Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need some network management advice from someone who knows 3

Status
Not open for further replies.
threetone

threetone

IS-IT--Management
Mar 22, 2002
28
0
0
US
I manage a small computer network for my family business (13-20) computers. Up until now it has been fine for us to use a windows peer-to-peer network. But now, we have a few more employees that we can't trust as much as family members and network size is begining to pose a problem for file storage and later locating those files (especially with people who are computer illiterate). I would like to find a software or server solution for managing my network. I have 3 main concerns:

1 - Security and resource allocation. I want to have resources (programs and internet, etc) controled by each user's password, and it would be nice to limit file storage to one certain place for each user - possibly a virtual network drive. Also it would be nice to have each user's setting follow them to whichever computer they sign in on (i.e. email messages, allowed programs, etc.)

2 - Ease of administration. My main job is something other than network administraion, so my time is limited to manage the network. I need something that is user friendly and easy to pick up quickly - not something with a high learning curve.

3 - Price. My budget is not very high. I need to fill my needs as cheaply as possible - possibly even eliminating bells and whistles to save on cost.

Any suggestions??
 
Sort by date Sort by votes
It sounds as if your users are only Windows literate, so you will proabaly end up with a Win2K desktop solution. You can implement a Samba server on a Linux box, that will suffice as a Windows File Server (for considerably less than a Win2K server) and you will have the ability to control where people store files. But you will be trading the cost of the sever software for a learning curve that may be steep (I can't guess about your experience level).

By implementing travelling profiles on Win2K, you can have people log in on whichever machine that they like, and get all of their normal settings. You'll need to run an IMAP (not POP) mail server so that people can get all of their email at any workstation.

I can't be sure about restricting Internet access based on login without the use of an authenticated proxy server (which can be a MAJOR pain), but you can certainly controll access to applications, directory structures and files.

Hiring someone who knows what they are doing for this is probably in order. Especially where your security issues come into play. What you pay in consulting or service fees will likely be off-set by the amount of time that you personally have to invest in the cut-over.

pansophic
 
Upvote 0 Downvote
Can Windows XP Professional be use as a file/network server? Is there a win xp server version, or would win2k be best for a server as far as windows OS goes?
 
Upvote 0 Downvote
XP Professional can be used to serve files and other network services, but it is NOT a server OS. One of the most common issues that people run into when running a workstation OS as a server is that you can't support a domain login or travelling profiles. This means that you have to create a userid on every single workstation, and manage all of the passwords independently.

You are in for a HUGE headache if you use a workstation OS for a server. You'll save the additional cost of the server OS in the first week of operations (even if you only use a rate of about $10 per hour for your time).

pansophic
 
Upvote 0 Downvote
XP Pro cannot be used for a server in your environment as there is a limit on how many users can connect to the XP Pro PC (I think it is 10, but may be as little as 5). There is no XP server as of yet, so you would be working with a 2000 server. I don't think there is any way to get around the learning curve, particularly with some of the requirements you've stated. I would hire someone to do the initial set up for you and provide secondary support. But once the system is up, you should be able to do basic admin tasks (creating users, setting passwords, checking backups), etc with very little training.
 
Upvote 0 Downvote
As far a control of internet access goes it can be done with a firewall appliance like a Watchguard Firebox. You definetly need some kind of firewall between your network and the internet. I would recommend a good consultant to set this up also.
 
Upvote 0 Downvote
One thing to note about the possible use of Samba on Unix/Linux for your file server: you don't have to build it yourself "from scratch". There are quite a few Linux and FreeBSD vendors who will ship you a box completely set up for a Windows network, with a simple browser-based configuration system. Here is one example: . The base configuration of this box gives you 240 GB of RAID storage for about $2600. Not too shabby... I'm sure with a bit of searching, you can find a cheaper deal.

I also had a very good experience in the past using a specialized distribution of Linux by They now sell hardware also, but if you already have your server, there is a very low-cost Linux download you can get, which basically is an automated install of Linux specifically for windows file-serving. (You can actually use the software for free as long as you want, but you can pay for support). 3 years ago, I installed their Pizza Box File & Print Server at a small office, on a beat-up old P90, with 16 MB of RAM. That machine ran flawlessly for 1.5 years, without rebooting, until I finally upgraded the hardware. It was as easy as installing 3 floppy disks, and following 1 page of instructions, then configuring in a web browser ;-). Try it: go to their "Free Stuff" link, download the File and Print Server, and install on your oldest used computer, just for kicks. Compare this install experience to the standard Windows NT or Windows 2000 install and configuration ( + rain dance and other rituals).

