I got a small project to complete and could use a lil help!
AnthonyJD81
Member Posts: 187
in Off-Topic
Required results:
-Network 3 locations
-Each site has file/print server with 3 admin pcs and a small computer lab
-Firewall protection from internet
-Each node must have internet access with software restrictions to certain sites
-need ability to create email accounts
-need ability to host website
-consolidated usage reporting and billing for all 3 sites
I am waiting to find out what type of connection they have to each site(ie.T1, T3, cable, etc...) and also what platform they want to run...hopefully 2000 pro and server (hehe). I also know they are gonna need to register a domain name. Can one of the file/print servers also be an email server while simultaneously hosting a website or maybe one of the servers can be an email server, while another can host the website?
I will have the aid of another person on this small project but any help or suggestions you could offer would be greatly APPRECIATED! I can do this this ok but maybe there are cheaper, more efficient methods to some stuff that you pros could offer considering many of you have been in the field awhile?
One last thing...as far as the computer lab and admin pcs...do you think we need to get an ip for each of them or get a router and have the lab pcs share one ip and then have each admin pc with its own ip?
Well thanks for any help you can offer.....look forward in hearing back
[/list]
-Network 3 locations
-Each site has file/print server with 3 admin pcs and a small computer lab
-Firewall protection from internet
-Each node must have internet access with software restrictions to certain sites
-need ability to create email accounts
-need ability to host website
-consolidated usage reporting and billing for all 3 sites
I am waiting to find out what type of connection they have to each site(ie.T1, T3, cable, etc...) and also what platform they want to run...hopefully 2000 pro and server (hehe). I also know they are gonna need to register a domain name. Can one of the file/print servers also be an email server while simultaneously hosting a website or maybe one of the servers can be an email server, while another can host the website?
I will have the aid of another person on this small project but any help or suggestions you could offer would be greatly APPRECIATED! I can do this this ok but maybe there are cheaper, more efficient methods to some stuff that you pros could offer considering many of you have been in the field awhile?
One last thing...as far as the computer lab and admin pcs...do you think we need to get an ip for each of them or get a router and have the lab pcs share one ip and then have each admin pc with its own ip?
Well thanks for any help you can offer.....look forward in hearing back
[/list]
Comments
-
AnthonyJD81
Member Posts: 187
Oh, one last thing i forgot to mention....
Each location has the equipment and the wiring ran. They just need to be connected and setup.
thanks! -
Webmaster
Admin Posts: 10,292 Admin
P42GDell wrote:Required results:
-Network 3 locations
-Each site has file/print server with 3 admin pcs and a small computer lab
-Firewall protection from internet
-Each node must have internet access with software restrictions to certain sites
-need ability to create email accounts
-need ability to host website
-consolidated usage reporting and billing for all 3 sites
The good thing with this is also the bad thing: there are countless solutions.
Could you be a little, a lot actually, more specific?
How is "network 3 locations" a required result
are these locations connected already, how? A network diagram would be best.
Is there an Internet connection already? You'll end up with one site (the one with the mail/web server and most users probably) connected to the Internet using a firewall (what type of firewall: hardware/software? any budget?) what level of security do they need? Is it a bank?
How many users are there in each site? You might want to use a firewall/proxy server combination.
what do you mean exactly with "software restrictions to certain sites"?Each node must have internet access with software restrictions to certain sites
I assume this means you want users to have individual email accounts, and be able to email internally and externally. Again depending on the amount of users/mailboxes I would go for Exchange 2000, although I have to say this is my personal preference, I just love Exchange Server, I think it's the best software MS ever created....-need ability to create email accountsCan one of the file/print servers also be an email server while simultaneously hosting a website or maybe one of the servers can be an email server, while another can host the website?
Can, but not desirable. You really don't want to combine the file/print with servers that may be accessible from the Internet.
Depending on the users/mailboxes and amount of expected traffic to and from the webserver you may be able to combine the web server and the mail server on one physical server. You might want to place these servers in a DMZ.One last thing...as far as the computer lab and admin pcs...do you think we need to get an ip for each of them or get a router and have the lab pcs share one ip and then have each admin pc with its own ip?
Not likely, only when the admins generate a LOT of traffic you would give them there own subnet (broadcast domain), this would be a good choice when the admins communicate more with hosts and servers in their own subnet/network than with servers on the other networks (other side of the router)
For Internet www bandwidth usage? or email as well? more?-consolidated usage reporting and billing for all 3 sites
It would be really helpful if you would be able to provide us with a network diagram with the locations of servers, users, admins, connections and other network components and last but not least: the traffic flows.
Sounds like a fun project! Congrats
Johan -
AnthonyJD81
Member Posts: 187
here is a quick diagram i drew up...
basically they have a lab with 3 pcs in it plus another 3 pcs for the administration part. They would like a VPN set up for the admins but it isn't necessary if it isn't cost effective.
