Setting up a network with a server...

Discussion in 'Hardware' started by Ardabus, Jun 28, 2008.

  1. Ardabus

    Ardabus Private E-2

    Hey!

    I'm setting up a network with 5 pc computers in my office. I want them all to have access to the same printer, hard drive and internet connection (obviously). I'm getting a server, and will use a vpn so clients in new york and california can access a database on the server. I'm moderately good with computers. Is all this correct?:

    1. Purchase computers, printer, hard drive, server, vpn rounter and cables.
    2. Set up the computers, printer and hard drive.
    3. Connect all the computers to the internet.
    4. Connect the server to the internet.
    5. Set up the vpn on the computers.
    6. Set up the vpn on the server (i have no idea how to do this one)

    I've never dealt with servers before. I'm just going to purchase everything and start getting my hands dirty. Is there anything I should know? Is this going to be hard to accomplish? Like I said, I'm not a n00b:)

    -justin
     
  2. cat5e

    cat5e MajorGeek

    The word server as you use it is too general.

    Option 1. using a computer with OS like Vista to be a File Server but maintaining peer-to-peer Network toplogy.

    Option 2. Setting a real server OS that controls the Network.

    If you choose option 2 you should look at Winodws 2003 Small Business Server (SBS).

    http://www.microsoft.com/Windowsserver2003/Sbs/Default.mspx

    If it over you head buy few books and start to read, or hire a consultanat to help ou to make the right decision.
     
  3. Still Learning

    Still Learning Private First Class

    Yeah I guess it depends on what your trying to do, im not sure about how the VPN accessing the sql works, i guess maybe setup an apache server HTTP that they can login on, with PHP or something accessesing the sql database? but i know my current home network has 4 PC's that all access certain shared folders and can print out of one main printer on the network by allowing file and printer sharing on a home network, i use 1 version of xp pro, and all the others are xp home and it accomplishes the same thing i think, you maybe able to configure the router for the VPN. I have the same situation, im trying to setup my first server. Right now I just have windows 2008 server on VMware so i can try and hack my own network and learn, and try to make it secure before i put it online. I dont think my skills are good enough to put my server world wide yet. As for setting your server to the domain name I beleive you will have to forward the domain from godaddy or whoever to your static IP address on your HTTP server.


    I *AM* a noob, so any info will help, i was about to post a simular topic, also tutorials on setting up a secure windows 2008 server would be awesome if you have any good links.

    with a small network like that (from what i heard from others) windows will work good, but for better security you may want to look into linux, or some kind of unix system, or you can run the main OS on your box with linux, and run the server off of a VMware OS like windows server, or freeBSD or whatever..
     
  4. PEBKAC

    PEBKAC Private First Class

    Speaking from a VPN perspective, a lot depends upon what type of VPN you're talking about. Since you mention a VPN router, I'm assuming that you're looking to setup a LAN-to-LAN IPsec VPN. Please be aware that such VPNs are not "plug-n-play" and can be difficult to get working--even if you have experience setting them up. They typically have a lot of technical issues which need to be worked out and agreed upon on both sides of the connection. Your VPN router becomes one peer and whatever you're setting up the tunnel with on the other side is the other peer (typically a VPN concentrator, like a Cisco PIX). One problem that can arise is having the same private IP ranges in use on both sides of the tunnel or overlapping IP ranges with additional VPN partners (on either side). In such cases you must agree upon an IP range to NAT behind so that there aren't conflicts--and decide if you are going to have one-to-one NATs or pools of addresses, etc. There may also be routing concerns on your network if your VPN router is not also your Internet gateway. Other configuration pieces fall into play, as well... What will their encryption domain be? What will your encryption domain be? Will traffic be bidirectional? What encryption method will you be using? Will you be using 3DES or AES? Will you be using Perfect Forward Secrecy (PFS) or not? Etc, etc.

    For security reasons, you will also want to restrict what can be accessed by your VPN partner through the tunnel on your side. You should never trust them to setup security for you. If all they need access to is an SQL server, then setup the Access Control List (ACL) of your VPN concentrator to only allow access to the SQL server's IP on specific ports. Is the participant a business partner and are there agreements in place for the handling of your data? Etc, etc.

    There are a lot of considerations when joining your network with someone else's. If you're not familiar with setting up VPNs, you may want consider contracting someone with VPN experience to help you set it up.

    Sorry that this probably isn't the answer you were hoping to hear, but does anyone else with VPN experience agree with me (or disagree with me)?
     
  5. the_g_bomb

    the_g_bomb Private E-2

    I agree totally. I am managing a WAN with 30 VPN's into our head office. Each has a specific IP range that they can use. One office is 192.168.1.x the next is is 192.168.2.x etc. Security has to be paramount in setting it up as you are using the big bad unsecure internet to connect private offices together and I'm assuming you don't want just anyone to get access to your databases.

    We got a networking consultant in to go over our plans and test our VPN setup before we went live.

    Setting up Servers is one thing, setting up a VPN network is a couple of levels above that. Its do-able from the very generic list you have there but the theory and the practice never quite meet where you want them to.
     
  6. PEBKAC

    PEBKAC Private First Class

    When I've set them up, I've typically required that both partners NAT behind public IP addresses that they own. This adds a little cost, as it may be necessary to purchase additional IP addresses from an ISP, but it prevents the kind of conflicts you'd potentially encounter with future partners using something within the private IP ranges. If you control both sides, as in an intranet VPN, things are a little bit better because you can potentially decide how the networks on both sides are IP'ed and setup (and you may even be configuring both peers). When you're establishing an extranet VPN, I find it much more difficult because you are relying on the VPN administrator on the other side to know what they are doing and you have to assume that they have their side setup to correctly match yours.
     
  7. the_g_bomb

    the_g_bomb Private E-2

    Thankfully I have control of both ends of the tunnel and am running it as an Intranet, as you said PEBKAC a lot of headache is taken away when you can configure both ends.

    My firewall to firewall VPN means that I can have nearly 200 remote users connecting to the Head Office network through the 30 tunnels, but only from specific sites, we have no Extranet VPNs set up as yet.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds