Need some tips in reorganizing our LAN.
Hi, Right now, I'm working in a poor government agency where the network is not well organized. Its hard to trace users that are doing this stuff and doing that.IP addresses are scattered all around the 3 story building.Switches are cascading everywhere.. Everything is a disaster. When a machine is infected with some worms, its trivial to track it down..When one is doing p2p, no one can stop him. Perhaps the reason why this is happening right now is that the former network administrators did not consider the scenarios that will happen in the future, like increasing number of users and workstations mobilization of employees from one area to another, etc. Right now, we have a freebsd 4.7 lying in a dark room not far away from where I am right now. And it is indeed the center of our Local Area Network.. Guess what, it has only 2 interfaces. One connected to public, and the other connected to our private switch. That private interfaced is aliased to multiple subnets like this: 10.10.1.1 10.10.2.1 10.10.3.1 10.10.4.1 10.10.5.1 This interface is connected to 1 switch and then 5 or more switches are connected to this main switch. Those 5 or more switches are then scattered to every area of the building. I know you are thinking a lot of negative things about this setup, but this is what it really looks right now. The MIS suggested a LAN transition project, and I was assigned to lead the team. Right now, we are only two in this very big team. :-) I'm just wondering if I will ever gonna finish this project or not. I have a lot of stuffs mixed up in my mind right now but I really don't know where to start. I have these in my mind right now: Connectivity 1. wired 2. wireless Machines being hooked into the network: 1. servers 2. workstations 3. testbeds 4. personal (laptops etc.) Will use DHCP Will use centralized directory service Will use centralized authentication We have at most 150 employees... We don't have that much to spend on equipments like managed switches, powerful servers, etc. We have a lot of political issues that needs to be resolved regarding network usage policies All these stuffs, basically mixed up in my mind. I really have no idea where to start aside from creating a purchase request for a new PC router and a multiple port lan card, which I already did a week ago..And it has not arrived yet. :-) Please help me. I told my partner that services configuration is just a piece of cake once we already have a definite plan. I really don't know where to start. I'm not even tasked to do this... I'm just tasked to help my partner who is a member of the poor MIS. At first, I thought this would be just as easy as upgrading the machine to FreeBSD 6.0 and then reconfiguring the firewall ruleset, but I was wrong. If you have any Network Transition plan that you may want to share to me, please do so. Even if we don't have that much similarities in our network setup, at least the non technical part like planning etc... Thanks Sincerely -jay - New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
--- Mark Jayson Alvarez <[EMAIL PROTECTED]> wrote: > Hi, > > Right now, I'm working in a poor government agency where the network > is not well organized. Its hard to trace users that are doing this > stuff and doing that.IP addresses are scattered all around the 3 > story building.Switches are cascading everywhere.. Everything is a > disaster. When a machine is infected with some worms, its trivial to > track it down..When one is doing p2p, no one can stop him. Perhaps > the reason why this is happening right now is that the former network > administrators did not consider the scenarios that will happen in the > future, like increasing number of users and workstations > mobilization of employees from one area to another, etc. Do all cables lead to a centralized server room? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Jay, > If you have any Network Transition plan that you may want to share > to me, please do so. Even if we don't have that much similarities > in our network setup, at least the non technical part like planning > etc... It really depends of the goals you want to reach, the services you plan to provide, how you wantto devide your network in groups, if there is effective geographical division (one service in one single floor or in one single office), if you can afford new cabling in the building, etc. Once you have the big picture clear, then you can think of the technical parts. