UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON. O.C. 20460
JUN uses
OFRCS OF
ADMINISTRATION
AND RESOURCES
MANAGEMENT
MEMORANDUM
SUBJECT: Local Area Network Policy Directive (#88-02)
PROM: Edward J. Hanley/ Director/
Office of Information Resources Management
TO: Senior IRM Officials
Major System Managers
Regional and Field IRM Managers
In order to enable EPA to acquire and to manage Local Area
Network (LAN) technology, my office has developed the attached
LAN Policy Directive.
I would like to draw your attention to several features of
this policy. Selection of an able LAN Administrator is vital to
the successful use of LAN technology. This person must be,designated
at the onset of the planning process so that he or she can oversee
the development of a design tailored to user needs. During the
design and installation phases of adopting LAN technology, the
LAN Administrator's job will essentially be full-time. The
duration of these phases and the workload in the later, permanent
phase of ongoing support will vary according to the complexity of
the LAN design. A small LAN may require only a few hours per
week of support, whereas a large LAN may require a full-time
Administrator.
LANs raise important issues of connectivity with other
Agency resources and continuing compatibility with the Agency
architectural strategy for providing computer resources. LANs
must conform to the Agency requirements set forth in this policy.
Thus, procurements of LAN hardware and operating system software
must be approved by Director, National Data Processing Division
(NDPD). This approval is granted"by submittal of a LAN tele-
communication service request (TSR) and NDPD approval. LAN
procurement request forms must also be approved by the cognizant
Senior IRM Official.
-------�
- 2 -
Procurements of LAN hardware and operating systems must be
made through the Agency-wide LAN contract. LAN components are
too numerous for the Agency to procure in a timely manner through
piecemeal procurement requests. Fully integrated LANs, on the
other hand, tend to be too expensive to qualify for small purchase
procedures. Therefore, EPA has established an Agency LAN contract
to simplify and shorten the procurement process. This contract
offers options to buy design, installation, repair and training
services as well as LAN hardware and software. First consideration
for buying LAN services should be given to using the EPA LAN
contract.
Procurements of LAN applications must be in accordance with
the "EPA IRM Policy Manual." It is Agency Policy to use existing
government applications or "off-the-shelf commercial applications
whenever possible. Whenever custom programming is required,
development efforts must conform to the Agency's system development
life cycle methodology set forth in the "EPA System Design and
Development Guidance."
Detailed information on how to obtain and to manage LAN
technology is contained in "Local Area Network Technical Guidelines
which will be forwarded by separate correspondence.
If you have any questions about this LAN Policy Directive,
please contact Connie Tasker at 475-8675.
Attachment - - - .
cc: OIRM Division Directors
Director, NDPD
Director, PCMD
-------�
OIRM POLICY DIRECTIVE 88-02
06/14/88
LOCAL AREA NETWORKS (LANS) OP PERSONAL COMPUTERS
1. PURPOSE. This policy establishes the principles that govern
the acquisition, installation and management of Local Area
Networks (LANs) of personal computers. This policy also
defines roles and responsibilities for implementing these
principles.
2. SCOPS AND APPLICABILITY. This policy applies to all EPA
organizations and their employees. It also applies to the
personnel of agents (including State agencies/ contractors
and grantees) of EPA who are involved in the design, develop-
ment, acquisition, operation and maintenance of Agency LANs.
3. BACKGROUND.
a. The objectives of this policy include the following:
(1) Improve the EPA end-user computing environment and
access to information resources by making personal
computing more effective through networking.
(2) Ensure that new investments in computer technology
adhere to the Agency's existing and planned computer
architectural strategy for connectivity.
(a) Connectivity among LANs is crucial because EPA
employees are widely dispersed, yet they have
critical needs to share and/or transmit data.
(b) This requirement for connectivity is heightened
by EPA's commitment to a State/EPA data manage-
ment program.
(c) Since LANs are a long term investment, they must
satisfy the Agency's future connectivity require-
ments as well as present ones.
(d) EPA investments in LAN technology must satisfy
multiple connectivity conditions, among these:
- Allow the sharing of data across the EPA Wide
Area Network
- 1 -
-------�
OIRM- POLICY 'DIRECTIVE 88-02
-. Allow the transfer of data across the EPA Wide
Area Network
- Allow access to the Agency1 s. electronic mail
system
- Allow communications between different brands
of computers in the same PC family (for example
IBM PC/AT and the EPSON Equity III-*-) on the LAN
- Allow communication from the LAN to different
types of computers (including minis, mainframes.
terminals and PCs).
