Imagine Cup Online Competition - Final Round Scenario

Background
Graphic Design Institute (www.graphicdesigninstitute.edu) is a new high technology institute. The institute is founding colleges in a number of cities that will offer degrees and classes in a number of IT areas. They are distance learning based and all classes will be conducted over the Internet. The college s will each have 25 staff members and 500 students initially. The institute is establishing 6 of the colleges. The names and locations of the college campuses are as follows:
Litware College (litware.edu); San Francisco; Dallas
Proseware College (proseware.edu); Berlín; Amsterdam
Woodgrove College (woodgrove.edu); London; Dublín
Datum College (adatum.edu); Barcelona; Madrid
Fabrikam College (fabrikam.edu); Singapore; Bangkok
Trey Research College (treyresearch.edu); Rome; Athens
Choose ONE of the above colleges (any of them) as the basis of YOUR college that you will be designing and building your network for.

Each college will leverage technology to deliver the best possible virtual classroom experience to the students. These technologies include:
* Portals for virtual classes
* Videos and audio for lectures
* Electronic mail, calendaring, and Instant Messaging for Student and Faculty communications
* Virtual desktops for students
* Web-based services

These technologies will allow students to interact and collaborate with the faculty and their fellow students in the virtual classroom.
There is one central campus and a secondary campus for each college. Each of the college campuses are connected to the Internet. Each of the two campuses will be connected with an Internet VPN.
 

Scenario
You are the systems engineer for one of the Graphic Design Institute colleges and need to build the college IT infrastructure. The president of the Graphic Design Institute wants to leverage the institutes Microsoft relationship and has mandated that the college solutions be based on the latest Microsoft technologies. The colleges are just opening and have no existing IT infrastructure, so everything will need to be designed, installed, and configured.

The college faculty uses laptops for all their work and expects to be able to conduct classes from home via their high-speed Internet connections. The laptops need to be tightly controlled and locked down, as well as managed remotely. They will need to access the company network as remote nodes where they have high bandwidth, such as Internet cafes.

All the students of the college will need access to email and attend classes from kiosks in airports or Internet cafes. These systems are not controlled by the college, so the decision has been made to use web services as much as possible. All students will have college email addresses and full calendaring functions. The students will use portal technology for their classes to download the class materials, upload assignments, discuss the class topics, and search for materials. The students will use chat technologies to participate in classes, as well as streaming video and audio technologies to view lectures. The students should be able to tell when a faculty member is in the office using presence technologies.

Given the insecure nature of the Internet, all these remote communications need to be secured per best practices to protect the confidentially of the students. Class attendance must require authentication to ensure that student attendance is verified, assignment uploads can be verified, and that students do not attend classes for which they have not signed up.

Some students will not have access to systems with all the required applications such as Microsoft Word, Microsoft Excel, and Microsoft Access. To assist these students, terminal services will be deployed to provide RDP based access from the Internet to thin-client desktops for up to 10% of the student population.

Messaging services are critical to the company to maintain communications within the company and with other organizations. The messaging services should be centralized at the central campus, but users should be able to read and send messages even in the event of an Internet outage. Students and faculty need to be able to access their messages from Internet Kiosks if that is all they have available. Some messages are confidential and need to be secured during transmission and storage even within the organization.

Information in messages and documents needs to be protected from inappropriate use. Some documents and email should not be copied, forwarded, or printed. Rights management services need to be provided to control the rights of messages, Word documents, and Excel documents.

The file and print services are primarily for each local campus. However, there is a company wide share (DATA) that is required to be available at all times. The files in this share DATA can be large and the solution needs to reduce the WAN overhead for users accessing these files by replicating files to between sites. This share must also be protected from infection by viruses.
Security is critical for the college, as it expects to the target of many hackers. The college infrastructure needs to be very secure, be maintained up to date on patches, and deployed with security best practices. Anti-virus, anti-spam, and anti-malware are critical services that the infrastructure must provide to ensure that operations are smooth. Also, internal campus network traffic should be protected by IPSec to prevent malicious users from sniffing the traffic.

Management of the infrastructure will be a critical success factor. There needs to be alerting of any outages of the services, via email and also visible from a central console. The branch campus will have no IT staff, so it is especially important to monitor and alert on the servers in the branch campus. Patch management of all the servers and workstations is critical to mitigate potential security risks. All systems need to be patched and reported on to meet regulatory requirements.

The desktop will need to be deployed locked down with the latest desktop operating system and need to be centrally controlled to ensure that they remain locked down and updated. In particular, the Chief Information Officer (CIO) wants to ensure that user’s desktops are protected by a screen saver that activates after 5 minutes of inactivity. The users should not be able to change this feature.

The Chief Security Officer (CSO) is concerned that there is unauthorized use of the Administrator account. He wants to be able to audit when the administrator account is used to interactively log into any of the servers in the colleges. He needs to be able to view this information on a daily basis from a central console. The CSO has also mandated that Internet communications must be protected by using certificates and SSL. Management has determined that the school will issue its own certificates and wants a PKI infrastructure setup to be able to that.

The IT director is concerned that the infrastructure will not be documented. There needs to be an architectural diagram that shows all major components, connection, addresses, and location of services. This diagram should also include access information and network information.

The company has standardized on Microsoft technologies as a corporate standard. All operating systems, services and applications in the design should meet the standard. The college wants to use the latest versions of all Microsoft technologies in the new infrastructure to ensure that they have the most recent security enhancements and features.

Requirements
All services need to be created as part of the build. There are no existing services, components, hardware, or software other than the network services (LAN, WAN and Internet). The new services need to include:
* Application Services
* Video Streaming Services
* Conferencing Services
* Messaging Services
* Thin-client Desktop Services
* Backup Services
* Database Services
* Desktop Services
* Directory Services
* File Services
* Infrastructure Services
* Mobility Services
* Perimeter Services
* Portal Services
* Print Services
* Security Services
* Rights Management services
* Systems and Operations Management Services
* Certificate services

Each college IT is independent from each other and from the Graphics Design Institute.

By the way, here's a graphic of what the network looks like, click HERE for a jpg view