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Hello jay, On Wednesday 29 March 2006 05:55, Mark Jayson Alvarez wrote: > The MIS suggested a LAN transition project, and I was assigned to lead the > team. Right now, we are only two in this very big team. :-) I'm just > wondering if I will ever gonna finish this project or not. I have a lot of > stuffs mixed up in my mind right now but I really don't know where to > start. If you don't have it already, I'd start cleaning up the old system without changing it's structure. Remove the redudancies, eg unnecessary cascading switches, or computers that are no longer used. This will give you a clear idea of what the current layout looks like, making it easier to plan changes, and with some luck it'll also give you a hardware stockpile that you can then recycle for your new LAN. > I have these in my mind right now: > > Connectivity > 1. wired > 2. wireless I see no place for a wireless network in a professional network. It's hard to secure it (it's possible, encrypted-VPN-over-WLAN works, but it's difficult and expensive to set up). Stick with a wired LAN, and there'll be one security threat less that you have to worry about. > Machines being hooked into the network: > 1. servers > 2. workstations Make a list of the servers you have, and which user groups need them. Make a list of which logical user groups there are. Then design a network layout to match those needs. You could, for example, put each use group into its own subnet, including the servers it needs. Access between user groups could then be restricted at will*. Alternatively, put some or all servers into a dedicated subnet. This will also allow protecting them better. I realize I'm being very unspecific, but you didn't give us all that much information. > 3. testbeds If there are users accessing those, treat them as servers. Otherwise, isolate them from the production network. > 4. personal (laptops etc.) This is a difficult one. Personal laptops are machines you have no direct control over (you cannot control what software is installed on it), and as such they are a high risk factor when they are connected to your network. They might introduce malware into the company, or evade your file storage procedures. This is a matter of policy basically. Try to restrict personal machines as much as you can. Forbid connecting them to the LAN. If you can't do that, maybe have specialized laptop ports that are firewalled off from the rest of the network. > Will use DHCP Keep in mind that a DHCP server needs to be in the same subnet it serves. Other services do not have this requirement. > Will use centralized directory service > Will use centralized authentication Sounds good. Personal laptops will undermine this though, another reason to try to keep them away. > We have at most 150 employees... > We don't have that much to spend on equipments like managed switches, > powerful servers, etc. We have a lot of political issues that needs to be > resolved regarding network usage policies You don't need powerful hardware to manage a network with just 150 employees. Some gigabit hardware for popular servers would be nice, but the network management will use very little CPU resources (unless of course you decide to play around with VPNs). So don't worry about that too much. > All these stuffs, basically mixed up in my mind. I really have no idea > where to start aside from creating a purchase request for a new PC router > and a multiple port lan card, which I already did a week ago..And it has > not arrived yet. :-) It sounds like you're planning to have all subnets connected through this one FreeBSD box. This is not necessary. You can put a router in between subnets, and have that one located elsewhere, where it's more convenient. It can also make perfect sense to have firewalls on these routers. If you isolate user groups that need to communicate with each other into different subnets and block traffic between them, it'll be easier to contain a worm outbreak. And oh yeah: in my opinion, the firewall, ie the outermost machine that's connected to the internet, should have 2 or 3 interfaces only, and carry data only on 2 of them. Do not give it several interfaces for the purpose of routing your LAN. It'll make creating an airtight firewall ruleset much more difficult. Instead, have one or several routers inside your LAN that handle it, that don't need to deal with malicious outside traffic too. > Please help me. Feel free to be more specific about your plan or with your questions, I'm sure people here will happily comment on or answer them. I'm also sensing that you feel a bit overwhelmed. Try to keep pressure on yourself low, by having as few disruptive changes as necessary. Don't try to change your whole network over a weekend, it's too large for that. Install the new parts bit by bit, and try to do so with the rest of the old system still working, until you change it. In other words: tak
Re: Need some tips in reorganizing our LAN.
Jay, This interface is connected to 1 switch and then 5 or more switches are connected to this main switch. Those 5 or more switches are then scattered to every area of the building. I know you are thinking a lot of negative things about this setup, but this is what it really looks right now. You didn't define how large your client base (number of machines) was (or at least give us a guesstimate). The MIS suggested a LAN transition project, and I was assigned to lead the team. Right now, we are only two in this very big team. :-) I'm just wondering if I will ever gonna finish this project or not. I have a lot of stuffs mixed up in my mind right now but I really don't know where to start. Just sitting down with a piece of paper and working through the issues in a command and conquer fashion gets the job done. That's