If you take the Unix server approach to your file shares, you won't have quite as much capability as Windows 2000, such as the traveling profile system, but honestly, that sounds like a recipe for headaches, unless you have a Windows2000 pro at your office. With this approach, though, you can at least make it so that the My Documents folder, and a few other critical directories are centralized on the server, so that users will get their own docs and permissions, no matter where they log in.

If you were interested in migrating to a non-microsoft solution, Linux provides a perfect method to use thin-clients everyhere, and have all user settings, software, etc... reside on the server. A couple of years ago, I would have said this is impossible for the average business, but these days, I'm not so sure. With KDE 3.1, OpenOffice ( using remote X desktops, you can honestly get 99% of the same functionality needed by most Windows users, with some great administrative advantages.

However, there is always the question of specialized 3rd-party software, which might be Windows-only. I wouldn't recommend the average company try to handle this with the Wine windows compatibility mode just yet. But, then again, that might not be so farfetched soon... (
Here is a small list of some companies and case studies of their move to Linux: -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
By the way, JimInKS is right; whether you use Windows as a server or not, you should use a standalone firewall to control internet access, with one internet access point. And use network address translation (NAT), so your office has only internal IP addresses. Don't trust a standard Windows server to be the primary gateway between yourself and the internet out there. Very risky. -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
Thanks for all the input.

I use a Linksys router/firewall already with a wireless internet connection. This provides firewall protection, but no ability to restrict internet except for completely restricting all internet access to a certain IP address, which I don't want to do.

Traveling profiles sounds nice but a headache to setup/maintain. The main thing that I would want to access from more than one point on the network is email. I have had to move too many outlook express email files when one computer becomes more convenient than another for people who don't have a dedicated computer but need email. Does anyone know of a solution for accessing just email from any workstation? That way I could go with one of the easier file server solutions you suggested.

Another question - does anyone know about software for monitoring users' computer and internet usage or even viewing/remote controling other workstations?
 
Upvote 0 Downvote
The Linksys router/firewalls are nice little network appliances, but you really need a real firewall to accomplish your task. There are many to choose from, at varying price ranges. The Watchguard, suggested above, is probably just about right for you. If you really want to get down-n-dirty, you can set up your own, extremely efficient firewall using FreeBSD ( NetBSD, or OpenBSD, but this takes a little bit of a hackerish spirit at the moment. Incidentally, if you have the time to learn, I recommend FreeBSD as being a very stable, organized platform that in some ways is more robust and business-like than most Linux distributions. (if you are willing to take the time to learn, it will eventually save you more time than any Linux I have seen yet, but it is not quite as easy out of the box).

If you want universal main connectivity, that is what IMAP mail servers were written for. The folders and emails are maintained on the server, rather than on the local workstation. As long as you have an IMAP mail server, Outlook supports this just fine.

If an IMAP mail server is too much trouble, you might consider one of the many PHP web-based mail suites. Many of these even include calendars, contact databases, etc... and the cost is very low, if not free, in most cases. These apps could run on the same server as your file server (PHP runs on Windows or Unix webservers). To see a list of some of these, go to the following links:

-------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
Sounds like you need Microsoft's Small Business Server on a nice box. I have seen this combo priced at less than $2500. For a non-technical person in an office environment, this will be the quickest thing to get you up and running.

Follow up with questions if you have any.

MunkyCMunkyDU
 
Upvote 0 Downvote
I like your suggestion munkyCmunkyDU. Where can I go to investigate the Microsoft Small Business Server combo you suggest? Can it be pre-configured for my needs? I'd love to pursue this further.

I really like rycamor's suggestion at What do you think of that? The raid options are especially appealing. Can the small business server be set up on a box like that? What are the pros and cons of both solutions?
 
Upvote 0 Downvote
Oh no, I'm afraid there is a small misunderstanding here. The system I suggested is running a non-Microsoft operating system already. (In fact it is running all open-source, free software, which is why it is so cheap) I suppose it might be possible to wipe everything and install Microsoft SBS, but then you may as well get a Dell.

I have used Small Business Server before, and I have been involved with plenty of businesses using it, and I personally think it is the biggest pain Microsoft ever invented. It's not straightforward, like installing an operating system, and then choosing which software you will install. No, it is an operating system AND a bundle of software, and it all goes together, and whenever something goes wrong, the problem could be anywhere in there, and you can't easily upgrade to other versions of software, etc...

