Discussion on network design,setup,hardware & resources on the net

[sambkk]

Hi everyone.
I am new to the forum. I was browsing around the net for suitable places to find info on LAN set up and other related stuff. I have to say that this forum looks good, a quick glance gave me the impression that much useful information is available and I was especially positivel suprised about the amount of stuff on security issues which to me personally anyway are the ones where I feel most "lost".

So a big thanks to all you here, and I hope I can contribute to someones problem in the future (=read offer advice/help, not create problems).

I have some experience in setting up small Lans up to 10 PC's and related things.
I will soon be setting up a new LAN, which needs to be connected one way or another to a second lan I have set up about a year ago. These 2 Lan's are located in 2 different cities. I am doing this for a guy a used to work for.

Making these Lans useful is my current task, and that is the reason I have been looking around for some info.

I am considering setting up an intranet which is something I havent done in the past.

I am taking this as a learning experience as even tough there will eventually be roughly 20 PC's and laptops connected with each other the basic requirements are still just normal organisations internal filesharing with the exception of a surveillance system which I want to make available for my old boss through this network (video feed).

I am trying to plan this so that he would be able to take more advantage of all the pssibilities of this type of set up.He does not really understand what kind of difference a good network could make for him.And even I am not 100% clear on this yet.

I am trying to achieve the following things for this new network (the 2 locations):
2 LANS, connected with each other, surveillance camera feed passed o to the LAN to allow my ex boss to supervise his 2 locations, possibly set the whole thing up with an intranet as mentioned before, beef up the security of both LANS and if I set up the intranet, well then make it secure also.

I will be working with an environment where I have site1 with about 5-6 PC's, connected to internet through a broadband connection, and a wirless hub as well for the occasional lap top, as I believe he has at least 1-2 laptops.

I am considering to set up a server and some firewall etc solution at the point of internet connetion to secure that LAN.
I will be going through this forum among other placeson the net and my library of PC mags to look for info and suggestions regarding that especially.

One challenge I feel will be building the intranet(or what ever he final solutio will be) so that his empyees will feel delighted to have it. I mean it would be nice that they would accept the new system and use it as planned, and then the connection of their shared info will be worth something.

Because their needs arent complex I almost at decided on just having 2 separate LANS. But that would not be so challenging, and I have already been assured that I can go and purchase all NEW and SHINY equipment for the second site, so it would be cool to take advantage of this.

The second site will start with around 6-8 PC's, and f I can somehow feel justified to suggest it, a server and firewall at the connection point to the internet. I want to build this so that once additional PC's are bought they will fit in nicely and everything will work so well (and be useful) so that I can feel some pride in my success.

I will also set up a mobile connection for my ex boss to be used in his car whilst travelling between sites. I am hoping to find some cool solution for that too.

I am planning to have 1-2 shared laser printers for your normal office docs and at least 1 color printer (ink) that is of good quality (maybe A3 size).
At the existing locations Lan I set everything up similarly, but the printers were each connected to a PC and shared that way.

This time I am considering to connect the printers through a printer hub or what ever it is called, and 1-2 average scanners as well.

I will be adding replies to is post as I progress in my planning, so that incase anyone else is plannig something similar, maybe they will find his useful. NaturallI would be delighted should anyone decide to comment and post advice or anythig else. Any and al realtedlinks will be much appreciated.I read the thread posted by AlwaysUp (what does that name refer to anyway?.. ) called "Two suggestions for newbee's " there were some links there that seemed very useful, and I felt that much wiser aleady, so to all oher newbies, reading trough those kind of threads is heful and recommended.

Props to Always Up for that post!!

I will be doing the planning over the next 10 days so anyone who has read through so far and is ineterested can expect to read about my progress every other day or so.

I will also post info on the criterias etc with which I will be seletcting hardware,such as the new PC's, flatscreen displays, Scanners, hubs, printers, a few photocopiers, fax machines, lap tops , surveillance cameras, software and all the other stuff I must get. (I CANT WAIT TO GO SHOPPING).

I hope that someone outhere will find this useful or at least mildly interesting, at least I hope I will not get banned fronm the forum for boring others to death. Maybe this will be useul to other newbies on the forum, I hope so anway.