the stuff that engineers are made of :). I have these in my mind right now: Connectivity 1. wired 2. wireless Only do wireless if you intend to have a semi-smart setup with a set of wireless routers that restrict the clients connecting who are not known to force them to login. You can ensure that the clients are known (registered) by recording their Mac addresses and records; that's how the dept I work for does things, and it works pretty well. Otherwise, there's always an SSL login via wireless each time that ties into a domain/kerberos login. Machines being hooked into the network: 1. servers 2. workstations 3. testbeds 4. personal (laptops etc.) As said before, just isolate the testbed machines from the servers and workstations because it will pose less of a security risk, and just in case something goes awry with a testbed machine, the odds of the problems cascading over into the other subnets will be reduced. Will use DHCP Will use centralized directory service Will use centralized authentication We have at most 150 employees... We don't have that much to spend on equipments like managed switches, powerful servers, etc. Don't need something powerful unless you want something 'simple' or dedicated to use; with proper setups and Unix machines (one of FreeBSD's definite forte's), you will probably be able to take a upper level P3 and/or a lower level P4 and service an entire subnet with little latency issues. I don't suggest running more than sshd, ipfw (or an equivalent firewall), sendmail, and a syslog daemon, just to keep things light and traffic moving quickly. We have a lot of political issues that needs to be resolved regarding network usage policies Again, registration and port blocking can solve this by restricting the ports and 'punishing' the rule breakers. Be aware that no solution's perfect and someone will always come up with something to beat your clever 'mousetrap'. All these stuffs, basically mixed up in my mind. I really have no idea where to start aside from creating a purchase request for a new PC router and a multiple port lan card, which I already did a week ago..And it has not arrived yet. :-) If you've already done this, make sure to make this your central machine; that way the machine sifting through all of the traffic and redirecting requests can be the best equipped to meet the issue at hand. Please help me. I told my partner that services configuration is just a piece of cake once we already have a definite plan. Shouldn't have said that... building up client expectation isn't a wise thing necessarily if one can't deliver due to unexpected issues or turns. I really don't know where to start. I'm not even tasked to do this... I'm just tasked to help my partner who is a member of the poor MIS. At first, I thought this would be just as easy as upgrading the machine to FreeBSD 6.0 and then reconfiguring the firewall ruleset, but I was wrong. Stuff isn't always as easy as it seems. That's what I've learned through my little experience in the real world. If you have any Network Transition plan that you may want to share to me, please do so. Even if we don't have that much similarities in our network setup, at least the non technical part like planning etc... Uhm... don't mean to be rude, but aren't you getting paid to think of ideas and not me ;)? Just thought you might want to mull over those points I just mentioned a bit. Basically follow the advice given already, which essentially is: 1. Calm down 2. Think stuff over a. Write down what needs to be accomplished and the requirements that need to be met. b. Eliminate unnecessary components. c. Draw up a new plan. 3. Execute your new plan HTH, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Benjamin Lutz <[EMAIL PROTECTED]> wrote: > Hello jay, > > On Wednesday 29 March 2006 05:55, Mark Jayson Alvarez wrote: > > The MIS suggested a LAN transition project, and I was assigned to lead the > > team. Right now, we are only two in this very big team. :-) I'm just > > wondering if I will ever gonna finish this project or not. I have a lot of > > stuffs mixed up in my mind right now but I really don't know where to > > start. > > If you don't have it already, I'd start cleaning up the old system without > changing it's structure. Remove the redudancies, eg unnecessary cascading > switches, or computers that are no longer used. This will give you a clear > idea of what the current layout looks like, making it easier to plan changes, > and with some luck it'll also give you a hardware stockpile that you can then > recycle for your new LAN. > > > I have these in my mind right now: > > > > Connectivity > > 1. wired > > 2. wireless > > I see no place for a wireless network in a professional network. It's hard to > secure it (it's possible, encrypted-VPN-over-WLAN works, but it's difficult > and expensive to set up). Stick with a wired LAN, and there'll be one > security threat less that you have to worry about. > > > Machines being hooked into the network: > > 1. servers > > 2. workstations > > Make a list of the servers you have, and which user groups need them. Make a > list of which logical user groups