Network and Server Setup

C

CoalFieldsGK

Member
Joined
Feb 5, 2013
Messages
11
Reaction score
0
Location
Middelburg, Mpumalanga
I've been put in charge of restructuring the network and server setup at my office.
But the problem is that my knowledge of these matters is rather limited.

The company has various divisions running in the same building, electronics store with 8 sales users and 4 support users running Pastel 14.
Then also the mining/industrial division with 16 users. Also 8 remote offices situated at mines with about 20 users.
The owner wants to have as much control as possible over what the users are doing on their computers due to abuse and theft of company information in the past.

The server is an old Pentuim 4 and the network has been added on each time the business has expanded so everything has to be redone.

Any suggestions or advice would be greatly appreciated.
 
I have PMed you requesting more info ... on your current set up will be only able to advise / help after getting the info from you
 
First off, what is the current server room like? Is it a walk-in safe, or just a normal office with fake ceiling?

If it's a walk-in safe, then you will need to plan very carefully.
But if it's a normal office with fake ceiling, can you place the new equipment in the adjacent office? Cables can go over the wall (it will only be temporary).

More importantly, what is your budget?

Must everybody access the same information, or do you want to keep information separate from users?

Must it be Windows or Linux?

How are the remote sites connecting? (fiber, dial-up modem, fixed wire, 3g, and also do they use pptp vpn or is there a vpn tunnel between headoffice and remote sites?)

Current backup power systems? (UPS/generator)

Is this an Active Directory system?

How is emails collected/sent? (hosted exchange, or just plain pop3/smtp clients connecting to gmail)?

Will remote access be needed for remote admin?

Server - do you require RAID or just a basic server?

How will you back your data up? (removable hard drive, tape streamer)

Pastel - what is the current environment, and need it to be upgraded?

Do you require a firewall (pfSense/Smoothwall) to control internet access (block/allow certain sites)?

Do you require VLAN's?

Which antivirus product do you want to use?

edit : do you require a wifi segment with throttled/controlled internet access?

You can PM me with more information.
 
Last edited:
Also what is the budget here?
Budget dictates a lot of things. You can give your boss massive granular control over everything, but it gonna cost.
and so on
 
syntax said:
Also what is the budget here?
Budget dictates a lot of things. You can give your boss massive granular control over everything, but it gonna cost.
and so on
Click to expand...

Eeee-yep. No good in wanting Cisco switches and top of the line gear and all that stuff, but only having a R10k budget...

If you can give us your budget and what you require (as per my post) then we can put our heads together and decide on a plan of action.

Anybody willing to assist with this project? :) Should be a fun thing to do - assisting a fellow forumite remotely :)
 
im more than happy to assist!

I can help out with the networking / Firewall / DLP / Encryption side of things
 
I can help with your group policies, AD, VM as well as the pastel setups.
Do you have workgroup, or client server? Any site licenses?
 
I will be willing to co-ordinate the various groups as well as help out with firewalling (smoothwall or pfSense) and give assistance whenever needed and when I am able to give such... :)
 
:erm: client licencing is quite an oversight, thanks for bringing it up - you WILL need it as M$ may conduct a surprise audit...
 
One more thing.

A current network map as to what is going on currently. For security reasons omit IP addresses as well as send it via PM to the contributors in this thread.
 
Not to be a complete douche, why not hire someone that has studied this career path?
 
CoalFieldsGK said:
I've been put in charge of restructuring the network and server setup at my office.
But the problem is that my knowledge of these matters is rather limited.

The company has various divisions running in the same building, electronics store with 8 sales users and 4 support users running Pastel 14.
Then also the mining/industrial division with 16 users. Also 8 remote offices situated at mines with about 20 users.
The owner wants to have as much control as possible over what the users are doing on their computers due to abuse and theft of company information in the past.

The server is an old Pentuim 4 and the network has been added on each time the business has expanded so everything has to be redone.

Any suggestions or advice would be greatly appreciated.
Click to expand...

The fact that you, and not a professional ICT company, has been put in charge of this project, means only one thing: the owner is a cheapskate and you will have no budget to work with.

Run a way...now! I see this happen every day. Business owners that want the perfect ICT environment bit do not want to spend any money.
 
CoalFieldsGK said:
I've been put in charge of restructuring the network and server setup at my office.
But the problem is that my knowledge of these matters is rather limited.

