00:00:07,710
This includes physical network diagrams,

5
00:00:07,710 --> 00:00:10,350
logical network diagrams, wiring diagrams,

6
00:00:10,350 --> 00:00:13,110
site survey reports, audit and assessment reports,

7
00:00:13,110 --> 00:00:14,910
and baseline configurations.

8
00:00:14,910 --> 00:00:17,520
First, we have physical network diagrams.

9
00:00:17,520 --> 00:00:18,840
A physical network diagram

10
00:00:18,840 --> 00:00:21,150
is used to show the actual physical arrangement

11
00:00:21,150 --> 00:00:23,220
of the components that make up your network,

12
00:00:23,220 --> 00:00:25,500
including the cabling and the hardware.

13
00:00:25,500 --> 00:00:27,900
Typically, these diagrams give you a bird's-eye view

14
00:00:27,900 --> 00:00:29,730
of a network in its physical space.

15
00:00:29,730 --> 00:00:31,440
And it looks a lot like a floor plan,

16
00:00:31,440 --> 00:00:33,900
but you may also see physical network diagrams

17
00:00:33,900 --> 00:00:35,490
that show how things are going to be cabled

18
00:00:35,490 --> 00:00:38,220
within an individual rack of a data center as well.

19
00:00:38,220 --> 00:00:40,530
For example, if I have a physical network diagram

20
00:00:40,530 --> 00:00:42,450
showing the floor plan of a small office,

21
00:00:42,450 --> 00:00:44,310
I can notate on that floor plan

22
00:00:44,310 --> 00:00:47,098
exactly where each IP-based CCTV is going to be installed.

23
00:00:47,098 --> 00:00:48,493
Now, in this example,

24
00:00:48,493 --> 00:00:52,140
you can see I have nine IP-based cameras

25
00:00:52,140 --> 00:00:54,750
and how the cabling is going to run back to a central point,

26
00:00:54,750 --> 00:00:56,490
such as this network video recorder

27
00:00:56,490 --> 00:00:58,800
that contains nine power over ethernet ports

28
00:00:58,800 --> 00:01:00,570
to run this camera system.

29
00:01:00,570 --> 00:01:03,060
I could just as easily have another floor plan like this,

30
00:01:03,060 --> 00:01:04,319
showing where all my network jacks

31
00:01:04,319 --> 00:01:05,760
are going to be located in an office

32
00:01:05,760 --> 00:01:08,010
and how the cables are being run back to a patch panel,

33
00:01:08,010 --> 00:01:10,410
and from that patch panel back to an edge switch

34
00:01:10,410 --> 00:01:12,390
that connects to all these devices.

35
00:01:12,390 --> 00:01:13,860
Inside my data center, though,

36
00:01:13,860 --> 00:01:15,030
I'm usually more concerned

37
00:01:15,030 --> 00:01:16,740
with how things are physically located

38
00:01:16,740 --> 00:01:18,420
within one single rack,

39
00:01:18,420 --> 00:01:21,000
and so I can create a rack diagram.

40
00:01:21,000 --> 00:01:23,160
For example, here's a diagram showing a rack

41
00:01:23,160 --> 00:01:25,410
containing two storage area network controllers,

42
00:01:25,410 --> 00:01:27,390
two firewalls, two switches,

43
00:01:27,390 --> 00:01:30,210
three virtual machine host servers running ESXi,

44
00:01:30,210 --> 00:01:32,610
a backup server, a module smart array,

45
00:01:32,610 --> 00:01:34,680
and a tape backup library.

46
00:01:34,680 --> 00:01:35,760
From this diagram,

47
00:01:35,760 --> 00:01:37,500
you can clearly see where in this rack

48
00:01:37,500 --> 00:01:39,210
each of those units is going to be located

49
00:01:39,210 --> 00:01:41,850
and which network cables will connect to which ports

50
00:01:41,850 --> 00:01:43,380
on which devices.

