I was the Manager for I.T. for the AJ2004 scouting event in Adelaide in 2004. I was responsible for the I.T. infrastructure for up to 15,000 scouts and leaders over 10 days. I was also on the Telephony team and actively setting up phone lines and DSL networks.
This involved servers, switches, racks, workstations and much more. We started this project in 2001, in time for January 2004. Unfortunately in this time the team had suffered issues with Members. We have had our primary IT&T officer pass away due to a heart attack and many other issues with health_and related issues with family members).
I was after volunteers to assist me with the I.T. and cabling side of this project. My call to action was answered by a small but great bunch of people.
I needed physical man power to run cables up ladders, drive bobcats, cherry pickers and other machinery. We needed to dig very long trenches, put up catenary brackets on power poles, mount switches and run thousands of meters of PSTN copper cable and a large amount of Cat5. I needed people to terminate cable, setup phone lines to Krone blocks and lay conduit. I also need a small amount of Routers configured, Cisco Long range Ethernet configuration and server/workstation installation. I needed a small army. I got 4. It swelled during the event to many more.
This will be hard work, This was hard work; it was many boring hours of digging trenches however this was a chance to do something large and gain immense experience_And would look great on a resume for any person participating). This event was to be on TV, radio and in the papers. It was to be covered by media nationally and internationally. Newspapers and TV stations had permanent staff onsite during the event and a media link back to their offices to fast track reports_Especially for the morning cut off for the Advertiser).
My call to war was simple:
”I need people who are willing to give up their weekends before the event. We are already starting to do site works_late 2002) and have organised fluro vests, witches hats and bunting. Unfortunately you can not remain onsite during the 10 days_overnight) as you need to have passed Police checks_10 months before the event) or if you need to, you can pay to stay at the event. There are only so many beds available. I believe that you are able to attend the event during the day as a visitor with a small donation._You can get a day pass for a few gold coins_donation).)”
"We have complete say over the site up until to 26th
December 2003 when the armed guards and police start making their presence felt at the site. The event starts on the 5th Janurary 2004 and runs for 11 days_People will remain after the 15th and be there before the 5th)."
”You will need passes to visit the site. If you join our team you will need to attend Meetings for other planning groups. There are over 300 people in the planning group and we are broken down into sub groups.”
"IT&T
is a part of the administration group. We work with the sites and services group and the camping directorate / activities directorate. We rarely work with the security or supply teams. There are many other teams.”
You will be expected to sit through a Site induction and a security briefing. You will do a quick course very similar to the Green card used in the construction industry. The IT&T team will have three Senior First aid officers and three Green card holders.
We have been planning the event for over 4 years. We have had an online supply and tendering website live for over 2 years, to help prepare everything. http://www.ems.sa.scouts.com.au/
We also have an Intranet with Literally 1,000's of documents from OH&S documents to timetables and Menu's. http://www.aj2004.sa.scouts.com.au
These require usernames and passwords to gain access.
We have approached the Cisco academy to get some staff trained on Cisco equipment and to borrow their students.
We have had to get a "green card" for some staff to enable us to work with construction equipment.
We have completed courses on the OHS&W Act - Duty of Care.
Discussed Personal Protective Equipment_PPE) - Foot, head, eye protection, tools and equipment, ladders and scaffolding.
Hazard Management - identification, Assessment and control Safety
Signs - Classification, purpose, meaning and reasons for Clean, Safe and Tidy Work Sites - Access and egress, barricades, manual handling
Legal Requirements - licenses, tickets and permits
Accident Reporting - reporting injuries, dangerous occurrences, first aid
Site Emergency & Evacuation - Emergency plan, responsibilities, procedures, fire prevention.
At present we are only responsible for approx 200+ workstations_and the cable backbone) as the individual states are bringing their own PC's and teams. We will supply them with access to the network and configure their machines on request.
Basic
overview:
The Planning for this started 4 years ago. The event will cost about $12 million in total.
