Slashdot Mirror
Setting up a Small Office Network?
A not-so-anonymous Anonymous Coward asks: "I am embarking on a startup with some business contacts. I'm the only tech-guy in the group so I'll be the one to set up the network for our small office of 5-7 people. I've spent the last 15 years immersed in the development end of things (numerical analysis software and parallel computing codes). The downside of this is that I'm quite naive when it comes to networking: there's always been someone else taking care of revision control, backups, security, servers, etc., even purchasing stuff and running cable. What advice would you give someone who isn't afraid to roll up his sleeves, but is starting from ground zero on setting up a small office network? Can you recommend any books that are up-to-date and practical (e.g. "howto")?"
This actually would be your best bet. Perfect for your situation. "Networking For Dummies" can be found at almost any bookstore.
Move your revision control, backups, security, servers, etc stuff to India.
You won't find many better guides to layer one than Cabling: The Complete Guide to Network Wiring.
While the other parts of the equation are very important, you need to start with a firm foundation, and if you're doing your own wiring, this is the place to start.
Whatever you do, pay very close attention to your backup strategy to ensure all important data is backed up (duh). But, a backup strategy is useless if you can't restore it. You should "practice" restoring the systems you are responsible for backing up to a new hard drive and ensure the systems and data are restored correctly. While doing this you should develop a restore guide to help out when it really matters.
Doing this will provide you with:
Be humble! Seek help when you need it. It sounds like you have a "can do" attitude which can take you a long way, but I can tell you from personal experience that an inexperienced person can spend a lot of time and resources on problems which a call to someone with a bit more experience could quickly resolve. Be honest with your partners! It's real easy for us to position ourselves as gurus, but more difficult to be honest about our strengths and weaknesses. I've seen many shops where systems were poorly designed because the "tech guy" was unwilling to admit that they were in over their head.
This is exactly what I am currently doing, so I can offer some advice.
I know the question is about books, but really, I doubt you need 'em. I personally didn't read any books about the subject. I've found that books are far, far inferior to just playing with the damn thing.
First, if you are totally lost about networking, just googling "windows networking" or "networking tutorials" brings up wealths of information. (I will assume you are using Windows...)
Second, I suggest that you review Microsoft's website, and review their excellent documentation. I would suggest, for your needs, that you consider Microsoft SBS: http://www.microsoft.com/windowsserver2003/sbs/tec hinfo/default.mspx
Microsoft does sell some books about SBS and windows 2k3 server, but AFAIK those entire books are just printouts of the material MS provides for free online... say what you like about MS (I despise windows, honestly), but they *do* provide a lot of well-organized information for their clients.
Third, join some good technical message boards. These are the lifeblood of self-taught network admins. :)
Don't be afraid to bug people on message boards... most boards are filled with helpful people who would love to point you in the right direction. Also, I find just going onine and saying, "WTF is this thing doing?" and having a helpful, custom reply is a lot more handy (and educational) than pouring through some clumsy and out-of-date book, not even knowing if the answer is in there.
All of this, of course, is my experience due to my personal behaviors and tastes, so of course YMMV.
oh, and don't forget to have fun with it! ;)
multifariam.net -- yet another nerd blog
Having been the tech guy before, doing all the setup, do yourself a favour and document everything you do. Setup a linux box somewhere and install wiki, and whenever you do something/install a system/change the network, just record it. don't worry about formatting etc, just keep it somewhere. Then, when things quiet down, go back and clean it up. Then you'll know in a couple years why it was important that cable X ran to Y after Y has been moved and you go 'wtf was I thinking'.
... going back to fix these things is a pain in the ass later, but is easy to do from the start.
Or, if you happen to leave, you're leaving a good legacy for the next guy.
I know documentation is the bane of everyones existance, but when you're designing a new network from the ground up (including servers, workstations, etc) a little pain == lots of gain.
Additionally, create (and document) some quick policies and procedures now - things like passwords/external access/storage locations/naming conventions
Good luck.