there are. Then design a network layout to > match those needs. You could, for example, put each use group into its own > subnet, including the servers it needs. Access between user groups could then > be restricted at will*. > > Alternatively, put some or all servers into a dedicated subnet. This will > also > allow protecting them better. > > I realize I'm being very unspecific, but you didn't give us all that much > information. > > > 3. testbeds > > If there are users accessing those, treat them as servers. Otherwise, isolate > them from the production network. > > > 4. personal (laptops etc.) > > This is a difficult one. Personal laptops are machines you have no direct > control over (you cannot control what software is installed on it), and as > such they are a high risk factor when they are connected to your network. > They might introduce malware into the company, or evade your file storage > procedures. > > This is a matter of policy basically. Try to restrict personal machines as > much as you can. Forbid connecting them to the LAN. If you can't do that, > maybe have specialized laptop ports that are firewalled off from the rest of > the network. > > > Will use DHCP > > Keep in mind that a DHCP server needs to be in the same subnet it serves. > Other services do not have this requirement. > > > Will use centralized directory service > > Will use centralized authentication > > Sounds good. Personal laptops will undermine this though, another reason to > try to keep them away. > > > We have at most 150 employees... > > We don't have that much to spend on equipments like managed switches, > > powerful servers, etc. We have a lot of political issues that needs to be > > resolved regarding network usage policies > > You don't need powerful hardware to manage a network with just 150 employees. > Some gigabit hardware for popular servers would be nice, but the network > management will use very little CPU resources (unless of course you decide to > play around with VPNs). So don't worry about that too much. > > > All these stuffs, basically mixed up in my mind. I really have no idea > > where to start aside from creating a purchase request for a new PC router > > and a multiple port lan card, which I already did a week ago..And it has > > not arrived yet. :-) > > It sounds like you're planning to have all subnets connected through this one > FreeBSD box. This is not necessary. You can put a router in between subnets, > and have that one located elsewhere, where it's more convenient. It can also > make perfect sense to have firewalls on these routers. If you isolate user > groups that need to communicate with each other into different subnets and > block traffic between them, it'll be easier to contain a worm outbreak. > > And oh yeah: in my opinion, the firewall, ie the outermost machine that's > connected to the internet, should have 2 or 3 interfaces only, and carry data > only on 2 of them. Do not give it several interfaces for the purpose of > routing your LAN. It'll make creating an airtight firewall ruleset much more > difficult. Instead, have one or several routers inside your LAN that handle > it, that don't need to deal with malicious outside traffic too. > > > Please help me. > > Feel free to be more specific about your plan or with your questions, I'm > sure > people here will happily comment on or answer them. > > I'm also sensing that you feel a bit overwhelmed. Try to keep pressure on > yourself low, by havin
Re: Need some tips in reorganizing our LAN.
Hi everyone, Thanks for replying.. I'm currently on the phase I of the plan. Its not finalized yet. I hope you can add some more. What else do you want to know if you will be reorganizing your own LAN? Also, if you have a clue on what the succeeding phase should be..Anyway, I will try to focus on the phase I first. Phase I - Identify the Current Setup 1. Network Diagram 1.1 Connectivity Type a. wired b. wireless 1.2 Geographical Divisions a. Site survey (building plan) b. cabling structure (is it possible to recable?) 2. Types/Classifications/Numbers of Users (126 employees) 2.1 Administrative staffs a. OD b. FAD c. DIVAS 2.2 Technical staffs 3. Machine Classifications and their network type(private/public) 260 all in all Admin Tech a. servers (public/private) -> 24 b. workstations b.1 desktop (public/private?) 35 162 b.2 laptops (public/private?) 317 c. testbeds (public/private) already included in desktop d. personal (laptop,pda) NA 3.1 Operating system a. Windows b. *nix 4. Services Provided/needed a. file server (private) b. printer server (private) c. internet proxy server (public) d. im server (private) e. web server (private) f. directory service/server Thanks -jay - New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Hi everyone, Thanks for replying.. I'm currently on the phase I of the plan. Its not finalized yet. I hope you can add some more. What else do you want to know if you will be reorganizing your own LAN? Also, if you have a clue on what the succeeding phase should be..Anyway, I will try to focus on the phase I first. Phase I - Identify the Current Setup 1. Network Diagram 1.1 Connectivity Type a. wired b. wireless 1.2 Geographical Divisions a. Site survey (building plan) b. cabling structure (is it possible to recable?) 