What i am thinking is to setup server 1 as the email server, server 2 as the web server for their website, and server 3 as the file/print server...but you don't suggest server 3 be connected to the internet?
They have no internet access at all yet so that will need to be set up. Also I will need software and license for the OS and firewall software...thinking norton 2003 on Windows 2000. So i need 18 licenses for workstation and 3 licenses for server? What about the firewall software? -
AnthonyJD81
Member Posts: 187
i am also considering just getting them a 3 cable modems with 3 individual IPs, one for each location and subnetting/routing each location. I don't think they will need a T1, it wouldn't be cost effective for what they need it for.
-
Webmaster
Admin Posts: 10,292 Admin
That clears up a lot... quite different from what I imagined...
VPN connections seem logical to me....
I'm going to give a more detailed reply later, just quick note about the licensing, you may need at least 36 for the clients (the workstation OS and the Client Access License for Windows 2000 Server, the CALs can be included in the server package.) maybe even 54, for example if you would use Exchange server (which you probably won't for only 18 users, I assumed there were regular users besides the admins as well) you need 1 for each mailbox as well.
Creating a cost-efficient solution for such small environments is hard, I always tend to go to far.
Are the components in your diagram already in place? The routers and servers in particular? In other words is theis the current or the proposed design? What type of traffic flows between the sites besides www and email...? -
AnthonyJD81
Member Posts: 187
I updated the picture above to show the cable modem which i believe i will add for them. If i go with the local ISP, we get plenty of email accounts. So with three IP addresses, we will have like 25+ email address. That should be more then enough. They can just use Outlook or outlook express if they wish. So in that respect, i don't need an email server because their ISP will handle that. Also each IP address comes with 25MB of web space. That would give them 75MB of web space. They would just need to register a domain name. So that knocks out the need for a web server as well
As far as the licensing situation goes, i am completely new to buying licenses in this quantity. My best bet would be to contact a sales rep for microsoft and buy what i need.
All the equipment is there now. The wiring is already ran too. The pcs and servers just need to be plugged in and configured. But they don't have internet access so I need the equipment from the ISP, then install that. -
AnthonyJD81
Member Posts: 187
We came up with 2 proposals for them. They are rough sketches of what we think would be most suitable for this. I am going to be speaking with the POC later this morning. After that I should be able to detail everything out. I really appreciate your help with this and plan on paypal'in the site a small donation, after the completion of the project, out of gratitude and generosity:D
Here are the two rough draft network designs we had in mind. of course these could change very minimal or significantly depending on the requirements that they desire.
VPNs communicate via TCP/IP correct? If so than the same route is not gauranteed with each packet delivery or is it? Is their only a direct 'tunne' of information flow that no one can intercept or can anybody intercept the packets, but not have the ability to read them? I thought i understood VPNs more but I am still fuzzy.
-
ucanbbreached
Member Posts: 30 ■■□□□□□□□□
But, P42GDell, if you are asking question such as these I don't think and most people with at least some knowledge of networks wouldn't think it is prudent or ethical of you to try and install a network for this client or anyone. You should already know if VPN's communicate over TCP/IP (It depends on if you are connecting over the Internet or not--if not there are numberouse was of doing it) but usually VPN do utilize TCP/IP.
Also, it will depend on what configuration you use for the VPN if the packets are interceptable or not. Just b/c a connection involves a VPN doesn't mean it is an encrypted link. If not it is usually just called a tunneled connection, but in the industry you can sometimes find it Synonymous with VPN b/c it is over the internet or just running encapsulated by some type of other protocol.
Anyway, P42GDell, you should also already have their requirements b4 you start to draft out a proposed diagram. If you don't have requirements then you should only have a current diagram. Otherwise, by making proposed design now you are selling yourself and the customer into specific technologies that may not be required and end up being sort of 'bloatware' if not planned properly
In addition it seems by the looks of your second diagram that all of the labs are at one location, if so go with the second diagram but you don't need a proxy server at each location. Of course unless the intent is to have 3 completely seperate networks (besides subnetting). You can just set up a default (static) route on your routers for HTTP traffic.
Also, if you don't feel comfortable with VPN solutions or technology I would suggest that you subcontract it out. This way you don't end up giving the client a false sense of security and end up compromising the traffic.
The beginning of the reply was a little harsh, I just want to try and help. A first or side job can be exciting but if you do mess something up you can really count on someone else finding out about it and hence, no more side jobs.
ucan
bohlingj@saic.com -
AnthonyJD81
Member Posts: 187
I appreciate your constructive criticism. The VPN isn't a required result. It is only optional/additional. I do have a friend that is much more expierienced than myself with VPNs, unfortunately i have not had the chance to speak with him. I plan on bringing him aboard with this and designating him to handle the VPN.