We emerge from our mother's womb an unformatted diskette; our culture formats us. - Douglas Coupland
Or, one could assume that the people involved are interested in having and controlling a successfull small business. Sure, you may not get stupidly rich, but there can be a lot of satisfaction in simply controlling your own destiny and turning a profit every year.
And even if you *do* plan to grow the number of people in the company, the likelyhood is that you're not going to do it in the first six months, and that when you do, you're going to *move*. In the meantime, building up infrastructure is a waste of time. Building a small, reliable net that you don't have to dick around with on a daily basis should be your goal. When it's time to grow, buy new stuff. It will be cheaper and more capable then than it is now.
Code development and system administration are completely different skills. If you understand that you will have a much better chance of suceeding.
The various for dummies, for complete idiots, and similar books are generally good introductions. You are going to need more then one book. At a minimum one that deals with networks, and one that deals with system administration.
You will need to decide on a maximum budget for IT stuff. You can easily spent that ammount, regardless of how much it is. Like buying a car, it is good to determine you maximum ahead of time.
You will need to determine what services your network will provide. Just Internet? Will you want a network printer? A file server? Do you need a revision control depot? Do you want full backup of each client over the network? While working out these details remind yourself that you are building a business network, not a home network.
You will need to decide what OS you will use. A single OS is always easier to work with. A free *nix server will save you money. Your choice of OS must be requirements based. Don't choose MacOS because it is fun when you will need to run an application that is only published for Windows. Don't overlook the alternatives because "windows is the default."
Once you have a basic design you may want to look at outside help. Chances are you know a sysadmin that you would hire on for a short contract.
When putting the system together aim for the mid priced solution. The cheap stuff will cost you time and effort to maintain. The cadillac solution is expensive and you will probably want to replace it in a year or two anyway. The mid priced stuff is almost always going to work well enough. Avoid ordering too much through priceline. Building a good relationship with a local vendor is worth more then the few extra dollars you will pay. Alternatively the (business) tech support from IBM, HP, and Dell is good despite the complaints on the Internet. However IBM, HP, or Dell won't sit down to talk about your setup, while a local vendor will. (do shop around for vendors though. too many are cheap discount shops selling crap.)
If you don't know the difference between a $20 linksys router and a $1,000 cisco monstrosity, buy the linksys. If you want a file server for 6 people, buy the $300 dell dimension desktop and not the $2500 powervault file server. Setup a simple backup script, ignore raid and complex programs like veritas until you are ready to deal with them.
Other tips:
I'm employee #3 at a small startup. Since I'm the only one with an IT background (Unix, networking and security) I get to do all the IT work + the other work.... Lucky me. Here's what I did:
:( Apparently 2.6.x still hasn't worked out the bugs for LVM2 snapshots and you can get a hung kernel. LVM2 is still worth it since it allows you to resize partitions. Just don't put your root partition on it.
/etc/hosts files. hosts files work fine when you're small, but don't scale at all and getting bind/dhcpd working is easy enough where you might as well do it from the start.
Our server is a Supermicro dual Xeon box w/ Adaptec SATA hardware raid controller doing RAID10 (4x250G drives) with a Quantum VS160 DLT drive for backups. Works great and was cheaper then Dell. Linux support is great as I'm sure Windows is if you want to go that route. If you go Linux, you should only consider XFS or ext3 since those are the only journaled, relatively stable FS with a version of dump. You'll need dump (or xfs_dump) to do incremental backups once your data is larger then a single tape and tar/star won't do anymore. (Note, XFS may be unstable under LVM2... before picking it, you should do some research, but ext3 seems rock solid so far.)
OS is CentOS 4.1. Has been very stable except for doing LVM2 snapshots.
I've standardized on putting user accounts in OpenLDAP. Was somewhat a pain in the ass to setup, but now that it's working it's really worth it. Currently we have authenticating off of LDAP:
- Unix accounts
- SAMBA
- Jabber
- Bugzilla
- Snipsnap (wiki)
- Subversion (source control)
- Apache (HTTP Authentication)
- WebCal (calendaring)
Currently we outsource email, but once we bring that in, we'll do that too. Everyone loves having only ONE password which is ALWAYS in sync. Makes creating new user accounts a breeze too since there's only one database to manage.