There are 300+ on the planning team, 2,000 attendees will be leaders. We have 15,000 to feed_all at the one time). We are providing Radio, phone, mobile, email, messaging, fax, web, post and SMS. We are even bringing in portable Telstra towers to allow 6,000 - 10,000 mobile phones to be used onsite.
There will be 4,000 scouts offsite daily. We have about 19 Serco articulated buses which will hold 2 troops at a time. There will also be Bus tours for leaders to visit Hahndorf, the Barossa or any number of other destinations. The Qld, Tasmania and NT troops will fly in over 2 days and the other states are planning to bus their teams in. International guests will fly in the day before the event_New Zealand, Germany, England)
In essence, we are creating a city.
To give you some idea of the scope, we are buying 29,000 disposable cups, 3,836 star picket caps and will be putting out 10,000 news papers a day. We will have 1,000 people to a sub camp, 14 sub camps. The NSW gear is coming in 25 shipping containers alone on B double semi's.
We are currently slashing, pruning, weeding, mulching, burying, trimming, removing, cleaning the wood house site every day. This is 60 Hectares of river, scrub, pine forests and valleys.
We will have onsite Safety inspectors, special rules, special insurance, OH&S inspectors and SAPOL onsite.
We have a large number of over seas scouts and they will bring their own special needs and problems. We have to put in Showers, toilets, water, power, gas and other basic infrastructure. The site now has new Ablution blocks.
There will be 80 busses for the NSW scouts to travel in to get to the SA site.
We have our own special set of problems.
E.g. If all toilets/showers were used at once it would produce 46 litres/sec of effluent_2,770 litres /min). As SA water can only take 15 litres / sec we need to store 31 litres/sec somewhere.
We simply do not have enough toilets on site. We are bringing in Semi trailer toilets/showers. We need to find 196 extra toilets/ 202 extra showers on top of what is already at the site.
We also have issues with Money. Each person is expected to bring $1000 to the site. This is for junk food, souvenirs, fees and excursions etc. That is $1,500,000 onsite. Out ATM machines will have $250,000 each_x 4 units). We also need Public phones, a place for change and home link phones. Imagine if every scout wants to break a $100 bill on the first day for a cherry ripe. What a mess.
As well as the AJ2004 event there are other events. One event is called Cybertrek and occurs using 15 pods of computers across Metro Adelaide. We need to allow this and other events to sync with our site via a complicated network of intranets and wireless technology.
Some items that might highlight the size of this event are quantities of food.
50,000 sausages, 2 tonnes mince, 5 tonnes assorted meats, 15,000 loaves bread, 3 tonnes cake, 7 tonnes cereal, 1 tonne Vegemite, $145,000 spent on salad a day, $450,000 total for food per day, 15 kilo litres of milk, 2 tonnes of ice cream, 7 tonnes tomatoes, 5 tonnes baked beans, 4,000 dozen eggs_That is 48,000 eggs), Tonnes and Tonnes of bolognaise sauce. 60,000 salad rolls, 100,000 muesli bars all on top of all the tents, marques, seats, fences etc.
We need to create Maps, aerial photos and designate areas. We also need to cater for documentation for Elder park and beach trips.
In our ordering system there have been orders for 300 laser guns, 40 ATCO huts, 260 mountain bikes, 10.6 km's of bunting, 11,000 cable ties, 30 jousting lances, 18,000 bandanas, 1,000 tins coloured hair spray, 200 pairs of scissors, 15,000 AA batteries just to name a few.
There will be onsite councillors, scout passports, scout dog tags and visits to the Adelaide oval, zoo, festival centre and other places.
There will be a Circus school, Mud volleyball, jelly wrestling, car smashing_Real cars and sledge hammers), visits to the Zoo, paddle boats, spray painting, remote control car battles, martial arts, Beach volleyball, body art, sideshow alleys_With rides), gladiators, gold panning, comedy shows, late night full screen movies and a bar for leaders to relax. There were plans to bring in Killing Heidi or some other current band. The scouts will have their own Radio and newspaper as well as the national media with their reports and newspapers.
