Slashdot Mirror
Ask Slashdot: Becoming a Network Administrator?
J. L. Tympanum writes "After many years as a star programmer, I have taken a position which involves maintaining and rebuilding the in-house network of a small company. There are maybe 100 machines, a mix of blade servers running Linux and desktop PCs running Windows of all flavors. Basically, I have to learn networking from scratch. I have been given an 'unlimited' budget to buy routers, switches, etc., to set up my own little test network as part of the learning process. So the question is: what's the right strategy here? What routers or switches or other equipment should I acquire? What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?"
Run, run as fast as you can, and don't look back.
--Nuintari
slashdot : where an opinion can be wrong.
Administering networks is best left to wizards and warlocks.
Can show you how to set up a network.
You might want to take a supplemental course for security tho...
... anything not using the Sony PlayStation Network as a case study.
Why would a star programmer want to transition to network management?
Why did you leave a position as a "star programmer" to move into network administration? Why restart at the bottom of the ladder?
Nobox: Only simple products.
Hire a professional :)
1) Use your unlimited budget to hire a network administrator.
2) Go golfing.
Go green: turn off your refrigerator.
I have this job now and my girlfriend tells me I wake up almost nightly screaming. I can't help but think they're connected.
Read the CCNA courseware. You'll learn alot.
Replace everything immediately, blame upper management, and start looking for a new programming job.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
Just take a CCNA course, they will have all the equipment you need to bone up on the basics. If this is only a few servers and 100 PC's, save the company some money and don't get too fancy. 3750 Switch with a few access layer switches and you are good to go. Or two 3750's running HSRP.
All you need is the cloud.
What you do is get a cloud. Just connect all your machines and networks and cables to the cloud and you will be aaaaalright.
You can't handle the truth.
The Network+ exam would teach you quite a bit.
Well, your programming experience won't mean squat, other than giving you the patience you will need.
If you think that you'll just pick up routing and switching with a casual approach to learning, you've been misinformed.
I would advise you to get some courses on Ethernet, switching, routing, firewalls.
Some books too.
Good luck, you'll need it.
You're in way over your head and if not careful, you'll make a shambles out of their systems.
Someone made a mistake "promoting" you.
After many years as a star programmer,...
Troll.
LOL... Really? If you can't handle that one, then you are really doing more harm than good by trying. Thats about as simple as a network get, right after a home network. I don't even know where to start.
Why did they ask you to do it, instead of that guys geeky cousin?
Advice is one thing but this is a "do my job for me because I'm not qualified to do it" question.
Getting the core switch out was the easy part. The hard part was getting the core switch out! Hehehehehe...
If you have an "unlimited budget" and you're in charge, hire someone under you who is already familiar with networking. Sounds like you're familiar enough with the SA aspect of the job, but just need help on the networking portion. Not only will hiring someone get you going quicker, their's no better way to learn than hands on experience.
Take whatever made you a 'star' developer and apply it to networking. I'm sure you'll be a star in your own mind at that too.
Glad I don't work for your company.
Why not use your star programming skills to study the following book about networking UNIX Network Programming Volume 1 by Stevens, Fenner, and Rudoff?
You should get a programming job that involves writing the embedded code for routers and switches. Taking a job as a network administrator is a step down.
The only viable route up in Salary is to become a Solutions Architect. This would involve perhaps working towards a CCIE and getting experience in a Software Architecture role on an IP based product. Architect salaries are higher than programmers assuming that salary is a factor in your decision.
Seriously. Stay away from Cisco Gear. Overpriced over complex over hyped. Look at the HP procurve line of switches. They have very good L3 L2+ switches that handle routing for small to large networks. Take the HP networking Fundamentals In Person Class. It is one week long and provides good hands on training. Their gear has a lifetime warranty and FREE Tech support during normal business hours. Did I also mention that Software Updats are FREE. No annual maintenance. Seriously look at HP Procurve. I took a job as a Net Admin 8 Years ago at a company that was an HP shop and have never looked back or ever been dissapointed by their products or support. The 2910al is a great Static Routing Gig Switch.
