Jump to content

Rebuilding Our Lan Part 1: Windows Volume Licensing


Crushdepth

Recommended Posts

The LAN at my work is a total mess - there's been no centralised budgeting for IT so everyone has 'done their own thing' and now we have a veritable zoo of 20 PCs and laptops ranging from the ancient to the modern, running everything from Windows 98 and up. There is no file server, just a couple of hubs/switches and a lot of 'home wiring' running all over the place (including out windows and through the fish pond over which the 2-story building is built). There are 14 printers because the concept of sharing funding or cooperating is beyond the capacity of the staff, who up until now, have been fully in 'control' of their own IT purchases (IT'S MINE!!!).

In short, it is a LAN designed by Satan.

I would like to try and start sorting out the mess (we have a new boss who will make it possible). Things I would like to do are:

1. Develop a plan for rebuilding the LAN so that it is no longer a dogs breakfast, and reduce the amount of time we spend fixing things.

2. Set up a file server and decent backup facility so that staff can start sharing files and stop losing years of work when their hard drives crash. It would be nice to have a shared calendar.

3. Set up wireless internet access that is cleanly separated from the LAN - we don't like visitors plugging into our file system because they tend to be computer illiterate and horribly virus-ridden.

4. If possible, it would be nice to have some sort of centralised administration of our staff's computers to prevent them (say) disabling their anti-virus sofware to 'download their mail faster' or installing malware.

5. Long term goal is we would like a VPN with tight security, as our staff travel a lot.

I'm not a computer guy and haven't set up a network before so I could use a bit of help with this stuff (we do have a computer guy who has no concern at all about security or reliability, and who refuses to plan or write anything down). It's going to take a while to sort out so I'll throw questions up in stages I guess:

* In view of the above is it necessary to try and standardise the OS we use in the office (this might cost us a few of the older PCs and laptops but they also seem to cause the most problems). If so, is it worth hanging out for Vista or is XP the safest bet for the next few years? Is volume licensing a good idea?

* How can we centrally administer / lock down our staff's PCs so they can't mess around with them?

* What is the best option for running a file server (given that our PCs / staff are all Windoze). Our 'computer guy' insists that it should run on Linux - but is it feasible / sensible to mix it with a network of windows desktops?

* Any special software needed to run a file server? Our computer guy keeps waving around some freeware thing he found called webdrive but is this really the kind of mainstream non-dodgy solution I'm looking for? What do 'normal' people use?

Thanks for enlightening the ignorant.

Edited by Crushdepth
Link to comment
Share on other sites

The LAN at my work is a total mess - there's been no centralised budgeting for IT so everyone has 'done their own thing' and now we have a veritable zoo of 20 PCs and laptops ranging from the ancient to the modern, running everything from Windows 98 and up. There is no file server, just a couple of hubs/switches and a lot of 'home wiring' running all over the place (including out windows and through the fish pond over which the 2-story building is built). There are 14 printers because the concept of sharing funding or cooperating is beyond the capacity of the staff, who up until now, have been fully in 'control' of their own IT purchases (IT'S MINE!!!).

In short, it is a LAN designed by Satan.

I would like to try and start sorting out the mess (we have a new boss who will make it possible). Things I would like to do are:

1. Develop a plan for rebuilding the LAN so that it is no longer a dogs breakfast, and reduce the amount of time we spend fixing things.

2. Set up a file server and decent backup facility so that staff can start sharing files and stop losing years of work when their hard drives crash. It would be nice to have a shared calendar.

3. Set up wireless internet access that is cleanly separated from the LAN - we don't like visitors plugging into our file system because they tend to be computer illiterate and horribly virus-ridden.

4. If possible, it would be nice to have some sort of centralised administration of our staff's computers to prevent them (say) disabling their anti-virus sofware to 'download their mail faster' or installing malware.