Post Mail will be delivered by quad bike on a daily route
The scouts will take part in Operation firepower at the Woodside army barracks. This will be highlighting battles through the ages. This will contain medieval tournaments, archery, skirmish, Sumo suits, laser tag and much more. They will also have Adrenalin endurance testing, rafting, canoeing, surfing sailing, fishing, BMX trails and mountain biking.
The scouts will also take part in the Viking challenge_Glacier run and battles etc).
From an I.T. perspective,
We have sponsorship from Dell, HP, Cisco, Trend, APC and Veritas. We have assistance from Microsoft. We may also have Fuji Haminex and Harvey Norman.
The phones will be provided by 2 x onramp30 and 1 onramp30 filled to onramp10 capacity units with 8 PSTN connections per onramp2 and digital and mobile handsets over a fibre or T1 link to the local exchange. There will be direct In-dial capacity. We are currently organising 100 pair PSTN cables, ISDN and Krone blocks for the Site. We are organising IDF and MDF units. We have 1000's of meters of PSTN copper, fibre and many pots splitters to install. We are signing up Austel cablers and getting special permission from Telstra for temporary drop wires.
.
My plan for the
I.T.
My plan for the I.T.
All connected workstations will come capable of running Windows XP pro._Min 256 MB ram, 40 GB HDD, 2 GHz). This is so we can work all our deployment magic, have a standard operating environment and as we need the professional version to be able to join a domain we will be covered.
I do not want to have peer-peer access to the domain as we will be firewalling and logging all actions users make. Each workstation is to either have a ball-less mouse or a real cheap $3 mouse_Which we can attack with super glue) and keyboard. They will need a NIC and I would prefer if all hardware matched and NIC's were in the same slots internally.
We will deviate across three platforms
1) Basic_Email and Internet/intranet access only)
2) Normal_As above but with Ms Office attached)
3) Premium_As 1 & 2 but built for multimedia apps with higher specs) - This is primarily for the Media Unit
We will also end up with a few oddballs from the contingents.
The machines will arrive at Woodhouse with Windows XP installed and it will be most likely ghost will be used to duplicate the hard drives contents. We will need machines with different workstation names and they must generate different SID's when joined to the Windows domain. I have guys who will install the operating systems_previously at Millennium Business Solutions in Hindmarsh, now more likely at Woodhouse itself). When these machines arrive our asset management should start and we should start bar-coding and recording.
All attached PC's are to be members of the domain. This will mean we need to give everyone a unique user name so that all pc users have their own login and Email address. We obviously need a user list before the event. This can come as CSV or an Excel spreadsheet so that we can import into the Active directory user manager on the server later.
As I am asking for all pc's to be on the domain, we will end up having to provide end user setup details or personally setup the contingents pc's ourselves. The contingents are bringing their equipment from interstate will all their apps preloaded etc.
(I wanted all pc's on the domain due to due to privacy, virus and hacker issues, people will not be able to just rock up, plug in their PC and it will connect and work on the network.)
As I suggested, we can do either of two things. Create an end user document on how to connect to the network or as tech support, go out there and do it for them. At 20 minutes each machine, I don't want to be doing the second option for to many pc's.
1) We need their name to create an email address and logon to the network for them
2) They need to realise that we are deploying antivirus and other software. If anything becomes corrupt on their workstations it is not our issue. Any damage is their responsibility for bringing the unit to the event and using our services.
3) they should have at least Windows 2000/XP with Outlook 2000 for email at a minimum, else they might have issues as we are not catering for Windows 9x etc
We could have treated the process as follows:
If the person turns up to the event with a PC and working network card set to DHCP, they can then manually setup their web browser to our internet proxy and may be able to surf the internet as an anonymous un-authenticated user. They could use OWA_Outlook web access which provides almost all the same features of MS Outlook but through internet explorer). They can not use Outlook 2000 to get their email via pop access nor Outlook express as they can not run the Ms Firewall client which is needed to use socks get email through the firewall. They can not have the firewall client as they are not a part of the domain.