Of course there's all the other tools like CruiseControl, Doxygen and ViewCVS which make the developers life easier. YMMV depending on your needs.
Run DHCP and DNS (I use ISC's dhcpd and bind9) and turn on dynamic updates of DNS via DHCP so you don't get in the trap of using
As for network wiring, get yourself a spool of Cat5e, some RJ45 connectors (make sure they're for solid cable, not stranded), a tester and an Ideal Rachet Telemaster. Yes you can get cheaper crimpers, but they suck and you'll hate yourself for trying to save $15.
I've standardized on Dlink DES-1026G switches. They're 24 port 10/100 with 2 Gig ports for your servers or stacking. Cost is under $200 if you look on Froogle. According to the specs, they're "real" switches with a decent backplane. I personally prefer managed swithes with VLAN's, but when you're a startup, $$$ matters.
For small companies, VoIP seems to be the way to go, but once you're around 50 people, going with a real PBX seems to be the cheaper option. Either way, expect relatively high startup costs associated with getting the related phones/etc installed and configured.
As for firewalls, well run what you know. Most firewall insecurity comes from miss-configurations, not flaws in the firewall itself. If you know how to harden a box and run iptables, I still wouldn't use that since there is a lot of effort involved. Just find some packaged firewall (OSS or COTS) which meets your needs.
Just remember to do things right the first time. It's better to put in some long hours initially to get things running well then fighting fires each week when problems start happening as you grow.
-Aaron
At the outset, try and define what it is you're trying to do, on some sort of priority list, and start at the top and work down. Try not to get diverted onto someone's recent "big idea" - keep an eye on the bigger picture.
Try and avoid overcomplicated solutions to problems. If people are pulling you in different directions, try and get them to talk it through together first.
If there's a modular way of doing something and a non-modular way, pick the modular way so that you can change one element of a solution in the future without throwing everything out.
Ask yourself who's going to be doing the ongoing maintenance. If it's you, also ask what sort of support you want to give (hours of coverage, that sort of thing). It's worth setting some sort of expectations up front (including "if you screw your PC up by doing exactly what I told you not to, don't expect to be at the front of the priority list).
Get the basics right - backups (including off-site), security of access to data both from outside your network and if appropriate from inside, and security patches on servers and desktops.
Reading books is useful, but there's a wealth of information available for free in public (especially on Usenet), and "learning by doing" is often the best way.
Have some sort of test systems that allow you to try stuff out first before doing it for real.
Think about the sort of "disasters" that might happen and try and plan for those that might. Planning doesn't have to be a detailed step-by-step list, but it is worth thinking about potential problems before they happen.
Sorry if this sounds like Mr Bleeding Obvious, but you'd be amazed how many people don't do this stuff. You've done the first (and most important) thing already, which is start asking questions.
If you have the IRT, then place the jacketed wires between the dual cutter so that the end goes a little PAST the little stop. Squeeze down until you hear the first click, and spin the IRT around once or so. Pull. It won't be a super clean cut, but it will do just fine.
.02.
Now split the wires and order them (I always do T568A standards since that's what I was originally taught 10+ years ago when I was a desktop support monkey, but T568B is fine too.) Just don't be stupid and order the wires straight since you'll screw up the whole point of an UTP cable.
Anyways, once you have things ordered, clip off the ends of the wires so that everything is nice and even (which is why you strip off more then you're supposed to in the first step).
Put the RJ45 end on and crimp.
Anyways, YMMV... my
-Aaron
P.S. I forgot to say how much I *hate* making cables. I'd rather be poked with a stick.
They tend to have everything you need. Here's some suggestions: Essential System Administration TCP/IP Network Administration Check out the rest of the sysadmin selection at O'Reilly.