(3) Provide resource sharing mechanisms to permit the •
sharing of printers, gateways, bridges and files
(4)
topologies, two multiuser systems and a LAN operating
system that can accommodate this diversity.
(5 ) Require LAN operating systems that offer sophisticated
security features. EPA maintains many kinds of
sensitive data which LANs must be able to protect.
The Agency can be subject to litigation if certain
business or personal information is inadvertently or
maliciously disclosed.
b. A practical consideration to implemention of this policy
is that the Agency must require prospective users to
procure LAN technology from established Agencywide contracts
LAN components are too numerous for the Agency to procure
in a timely manner through piecemeal procurement requests.
Fully integrated LANs, on the other hand, tend to be too
expensive to qualify for small purchase procedures. Thus
EPA has established an Agency LAN contract to simplify
and to shorten the procurement process.
c. The overriding requirement for LAN connectivity raises
essential issues of Agency computer architecture. Thus,
the Director, National Data Processing Division (NDPD)
will review LAN proposals for compliance with LAN Policy
and to assist users in anticipating the full support
requirements of LAN technology.
- 2 -
-------�
OIRM POLICY DIRECTIVE 88-02
4. AUTHORITIES.
a. Public Law 98-369, Title VII (The Competition in
Contracting Act of 1984).
b. EPA Information Resources Management (IRM) Policy Manual.
5. POLICY.
a. Any Agency organization may install a LAN provided that:
(1) the proposed configuration meets the requirements
identified in the appendix to this document and
(2) a Telecommunication Service Request (TSR) and
associated LAN planning forms, set forth in LAN
Technical Guidelines, are approved by NDPD.
b. All LAN technology and services must be procured from the
Agencywide contracts when available.
c. NDPD will support connection from a LAN gateway to the
EPA Wide Area Network, providing wiring and modems as
necessary. The Office of Administration and Resources
Management-RTF (OARM-RTP) will support in-wall LAN cabling
as necessary in Headquarters, Research Triangle Park and
Cincinnati. The Assistant Regional Administrators (ARAs)
for management will support in-wall wiring for their
areas. All other LAN expenses, including but not limited
to hardware, software, design, training and maintenance
must be funded by the organization using a LAN.
d. All Agency LAN users must comply with manufacturer licenses
and proprietary rights. Osers are not entitled to share
a proprietary application among LAN workstations if it
was sold for exclusive-use on a single computer. The
proprietary rights to software differ from one firm -to
the next. Violators of these rights expose themselves co
legal penalty.
e. Sensitive data which are maintained on Agency LANs must
be protected from improper access, use, alteration or
disclosure.
f. All Agency LANs must conform to building codes.
- 3 -
-------�
OIRM POLICY DIRECTIVE 88-02
g. Agency LANs must adhere to certain protocols of Committee
802 of the Institute of Electrical and Electronic Engineer.:
(IEEE). EPA LANs will follow the 802.2 Data Link Layer
protocol and either the 802.3 (a bus using CSMA/CD as the
access protocol) or the 802.5 (a ring using token
passing) Physical Layer protocols.
h. Communication between a LAN and EPA mainframes and logical
mainframes must conform to System Network Architecture
(SNA).
i. Every Agency LAN must have an assigned LAN Administrator.
Selection of an Administrator is an important aspect to
the successful use of LAN technology.
(1) The Administrator must be designated at the onset of
the planning process so that he or she can work with
NDPD and, if needed, with design engineers to develop
an effective LAN configuration.
(2) The LAN Administrator will serve as the point of
contact with NDPD. He or she will be responsible for
overseeing or performing the following tasks: LAN
installation, user training, ongoing maintenance of
both hardware and software, system backups and network
security management. The LAN Administrator is respon-
sible for the continuing conformance to Agency policy
over the life of the LAN. A full description of the
LAN Administrator duties is included in the LAN
Technical Guidelines.
(3) The amount of time required by the role of LAN
Administrator will vary by the complexity of the
network. The design, installation and' initial opera-
tion phases for a network of any size will require
virtual full-time commitment from the Administrator.