Thanks again for everyone who has contributed to this forum, you are helping out so many of us out there in the cyberworld.
Sami

[thefultonhow]

The network topology you describe is difficult to achieve on a relatively low budget. Large companies who operate WANs generally have point-to-point trunk lines to ensure security; however, those are expensive, so your best option would be to go through two normal high-speed internet connections and go over the Internet. But to be able to communicate between offices, you'll need some kind of VPN (Virtual Private Network) solution.

I am no expert by any means on the specific hardware that you need, but I'm sure there are enterprise-grade VPN routers that you could configure to connect to each other. Although it would be on the expensive side, I'd recommend researching your options from Cisco, as they genrally make rock-solid, robust networking hardware. You will probably also want to set up a multiple-master domain, which would basically entail one domain per site, with the two domains connected in such a way that users and files can be shared, and, for example, someone at one site could print to the printer at the other site. (With that said, I have no idea how to do this! One domain is difficult enough for me to set up at this point.)

VPN would also have the advantage that if anyone wanted to work from home or on the road using a laptop or even their home desktop, all they would have to do is connect to the VPN and they would be able to use all the network resources.

In terms of printers, all major manufacturers sell printers with built-in network cards. You can set up the printer driver for the printer on the domain controller for the respective office, and then the clients can connect to the domain controller when they need to print.

[sambkk]

Hi fultonhow,
thanks for your post and comments. VPN is actually what seems to be most suitable. Having done a quick search on the net regarding required technlogies such as brodband routers with vpn servers it seems at least at the first glance, that this alttough maybe complex to set up and maintain,would not look like an overly expensive solution.
I will look into it more and post reply on what I have found and how I am thinking of proceeding.
meanwhile here are a few links that I have been looking at so far, (each containing additional links to other resources):

http://compnetworking.about.com/od/vpn/l/aa010701a.htm
http://www.homenethelp.com/vpn/index.asp
http://www.microsoft.com/windows2000...pn/default.asp
http://www.homenethelp.com/vpn/router-config.asp

If anyone has any experience especially in the pitfalls related to the issue, comments would be appreciated.

If I will be be attempting to build this, I will not have static Ip addresses, as far as I understand.
I will have 2 locations with decent broadband connections, a server machine at both ends as point of entry and the occasional lap top at home. My old company works with exports so being able to access their own network anywhere in the world would be an advantage with the amount of travel they do.
To anyone readig this, please keep in mind I am trying o do this for the first time and may take wron turns or miss important information, should you attempt anything similar, I urge to do your own research and wait unill this thread is finished, or at least untill I post a message indicating success ( and an invitation to any forum members living in Bangkok, Thailand to a launch party at any of the local venues) before adapting any of the info here into your own projects.
Sami

[thefultonhow]

VPN is indeed a relatively inexpensive solution. In terms of the static IPs, you may be able to pay your ISP extra for the privilege of having one, but I'm not sure on that.

[sambkk]

hi
so far , a litte round a the local it mall, left me under the impression that equipment with capacity to allow dynamic isp's are available, will post details
sami

[sambkk]

Hi,
it would seem so indeed that broadband routers, which act as vpn servers are available for roughly 100usd and up.
They seem to be designed so well that they should manageable/configurable with someone as myself with networking experience but nothing more daring than few lans.
Things to consider are naturally what are the requirements/ different scenarios within the vpn that have to be possible.
Depending on those requirements, you can select a router, that can hadle eveything you need. The protocols do get a bit confusing.But nothing impossible for anyone willing to do a little research.Mainly the meanings or purposes for these protocols can be understood just by reading a few reviews of routers on the net, as missing and available options are discussed, and often explained what else is needed to achieve a more complex/demanding vpn.

In my case, I will have wireless connection inside both lans, a mobile connection connecting into the vpn through internet, as well as other remote lap tops connecting from different cities, using dial ups, cable modems what ever. Not aal the details are clear to me yet but it would seem that I have enough information to purchase suitable equipment while consulting with a tarne vendor

(check for availaility in your local are , I live in Tailand as such things do not really exist exept in a few smaller specialised shops.
(*phantip plaza, smal business network shop gave me exellent service, altough offered me a router at first which I deemed unsuitable as it did not support 1 of the required protocols, the next item the proposed would have been about 750USD and said no other suitable machines exist
(**first one was just under 100**),
I had brought a print out of a couple of reviews and poited out that example these 2 machines, available in the us, have the required features, and cost only 150-200usd. He then promised to find me asuitable machine for my return*) ,At anoher , larger store we ran the store specialist, wh wasnt in that day, I sopke with him on the phone, he gave me the router importer details, and suggested I contact support and let them suggest me a solution.I also old him , I would book a day for the purchases , when he could be personally availabe at the store., as I will most propably be purchasing at least the required desktop PC's there as well. This way I can have his expertise at use and the risk of getting unsuitable equipment should be reduced,(alltough I am working to make it nonexistent even before that).