This is dangerous as whilst unauthenticated we do not know who they are. They also do not actually join the network; do not get the antivirus or other security items in place.
I prefer:
A helpdesk person who knows the domain admin, or lower level, password_a password only known by a few people or a delegated account for the
task) can go out to a machine, set it for DHCP, join it to the domain network, let the desktop security and policies deploy, deploy Ms Office software and antivirus and setup ms outlook and firewall client. We then add a special group from the server as a local admin_Containing all users).
We can possibly automate the configuration of MS Outlook and deploy of the software. We must manually join the domain in person. The PABX_If we use the Alcatel unit) has a LAN interface. The unit can be logged into via a laptop with cross over cable, run the PBX software, change the IP to one available on the network, reboot the PBX, configure the laptop or a desktop up to start recording/logging calls via a serial port cable and lock away to be checked every few days._Maybe have the logs redirected to the server through maybe Hyper terminal save as function). We plug in all the modules for the phones; connect up the Onramp 30's etc.
Now on the server install the PBX software and configure the unit from here. Configure speed dials, hunt groups, analogue lines and digital phones.
Now to the server setup itself.
We will have access to a onramp 30 unit_Configured as a 10, it will dial additional cct's as required)_20 x 64 kb) leaving us with high quality internet access. We have this go into a Cisco router. We have 1 live IP address. We have two internal interfaces on the router_Either native support or through the use of WIC's). We could use 10.0.0.x on one and 192.168.0.x on the other interface. We have four special routes
port 25 through to the 10.0.0.x range
port 3389 through to the 10.0.0.x range
port 80 through to the 192.168.0.x range
port 110 through to the 10.0.0.x range
We have a Windows 2003 server with IIS6 running on the 192.168.0.x range. This is the public facing web site_A duplicate of the AJ2004 internet web site). We will hardwire DNS on the internal network to go to this server if any internal PC looks for the official website_To reduce traffic on the real web site).
The 10.0.0.x server will be running MS Windows 2003 server, IIS 6, Ms ISA. It will have the intranet, Fire walling, Websence web filtering installed. It will also have Trend Interscan and Server protect running. It will accept internal calls to port 80 and redirect to a local intranet on this machine. The machine will have terminal server installed so that we can remotely administer it. As we will not have 3DES and IPSEC on the router, VPN calls will not come into the network so ISA will not be answering VPN calls. It will have server publishing configured to redirect port 3389 to the next and final server_Push terminal server requests through to the Active directory server). Interscan will be answering on port 25 and any email that passes its rules will be forwarded through to the final AD server on port 6000._I would like to turn port 25 off on the main server to stop people bypassing the antivirus with pop clients). The ISA server will be a Domain controller in the forest of the final server. We can restrict web sites, direct people to specific web addresses if they break rules and can ban mime content such as MP3 files.
Interscan will be told to send email out to DNS. We will setup Interscan to only allow the Exchange machine to send email through it and only allow our internal and external domain to send email._Suggest we get a domain name, MX setup for outgoing email, internal email can be username@aj2004.local). The terminal server on this machine will only answer on the internal NIC. The external NIC will have port 3389 free so we can server publish the AD server.
The firewall server will have 2 x network cards. one on the 10.0.0.x range and the other range to still be discussed.
We will publish the server for port 110 through to the AD server for Seeonee hills, supply etc to remotely check pop email on the exchange server. They will dial an ISP and externally query our server._If they decide to have machines at this site). Ashton cold stores will work in a similar manner.
The ISA server and AD server will be on a UPS and connected via a Cisco Catalyst switch. The web server only serves the internal site and if power is pulled out from under it, it will not matter as nothing of importance runs on this server_And all the clients will be dead). We can put in power filtering for this server via a plug in power filter or maybe have a small ups for it. This server may also be running MySQL for EarthForce or SQL for the Intranet.