Forget Cisco. Phone your local HP Gold Partner - get them to put you in touch with the local HP Business Team. They'll give you free courses and training, and that is the end of that. For 100 networked devices, HP kit will do the job. I don't get the obsession with Cisco - I'm running 8 networks on 10 sites that are all HP, serving nearly 10,000 students and 1200 staff, and we've never regretted bypassing Cisco altogether.
Setting aside any questions or criticisms, I would say find a decent Cisco/Comptia academy. Network+ and CCNA would be the best place to start if you are just getting into networking. Sounds like you have quite the job ahead of you so prepare to cram. I suppose the nice part is you will get some serious hands-on learning.
...don't take any lessons from anyone employed by Sony.
I'm a Network Engineer and jack of all trades. I've been managing networks and desktop environments for the past 20 years. My suggestion to you on an unlimited budget is to out source the design and implementation with an experienced company or person. I can be hired at $195/hr plus travel and expenses. Once it is implemented, all you have to do is administer it.
If you're asking where to start, being a network admin, but start off with the phrase 'star programmer', it seems you were the lower section of the learning curve, and positioned yourself lower by using the phrase mentioned above.
It's the can of worms popping open... You don't necessarily have to "buy" physical routers, switches, etc. These days, you can simulate pretty much any network setup you want via software and see how things work out: http://www.gns3.net/ Also, asking "us" what hardware you should buy is like asking someone what kind of computer you should buy, the question is too general and the answer will depend largely on the business/security needs of the company. Tannenbaum wrote a very good book about TCP/IP networking which you may want to read: http://www.amazon.com/Computer-Networks-Andrew-S-Tannenbaum/dp/0131651838 Aside from that, you should look into the basic requirements for network administration/security and make sure you understand and know how to apply them, the topics listed here could be a good starting point: http://en.wikipedia.org/wiki/CISSP
Assuming you're willing to put up with a probable pay cut, I strongly recommend your local community college, which will hopefully point you in the right direction for both Hardware and Software. Our local community college is affiliated with the Cisco Academy.
As a starting point I'd recommend taking courses as part of the Cisco networking academy. http://www.cisco.com/web/learning/netacad/index.html
The program is world wide. You can use the website above to find classes closest to you. I am currently enrolled my local area community college. I really like the program because I know that the course material is universal and my instructor is certified and registered, etc to teach the material to me. The downside I can see with this solution is that it won't be quick. It will be thorough, however. So maybe finding some short term resources to get things going and then taking the Network Academy courses as well would be the way to go.
All of these posts are accurate, in varying degrees.
I currently work for a large software company, and we joke that being in their support division is "1-800-DO-MY-JOB".
I have supported developers for over a decade, and rarely have I found one with a grasp on how hardware, drivers, network stack and logical and physical layers work.
Unless you are a masochist or are planning on quitting or committing seppuku soon, I would hire the administrator and oversee how you best keep upper management informed of your progress.
Rolling your own network admin hasn't been cost effective since the late 80s or early 90s.
This is not a home network.
Peoples work and income depend on that network.
It might look like a great job, but even when it is a mess, it is a working mess now. You won't learn everything you need to know before this thing needs to be in the air, and you run a risk of being run out of town, lynched, or something worse.
If you have unlimited budget, name your self network architect, follow a few nice courses, and hire people who know what they are doing to do your job.
This is a mockery to professionals who have actually committed their life and time to learning and knowing networking, servers and associated technology. Putting some hack programmer in that position? No, you will get no advice from this place. Go back to being a programmer. We don't need you misrepresenting us. If you are that good of a programmer, you shouldn't have a problem finding a job somewhere else as a programmer.
I feel sorry for your servers and users while you are in charge.
I am a 12 year veteran of the field. My official title is Sr. Technical Engineer. I work for a small (15 person) consulting firm. I’m being completely straight w/ you. Start looking for a programming job. This is the end of my advice.
If you need to fake it for a while, setup w/ a well-respected school in your area for your CCNA. If you have no budget concerns schools w/ equipment stacks and solid instruction will beat out any other option.
But seriously, you’re making a bad career move, this isn’t meant to be funny.
Dead simple installations, multitude of configuration options to do most everything. Still lets you get down and dirty if you need to.
practice on your wife.