That is just my opinion of course... I understand why many business feel more secure in using this sort of solution, since on the face of it, it seems to present many unified ways of doing things, and it all comes under one company umbrella, which businessmen seem to like. I could give you a thousand reasons why most of this faith is misplaced, but that is for another discussion. Let's talk simple price:

You can see the basic cost outline of SBS at
Remember this: the standard release of SBS gives you 5 client access licenses, or CALs. To get 5 more, it will cost you at least $219. Or you can get 20-client license for $999. And the costs only go up from there.

With the system I describe above, you can put unlimited client access licenses. Not to mention, the operating system on the apache.com computer will run much more stably (I guarantee it) than any Windows server. Generally, with FreeBSD systems serving as fileservers, I measure my uptime in years, not months or weeks.

Now, of course there are pros and cons, so I won't try to gloss that over. If you want an "application server" environment, for example, the combination of Exchange server, SQL server+Access, etc... for some sort of Windows-specific centralized software, then you might want to consider SBS. I tend to prefer keeping things separate, though. Install Windows 2000 for a server, install Exchange, etc...

So, to sum up:

1. If you just want a fileserver, and you also want to manage internet connections, get something like the machine I describe above. Then as other needs occur, you can get specific software for each need. This is the method I prefer, because it allows more flexibility, and each thing is separate, easy to see if there's a problem. Then get a stand-alone firewall to manage your internet gateway.

If you want a system with integrated everything, which essentially controls every aspect of what goes on in your office, then get SBS. But remember, now it's all one piece.

Even if you take the second step, please please please get yourself a real firewall on the side. Don't depend on SBS to be your gateway to the web. Last company I dealt with for this, I ran a quick check, and found 20 open ports on their SBS server, just waiting for hackers to play. We set up a FreeBSD firewall for them "real quick". -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
Well, the apache server you suggested, rycamor, sounds like the way I want to go. How do I get started? Is apache.com the best place to buy it? Does it come with FreeBSD installed? Where/how do I learn how to set it up and how to configure my network workstations, firewall, email, etc?

Thank you and everyone for all the input and help.
 
Upvote 0 Downvote
One Final Note...

rycamor has made some good suggestions. The only comments I would want to add to what he and others have written are these:

Your 1st concern, to the degree of granularity you are taking it, involves a natural conflict with your 2nd concern. You cannot micro-manage your employees technology environment and not spend a good chunk of time doing it, regardless of what platform you choose.

So, you must decide which is most important. Your time or keeping tabs on what your employees are doing on the internet. (Money could play a factor here as well, but if you like the server rycamor suggested, you really don't have a money issue either way.)

If your time is most important then I would choose a Microsoft solution to bypass the learning curve. rycamor seems to have prior knowledge of configuration issues with SBS. I personally have not used SBS. I have used the components individually but never as a bundle. If he is saying Microsoft junked things up when they bundled it, its not too hard to believe. In that case, I would take his other suggestion and go with a standard Windows 2000 server. You can run PHP and MySQL from there quite well - giving you access to your email management desires. For security sake - do what they are telling you and get an outside piece, don't use the server for that.

If you really want maximum control over what your people can and cannot do - then do these things...
1. Get rycamor's personal email address and phone number.
2. Find out what his favorite food is and where he lives so you can have it delivered. For the next little bit, rycamor and nice people like him will be your lifeline to sanity.
3. Commit in your heart that you are going to learn how networks work, what makes them work, and that you are going to spend more time "typing" than "clicking". You also need to prepare yourself for a season of making "network administration" your "main job". You are going to read alot. But YOU CAN DO IT!!!, it will just take some time before it all clicks. :)
4. Ask rycamor what to do and do everything he tells you.
5. Ask him why at every step, he'll know. When he tells you, remember it - its important.

------------------------------------------

I obviously don't have the in-depth background in network administration that others responding have. Most of my experience is as an application programmer and DBA in larger organizations where we were using multiple platforms and diverse applications (Sun Solaris, Linux, Win 2000, Oracle, MS Sql Server 2000, MySQL, Vignette Story Server, etc.) We always had "network guys" to handle that stuff. They were neat people and I became friends with many of them. One thing that I consistently noticed though was....no one but the "network people" could manage the Linux/Unix based stuff, while everyone could jump in and run the Microsoft stuff. It may not be as good, or stable or whatever, but the stuff from Microsoft was consistently easier to learn and use.

So, take it for what its worth. Those are just my perceptions from my experiences. You need to decide what is most important to you and your business.

------------------
Have fun
MunkyCMunkyDU

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
136
Sameer258
Sameer258
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
97
hairlessupportmonkey
hairlessupportmonkey
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
116
XLNTech1
XLNTech1
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
64
acabezas2014
acabezas2014
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
55
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top