If you like DNray Forum, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...

 

How to build a network from scratch in an office

Started by chpolaxvm, Apr 06, 2023, 07:33 AM

Previous topic - Next topic

chpolaxvmTopic starter

There is a three-story office building located in a small town. The network in the office consists of approximately 160 computers and 20 IP cameras. These computers are connected to a peer-to-peer network with IP addresses in the range of 192.168.x.x. There is no Active Directory or domains; instead, all computers belong to the same workgroup and sit in the same broadcast domain. The network does not have VLANs, sockets, or smart switches. Instead, the entire network is built using TP-Link soap boxes interconnected like a "garland." There is no hierarchical network model implemented, nor are there any communication cabinets, patch panels, or proper markings. The overall setup is quite messy.

The Wi-Fi in the office consists of autonomous access points placed on different floors. One of the access points is a Mikrotik device, likely configured using the quick set option. This access point serves as the gateway, DNS server, and DHCP server for the network.

As for the server, there is a tower server running Windows Server 2012. The server utilizes RAID 10 for its storage and hosts the 1C software that all users connect to using Remote Desktop Protocol (RDP). The maintenance of the 1C software is outsourced to a third-party company. However, one downside is that the server is located in the "sysadmin's" room, who also handles printer cartridge refills.

The workstations in the office are fat clients, with approximately 30% still running on Windows 7, while the rest have been upgraded to Windows 10.

Now, the person speaking wants to improve the network infrastructure and seeks advice and support. They have drawn a rough plan but are open to alternative opinions and an action plan.

They are considering building a new network from scratch and laying new network cables. They have a few questions in particular:

1. What equipment models should be used for access and distribution levels?
2. Should they place four switches in a central cabinet or one switch on each floor with a central switch in the server room? How should VLANs be implemented? Should they be organized by floors or offices?
3. The first option is convenient as everything is within reach, but if new users are added, it would be necessary to pull cables from the server room, set up patch panels, and other installations. The second option provides better scalability, but switches should not be placed in areas where people work. The person is also unsure whether to install internet sockets or not.

Lastly, they mention the issue with printers. Printers are shared via the server, and each user has access to them through the "Printers and Faxes" option. However, printer forwarding via RDP does not work. This limitation is not a problem within the office network, but the person wonders what would happen if they wanted to print from their computer outside the office network (e.g., from home). In such a network environment, their computer would not be discoverable. They seek advice on how to address this issue.
  •  

nehabisht

Wow, there are quite a few tasks to tackle. Is there any budget allocated for them or is the mindset more like "no money, no progress"? If the latter is the case, then it's unlikely that things will improve. Let's begin by discussing software licensing. Are the software licenses legally purchased or acquired through torrents?

If the latter is true, is the office willing to invest in the necessary licenses and legalize their software? This is crucial for the administrator's benefit, primarily. In general, many organizations are content as long as things are functional, without allocating much budget for IT. Unfortunately, skills are not developed in such offices, and the focus remains on patching up issues rather than making substantial improvements.
  •  

Vanesill

If you are new to the office, begin by understanding why things are the way they are. Generally, there aren't many outright fools in this field. The previous administrator likely had the same intention of creating an ideal environment, but something must have gone wrong. It could be due to a lack of funds, being overwhelmed with responsibilities, or personal grievances related to money.

Here's a suggested approach:

1. Start by studying how the current system operates and the reasons behind it. Rushing to make changes may not be the best option.
2. Understand the company's specific needs and requirements.
3. Determine the resources that the company is willing to allocate, including finances, downtime, and potential risks.
4. Leave the 1C server undisturbed since it already has a lot on its plate. Additionally, it seems that maintaining a reliable аlcohol-related service might be the only critical task for the company. Ideally, each server should focus on a single important task.
5. Avoid making sudden disruptive changes all at once. Begin with tasks that provide the most value to the users while being cost-effective for you. For example, if you manage to set up affordable Wi-Fi in the director's office, allowing them to comfortably watch videos on their tablet, they will appreciate it, leading to more frequent positive feedback and increased budget allocations.

Remember that patience, strategic prioritization, and demonstrating the benefits of your interventions can help pave the way for more significant improvements in the future.
  •  

jackjenny63

Install D-Link switches on the second level, include a cross connection and configure all ports in the cross. Connect the cross to the server using long, gigabit cables. For the computers, 100K is sufficient, assuming that the server can handle it. Consider implementing VMware ESXi for hardware virtualization and set up servers for Active Directory (AD), DNS, DHCP, File Servers (FS), and 1C software. Additionally, depending on the budget, consider deploying WTware to improve performance across the network and eliminate slow computers.

One drawback is that users won't have access to YouTube, which might require them to focus on work. You have experience with this approach. Through ESXi, you can also set up pfSense for normal routing, provided you have enough skilled networkers. If you think users are particularly knowledgeable, consider placing IP cameras in a separate VLAN.

Ensure that all equipment is connected to uninterruptible power supplies (UPS) and configure automatic shutdowns during power outages. This will help safeguard against data loss and ensure a smooth user experience.

For an even higher level of efficiency, consider requesting the purchase of another computer with a large storage capacity (e.g., 20TB or more). Use this machine to host virtual machines for daily backups. By implementing these measures, you can minimize problems and streamline system management. However, keep in mind that taking on the role of an incoming administrator means being solely focused on receiving a salary.
  •  

PlotHost

Access and Distribution Levels Equipment Models:
For the access switches on each floor, the choice of models should take into account factors such as port density, PoE support for potential future IP phone or wireless access point deployments, and overall reliability. Considering the scale and requirements, switches like Cisco Catalyst 2960X or HPE OfficeConnect 1920S provide a balance of performance and cost-effectiveness.

When it comes to the distribution switch in the server room, it's essential to select a model that offers advanced features for aggregation, uplink connectivity, and high availability. Models such as Cisco Catalyst 3650 or HPE Aruba 2930F can provide the necessary features and scalability to support the entire network's needs.

Switch Placement and VLAN Implementation:
Considering the limited infrastructure for cabling and the desire for better scalability, placing one distribution switch in the server room and access switches on each floor is a pragmatic choice. VLANs should be organized by offices rather than floors to provide isolated broadcast domains and logical segmentation based on organizational structure. This approach enhances security and streamlines network management.

Network Cabling and Sockets:
Implementing a central cabinet with patch panels, switches, and other necessary networking infrastructure offers a structured approach to cabling and facilitates easier management and expansion. Installing internet sockets in strategic locations ensures that network connectivity is readily available where it is needed, providing flexibility for future technologies and organizational changes.

Printer and RDP Forwarding:
To address the printer forwarding issues via RDP within and outside the office network, implementing a dedicated print server is advisable. This server would manage printers centrally and enable seamless access for users both on-site and remotely. In the context of remote access, utilizing a Remote Desktop Gateway in a Microsoft Remote Desktop Services (RDS) environment ensures secure RDP access to internal resources, including printers, from external networks. Additionally, setting up a secure VPN solution allows employees to access internal resources, including printers, from remote locations while maintaining data security.

A meticulous approach to network redesign, including a structured cabling plan, VLAN segmentation, and considerations for remote accessibility, will comprehensively address the existing challenges and pave the way for a robust, scalable, and secure network infrastructure. Thorough documentation, testing, and change management practices will be instrumental in ensuring a successful implementation without disrupting the office's day-to-day operations.
  •  


If you like DNray forum, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...