Instead of network administration I suggest that you give astrophysics a try being familiar with star programming and all.
"After many years as a star programmer" you must be able to know networking !!!
Before trying all that it would be better to inventory what your network is doing right now as a starting point. Figure out what services are running, and how the current machines are configured to connect to the network. I'm assuming this wasn't all magically done and there must have been someone who did it before you. That's where I started and I learned a lot. I especially learned that our network was done horrifyingly wrong.
As for learning, the server type doesn't matter much (BSD/Linux) but you can learn a LOT by writing your own firewall rules from scratch (use FreeBSD myself). Not saying to do that for your company, but you'd be surprised at how much you learn from documentation, howto's and experimentation for firewalls.
Seriously. If you're learning networking from scratch you are not prepared to be in charge of a network with 100 computers. If you screw it up, you could mess things up for days. Start at the bottom and work your way up, or hire someone who knows wtf they're doing, you could contract in someone (there are always going to be consultants who do network around). Bring one of them in, have them go over some of it with you.
The 'go read a CCNA book' advice isn't far off. But if you're already in charge CCNA is at least one step down from where you want to be.
I reiterate: use your money to hire someone else. Either hire them to actually do the job and become network manager, or hire a consultant in (be prepared to see this person regularly for a year or so) to come in and help you get things going. Make sure you have people on staff who actually know what they're doing, and can tell you when you're being an idiot.
Going from programming to network administrator may as well be going to predator drone pilot. You use computers and networks, and familiarity with computer skills is great, but they are very, if not completely different skills. And while you're at it you need to learn to be a manager, because most programmers don't learn about budgets, HR practices, setting security and devices on the network policy and all that but from the sounds of it you have to decide how to spend money.
CCNA is definitely the way to go, you could take Net+ but its pretty much the same thing as CCNA, but not as proprietary, but seeing as how CISCO practically runs the background of the internet, its not such a problem. And even if you end up gettnig juniper products or something else, all the commands are very easy to pick up most router IOS's being unix based. CCNA helped me expand my knowledge ALOT, and I do mean ALOT. If you were going to get anything to test on, you might grab a CISCO 1841 router, there not cheap but if you have a "unlimited" amount id get one, o and me one :). If you sign up for a Cisco Netacad class, you get access to PacketTracer which is a router IOS emulator which is very useful and powerful and there are also other alternatives out there. Nowadays you can even make a Virtual Machines with a router IOS.
If you were a star programmer they wouldn't have dumped the job of network admin on you. Just sayin'.
use that unlimited budget to hire people to help you as it seems like you are the only IT guy there.
Also what is in place now? and why does it need a rebuild any ways?
What happen to the old IT guy?
Configure static IP's on all the machines
Take a 100 port hub or build it yourself
connect all machines to it
Enjoy :)
Why were you hired for this job? MNo offense, but whoever made that decision needs to be sent packing.
First learn how to phrase you google queries. If you're stumped on fixing or how to do something you can bet your newly enslaved ass that some other poor admin had the same problem and posted about it somewhere on the internets.
Next buy from newegg if you can wait, their peer reviews will help you select a quality product and their prices are very hard to beat, making you look good by not spending a ton of money.
My final tip, don't let them put you on call or pay for your phone. Once thats done and the sales team has your number you can say good bye to any sort of work life balance you once had.
Look at Adtran switches. HP's Procurve support has gotten flaky.
Why is this thus? What is the reason for this thusness?
Have you ever set up a network at home that was more than 2 computers plugged into a Linksys router? Have you messed with your own routing/iptables/subnets and done any type of remote administration, file sharing, or patch management with Windows? If so, you will be fine with the basics.
Think about it, managing 100 computer in a small business is not much different than managing 4 or 10. They have the same requirements, there is just more end users and your mess ups can take down 100 people instead of 5. Automation methods help balance your time but the management principles are exactly the same. If you've never done even a small 3-5 computer network, classes like net+ aren't going to help you right away either.
what's the right strategy here?
Proceed with caution. Make sure you enjoy networking and that its challenges interest you. Networking is very different from programming and also different from desktop support.