Regarding the protocols, in short, vpn servers connect to each other through the internet and create a tunnel within the internet through which te 2 lans will be sharing their information etc.. To create these connections, manage the tansfer of data, and to maintain security, several protocols hae been developped. Few that I have come accross, and that are deemed important for this project are:

IPSEC protocol support =The VPN (Virtual Private Network) portion of the router allows you to securely connect to your home network over the Internet using standard IPSEC VPN client software.

PPTP protocol support =By setting your router up as a PPTP server, anyone on the Internet can use the VPN software built into Microsoft Windows to connect to your network – providing you have set them up with a login and password.
(PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade.
)(Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet.)

These 2 above have to do with the connection between the 2 lans.In my case they (routers) have to support dynamic dns's, for example I understood that for a remote lap top n lets say france wants to connect to vpn,access intrante and get files from file server, PPTP rotocol is needed, route to router connection is IPSEC.

Regaring security, if the router has a firewall, which I understand that at least when talking about home/small office network routers te all do, it should have at least SPI – stateful packet inspection = It defends against Denial of service attacks etc etc just like most modern routers.

As well as:
NAT (network address translation) feature will hide your LAN users behind the WAN IP address.

OK. I will continue searching and preparing to buy, I will try and balance between choosing the easiest router to set up and the router with most options and abilities.
For example here is a link to a review of a router that seemes to be well...Killer. But the review clearly states thatit is too complicated for beginners and do it yourelfers starting up.

http://www.homenethelp.com/web/review/snapgear_lite.asp

Quote "I understand that SnapGear chose to take the path that would NEVER interfere with existing network infrastructures, but honestly it makes it hard for the basic home user to install."

And to finish off, here is an email I have sent to importer of a specific router, which seems suitable for my case, it is only about 120usd, the manufacurer has gotten good reviews, some praise about good design and well functioning solutions.

the router incase anyone wants to check out the features is
corega: CG-BAR-AA 100
a link to manufactures site of the product (with full details of its features):
http://www.corega-international.com/...39&product=153
(the picture is not the same as what is in the box at my local store, but I am in asia and this is the international version of their website so they may have different looking models on sale.

Here is an email to their support, I have half expecting some kind of answer, I mean i terms of their business it is definately worth their while, almost a sale already, but I dont want to get my hopes up.

Even if I do get a reply, it will be either a 80% copy paste letter with impersonal answers to my quetions, incomprehesible english and diagrams with hand written thai script on the as explanations, an emil redirecting me o somewhere else and hence removing responsability from whoever monitors the emails, or a response which clearly implies that my whole question/story and background information has been delightfully misunderstood from line 2 onwards, and their conlusions are as suitable s can be expected in that case.

However there is a chance that they are trained professionals, young men & women, interested in IT, computers and gaming, fans of hollywood movies and hip hop, so they will use very fresh english, answer my question clearly and suggest or point out something vital that I have missed. The mere possibility clearly makes it worthwhile the effort, and it was a good chance for me to put down a list of my bare necessities for this project.

Here is the email:

Hi

I will be purchasing a broadband routers around the 20th May.

At phantip Plaza I have come across your product Corega CG-BAR-AA 100

I have few questions regarding the product. I would like to know which elements of my planned VPN your product supports.



(as well as any information on any additional hardware possibly needed to make your product support the planned VPN solution, especially if any devices would be recommended to maintain security within the 2 LAN’s from attacks within the wireless connections in these LAN’s, so that these security solutions will not conflict with the routers VPN security settings, please read description of system to better understand. (*secure connections from wireless laptop to lan, then through router using VPN tunnel over internet to router at other end o VPN, to lan and through wireless connection to laptop*).)



Ma plan is to build a LAN to a newly established office, and connect the LAN to an existing one located 150km’s away.

I will attempt to build a VPN between these 2 locations.