51
00:01:43,380 --> 00:01:45,150
Another version of this type of diagram

52
00:01:45,150 --> 00:01:46,470
may include a front view,

53
00:01:46,470 --> 00:01:48,930
which also shows the location inside the cabinet,

54
00:01:48,930 --> 00:01:51,060
and it can have the different device names

55
00:01:51,060 --> 00:01:53,430
and the IP addresses for each of those devices,

56
00:01:53,430 --> 00:01:55,290
but it won't show the actual network cables

57
00:01:55,290 --> 00:01:56,250
and where they connect

58
00:01:56,250 --> 00:01:58,770
because you're looking at the front of those devices.

59
00:01:58,770 --> 00:02:01,320
Now, another type of physical network diagram we have

60
00:02:01,320 --> 00:02:02,790
is used to provide documentation

61
00:02:02,790 --> 00:02:05,430
for how our main distribution frame, or MDF,

62
00:02:05,430 --> 00:02:07,980
and our intermediate distribution frame, or IDFs,

63
00:02:07,980 --> 00:02:09,840
are connected and cabled.

64
00:02:09,840 --> 00:02:12,540
In this example, you could see a very generic MDF

65
00:02:12,540 --> 00:02:15,870
and IDF layout for a typical three-story office building.

66
00:02:15,870 --> 00:02:17,190
Here, we have the MDF

67
00:02:17,190 --> 00:02:19,020
on the bottom right corner of the first floor,

68
00:02:19,020 --> 00:02:21,150
and then a smaller IDF on the right corner

69
00:02:21,150 --> 00:02:22,770
of each of the remaining floors.

70
00:02:22,770 --> 00:02:25,800
There's an interconnection between each IDF and the MDF,

71
00:02:25,800 --> 00:02:27,960
and each floor has a single network cable

72
00:02:27,960 --> 00:02:30,150
running to a jack into an office.

73
00:02:30,150 --> 00:02:33,120
Now, this, of course, is a very oversimplified diagram,

74
00:02:33,120 --> 00:02:34,830
or an overview diagram.

75
00:02:34,830 --> 00:02:36,960
We can also have additionally detailed diagrams

76
00:02:36,960 --> 00:02:38,640
depending on how much work we want.

77
00:02:38,640 --> 00:02:41,760
That could show each rack inside the MDF or the IDF

78
00:02:41,760 --> 00:02:43,710
and what they would look like, how they're cabled,

79
00:02:43,710 --> 00:02:45,690
including their edge switches, patch panels,

80
00:02:45,690 --> 00:02:47,490
and other networking equipment.

81
00:02:47,490 --> 00:02:49,650
The second type of documentation we need to cover

82
00:02:49,650 --> 00:02:51,600
is logical network diagrams.

83
00:02:51,600 --> 00:02:53,160
Unlike the physical network diagrams

84
00:02:53,160 --> 00:02:54,810
that show exactly which port a cable

85
00:02:54,810 --> 00:02:55,950
is going to be connected to

86
00:02:55,950 --> 00:02:57,960
and how it's ran on the physical floor plan

87
00:02:57,960 --> 00:02:59,190
or the rack layout,

88
00:02:59,190 --> 00:03:00,840
when we use a logical diagram,

89
00:03:00,840 --> 00:03:02,940
we're going to use this to illustrate the flow of data

90
00:03:02,940 --> 00:03:04,140
across a network,

91
00:03:04,140 --> 00:03:05,640
and it's going to be used to show how devices

92
00:03:05,640 --> 00:03:07,350
are communicating with each other.

93
00:03:07,350 --> 00:03:10,260
These logical diagrams will include things like the subnets,

94
00:03:10,260 --> 00:03:11,940
the network objects and devices,

95
00:03:11,940 --> 00:03:14,700
the routing protocols and domains, voice gateways,

96
00:03:14,700 --> 00:03:17,910
traffic flow, and network segments within a given network.