5. Long term goal is we would like a VPN with tight security, as our staff travel a lot.

I'm not a computer guy and haven't set up a network before so I could use a bit of help with this stuff (we do have a computer guy who has no concern at all about security or reliability, and who refuses to plan or write anything down). It's going to take a while to sort out so I'll throw questions up in stages I guess:

* In view of the above is it necessary to try and standardise the OS we use in the office (this might cost us a few of the older PCs and laptops but they also seem to cause the most problems). If so, is it worth hanging out for Vista or is XP the safest bet for the next few years? Is volume licensing a good idea?

* How can we centrally administer / lock down our staff's PCs so they can't mess around with them?

* What is the best option for running a file server (given that our PCs / staff are all Windoze). Our 'computer guy' insists that it should run on Linux - but is it feasible / sensible to mix it with a network of windows desktops?

* Any special software needed to run a file server? Our computer guy keeps waving around some freeware thing he found called webdrive but is this really the kind of mainstream non-dodgy solution I'm looking for? What do 'normal' people use?

Thanks for enlightening the ignorant.

My first question would be budget, everything you have mentioned is a basic IT environment which most companies should have as an Initial building block, I worked for a large global company in their IT department working Global projects, the basic stuff is just deployment of Microsoft Office with outlook etc, a managed Lan and someone that can support it probably on a full time basis for a few monhs then part time, you can have everything you ask for provided you have the budget.

Link to comment
Share on other sites

Hi.

I walked into a similar mess as you're describing when a friend asked me to help him out at his office that had about 15 staff (now about 30). I tackled the cabling mess first and then moved onto centralised administration. Took about 1 month to get everything sorted but I had a plan and experience doing it in the past.

Your first steps.

Get / build a small server room with a mini rack and patch panels. Organise and label all wiring clearly, I got an outside contractor to redo all our office network cabling and power. Get a reliable UPS and power the rack with it.

Buy a rackmount server with Windows Server 2003 (Dell or the like) and an external hard drive enclosure / drives for backups. Set up a Windows login domain with user accounts for all staff.

Document everything! (floor /cabling plans, server setup / password etc, network diagrams).

As for your questions.

* If your want to use the security and policy features of Windows Server , you need to standardise all desktops to Windows 2000 at a minimum. I'd go with Windows XP, contact a local Microsoft reseller for details about volume licensing. The resellers here can also help you out with setting up Windows Server. XP will be supported for many years to come, so I wouldn't worry about Vista.

* Domain Policies and Active Directory makes it easy (after the learning curve) to centrally administer all desktops and lock down PC's. You can also standardise things like Office Templates, Internet Explorer settings , printers and much more.

* I wouldn't go with Linux for the file / print server unless you feel confident setting it up and dealing with incompatibilites. Linux doesn't have active directory and domain policies as well and It's far easier to find consultants / support for Windows. I use a Linux server for other tasks in the office (Web Server & Databases) , which are it's strengths.

Link to comment
Share on other sites

I made once a low cost version of it at university and one in Thailand.

Either one old computer with new HD get file-server or your own computer.

Mixed Win98/WinXP was not a problem. But it might be necessary to install all computer new and make a complete backup of the clean installation if you have such monkeys as I have in the office, as if they can they install whatever the find.

if possible remove Disk, CD drive and turn of usb support. That keeps the company files inside the viruses outside.

After looking the computers, I disabled for most people internet.

Argumenting that pornos are ilegal in Thailand (I found pictures, well I really saw things I never saw before and I am not inocent).

I would be afraid about Thais and wirless lan. Would only do hardwired.

Link to comment
Share on other sites

If you don't have dedicated (and capable) IT staf I would stay away from setting up a server as Simmo suggests. While an very capable and customizable system, Windows server 2003 requires quite a steep learning curve for the uninitiated in corporate networks...

I would try to keep it as simple and affordable as possible.

1) Clean up the cabling, label everything and assign fixed IP adresses to every machine. Write everything down to keep an overview. If you later want to troubleshoot it will be much easier with a map of what and who is where on the network.

2) Like H90 suggests, you can disable USB ports, cd drives etc in the bios to keep staff from putting things on the PC. Password protect the bios. For windows 2000 upwards create limited useraccounts instead of giving everybody the standard Administrator rights. This will already keep a lot of problems away, especially from those who don't know much about PC's.

3) Get network attached storage. D-link dns-120 fits the bill. You can hook two usb harddisk enclosures to it and hook it up to the network. Gives you instantly up to 800Gb of storage. Can be used for back-ups, file server, even has an ftp server built in for access over the internet(although I would question security on that one)...Supports hot swapping of the drives just like the real (expensive) server racks. You can also set up seperate user accounts and all this for slightly over 5000 Baht (without the hard drives of course)...

http://www.shop4thai.com/en/product/?pid=11323

4) If you want to share printers, get a network printer sharing box. Both USB and paralel models are availble so you should be able to get all existing printers going, without the need for dedicated PC's to be on all the time.

http://www.shop4thai.com/en/product/?pid=6743

5) You can keep internet access on the same network, but let the router's dhcp server assign adresses in a different IP range (e.g. put your fixed PC's on 192.168.10.XXX, but let the router give out adresses in the 10.0.0.XXX range). Remember that all the PC's on your network have to have their IP's fixed, otherwise they'll take an IP from your router's dhcp server, giving them internet access, but no access to the storage/shared printers!!! Visitor's PC's will by default search for a dhcp server, find your routers one, get an IP in the 10.0.0.XXX range giving them internet access but the rest of the network will remain invisible. Not very secure, but will keep out most people apart from dedicated hackers!

Link to comment
Share on other sites

If you don't have dedicated (and capable) IT staf I would stay away from setting up a server as Simmo suggests. While an very capable and customizable system, Windows server 2003 requires quite a steep learning curve for the uninitiated in corporate networks...

I would try to keep it as simple and affordable as possible.

1) Clean up the cabling, label everything and assign fixed IP adresses to every machine. Write everything down to keep an overview. If you later want to troubleshoot it will be much easier with a map of what and who is where on the network.

2) Like H90 suggests, you can disable USB ports, cd drives etc in the bios to keep staff from putting things on the PC. Password protect the bios. For windows 2000 upwards create limited useraccounts instead of giving everybody the standard Administrator rights. This will already keep a lot of problems away, especially from those who don't know much about PC's.

3) Get network attached storage. D-link dns-120 fits the bill. You can hook two usb harddisk enclosures to it and hook it up to the network. Gives you instantly up to 800Gb of storage. Can be used for back-ups, file server, even has an ftp server built in for access over the internet(although I would question security on that one)...Supports hot swapping of the drives just like the real (expensive) server racks. You can also set up seperate user accounts and all this for slightly over 5000 Baht (without the hard drives of course)...

http://www.shop4thai.com/en/product/?pid=11323

4) If you want to share printers, get a network printer sharing box. Both USB and paralel models are availble so you should be able to get all existing printers going, without the need for dedicated PC's to be on all the time.

http://www.shop4thai.com/en/product/?pid=6743

5) You can keep internet access on the same network, but let the router's dhcp server assign adresses in a different IP range (e.g. put your fixed PC's on 192.168.10.XXX, but let the router give out adresses in the 10.0.0.XXX range). Remember that all the PC's on your network have to have their IP's fixed, otherwise they'll take an IP from your router's dhcp server, giving them internet access, but no access to the storage/shared printers!!! Visitor's PC's will by default search for a dhcp server, find your routers one, get an IP in the 10.0.0.XXX range giving them internet access but the rest of the network will remain invisible. Not very secure, but will keep out most people apart from dedicated hackers!

I don't like the idea of usb harddisks, that is a bit slow.

But there are "network drives" arround. Or you just take an older computer, if still working stable nearly any computer can do that, put 2-4 HD inside (if 4 you may need good cooling) and you have your fileserver. If I am right (not sure) there are software raid solutions arround as well.

But depends on how much money you want to spend.

Link to comment
Share on other sites

A good Linux server with Samba 3.XX server installed will do fine, if you worried about support buy Red Hat Enterprise server.

External hard drives, buy a few external eSATA cases and SATA hard drives, example the Seagate ST3750640AS 750GB Serial ATA-2 drive. I have very good experience with the Seagate 7200.10 serie drives.