The company has various divisions running in the same building, electronics store with 8 sales users and 4 support users running Pastel 14.
Then also the mining/industrial division with 16 users. Also 8 remote offices situated at mines with about 20 users.
The owner wants to have as much control as possible over what the users are doing on their computers due to abuse and theft of company information in the past.

The server is an old Pentuim 4 and the network has been added on each time the business has expanded so everything has to be redone.

Any suggestions or advice would be greatly appreciated.
Click to expand...

Workout what your companies telecommunications requirements and service levels are and then go out on RFx.

If ICT is a supporting business function, don't waste your time insourcing or attempting to build the capability.

Try and look at this from a total cost of ownership perspective ( acquire , maintain, retire)
 
Thank you for all the replies, its greatly appreciated.

*Firstly, the server room is a normal office dedicated to the server.
*Because the office is home to various companies (electronics, mining, transport, property) owned by the same person the data must be separated.
*It must be Microsoft as I am busy doing my MCSA.
*The remote sites are connected via WiFi, we have spent quite a substantial amount on installing satellite, etc. onto Sentec towers to provide coverage to all the sites.
*No VPN at this stage, but that is going to be the next step.
*We are running a pretty hefty generator and UPS, but i would still like to have some form of UPS/inverter on the server.
*No AD at this stage, but also something that needs to be implemented with the new server.
*Emails are POP/SMTP handled by Hetzner, but would want to move to a MS Exchange.
*Remote access to the server will be required.
*Would like to go the RAID route, either RAID5 or RAID 10.
*Data backup would be a combination of cloud storage and removable hard drive.
*Pastel 14 and Pervasive 10 is currently running on the server.
*Yes, a firewall is required to block access to the internet.
*VLAN's are required to separate the various departments/companies.

Now the big thing, budget, there isn't a lack of money to do this project.
I just need to be able to back up the reason for the cost.
So we are looking at around R100K/R150K

Once again, I appreciate all your assistance.
 
So now we have a clearer sense of where we want to go...

1. can somebody price the stuff?
2. Totally separate and diverse departments/data... this is going to be soooo much fun. Who have experience with Active Domain - will an Active Domain with more than one domain on one server be possible? Or will you have to create several virtual servers, one for each company?
3. I would strongly suggest have VPN tunnels between all the sites. This will be a schlepp, but much safer as any ne'er-do-well who try to hack the network won't be able to get in.
4. You state you want to use Exchange. Will you host it yourself (you will be responsible for licencing/upgrades/patches etc), or can it be an Hosted Exchange (somebody hosts the Exchange server itself, but you will not be responsible for licencing/upgrades/patching etc).
5. Remote access won't be a problem, as long as it's done over a VPN (and not have the RDP terminal listen directly to the WWW).
6. STAY AWAY FROM RAID5. The reason for this is that if one disk fails, and you start a rebuild, and a second disk fails during the rebuild, you're screwed. RAID10 or RAID6/60 is much safer (RAID 6 allow two disks to fail). RAID10 is optimized for speed, but half your disk space is taken away by redundancy. Others can have their view/input on this matter.
7. VLAN's need managed switches. HP or Cisco switches? Don't buy a cheapy switch, these don't have proper VLAN implementation on.

It is suggested to have AD in place on the server before deployment as deploying AD after server/network installation will be a logistics nightmare. (I may be wrong here).
 
The_Librarian said:
So now we have a clearer sense of where we want to go...

1. can somebody price the stuff?
2. Totally separate and diverse departments/data... this is going to be soooo much fun. Who have experience with Active Domain - will an Active Domain with more than one domain on one server be possible? Or will you have to create several virtual servers, one for each company?
3. I would strongly suggest have VPN tunnels between all the sites. This will be a schlepp, but much safer as any ne'er-do-well who try to hack the network won't be able to get in.
4. You state you want to use Exchange. Will you host it yourself (you will be responsible for licencing/upgrades/patches etc), or can it be an Hosted Exchange (somebody hosts the Exchange server itself, but you will not be responsible for licencing/upgrades/patching etc).
5. Remote access won't be a problem, as long as it's done over a VPN (and not have the RDP terminal listen directly to the WWW).
6. STAY AWAY FROM RAID5. The reason for this is that if one disk fails, and you start a rebuild, and a second disk fails during the rebuild, you're screwed. RAID10 or RAID6/60 is much safer (RAID 6 allow two disks to fail). RAID10 is optimized for speed, but half your disk space is taken away by redundancy. Others can have their view/input on this matter.
7. VLAN's need managed switches. HP or Cisco switches? Don't buy a cheapy switch, these don't have proper VLAN implementation on.