Assuming you are starting from scratch :
Buy one brand of hardware, and one model of machine for everybody. Get all the same server model, all the same video card in every machine and the same network card in every machine. Personally I am a Dell fanboy, but only because I have been using them forever and am good at navigating their support site for drivers. This makes system maintenance and repairs very easy, no esoteric crap to worry about (one set of drivers, one system gold disk image to restore from, and one set of spare parts.)
Amen to the guy that said document EVERYTHING. I have seen some of the most freaky undocument hacks this side of the moon - every day was an adventure in discovery (I once saw an extension cord with the ends hacked off used as part of an ARCnet network, spliced to the coax on each side using electrical tape!)
Amen to the guy that said hire a guy that knows what he is doing to come in and set it up. Shadow him and every other breath you take should make the sound 'why' so you know what everything is when he is gone.
GigE is cheap enough for you to use now. Enjoy.
Get LCD monitors and good keyboards / mice. I cringe today watching a $60k / year employee hampered by a $3 keyboard and a old 15" CRT.
PowerQuest Drive Image Professional, or Ghost. I prefer PQDI, but I hear Ghost is good too.
Servers get at least three partitions : OS partition, Applications partition, and Data partition. Once you have a DriveImage of the OS and Apps partitions, you really only need current backups (daily) of the data.
I have no clue how you are going to back up 500G of data each night, but something tells me it isn't going to be by burning it to DVD.
Even if it is just a closet - put your servers in their own room with dedicated power lines and dedicated cooling. It is going to get loud in there, so plan on sitting elsewhere.
Resist the urge to buy one-off items because they are cheap. The $300 one-off computer that some kid built in his garage is going to cost you way more than the difference it would have cost going with a single standardized platform - over the life of the machine.
One person can maintain 300 machines if they are all exact clones of each other. If every machine is unique it would take you 5-6 people keeping the same network fully operational. At $65k apiece fully loaded salary that's a third of a million dollars more per year to support the same 300 machines. At four year turnover on computers, you are talking about an EXTRA $4,000 per computer to save $200 total on purchase price.
The first line of defense in computers is the users. All the firewalls in the world won't stop a (virus / worm / trojan) if your dumb-ass accountant double clicks on a file attachment he gets in email from his golfing buddy, titled I_Love_You.doc.vbs. Knowledge is power.
Build it and design it as if you were going to have 1000 users.
If you wouldn't have a network of 1000 users all using their first name as their user id, why do it at the onset with the original 15?
If you wouldn't let all 1000 users surf porn from work, why do it with the original 15?
Glonoinha the MebiByte Slayer
An excellent book is "The Practice of System and Network Administration" by Thomas A. Limoncelli, Christine Hogan. (ISBN: 0201702711) It is theory not necessarily platform specific. It is focused at unix, but can be applied in a windoze environment. I wish I had read that book years ago. It really does a good job of summarizing all the best practices. It's all the things they don't teach in school. http://www.everythingsysadmin.com/aboutbook.html There are links to reviews there. The average customer review on amazon is 4.5/5.
As far as pulling cable and doing the physical grunt work..make sure you do structured wiring otherwise you end up with a rats nest of wire. Over plan everything. Don't forget the simple stuff, have a dedicated circuit or two for the server(s) and network equipment with adequate UPS protection. Make sure the room is adequately ventialated and physically secure. Make sure you have room to grow, so when you need more equipment you have room for it or can easily make room for it.
He probably says that because of the excellent compatibility with many different operating systems (and versions of said operating systems), they're not that expensive, and they tend to not use nearly as much CPU as a cheap card will.
But, I'd have to disagree with the Netgear recommendation. Why buy good network cards if you use crappy switches for the back end?
Used Cisco equipment is plentiful and cheap on eBay, and provides much more funcionality than crap like unmanaged Netgear, Dlink, Linksys, etc unmanaged switches.
At any rate, people planning on deploying a network should really look at the hardware they're going to need, and spend wisely. Sometimes buying the more expensive stuff (even if it's a bit painful) up front can make things much easier to deal with down the road, and may even save you some money. Don't install junk.