In one server I run two ST3320640AS (640GB total) in a RAID-0, it is very fast. We uses in that server one ST3750640AS (1x750GB) for backup.

Link to comment
Share on other sites

Why would the USB drives be slower???

USB2 supports speeds of up to 400Mbps, although practically external harddrives only achieve speeds of between 200-250Mbps (30 MBps).

Normal 10/100 ethernet's theoretical speed is 100Mbps but practically on an average network you'll not even achieve half of this, a quarter of what USB2 can achieve!!!

The bottleneck is clearly the network here, not the USB transfer ratio.

Even internal drives on ata 133 running in UDMA6 mode rarely achieve the theoretical topspeed of 133 MBps, but more likely something like 50-60MBps. So compared to an internal drive an external harddrive will take a performance hit of up to 50%, but try to access either the external or the internal drive through a network and you'll see no difference at all since both will outperform the network capacity by a big margin...

Would be different of course on a gigabit network, but I'm pretty sure Cruchdepth's boss is not going to cough up the cash for that :o:D

And I do like the ease of easily changing drives, easy upgrade paths with external SATA2 boxes readily available...

And if you really don't like USB, then go for Netgear's offering, wich allows two IDE drives of any size to be put in...

http://www.shop4thai.com/en/product/?pid=15197

Link to comment
Share on other sites

I have to withdraw my comment about the netgear stuff since it requires a driver to be installed on each and every PC on the network, and that only win2000/XP is supported!

One more option is

http://www.shop4thai.com/en/product/?pid=12150

More expensive, but also more capable, with an onboard CPU and 64MbB memory to get things working...

RichardBKK might like the fact that this box is actually running an embedded Linux OS with Samba server... At 10500 Baht a very honest price in my opinion...

Link to comment
Share on other sites

hmm just tested external HD on USB and transfer over network.

USB is faster :-(

Maybe I had the old USB in mind.....

So sorry you are right :o

Why would the USB drives be slower???

USB2 supports speeds of up to 400Mbps, although practically external harddrives only achieve speeds of between 200-250Mbps (30 MBps).

Normal 10/100 ethernet's theoretical speed is 100Mbps but practically on an average network you'll not even achieve half of this, a quarter of what USB2 can achieve!!!

The bottleneck is clearly the network here, not the USB transfer ratio.

Even internal drives on ata 133 running in UDMA6 mode rarely achieve the theoretical topspeed of 133 MBps, but more likely something like 50-60MBps. So compared to an internal drive an external harddrive will take a performance hit of up to 50%, but try to access either the external or the internal drive through a network and you'll see no difference at all since both will outperform the network capacity by a big margin...

Would be different of course on a gigabit network, but I'm pretty sure Cruchdepth's boss is not going to cough up the cash for that :D:D

And I do like the ease of easily changing drives, easy upgrade paths with external SATA2 boxes readily available...

And if you really don't like USB, then go for Netgear's offering, wich allows two IDE drives of any size to be put in...

http://www.shop4thai.com/en/product/?pid=15197

Link to comment
Share on other sites

No problem :D

Yep, the old USB1 was a certified dog with theoretical speeds of 12Mbps, which it never even reached :D

Now for really fast transfers the firewire 800 standard beats USB by a pretty big margin, even firewire 400 is still faster then USB.

I still don't understand why pretty much every laptop comes with firewire standard, even the cheaper ones, but you hardly ever see it on a desktop PC :o

Link to comment
Share on other sites

If you don't have dedicated (and capable) IT staf I would stay away from setting up a server as Simmo suggests. While an very capable and customizable system, Windows server 2003 requires quite a steep learning curve for the uninitiated in corporate networks...

Fair enough, generally you would get a consultant to set up the server and domain if you don't have the time or inclination to learn, although I don't think its to hard for a small business type setup. There is a wizard that runs after install that makes it simple to setup File Shares, User Accounts, DNS, DHCP etc. I can tell you it's much much easier to setup now than Windows NT Server was :o

To do the kind of desktop lockdown and centralised software management he wants Active Directory is the best and cheapest solution.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...