2. Types/Classifications/Numbers of Users (126 employees) 2.1 Administrative staffs a. OD b. FAD c. DIVAS 2.2 Technical staffs 3. Machine Classifications and their network type(private/public) 260 all in all Admin Tech a. servers (public/private) -> 24 b. workstations b.1 desktop (public/private?) 35 162 b.2 laptops (public/private?) 317 c. testbeds (public/private) already included in desktop d. personal (laptop,pda) NA 3.1 Operating system a. Windows b. *nix 4. Services Provided/needed a. file server (private) b. printer server (private) c. internet proxy server (public) d. im server (private) e. web server (private) f. directory service/server Thanks -jay - New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Benjamin Lutz <[EMAIL PROTECTED]> wrote: Hello jay, I see no place for a wireless network in a professional network. It's hard to secure it (it's possible, encrypted-VPN-over-WLAN works, but it's difficult and expensive to set up). Stick with a wired LAN, and there'll be one security threat less that you have to worry about. No, problem with this as we already have wireless authentication wherein users are forced to login before accessing proxy servers. Keep in mind that a DHCP server needs to be in the same subnet it serves. Other services do not have this requirement. So you mean, If I have 1 pc router that has maximum of 8 lan ports, I can't do dhcp on 8 networks?? Let's say, dhcp will listen on each interface and serve only the assigned subnets It sounds like you're planning to have all subnets connected through this one FreeBSD box. This is not necessary. You can put a router in between subnets, and have that one located elsewhere, where it's more convenient. My partner say that having a separate pc router for each subnet and placing it in their designated area is not an option. He said we should try having a redundant/failover central pc router instead. If we were to deploy 5 or more of those, we should put it somewhere we can access it easily.. that is here in our NOC, at the 3rd floor. Unfortunately, we don't have much space left for tower pc's unless we can afford to buy rackmounted servers... Even purchasing those 5 servers will be a big issue And here's another thought: reliability and redundancy. Computers fail. If you have one central router that everything goes through, not only is it a performance choke point, but it'll also bring the whole agency to a standstill if it should fail. Maybe there isn't a better way to do things given your resources, but if there is, try to limit the impact of potential failures. Distribute things like routing, and most of the network will keep working if one machine fails. Or, if you can, make things redundant. Cheers Benjamin - Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need some tips in reorganizing our LAN.
Benjamin Lutz <[EMAIL PROTECTED]> wrote: Hello jay, I see no place for a wireless network in a professional network. It's hard to secure it (it's possible, encrypted-VPN-over-WLAN works, but it's difficult and expensive to set up). Stick with a wired LAN, and there'll be one security threat less that you have to worry about. No, problem with this as we already have wireless authentication wherein users are forced to login before accessing proxy servers. Keep in mind that a DHCP server needs to be in the same subnet it serves. Other services do not have this requirement. So you mean, If I have 1 pc router that has maximum of 8 lan ports, I can't do dhcp on 8 networks?? Let's say, dhcp will listen on each interface and serve only the assigned subnets It sounds like you're planning to have all subnets connected through this one FreeBSD box. This is not necessary. You can put a router in between subnets, and have that one located elsewhere, where it's more convenient. My partner say that having a separate pc router for each subnet and placing it in their designated area is not an option. He said we should try having a redundant/failover central pc router instead. If we were to deploy 5 or more of those, we should put it somewhere we can access it easily.. that is here in our NOC, at the 3rd floor. Unfortunately, we don't have much space left for tower pc's unless we can afford to buy rackmounted servers... Even purchasing those 5 servers will be a big issue And here's another thought: reliability and redundancy. Computers fail. If you have one central router that everything goes through, not only is it a performance choke point, but it'll also bring the whole agency to a standstill if it should fail. Maybe there isn't a better way to do things given your resources, but if there is, try to limit the impact of potential failures. Distribute things like routing, and most of the network will keep working if one machine fails. Or, if you can, make things redundant. Cheers Benjamin I have attached here our current lan setup... - New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low rates.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Need some tips in reorganizing our LAN.