The final server will run Ms Windows 2003_On the network range to be
discussed), Exchange 2003, Veritas backup, Scan mail, Office scan and Server protect. Ms Exchange will run on port 6000_Incoming email) and will forward outgoing email to the Firewall server and out through Interscan. This will be the main Active Directory server. It will run a daily backup, scan all email mailboxes regularly, download antivirus pattern updates on the hour and deploy antivirus updates to workstations using office scan_Occurs when the client machines are logged on and off).
The active directory will be broken down into six main organisation units.
1) Restricted
2) Contingent Users
3) Contingent Computers
4) Tech support
5) Computers
6) Ms Office Computers
All basic workstation accounts_SID information etc) will be in the computers containers. This will have no special policies applied. All normal and premium pc accounts will be in the Ms Office Computers container. When a PC logs on_and is present in this container) if ms office is not installed, it will install it_We will install it manually were able due to the LRE speed). It will also have a policy to assign Adobe acrobat reader and WinZip. All Contingent computers will be in the Contingent Computers container and have nothing special applied.
All users will be in the restricted container except contingent and tech support.
The policies on this restricted container will do the following: Setup the proxy address. Force the my documents path to the server, remove command.com, cmd.exe, regedit etc from use. It will set the default web home page to the intranet and brand their internet explorer with the AJ2004 logo. It will put a background logon onto the desktop and populate some basic URLS in internet explorer. It will lock down their desktop so that they will not have access to control panel, will not be able to change the start menu or task bar. They will not be able to run certain apps or install software. Basically lock them right down. They will be allowed to have basic passwords without complexity.
Tech support will be able to do everything as will contingents_As they are bringing their own pc's). The containers for these two will setup proxies, web sites etc_No real lockdowns).
The workstations will be running Outlook 2000/XP and will have access to exchange public folders. In these folders will be access to email addresses and phone numbers at the site. We can create multiple addresses lists and set permissions so only specific people access certain lists. These lists can be imported / exported via CSV and these can later be dumped into a MDB database and linked into the intranet for online address lists.
The users logging in will have special login scripts. These will create outlook stubs in the registry. This is written in windows scripting host format and only works on Windows 2000/XP or a Windows 9 x machines with WSH installed. It will also set their region to Australia. From here we let the user create their own email signature, turn on spell checking etc.
All user Login scripts will setup trend antivirus and update it's a/v pattern files. It will also link any special drives. Only people who request socks access_Ftp etc) will get the firewall client._Either manually installed or we create a script to do it on boot up). Their will be a special group for contingent so we do not overwrite their software etc / special logion script.
Printers will be published in the active directory but I suspect a tech will need to configure these.
From here the switch will go out to the hubs and the LRE switch which will terminate with a Single port CPE at the client end_Over copper). The old house may have some wireless 802.11b bridges and NIC's/PCMCIA cards as might the earth force activity.
All client pc's will use DHCP. Only the router, servers, PABX and laptops need static IP's.
From here, we use our own laptops and terminal server client to admin the servers from anywhere onsite or offsite. If it all goes to pot we can allow ourselves or other dial in users to come in through the stallion card and a pair of dial up modems in the AD server.
As we are the backbone, we need to provide services for
the bank, police, medical centre, post office, ambulance, Fuji Haminex web cafes, Cyber trek and Earth force. Mindvision will be the ISP to assist us through ISDN.
April 2003
news_Old news now):
We had just taken possession of a RACK cabinet. We were still to decide on the Router to use and would have some 802.11a/b on the network. We might have needed a Yagi antennae and would be using a lot of Cisco Aironet bridges. All of this would be tied together with LRE and CPE units.
(Basically we were setting up our own DSLAM DSL network.) We used an APC UPS on the HP and Dell Server. We had our own internal VHF Radio network_Wardens on Channel 15, I.T. on 18) and needed to configure all services for an Emergency Swap over for security and medical teams. We were using Intranet technology and OWA instead of Outlook on some machines. We planned to log data and phone calls.
News:
6/12/03 We were onsite and building our small City