Thereafter, a small network (under 10 stations) may
account for around 10% of an Administrator's time,
whereas a large network may require a full-time
commitment.
j. NDPD will review all LAN TSRs. At a minimum, LAN TSRs
will include the identification of the LAN Administrator,
the configuration and the facility wiring. An approved
LAN TSR is required for each LAN prior to installation of
the LAN components. Procurement requests must be approved
by the cognizant Senior IRM Official.
- 4 -
-------�
OIRM POLICY DIRECTIVE 88-02
6. RESPONSIBLITISS.
a. The Office of Information Resources Management (OIRM)
shall:
(1) Develop and promulgate policy governing Agency LANs.
(2) Develop and promulgate guidance on LAN applications
development.
(3) Develop and promulgate guidance on LAN information
security.
.(4) Develop and promulgate EPA requirements governing
applications for personal computers and LANs.
b. The Office of Administration and Resources Management-RTP
(OARM-RTP) and National Data Processing Division (NDPD)
shall:
(1) Develop guidance and programs to ensure that Agency
LANs are acquired, installed and managed in accord
with this policy.
(2) 'Provide guidance and assistance to Assistant Adminis-
trators/ Associate Administrators and Regional
Administrators in implementing the requirements of
this policy.
(3) Provide technical advice and assistance to EPA on
LAN technology.
(4) Develop hardware and software requirements for EPA
LANs that support the objectives of this policy.
(5) Establish and manage EPA LAN acquisition contracts.
(6) Review LAN TSRs to ensure proposed LANs comply with
the requirements of this policy and with LAN Technical
Guidelines.
(7) Provide telecommunications support between LAN
gateways and the EPA Wide Area Network.
(8) Provide in-wall wiring as necessary at Headquarters/
Research Triangle Park and Cincinnati.
- 5 -
-------�
OIRM POLICY DIRECTIVE 88-02
c. Assistant Administrators, Associate Administrators, "the
General Counsel, the Inspector General/ Regional Adminis-
trators shall assure that the acquisition, installation
and management of LANs under their direction are in accord
with this policy.
d. The Senior Information Resources Management Officials
(SIRMOs) shall:
(1) Review justifications and management plans for LAN
technology to be acquired by their organizations.
(2) Review procurement requests for LAN technology
submitted by their organizations.
(3) Designate an Administrator for each LAN in their
cognizance.
e. The LAN Administrators shall oversee the completion of,
or perform the following tasks:
(1) Develop the design of their LAN.
(2) Oversee or perform the installation of their LAN.
(3) Manage or perform daily operation and maintenance of
their LAN.
(4) Serve as point-of-contact with NDPD for LAN.
(5) Ensure compliance with guidance on LAN data security.
-. ..(•€) Ensure users are trained on LAN technology.
DEFINITIONS.
a. "Applications software" are programs that make computer
hardware and operating systems perform a useful function.
Spread-sheet and word-processing applications are two
examples.
b. "Bridge" is software and hardware which joins physically
separate network systems into a single logical network.
Bridges allow users on one network access to the resources
on the other network.
- 6 -
-------�
OIRM POLICY DIRECTIVE 88-02
c. "Ethernet" is a local area network based on a bus wiring
topology using carrier sense multiple access with collision
detection for access (CSMA/CD). Also, an IEEE 802.3
standard. Ethernet is commonly used as the LAN of choice
in the DEC VAX world.
d. "Gateway" is a communications link between a LAN and a
device external to the LAN. A gateway may. perform both
protocol and bandwidth conversion.
e. "Local Area Network (LAN)" is a communications system which
connects a number of personal computers and their peripheral
components over a small geographical area. LAN communica-
tion is usually subject to some constraints. Depending
on the type of technology, LAN communication may be indirect
— through a file server — and limited to certain functions
A LAN may offer equipment economies and productivity
gains by permitting the sharing of printers, communication
gateways and files. Its costs include expenses for design,
installation, hardware, operating system, applications,
training, maintenance and personnel.
f. "Multiuser System" is used to describe systems that allow
many users (at separate workstations) to share its system's
processing power, and perhaps to also share data and
peripherals (printers, disks, etc.). The NetWare Operating
System is a multiuser system.
g. "Server" is a hardware/software device acting as an
interface between a LAN and a peripheral device. A file
server allows users at other workstations to use the
server's hard disk storage.
h. "Systems Network Architecture (SNA)" is a communications
architecture used in the IBM world of computing that is
commonly supported by most computer manufacturers. SNA
defines logical structures, formats, protocols and proce-
dures for exchanging information on a data communications
network.
i. "Token Ring" is a local area network (LAN) based on a
star-shaped ring wiring topology using a controlled token
for. access. It is also the IEEE 802.5 standard. Token
ring networks are IBM's strategic LAN products in this
area.
