Today's engineer performs many tasks that used to be done by a specialist. Designing IT networks, either for the office or studio, is one of these tasks. The office network is normally straightforward, with workstations, printers and a server. Most nodes (equipment attached to the network) are dynamically assigned IP addresses, while the server and printers have static IP addresses. The use of subnets is important to keep sensitive information separate and off the main network. Subnets also help to organize a network and keep it running at top speed.
Subnets (subnetworks) are used to divide up a LAN into functional sections, each with a common goal, such as accounting, engineering or traffic. Computers on a particular subnet can only see the other computers and printers on that subnet, while computers on other subnets can't. This separation reduces traffic by increasing the speed of the subnet and secures it by making it harder to access. To bridge between these subnets, routers are used, which allow information to travel between subnets — only data that is specifically addressed to a node on that subnet, not all the data traffic. Routers can have rules programmed into them to ensure only authorized data passes through it.
Computer networks follow the OSI model that consists of seven layers: Layer 1 is the physical layer, the electrical signals sent over network cables; Layer 2 focuses on moving data frames over Ethernet using MAC addresses, which network switches use to direct the data frames to the correct node; and Layer 3 is where IP addresses are used to route IP packets between LANs or subnets.
One way to design subnets is with virtual LANs (VLANs), which are created using a Layer 3 switch that can cordon off and communicate between subnets that are all connected to it. These Layer 3 switches have all nodes attached to it, no matter which subnet they are part of. Programming of the Layer 3 switch tells it what ports of the nodes are part of which subnet. It acts as both a network switch and a fast router. This one device will perform all the functions you need to set up and run a small to midsize network with several subnets. Because VLANs are programmable (within the Layer 3 switch), the subnets they form can have nodes easily added or removed without rewiring. (See Figure 1.)
As we move to networks for technical areas, the requirements can change. The nonlinear editors require GigE or Fibre Channel to connect to a SAN or NAS, which may be mounted in racks back in the equipment room. Soon we will be using 10GigE networks that are capable of handling several streams of HD 3G video. These networks will be limited in size, with just a few nodes, but the wiring will be critical and must be thought out. GigE will run up to 300ft, but 10GigE requires fiber-optic cables for even moderate runs.
Wiring then becomes the defining element in any network, and changing out a network switch or computer is very simple compared with changing out the wiring of the plant. You want to future-proof your facility when selecting the wiring that's going to make up the network; just putting in Cat 5 is not enough today. Will you ever put edit bays on the second floor or run out of rack space and need an auxiliary equipment room in the back? If you have installed the correct wiring, then expansion is simple. Installing conduit is another option to future-proof your facility. This will allow you to run fiber-optic cables when needed without having to tear the ceiling down.
Security and access
Don't forget about security — in terms of physical, software and personnel. When thinking about the Internet, a firewall is always a good idea, but sometimes just pulling the patch cord to the Internet is the most secure way to protect your network from intrusion. Many companies now use the Internet to access clients' computers for maintenance and upgrades. Providing outside access to critical on-air systems does carry some risk, but the benefits of allowing both the manufacturers and employees 24/7 access to these systems can be crucial to getting a needed system back online quickly.
There are now several companies that provide access to computers located on the other side of firewalls by installing their own software on those computers. The advantage here is that your computers can be accessed by you on any computer on the Internet, and no software is required on the computer accessing the guarded computer. You can be in an Internet café in Paris and check up on systems back at the station.
Be careful when using wireless networks, however. Place them on their own subnet to isolate wireless users from the rest of the network. The MAC address of the wireless device can be used to authenticate it to the network, making it even harder for someone else to break into your network. Passwords are an important part of any security setup, and enforcing policies on password length and makeup are also imperative.
All worthwhile endeavors start with a plan, and IT networks are no different. Begin with a list of requirements. What does the network have to do? Does it connect an automation system together, a video server or edit bays? What data speed is needed, and what level of security and interconnectivity? As you organize the users and equipment by function, the arrangement of the subnets will become clear. Devise a plan of IP addresses for each subnet; think of how many addresses are going to be needed now and into the future. Remember, a subnet mask defines the actual range of IP addresses in each subnet, so making a plan with all the IP data is important. Where will the equipment be housed, will it be secure, and who has access? What backup equipment is necessary, and how will it be put into action if needed? Is Internet access required, and, if so, how will access be controlled?
Just like backing up all your data on your personal computer, all of this may sound like overkill — until the day your hard disk crashes.
Russell Brown is chief engineer at KMTP-TV in San Francisco and writer of Broadcast Engineering's “Transition to Digital” e-newsletter.