97
00:03:17,910 --> 00:03:20,370
Traditionally, network diagrams were drawn by hand

98
00:03:20,370 --> 00:03:21,330
and using symbols

99
00:03:21,330 --> 00:03:23,070
to represent the different network devices,

100
00:03:23,070 --> 00:03:25,380
like routers, switches, firewalls,

101
00:03:25,380 --> 00:03:27,600
intrusion detection systems, and clients.

102
00:03:27,600 --> 00:03:30,450
In this example, I'm using the standard Cisco notation

103
00:03:30,450 --> 00:03:32,520
to demonstrate how the various switches and routers

104
00:03:32,520 --> 00:03:34,740
are being connected to form this network.

105
00:03:34,740 --> 00:03:36,120
On the logical diagram,

106
00:03:36,120 --> 00:03:37,680
we also include the IP addresses

107
00:03:37,680 --> 00:03:39,210
and the interface identifiers,

108
00:03:39,210 --> 00:03:42,780
such as g0/1, or gigabitethernet 0/1,

109
00:03:42,780 --> 00:03:45,990
or ATM1/0, which is for an ATM interface

110
00:03:45,990 --> 00:03:47,880
for our routers and switches.

111
00:03:47,880 --> 00:03:50,010
Notice the routers are being represented by a circle

112
00:03:50,010 --> 00:03:51,000
with four arrows:

113
00:03:51,000 --> 00:03:53,340
two pointing inward and two pointing outward.

114
00:03:53,340 --> 00:03:54,630
Switches are going to be represented

115
00:03:54,630 --> 00:03:57,690
by a square with four arrows all pointing outward.

116
00:03:57,690 --> 00:04:01,350
Servers like a DHCP, DNS, or TFTP server

117
00:04:01,350 --> 00:04:03,870
are represented by a large rectangle server icon,

118
00:04:03,870 --> 00:04:07,110
and the computers are going to be shown using a computer icon.

119
00:04:07,110 --> 00:04:08,700
Another symbol you may see included

120
00:04:08,700 --> 00:04:10,290
is an intrusion detection system

121
00:04:10,290 --> 00:04:11,910
or intrusion prevention system,

122
00:04:11,910 --> 00:04:13,200
which is going to be a rectangle

123
00:04:13,200 --> 00:04:15,000
that contains a circle inside of it

124
00:04:15,000 --> 00:04:17,430
with two arrows crossing over the circle.

125
00:04:17,430 --> 00:04:19,980
A firewall is usually represented by a brick wall,

126
00:04:19,980 --> 00:04:22,560
and an access point is going to be represented by a rectangle

127
00:04:22,560 --> 00:04:24,570
with a series of radio waves going out of it

128
00:04:24,570 --> 00:04:26,370
from the left to the right.

129
00:04:26,370 --> 00:04:28,230
Now, as you look at various network diagrams

130
00:04:28,230 --> 00:04:29,063
on the internet,

131
00:04:29,063 --> 00:04:31,440
you may come across some more modern network diagrams

132
00:04:31,440 --> 00:04:32,580
that remove the symbols,

133
00:04:32,580 --> 00:04:34,800
and instead use pictures of networking equipment

134
00:04:34,800 --> 00:04:37,020
that's going to be used in the diagrams instead.

135
00:04:37,020 --> 00:04:38,010
In this example,

136
00:04:38,010 --> 00:04:40,080
you can see the router connected to the switches,

137
00:04:40,080 --> 00:04:42,960
and those switches are connected to the client PCs.

138
00:04:42,960 --> 00:04:44,790
Next, we have a wiring diagram,

139
00:04:44,790 --> 00:04:46,650
and this is something we already looked at briefly

140
00:04:46,650 --> 00:04:48,960
as part of our physical network diagrams.

