Re: Cost of setting up a network
- From: Philip Herlihy <me@xxxxxxxxxxxxxx>
- Date: Mon, 21 Sep 2009 12:18:21 +0100
Marty Freeman wrote:
Philip Herlihy <me@xxxxxxxxxxxxxx> wrote:
Clint Sharp wrote:From a quick read of the details you posted, I reckon;
A router capable of acting as a VPN endpoint for more than one user simultaneously with four Ethernet ports or a switch to suit. You already have the network if I've read it correctly.
I know the 4-port Netgear router (DG834) can do VPN but I don't know how to set it up.
1) Some routers (e.g. Draytek) provide a VPN facility where all you need to do is use the built-in Windows options. Netgear appear to do it differently (yet another area in which I'm not an expert!). You can either have a corresponding Netgear box at the remote end, or install their Pro-Safe software on a standard machine. I've used a Draytek router with VPN, and I've set up a few pairs of Netgear routers. I've only tried to get the software version working once, and failed, although I gather it's been superseeded with later versions, which might well be easier to use. Instructions are here:
http://kb.netgear.com/app/answers/detail/a_id/2729
(caution: there are four different versions of that router).
Netgear support is significantly better than the average, especially for business products (blue, rather than white, as a rule). I have the software and could work with you to set this up at a pinch (pretty busy).
Small business server 2003 sounds like it would do the job for you but with one caveat, you can only have two TS clients on that as it doesn't support 'full' TS being installed on the same box.
It's highly unlikely that more than one user would be working remotely at a time (someone has to staff the office!), two would be the absolute max. The rationale for using a server here is basically that the router doesn't need to be able to decide which PC to route the connection to.
2) You don't need a server for that. If you are using a router which supports it, you can set up a port-forwarding inbound rule which also _translates_ the port supplied to the receiving port. Just pick a range where numbers won't clash. In, for example, the DGFV338 you can tell the router to pass through port 8030 to machine 10.0.0.30 and translate the port to 3389 as it does so. The you simply append :8030 to the address in the Remote Desktop client and you're in. You can use several of these connections (even from the same location) to different machines simultaneously. You can do the same for VNC - you just need two colons. (You can also change the VNC server's listening port.)
Roaming profiles make the 'log in from any PC' trivial as long as the users are educated to use network shares to store their files so the profiles don't get massive and take days to shift around, making log in times unpleasant.
I'm hoping that it's possible to make it so that the network shares on the server are used by default since the level of IT skills is low (in fact IMHO we would probably be better off spending the entire budget on training if improved productivity was the criterion being used).
3) Roaming profiles are not without problems. If people are storing a large amount of data in their profiles the logon and logoff times can become tedious, as things are moved to and from the server, and if a user logs on to two machines, documents on the machine logged off last may (?) overwrite more recent versions, potentially?
You can change the default location of "My Documents" to be a network share. Or you can use Junction Points (see the "junction" utility on sysinternals.com). However, a little training and a shortcut to a UNC share on the desktop is often enough. You can't make computers idiot-proof (although it pays to minimise complexity, of course).
Having mail delivered directly to Exchange exposes your network to potential attack but it does work well and is fast, your choice.
If there's no IT bod on site, I'd consider having the ISP provide email services (with the advantages of spam and virus filtering that they may/can provide) and have Exchange collect from there
We use our ISP at present, but I was given the impression that for external access to mail such as by Blackberry we would have to move to running our own server, e.g. Exchange. It's in aspects like this I'm a bit hazy, I don't know how devices like Blackberries get their mail, can they simply be configured like a normal email client?
4) The last time I worked closely with Exchange we were on v5.5 (but we had 187,000 mailboxes worldwide!). Recent versions of Exchange do have "push" facilities to work with PocketPCs, but the Blackberry can work with the simplest POP3 or IMAP account. You simply tell your provider (via a web interface if you're not being hand-held) your email address and password and the system finds the server (must use DNS, it's remarkably accurate) and then polls the account on your behalf, pushing anything found out over the mobile link. I've set up a couple of these and it's dead easy - your mobile (Blackberry) provider will give you the necessary details or set it up for you. I use a PocketPC, and that can be set up to poll a POP3 account (never tried IMAP).