It is suggested to have AD in place on the server before deployment as deploying AD after server/network installation will be a logistics nightmare. (I may be wrong here).
Click to expand...

1. I'm sure there is somebody, heck I can do this.
2.That will be fun, I would suggest 1 domain to rule them all, less administration, but if security is really an issue I would suggest some vm DC's with a central firewall, proper VLANning and proper ACL's on the firewall for accessing (I reckon that will be an overkill).
3. Agreed, this is an absolute must.
4. I would maybe look at Office 365 since there are remote sites involved.
5. Yip, OpenVPn will suffice.
6. Agreed on RAID5, I suppose it depends what the role of the server is and what is required from it.
7. Get proper switches, Like Libs said no cheappies.
 
The_Librarian said:
So now we have a clearer sense of where we want to go...

1. can somebody price the stuff?
2. Totally separate and diverse departments/data... this is going to be soooo much fun. Who have experience with Active Domain - will an Active Domain with more than one domain on one server be possible? Or will you have to create several virtual servers, one for each company?
3. I would strongly suggest have VPN tunnels between all the sites. This will be a schlepp, but much safer as any ne'er-do-well who try to hack the network won't be able to get in.
4. You state you want to use Exchange. Will you host it yourself (you will be responsible for licencing/upgrades/patches etc), or can it be an Hosted Exchange (somebody hosts the Exchange server itself, but you will not be responsible for licencing/upgrades/patching etc).
5. Remote access won't be a problem, as long as it's done over a VPN (and not have the RDP terminal listen directly to the WWW).
6. STAY AWAY FROM RAID5. The reason for this is that if one disk fails, and you start a rebuild, and a second disk fails during the rebuild, you're screwed. RAID10 or RAID6/60 is much safer (RAID 6 allow two disks to fail). RAID10 is optimized for speed, but half your disk space is taken away by redundancy. Others can have their view/input on this matter.
7. VLAN's need managed switches. HP or Cisco switches? Don't buy a cheapy switch, these don't have proper VLAN implementation on.

It is suggested to have AD in place on the server before deployment as deploying AD after server/network installation will be a logistics nightmare. (I may be wrong here).
Click to expand...

What would be the easiet AD setup for our office situation?

Also, do you suggest going the Exchange route or just sticking with POP/SMTP?
The owner would like some control over the email and what gets sent and received
 
CoalFieldsGK said:
What would be the easiet AD setup for our office situation?

Also, do you suggest going the Exchange route or just sticking with POP/SMTP?
The owner would like some control over the email and what gets sent and received
Click to expand...

MailMarshal?

It will be impossible for one person to monitor all outgoing/incoming email, let the machine do it for you.

Just a quick FYI : if you want to implement blacklisting, do it before the emails hit MailMarshal.

That way you get rid of 99.9% of fake/spam emails originating from dial-up IP's. MailMarshal then will have more resources available in filtering out the last bits and pieces of spam.

Purportedly MailMarshal is able to block certain files in incoming/outgoing emails. I only heard of it, but never had a chance to try it out or implement it.

Sure you can host the email yourself, will be less of a ballache getting remote sites to access emails, but then you will be responsible for email maintenance and all that fun stuff.

POP/SMTP is old-hat. Emails are easily sniffed with a packet sniffer. With Exchange (whether hosted or not) emails is sent in an encrypted format, which makes it less easier to intercept/sniff etc - as long as you don't use POP3/SMTP...
 
Last edited:
CoalFieldsGK said:
What would be the easiet AD setup for our office situation?

Also, do you suggest going the Exchange route or just sticking with POP/SMTP?
The owner would like some control over the email and what gets sent and received
Click to expand...

Best should be central AD, keep everything together and tidy. Manage your user roles and user security rights with group policies.
Exchange 2013 hosted by yourself can also work, you'll need to run separate vm's ideally mail/ad/ etc. For remote access users can use mail.domain.co.za or whatever depend on how you host it.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X