>-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Mark Jayson >Alvarez >Sent: Tuesday, March 28, 2006 7:55 PM >To: [EMAIL PROTECTED] >Subject: Need some tips in reorganizing our LAN. > > >Hi, > > Right now, I'm working in a poor government agency where the >network is not well organized. Its hard to trace users that are >doing this stuff and doing that.IP addresses are scattered all >around the 3 story building.Switches are cascading everywhere.. >Everything is a disaster. When a machine is infected with some >worms, its trivial to track it down..When one is doing p2p, no >one can stop him. Perhaps the reason why this is happening >right now is that the former network administrators OK so this I think implies they all were fired? >did not >consider the scenarios that will happen in the future, like >increasing number of users and workstations mobilization of >employees from one area to another, etc. > > > Right now, we have a freebsd 4.7 lying in a dark room not far >away from where I am right now. And it is indeed the center of >our Local Area Network.. Guess what, it has only 2 interfaces. >One connected to public, and the other connected to our private >switch. That private interfaced is aliased to multiple subnets >like this: > > 10.10.1.1 > 10.10.2.1 > 10.10.3.1 > 10.10.4.1 > 10.10.5.1 > > This interface is connected to 1 switch and then 5 or more >switches are connected to this main switch. Those 5 or more >switches are then scattered to every area of the building. I >know you are thinking a lot of negative things about this >setup, but this is what it really looks right now. > > The MIS suggested a LAN transition project, and I was assigned >to lead the team. Right now, we are only two in this very big >team. :-) I'm just wondering if I will ever gonna finish this >project or not. I have a lot of stuffs mixed up in my mind >right now but I really don't know where to start. > You are going to find you might as well start over and toss everything. These kinds of clean up projects only work right if the chief network admins who have all the institutional knowledge run the cleanup project. If your new, and the people with the institutional knowledge aren't around anymore, you have little choice but to just start over. This is not an uncommon scenario since incompetent admins are the ones who are most likely to create big undocumented messes. > I have these in my mind right now: > > Connectivity > 1. wired > 2. wireless > > Machines being hooked into the network: > 1. servers > 2. workstations > 3. testbeds > 4. personal (laptops etc.) > > Will use DHCP > Will use centralized directory service > Will use centralized authentication > We have at most 150 employees... > We don't have that much to spend on equipments like managed >switches, powerful servers, etc. > We have a lot of political issues that needs to be resolved >regarding network usage policies > You have to start with these first. Unless you can get a statement of use worked out and have the top dogs sign off on it, your screwed before you even start. Do this first before you have spent all your political capital because you are absolutely going to be pissing off people and later on you won't have the support to do it. You ought to know as well that I know several professional admins that do this for a living - they are hired in the wake of incompetents being fired, and they come in and hatchet out everything, then once everything is running smoothly, they quit and go on to the next company, because by the time they are done, everyone in the office save the directors, hate their guts. (and the directors are laughing up their sleeves at the users) They get paid pretty damn good money for this. > > All these stuffs, basically mixed up in my mind. I really have >no idea where to start aside from creating a purchase request >for a new PC router and a multiple port lan card, which I >already did a week ago..And it has not arrived yet. :-) Please >help me. I told my partner that services configuration is just >a piece of cake once we already have a definite plan. I really >don't know where to start. I'm not even tasked to do this... >I'm just tasked to help my partner who is a member of the poor >MIS. At first, I thought this would be just as easy as >upgrading the machine to FreeBSD 6.0 and then reconfiguring the >firewall ruleset, but I was wrong. > > If you have any Network Transition plan that you may want to >share to me, please do so. Even if we don't have that much >similarities in our network setup, at least the non technical >part like planning etc... > Just start ove
Re[2]: Need some tips in reorganizing our LAN.
Hello Mark, Thursday, March 30, 2006, 8:33:20 AM, you wrote: MJA> Thanks for replying.. MJA> I'm currently on the phase I of the plan. Its not finalized yet. I MJA> hope you can add some more. What else do you want to know if you will be MJA> reorganizing your own LAN? Also, if you have a clue on what the MJA> succeeding phase should be..Anyway, I will try to focus on the phase I first. MJA> Phase I - Identify the Current Setup MJA> 1. Network Diagram MJA> 1.1 Connectivity Type MJA> a. wired MJA> b. wireless c. Optical If you can, don`t use wireless -- not secure, many troubles. MJA>1.2 Geographical Divisions MJA> a. Site survey (building plan) MJA> b. cabling structure (is it possible to recable?) Yes MJA> 2. Types/Classifications/Numbers of Users (126 employees) MJA> 2.1 Administrative staffs MJA> a. OD MJA> b. FAD MJA> c. DIVAS MJA> 2.2 Technical staffs MJA> 3. Machine Classifications and their network type(private/public) 260 MJA> all in all MJA> Admin MJA> Tech MJA> a. servers (public/private) -> 24 MJA> b. workstations MJA>b.1 desktop (public/private?) 35 162 MJA>b.2 laptops (public/private?) 317 MJA> c. testbeds (public/private) already included in MJA> desktop MJA> d. personal (laptop,pda) NA MJA> 3.1 Operating system MJA> a. Windows MJA> b. *nix Nix better, but more difficult support on desktop pc's.. And need teach personnel. MJA> 4. Services Provided/needed MJA> a. file server (private) MJA> b. printer server (private) MJA> c. internet proxy server (public) MJA> d. im server (private) MJA> e. web server (private) MJA> f. directory service/server -- Best regards, Playnetmailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