- 7 -
-------�
OIRM POLICY DIRECTIVE 88-02
j. "Topology" is the physical layout of a LAN. Common
topologies are bus, ring and star.
Je. "Wide Area Network (WAN)" is a communications system which
connects computers together over a large area (such as
across the nation). A WAN generally has three characte-
ristics which distinguish it from a LAN. A WAN involves
communication speed degradation/ protocol translation and
telephone communication.
- 8 -
-------�
Appendix to LAN Policy Directive 88-02
••-•- — EPA STANDARDS FOR LOCAL AREA NETWORKS OF
PERSONAL COMPUTERS
This document defines EPA standards for microcomputer Local
Area networks (LANs). The first section contains general standards
that apply to all EPA LANs. Ensuing sections pertain to specific
workstation types.
1. ' STANDARDS THAT APPLY TO ALL LANS
a. IBM 3270 Emulation-SNA Gateway: Every LAN must be able
to employ a SNA gateway so as to permit at a minimum:
3278 emulation; Synchronous Data Link Control (SDLC);
line speed at 9600 bps or greater; IBM File Transfer
Program to provide file up/download with the mainframe;
and 8 simultaneous sessions to be shared across the
network.
b. Asynchronous Gateways: Every LAN must be able to
employ an asychronous gateway so as to permit at a
minimum: dial-in/out; and remote network access to
up/download files and to share applications.
c. LAN-to-LAN Communications: Every LAN must be able to
employ a bridge that operates at network speed so as
to permit connection of two physically distinct LANs.
With such a bridge, two LANs would appear as a single
logical network.
d. Atypical Computer Interface: Every LAN must be able
to employ an interface so as to permit connection of
different brands of computers. For example, an Apple
workstation must have a Token Ring card to operate on
a PC/MS DOS Token Ring LAN, whereas a PC/MS DOS station
must have a TOPS interface to operate on an Appletalk
LAN.
2. STANDARDS FOR PC/MS DOS AT-COMPATIBLS WORKSTATIONS
a. Present Equipment: Agency standard PC/AT or compatible
workstations (80x8xfamily with PC/MS DOS 3.3 or later
and memory of at least 512kb).
fa. LAN Hardware: Token Ring Network with shielded twisted
.. -. pair wiring. A detailed list of components are available
from NDPD.
The Token Ring must meet the Institute of Electrical.
and Electronics Engineers (IEEE) 802.5 Token Ring" and
802.2 link level protocol standards.
- 1 -
-------�
OTHM -POL-ICr'DIRECTIVE APPENDIX
88-02
It must also support direct connection to 3174, 3720
and 3725 controllers and support up to 50 nodes on each
ring. The ring must be connected by either shielded or
twisted pair telephone wire that supports a speed of a
minimum of 4 Mbps.
c. LAN Software; Novell Advanced Netware.
Novell's Advanced Netware provides high performance
file, disk and printer sharing. The files and printers
appear to be local to the user's PC but are centralized
for information sharing and routine backup. Advanced
Netware is a full operating system and provides sophis-
ticated security for files.
d. LAN File Server: PC/MS DOS Workstation (640Kb memory
required) with Novell Advanced Netware.
The server must have a minimum of 640Kb of memory and
sufficient hard disk storage to meet the needs of users.
A separate copy of Netware is required for each system
identified as a server. The LAN Administrator assigns
access rights to files and disk.
e. LAN Printer Server: PC/MS DOS Workstation (640Kb
memory required) with Novell Advanced Netware.
The file and printer servers are generally the same
system. Multiple printers can be attached to a single
server. Netware gives sophisticated print queue
management.