I do have the requirements of what they expect and only a brief explanation of their current network infrastructure. I do beleive that i may have rushed in to drawing out ideas of the network and posting them on this site.
Also, The proxy would only be located at the central site. The other two sites would house their file/print servers. That was my error on the drawing. I labeled it poorly
If there expectations change and i feel i am not exper. enough, i will back out--but from the information i received thus far, I feel i more than qualify for this task. Besides, they are in no rush and this would be great exper. for me. Plus more material on the resume that would benefit me:D
Info in the client: They are a senior center with three locations located within 15-30 miles of eachother. There network traffic won't be high and their level of security won't need to be DOD Top Secret
Thanks again for you input. I really appreciate it -
ucanbbreached
Member Posts: 30 ■■□□□□□□□□
I am glad you have a chance to get on the ball with the network job. Just remember you are working for them and not your resume. After the job is done put the money into your resume and I am sure just by having one job like this However large or small will get you that break in marketing you need to fill another RFP (Request for Proposal).
Thanks for taking the Constructive Criticism so well and not biting my head off.
Take it easy,
James -
AnthonyJD81
Member Posts: 187
Hey we finally finished our proposal for the job. We had some downtime because of other stuff but we finished everything yesterday and submitted it this morning. Here are our layout plans...
http://www.parts4vws.com/images/members/1.8twolfsberg/LogicalSC.jpg
http://www.parts4vws.com/images/members/1.8twolfsberg/PhysicalSC.jpg -
Webmaster
Admin Posts: 10,292 Admin
Hi PG,
Still some 'logical' in the physical diagram, how will the PCs be connected to the routers? You need to replace the "ethernet" with hubs or switches... -
ucanbbreached
Member Posts: 30 ■■□□□□□□□□
PG,
Webmaster is right, you need to show how the PC's will actually be connecting to the router. Right now the customer could be thinking he/she will use existing infrastructure (if it exists) or may not realize that more equipment will be needed. That means less dollars allocated to the project and 'scope creep' later in the implementation.
Also you should be giving them at least two seperate designs, one that will be cost heavy and a 100% solution. The second should be one that will give them a 85%-90% solution and probably about $1/3 or $1/4 less. This will give the customer a weighted view of functionality and see the difference in cost that is added for the perfect or 100% solution. This is normal standard in system and network engineering (big busines style). The customer will usually take the 1/3-1/4 less option.
NO ONE will ever get a 100% solution b/c of post-implementation syndrome (could of/should of). However, this way you prepare the customer to be more happy with their solution and your performance by forcing them to choose wisely and have the feeling that they saved money on the initial imp. Subsequently they will say hey, I have some money left over to add a feature that I realize I could use now.
Also, where are the VPN's connected to. Are they remote access clients, intranet or extranet site-to-site VPNS. This should also be documented. If the customer does not have plan of who will be connected via VPN they shouldn't be purchasing it. It will become obsolete equipment and reflect on your design. It hits on the could of/should of syndrome.
Besides that the design looks pretty neat and clear. Really it looks like you and your partner put a lot of good work into it and it shows. Hope it ends well, wish you Good Business and Good health
ucan -
AnthonyJD81
Member Posts: 187
Well right now they have the file/print servers connected to the admin PCs through a 24-port router. I will add a small 16-port switch in the Lab room. Then connect that switch to the router.
We did offer them 2 options as you already mentioned. Option 1 support the main requirements that they requested. The second option satisfies all options. I found a company that distributes donated hardware and software for non-for-profit organizations. If anyone ever wants to check them out in case you may need it... http://www.discountech.com/
I am able to get Symantec Client Security 100-user license for $215. Thats $2.60 per license. For their firewall and antivirus requirements, this solution will save them almost $4,000
Proposal was submitted yesterday. Now we'll wait and see what they decide... -
ucanbbreached
Member Posts: 30 ■■□□□□□□□□
You just awakened one of my senses: Security (Smantec Clients)
I was thinking they had the security piece licked since I didn't see any of that in your design.
I hope there are firewalls in this customers future.
ucan -
D-boy
Member Posts: 595 ■■□□□□□□□□
A software firewall is going to be slow, why don't you use a hardware firewall like Netscreen?
D-boy -
AnthonyJD81
Member Posts: 187
Well whatever went wrong with this one I have no ide. Maybe its better I didn't get the offer for the project. I did, however, learn a lot about the planning phases of designing a network. I got some good resources and learned about some new products I never seen or heard of before.
Besides that, the building was a mess. Between old pcs, wiring, and network equipment, I think this job would have taken forever. It would prolly be easier to demolish teh whole building and start from scratch
Anyways, thanks for all your advice and help. Well school is starting up for me again next month and I am currently working on attaining my MCSA so they will be priorority for me now. Every bit of knowledge and experience guides you through life