Clint's advice is all solid, but the whole project sounds like massive overkill to me, if you only have three users!
I felt that too, but people like the idea of a flexible setup.
5) Non-technical people should stick to clarifying their business needs in business (non-technical) parameters, and leave the technical decisions to those who know what they are doing. Meddling clients get muddled solutions. How flexible is it, if you have to hire or train a server administrator?
If the three workstations are running XP Pro you can already configure them to accept Remote Desktop connections (simultaneously with a bit of judicious port-forwarding on a router than can tranlate the incoming port).
It that's possible then it certainly reduces the argument for a server.
6) also see (2) above:
If your router can do this:
http://cid-2e572770a3a5cd55.skydrive.live.com/self.aspx
/Public/translate-port.jpg
(rejoin line without any spaces)
.... then you can route RDC to as many machines (concurrently) as you like on the same network. In my screenshot this facility isn't used, but the "service" would be defined, say, as "RDC-8030", the LAN server would be 192.168.1.30, "Translate to Port Number" would be ticked, and the port given as 3398 (for RDC/Terminal-Services). You can, as you'll see, also limit the sending server (WAN Users) to a particular IP address or range, but not, unfortunately, a Dynamic DNS address, which would be even more useful. Netgear, are you reading this? (guess not...)
If you have IMAP already then your email is already available anywhere and is being managed by someone else at no additional cost.
We don't use IMAP now, we have an internal server which collates mail from various sources and then hands it on to individual Thunderbird clients via a conventional POP3 connection. However for roaming logon and remote access I assumed we'd need to switch to an IMAP based approach with all mail held on the fileserver.
7) If ever there was an application which cried out to be located and managed "in the cloud" it's email. Exchange is really an _internal_ email server (and a rather marvellous one) with external connectivity. With three users (remember we had 187,000) you don't need it, in my view. Lots of providers do IMAP. BTInternet do Outlook Web Access for business clients, and that works a treat. Why spend time and money managing your own mail server?
The Blackberry mothership will simply poll a POP3 account and push it to the handset (IMAP access is restricted to the inbox, apparently). It's trivial to set up file-sharing peer-to-peer if you have matching usernames and passwords on the machines involved, and you could designate one of the three machines as the main repository of files and backup (incrementally) hourly (using ntbackup!) to the other two with a few disks added.
This sounds like a possibility I had wondered about, whereby people would simply see their usual home directory over the network without bothering with a server, but I don't know how to set it up (my background is programming not networking or IT support). But when I've previously sought advice on this, people have said it would be wiser to use a server than faff around with a peer to peer network and roaming logon etc.
Do it yourself; save your money, and avoid creating a dependency on much rarer and more expensive skills.
That's one thing that bothers me, I feel we should be able to understand and run the thing ourselves without an ongoing support contract. One company was trying to get us to sign up to a £2000/year surrport contract including remote backup etc, but that seems pretty crazy for such a small operation. For me, the point of having a server would be that it should be less of a tangle than a bunch of interlinked PCs with crosslinked home directories for roaming usage, but I don't know if that's really the case.
As I said before, in my view a server like SBS or WS2008 adds a certain amount of complexity and you don't get a net reduction in complexity until you're over 10 seats (probably more). If you take these things a step at a time, and get help here, you'll certainly be able to achieve most of what you want at a fraction of the quoted cost. However, you owe it to your employer/client to think in terms of successor planning, so DOCUMENT EVERYTHING! Diagrams help. One thing I've done for one client is set one of their machines up to run IIS and I host an "Intranet" on it - all the documentation is on there.
HTH
Phil
PS - talking of complexity - multiply interleaved threads do my head in!
.
- References:
- Re: Cost of setting up a network
- From: Clint Sharp
- Re: Cost of setting up a network
- From: Philip Herlihy
- Re: Cost of setting up a network
- Prev by Date: Re: Cost of setting up a network
- Next by Date: Re: Lots of RAM PC with Windows 7
- Previous by thread: Re: Cost of setting up a network
- Next by thread: Re: Cost of setting up a network
- Index(es):
Relevant Pages
|