3. STANDARDS FOR DEC WORKSTATIONS
a. Present Equipment: VT100 and VT220 terminals or personal
computers with VAX minicomputers as the primary computing
resource.
b. LAN Hardware: VAX minicomputers with Ethernet.
DEC uses IEEE 802.3 Ethernet, which is a bus network
with a Carrier Sense Multiple Access with 'Collision
Detection (CSMA/CD) type access. It transmits at
lOMbps.
- 2 -
-------�
OIRM POLICY DIRECTIVE APPENDIX
88-02
c. LAN Software: DECnet Network Operating System.
DECnet provides file and printer sharing/ electronic
messaging and remote log in. This file sharing does
not permit execution of PC DOS or Macintosh programs
on the VAX, but does allow the storing and retrieval
of files on the VAX. Since the VAX is a powerful mid-
range computer system, using VAX programs on the VAX
gives this LAN good performance for multiuser applica-
tions. However, PC information sharing applications
cannot be directly executed on the VAX.
d. LAN File Server: Standard on the VAX.
The VAX has large mass storage. File server software
is a part of the DECnet operating system. Multi-user
file sharing is possible. Users can store and retrieve
their PC files on the VAX. Security is built into the
VAX system.
e. LAN Printer Server; Standard on the VAX.
The VAX can support multiple printers. Printer server
software is a part of DECnet. Sophisticated print
queue management is standard. Some PC printer
applications are possible.
4. Standards for Prime Workstations:
a. Present Equipment: PT200 terminals or personal computers
with Prime systems as the primary computing resource.
b. LAN Hardware: Prime systems with Prime Ethernet.
Prime uses the IEEE 802.3 Ethernet, which is a bus-type
network with CSMA/CD type access. It transmits at
lOMbps.
c. LAN Software: PRIMSNET.
PRIMSNET offers complete network services, including
disk and printer sharing, electronic messages, and
remote login. PRIMENET does.not execute PC DOS or
Macintosh programs on the Prime, but it does permit
storing and retrieval of files from the Prime. Since
-------�
OIRM POLICY DIRECTIVE APPENDIX
88-02
the Prime is a powerful minicomputer system, this LAN
offers good performance for multi-user applications
using Prime software on the Prime system. PC information
sharing applications cannot be directly executed on the
Prime.
d. LAN Pile Server: Standard on the Prime.
The Prime has large mass storage. File server software
is part of the PRIMOS operating system. Multi-user file
sharing is possible. Also, security is built into the
system. With additional software, PRIMELINK, on both
the PC and the Prime, virtual PC disks are available on
the Prime.
e. LAN Printer Server: Standard on the Prime.
The Prime can support multiple printers. Printer
server software is part of the PRIMENET operating
system. Sophisticated print queue management is
possible. Some PC printer applications are possible.
5. STANDARDS FOR MACINTOSH WORKSTATIONS
a. Present Equipment: Macintosh SE or II workstations.
b. LAN Hardware: Appletalk LAN with Farallon PhoneNET
medium. A detailed list of components is available
from NDPD.
Macintoshes can be connected via Appletalk LAN over
twisted pair wiring using the Farallon PhoneNET medium.
Macintosh family members all have the hardware to
connect to Appletalk LAN and the Appletalk network
interface is provided with the LaserWriter printer.
If you have a Macintosh and a LaserWriter, you have
a one system network.
c. LAN Software: Centram Systems West's TOPS.
The basic application for Appletalk is sharing Laser-
writer printers. TOPS is a simple networking system
that allows simple file and printer sharing.
- 4 -
-------�
OIRM POLICY DIRECTIVE APPENDIX
88-02
d. LAN File Server: Centram Systems West's TOPS Pile
Spooler.
TOPS File Spooler provides file/disk sharing. The
files shared can be on a dedicated Mac or on several
user's Macs on the LAN. TOPS allows other Macs on the
LAN to share files on the server as if they were on the
Mac's local floppy or hard disks.
e. LAN Printer Server: Centram Systems West's Tops Print
Spooler.
Without TOPS, only one terminal at a time can use the
printer. That is/ if one user is printing/ that system
is tied up until the printing is done and other users
that want to print must also wait. TOPS spools the
print to a single system which acts as the print server
and thus frees the other Macs.
- 5 -
-------� |