Daniel C. Eckert

About Me — Resume — Design — Hosting — Projects — Writing — Contact

Raleigh Little Theatre Communications Enhancement

Project Timeframe: August 2009 - Present

Raleigh Little Theatre (RLT) is a nonprofit community theatre that produces 11 full productions annually and maintains a comprehensive youth and adult theatre education programs. The computer network at RLT provides wired Ethernet access to individual staff offices, but wireless access and connectivity for volunteers is not possible in the current deployment due to security concerns and limited resources.

Staff meetings, production meetings, and other theatre functions occur in common rooms where wired connections are not available, which limits the tools and information available to meeting participants. Additionally, connectivity is unavailable during rehearsals, where it could be used by production staff to increase the effectiveness of their activities.

Objectives

The objectives of this project are multiple:

1. Increase the quality of service for existing users by deploying high-speed cabling and equipment
2. Provide wireless connectivity to support mobile clients during meetings and rehearsals
3. Secure communications with VLANs and wireless encryption to protect sensitive staff resources

Challenges

Several challenges face this project, including budget, cost, and infrastructure. Since Raleigh Little Theatre is a non-profit organization with a limited budget, no funding can be provided for this project. Accordingly, this project is being performed as an in-kind donation and thus is limited by my budget of $1000.

In addition to the budgetary constraints, the cost of the equipment needed poses a challenge. The most ideal equipment for this type of a project would be Cisco Catalyst multilayer switches, Lightweight Access Points, and Wireless LAN Controllers. However, these devices can easily cost many thousands of dollars apiece.

Finally, one of the most significant constraints of this project is the infrastrucutre of the Raleigh Little Theatre complex. Built in several stages over its 75-year history, the facility includes a mixture of wood, steel, concrete, rock, and other materials that impact the deployment of both wired and wireless connectivity.

Proposed Design

The current design projection for this project is depicted by Figure 1 below. The design meets the business objectives with the considerations detailed further below.

Figure 1: Projected Design Concept

Design Considerations

The proposed design for this project accomodates considerations that include increased quality of service, mobile connectivity, network security, and the cost of deployment. As described previously, these are all critical to the success of achieving the objectives set forth.

Increased Quality of Service

New high-speed Gigabit Ethernet routers in combination with a multilayer Gigabit Ethernet access/distribution switch provides increased quality of service. With the aid of Cat-5e wiring, the new multilayer switch provides line-speed connectivity to all clients.

Mobile Connectivity

New Wireless Access Points (WAPs) provides the ability for staff and volunteers to roam while in the RLT complex. Wireless connectivity enables staff and volunteers to enhance their effectiveness during rehearsals and productions through web-based communication and resources.

As described previously, the variety of building materials used in the construction of the RLT complex greatly impacts the range of wireless communications. Accordingly, a WAP should be located near each theatre with a third WAP located in the downstairs office area to ensure maximum coverage of common areas and workspaces.

Since Wireless LAN Controllers will not be used, mid-class business-grade standalone WAPs are deployed to cover the entire theatre building and minimize crosstalk. Additionally, the WAPs operate on non-overlapping channels to further minimize the potential for interference.

Secure Communications

Though RLT is not a financial institution or government facility, security is still important to protect the clients and data shared on its network. Accordingly, logical security design considerations and techniques protect clients and ensure the integrity of the RLT network.

As mentioned previously, three WAPs with two Service Set Identifiers (SSIDs) will provide wireless connectivity to the entire building. WPA2-Personal encryption with Pre-Shared Keys is used to secure data between wireless clients and the WAPs, while Virutal Local Area Networks (VLANs) are used to provide separate data subnets for staff and volunteers. Since the devices use Pre-Shared Keys, volunteers and visitors should only be provided the "public" key, while only RLT employees should have the "staff" key.

Each WAP is attached to ports on their respective VLANs. The "staff" VLAN contains connectivity for both the staff-accessible WAPs and the wired terminals located in staff offices. Each router provides Dynamic Host Control Protocol (DHCP) and Network Address Translation (NAT), fully segregating their subnets.

The initial deployment only includes configuration of Pre-Shared Key encryption since no centrallized domain controller is currently installed. However, a future enhancement could include a domain controller (LDAP or Active Directory) and a RADIUS server to provide WPA2-Enterprise encryption on a per-user basis for the staff network.

Cost Control

The plan for this project accomodates cost compared to the objectives of this endeavor. While a single high-end multilayer switch would be optimal to combine access, distribution, and core layers, such devices are quite expensive, costing thousands of dollars. In this situation, less expensive, lower-grade equipment is sufficient.

This plan provides the needed capability through the use of a low-end business-class multilayer switch combined with a trio of high-end consumer-grade routers. The multilayer switch provides the ability to segregate traffic into VLANs, and one router is used to manage traffic for each VLAN. Finally, a single router is used to manage the traffic from each of the local subnets and provide Internet connectivity.

Proposed Budget

The proposed budget for this deployment is outlined below. Bear in mind that these estimates are based on the predictable prices for "new" devices in January 2010, and that this budget includes shipping costs.

• Wireless Access Points ... $300
  3x Small-Business WAPs capable of multiple SSIDS OR
  6x Consumer-Grade WAPs with a single AP each
  
• Main Distribution Switch ... $300
  1x Small-Business Gigabit Ethernet Layer 3 Switch (24 ports)
  
• Core Routers ... $200
  2x Consumer-Grade Gigabit Ethernet Routers
  
• Edge Router ... $100
  1x Consumer-Grade Gigabit Ethernet Router
  
• 1000' RJ-45 Cabling ... $100
  1,000 feet of Cat-5e RJ-45 Ethernet Cabling
  
• Total Budget ... $1,000
  

Acquisitions

The equipment cost much less than projected; the acquisitions are outlined below. Bear in mind that much of this equipment was purchased as "used" or "recertified" rather than "new", and that acquisitions occurred in April and May 2010.

• Wireless Access Points ... $75
  3x Netgear WG102 Wireless Access Points
  
• Main Distribution Switch ... $130
  1x Netgear GS724T Gigabit Ethernet Switch (24 ports)
  
• Core Routers ... $50
  2x TrendNet TW100-S4W1CA Routers
  
• Edge Router ... $0
  Not needed at this time (using existing edge router for now)
  
• 1000' RJ-45 Cabling ... $0
  Not needed at this time (using existing cabling surplus for now)
  
• Total Costs ... $290
  Including approx. $35 shipping costs
  

Deployment Timeline

The design phase of this project has been completed and the equipment has been acquired. At this time, the devices are being configured and tested off-site. After continued setbacks from the RLT Sprinkler Project, deployment of these network enhancements is set for August 2010.