I will call the 2 locations LAN A and LAN B

I am considering purchasing 2 CG-BAR-AA 100 routers for the purpose of creating his VPN.(installed at both LAN A and LAN B , at the internet connection point)



The VPN must be able to support the following situations:

Connect from PC A1 in LAN A, through the internet, to PC B1 in LAN B. (both Lans will have 5-10 PC’s, 1-2 laptops, + scanners and multiple printers)

This connection must allow file browsing, document printing.

Also Lap top LA1 with wireless connection to LAN A must be able to connect to Lap top LB1 in LANB I the same way.

Also Lap top RL1 in a remote location must be able to connect to both LAN’s via a connection created from any location over the internet.

(IPSEC and PPTP,L2TP)

Also Lap top RL2 in a mobile connection, must be able to connect to LAN A and LAN B in the same way, (with restrictions set by the slower connection speed of a mobile internet connection on the type of data that is useful to transfer with those lower speeds.)



The router must be fairly simple wit its VPN set up and configuration, or support must be available.

The router must act as a firewall, with SPI & NAT.

The router should support dynamic DNS, the internet connection will be adsl at both LAN’s



A server, acting as a file server, email exchange server will be located in LAN A, this server will also run the company intranet. Clients on both LANs and Laptops at remote and wireless locations must be able to view these files, access the INTRANET, download emails from this server.

This sever will also act as primary back up , and



Operating systems on both Lans, laptops connected to LAN through wireless connection,on remote and mobile Laptops connecting to VPN from outside the VPN, and on the server will be Windows operating systems, XP,98,2000 and whatever suitable Widows OS will be chosen for the server. All these OS’s must be supported/able to work with the routers.



Please let me know if your product supports this system, if you have other products that would be required/better suited for this solution.

I will be waiting for any kind of reply soon, as I will make my purchase at the end of next week.


Any links to reviews on your product on the internet on hardware forums, and other testing sites would also be appreciated.



Best regards ,and thank you for your help

Sami

[sambkk]

Hi
It looks like I have found the product that I am looking for.
I have decided to buy products from he vpn layer downwards, making sure that my routers will support all the functions that are required from my network.They will act as the gateway through which all data between networks will pass so if there is a problem the data would stop there right.

To summarize what I need, here is everything in short:
VPN to tie up 2 lans, both lans will have 1-2 laptop with wireless connection, scanner and printers.
I will also need ablity to connect to VPN through internet from remote location, and I am dreaming of at least partial ability to remote administer the whole lot.Security is an issue.

Interesting and informative links regarding VPN can found here:
http://www.practicallynetworked.com/ -has a few links on articl about VPN
http://computer.howstuffworks.com/vpn.htm -one the better informative inks on the basics and issue to consider while signing VPN but quite general exept for the CISCO product ads
http://www.howtonetworking.com/index.htm -lots of info and links worth a visit
http://www.homenethelp.com/vpn/ -good stuff a bit general but useful for us virgins out there
http://compnetworking.about.com/od/vpn/l/aa010701a.htm -another intro to VPn, ok worth reading through

I have decided that I like the draytek 2600VG router.
Some of the reasons are here:
It supports dynamic ip's,it hasbuilt in wireless connetion,supports IPSec Tunnelling, PPTP, L2TP and L2TP over IPSec,it alos remote management, has a proper firewall,spports 2 telephones directly plugged into it and you get instant voIP, gets great reviews on the net,and is among the cheapest considering all the available features.

Here a thread from another site, with people going through problems in their draytek set up etc.. ite infmative when you read what has been posted:
http://forums.whirlpool.net.au/forum...s.cfm?t=251837
http://forums.whirlpool.net.au/forum...s.cfm?t=326265

ther info
http://bc.whirlpool.net.au/bc-hw.cfm?id=131
http://www.vpnsurvival.com/
http://www.chicagotech.net/vpnsetup.htm
http://www.homenethelp.com/vpn/router-config.asp
http://www.softwaresolution.org/virt..._networks.html
http://www.vpnc.org/

For any newbie, going throu those links should help you out to some degree.If yu know at you need as performan and abilit of your VPNthe process gets quite simple.Gather all the data on each feature (performance realated issues such as allow remote adnistration or allow rete location to acces into VPN) one by one. mean type in gole for example keywos as to what y need from your network, see how its done ke notes on the protocols mentioned, look through a many how to an intros o VPN and any available to each "subtopic" (VPN feature), then start clicki on the links to the advertsed routers, take notes mentioned hardware on orums etc, do some resear on them, make a list, then starting through the technical data see if everything on your st of needs is there Contact manufactrs by email, or resellers (anyway you want)present yur plans to them, ask them if the product mind supports the features, try and select a performance wise solid looking machine,not any reviews its gotten and yu should have quite a lot ofdata to base your decision on.
I am going with the draytek at least utill a forum eldertells me to wake up and smell flowers, I have forgottn to adress some key issue.But then the process starts again and I am that much wiser.