141
00:04:48,960 --> 00:04:51,330
Wiring diagrams can occur with both physical

142
00:04:51,330 --> 00:04:52,920
and logical network diagrams,

143
00:04:52,920 --> 00:04:54,270
as long as they're clearly labeled

144
00:04:54,270 --> 00:04:56,610
which cable is connected to which port.

145
00:04:56,610 --> 00:04:58,020
The more in-depth wiring diagrams

146
00:04:58,020 --> 00:05:00,270
are going to include a floor plan or a rack diagram,

147
00:05:00,270 --> 00:05:02,280
so you can see exactly where the cables are being run

148
00:05:02,280 --> 00:05:03,930
in the physical environment.

149
00:05:03,930 --> 00:05:06,210
Next, we have site survey reports.

150
00:05:06,210 --> 00:05:07,230
These are often conducted

151
00:05:07,230 --> 00:05:09,630
as part of a wireless survey or an assessment.

152
00:05:09,630 --> 00:05:10,886
Now, a wireless site survey,

153
00:05:10,886 --> 00:05:14,130
sometimes called an RF or radio frequency site survey,

154
00:05:14,130 --> 00:05:15,690
or a wireless survey,

155
00:05:15,690 --> 00:05:18,480
is the process of planning and designing a wireless network

156
00:05:18,480 --> 00:05:19,980
to provide a wireless solution

157
00:05:19,980 --> 00:05:22,200
that will deliver the required wireless coverage,

158
00:05:22,200 --> 00:05:24,990
data rates, network capacity, roaming capability,

159
00:05:24,990 --> 00:05:27,750
and quality of service, or QoS.

160
00:05:27,750 --> 00:05:29,790
In this example, you can see a floor plan

161
00:05:29,790 --> 00:05:30,720
that includes the locations

162
00:05:30,720 --> 00:05:32,970
of each wireless access point being shown.

163
00:05:32,970 --> 00:05:35,490
Then, rating out from each access point,

164
00:05:35,490 --> 00:05:37,710
you see bands of color going from green,

165
00:05:37,710 --> 00:05:39,660
to yellow, to orange, to red,

166
00:05:39,660 --> 00:05:42,390
and this indicates the strength of the wireless signal.

167
00:05:42,390 --> 00:05:44,640
Now, when you see green, that's a strong signal.

168
00:05:44,640 --> 00:05:47,130
When you see red, that's a weaker signal.

169
00:05:47,130 --> 00:05:49,650
Wired site surveys are also conducted sometimes,

170
00:05:49,650 --> 00:05:51,120
but in these cases,

171
00:05:51,120 --> 00:05:52,740
it's usually done as part of a preparation

172
00:05:52,740 --> 00:05:54,990
for a major upgrade or installation.

173
00:05:54,990 --> 00:05:56,430
With a wired site survey,

174
00:05:56,430 --> 00:05:57,810
the installation team is going to come out

175
00:05:57,810 --> 00:06:00,840
and look at your MDFs, your IDFs, and your data centers

176
00:06:00,840 --> 00:06:03,270
to determine if you have the right power, space, and cooling

177
00:06:03,270 --> 00:06:05,340
to support whatever new equipment you're going to be installing

178
00:06:05,340 --> 00:06:07,140
as part of that upgrade.

179
00:06:07,140 --> 00:06:07,973
For example,

180
00:06:07,973 --> 00:06:09,900
if I was going to install three new racks of equipment

181
00:06:09,900 --> 00:06:10,980
in your data center,

182
00:06:10,980 --> 00:06:12,390
I need to go out there and look at it

183
00:06:12,390 --> 00:06:14,310
and make sure you have the physical space required

184
00:06:14,310 --> 00:06:15,810
to hold those three racks.

185
00:06:15,810 --> 00:06:16,890
In addition to that,

186
00:06:16,890 --> 00:06:19,740
I need to make sure you have a powerful enough HVAC system

187
00:06:19,740 --> 00:06:21,180
to remove all the extra heat

188
00:06:21,180 --> 00:06:24,330
that my new equipment in these three racks is going to produce.

189
00:06:24,330 --> 00:06:26,280
I also want to make sure your site has the right power,

190
00:06:26,280 --> 00:06:28,500
and backup generators, and battery backups

191
00:06:28,500 --> 00:06:30,270
that you can handle all the extra power

192
00:06:30,270 --> 00:06:32,730
that's going to be drawn by all this new equipment.

193
00:06:32,730 --> 00:06:35,220
Next, we have audit and assessment reports.

194
00:06:35,220 --> 00:06:36,420
Audit and assessment reports

195
00:06:36,420 --> 00:06:37,830
are delivered to your organization

196
00:06:37,830 --> 00:06:40,260
after a formal assessment has been conducted.

197
00:06:40,260 --> 00:06:42,660
These reports will contain an executive summary,

198
00:06:42,660 --> 00:06:45,060
an overview of the assessment scope and objectives,

199
00:06:45,060 --> 00:06:47,340
the assumptions and limitations of the assessment,

200
00:06:47,340 --> 00:06:49,500
the methods and tools used during the assessment,

201
00:06:49,500 --> 00:06:51,960
a diagram showing the current environment and systems,

202
00:06:51,960 --> 00:06:53,190
the security requirements,

203
00:06:53,190 --> 00:06:54,900
a summary of findings and recommendations,

204
00:06:54,900 --> 00:06:56,940
and the results of the audit.

205
00:06:56,940 --> 00:06:58,860
Essentially, this report is going to contain

206
00:06:58,860 --> 00:07:01,680
all the issues the audit team found with your organization,

207
00:07:01,680 --> 00:07:04,290
as well as anything your organization is already doing right

208
00:07:04,290 --> 00:07:06,450
and things they should continue to keep doing.

209
00:07:06,450 --> 00:07:08,760
Finally, we have baseline configurations.

210
00:07:08,760 --> 00:07:10,500
The documented baseline configurations

211
00:07:10,500 --> 00:07:13,590
are the most stable versions of a device's configurations.

212
00:07:13,590 --> 00:07:15,000
These baseline configurations

213
00:07:15,000 --> 00:07:16,980
are a documented set of specifications

214
00:07:16,980 --> 00:07:18,270
for an information system

215
00:07:18,270 --> 00:07:20,940
or a configuration item within that system

216
00:07:20,940 --> 00:07:22,170
that has been formally reviewed

217
00:07:22,170 --> 00:07:24,390
and agreed on at a given point in time,

218
00:07:24,390 --> 00:07:26,070
and which can now only be changed

219
00:07:26,070 --> 00:07:27,960
through change control procedures.

220
00:07:27,960 --> 00:07:29,520
So, if you want to change the baseline

221
00:07:29,520 --> 00:07:30,840
due to an operational need,

222
00:07:30,840 --> 00:07:31,673
you need to follow

223
00:07:31,673 --> 00:07:33,510
the proper configuration management procedures

224
00:07:33,510 --> 00:07:35,280
to request those changes.

225
00:07:35,280 --> 00:07:37,770
Those changes will then be properly tested and approved,

226
00:07:37,770 --> 00:07:39,840
and they become part of the new baseline

227
00:07:39,840 --> 00:07:41,910
for those devices moving forward.

228
00:07:41,910 --> 00:07:42,743
As you can see,

229
00:07:42,743 --> 00:07:45,270
there is a bunch of documentation that you are going to use

230
00:07:45,270 --> 00:07:46,740
in your enterprise networks,

231
00:07:46,740 --> 00:07:48,600
including your physical network diagrams,

232
00:07:48,600 --> 00:07:51,210
logical network diagrams, wiring diagrams,

233
00:07:51,210 --> 00:07:53,820
site survey reports, audit and assessment reports,

234
00:07:53,820 --> 00:07:55,473
and baseline configurations.