Untill I know better,I am planning on buying the draytek.
I will now move on to oher hardware software related issues of project.
I will try to cover all topics,and I will adress issue of flatscreens (suprisingly)next. This is because I just want toist things to ep in mind while uying the flatscreen display, as I want to try and cover everything, b know that most PC's will be buying or this project will come bundled together in a package.For 99% of time these PC's wille or should be sed for office purposes with some surfing on the net, so there wont be that much to decide,based on price & performance,paying attention to processor speed,RAM,hard drive size, dvd & CD-RW, LAN card,other stuff as speakers etc, the flat screen,number of slots for additional stuff at the back, in the end the most afforable mahine package, with decent performance that looks gooand has no visible design flawsin terms of usality is likely get chosen.
But herere condiereatios for those on the market for a flatscreen:
-Digital DVI connectivity, analog is going out of style.
-size- a 17' flat reen display is the roghly the equivalent of a 19'tube. So for graphs oriented jobs select a bigger (and mor expensive screen) for regular stuff 17' is adqua alltoughI've got a funny feeling the workes are goingo find brand new 15' screens in front of them when eveything is done.
-dead pixels all the flascreens are classified into 3 categories, grade 1, grade 2, grade 3.depending on the number of faulty pixels on the matrix. grade3 dnwards is not supposed to be sold to consumers, so unlessyou see adve for grade 1, you about to buy grade 2.
-Colors - you want the best colors, I dont kw how to judge that, Ill either take the word of some survey or test, or just go by my eye.
-Dark shades - here is a genuine point to pay attenion to,size the flatscreens use a back light which is always on, is dark/black harder to create. Use your own judgement when purchasing.Check out the contrast.
-speed -for fluid movement you need a screen that "paints itself" every 12-16 milliseconds, this y may check for yourself by playing a game at the shop, does the image look smooth?
-Vewing angle. You need tocheck angles to the left and right a see howfar to the sidecan you go and still make out the images , you shuld do this from abve and side as well since in offices you especially have people stopping by your desk to check something out quickly on your screen and not taking seat. Their angles will be from above.
-also consier wiring and other design related issues, different plugs, amount of settings you can make. are the wires sticking out somewhere,are the buttons hidden somewhereor too small, can youdjust the view enough throuh the cotrolson the panel?

Ill be getting 1pc for graphics a oriented job, this lucky worker, should my ex boss listen to me on this, will get a bigger screen,very likely that he she will get 2 screens, a graphics card hat supports his will be selecte as well as RAM will,be beefed up. Other than that same rules apply as selecting the "regular workers" pc's.
I will also be getting one desktop, possibly running a server, not decided on that yet, that will have some more muscle. There I will include few harddrives, 1 to act as a file storge for the most commonly used docs, templates etc.. (I ve a dream.... that all the workers can accept and tke advantage os a new system and actually use thesedocs stored in a special place), 1 drive for back ups of vital stuff, I will be instructingworkers wher to save stuff t is importat and I will attempt to ke care of backups by remote access while watching reruns of A-team in my living room (ecause I know the responsibility will be handed over as soon as he need is discovered , again.
This maybeserver may also run some emailservices dowoading all the pop mails and distributing them over the VPN.This because my old boss wants t have automated out of office mails etc.. I think that one way tgo is setting up a srver to manage mails. Also I believe sring calendars and similar type of info will be advantageous nd I read somewhere about the ossibilities offered by outlook, which is something that al the workers are already used to working with.
More on all that later,will also reveal the secrets by summng up components and key issues of the network once it is up and running.That may take time.IF no such post appears, you an bet I have grown a mstache, chand my name and I will be selling little used hardware at cut thorat prces under flalse identity right here on this forum. (watch out for posts praising this equipment,with quotes from unnamed reviews).
Thanks and good luck to everyone.