What routers or switches or other equipment should I acquire?
I have extensive experience with HP Procurve equipment and I have been satisfied with their stuff. (In the network I manage we have about 120 HP switches.) They are pretty reasonable in price and have a lifetime warranty on their switches and routers (I just got a replacement for a part for something that was manufactured 10 years ago, no hassle). Cisco is good if you like features, have a large network, and enjoy spending money. I would avoid Netgear switches (unless you need a small desktop switch (e.g. GS108) to provide more ports) as I have heard bad things but I have no first-hand experience. Expect to pay around $1000-1800 for a good 48-port Gigabit switch.
What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?
I would look to achieve a "CCNA level" knowledge. For a network of about 100 devices you won't need much more. You can do that by simply reading a book (e.g. the CCNA prep by Lammle or Cisco Press), self-study (e.g. books alone or with video) then trying to pass the test, or taking a classroom course with Cisco or GlobalKnowledge. The material covered in CCNA is useful even if you use Procurve devices (although vocab will be different, such as "vlan trunking" (Cisco) vs. "vlan tagging" (Procurve, IEEE 802.1Q))
Background: I managed a network at a scientific research center (1000+ end user devices and a couple hundred servers). Its a mix of Cisco (core) and Procurve (edge). I have been working in networking full time for 2 years (I was in the poster's shoes not long ago) and with computers for about 5 years in a professional setting.
I'm a Network Administrator. With 100 computers, you have a nice small network to test already. First, you have an unlimited budget. Take advantage of that ASAP. Give it a couple years, and you'll be saying, "Budget? Don't I get a budget?"
Get setup with some nice Cisco Gigabit. Probably just 1 or 2 routers, maybe 5 or 6 24/48 port switches. Next, get a HANDLE on your network. Either go corporate, or go free. Look into Spiceworks, Hyperic, OpenNMS, Zenoss, etc (spiceworks actually has a nice community of Network admins that you can talk to and ask questions).
Next, get your anti-virus in order. I recommend ESET. (I assume with 100 computers, you're also the Systems Administrator, that's typical).
Focus on security, security, security. I'd get OpenDNS on it immediately, lock out malware sites. You may find several computers already running trojans, maybe conficker. It'll be a fun learning experience.
I'd advise avoiding Active Directory or anything Microsoft. Then again, that's laughable advise. Good LUCK avoiding AD! And then, good luck with your windows users not getting pissed because there are no policies on the Mac users! (Just remember, control them at the DNS/router level, and you'll be fine. Active directory is good for pretending like you're doing something that looks important.)
Most importantly, go to community college. Get a degree if you need it, but at least pick up some certs. They're not worth anything, but you'll learn. Hell, if they're paying, free education is always good.
Screw books, you don't have time for books. Go to some SANS Institute workshops (unlimited budget will cover that) and learn some hard core skills. College and workshops will give you real hands on experience no book on Cisco Routing will do.
Now, get ready to crawl your ass over rafters and in dank dark closets. Get ready for your finger tips to bleed as you make Cat-5e cables by the hundreds.
Get ready for the wake up calls at 4am on a Sunday because your email server is unreachable. (You got the budget, plan a cloud failover now... hell, plan everything failover now. If it's not on VMware or HyperV or Xen, make them buy all the hardware you need to get it there. Remember, it's all YOUR fault!)
But it's worth it. Because, in the end... you are God on your network. Just remember, benevolent gods get their heads chopped off. Make them fear you a little. Take away their facebook and youtube for a week on accident... let them know you can make them cry at the push of a button. Use inexperience as a mask for your mind games and plots. "Whoops! Gee, did I do that?"
Muhahahaha...
Seriously... it sucks. You are always to blame for everything. Eventually, you will make believe you are God and fantasize about taking away facebook and youtube... probably while crawling through your ten thousandth spiderweb pulling another wire behind you and remembering the last Bastard Operator from Hell story you read.
I8-D
"After many years as a star programmer, I have taken a position which involves maintaining and rebuilding the in-house network of a small company.
Learn how to do it, get it done, then work hard on getting a better job. Being an administrator for a small network is a miserable job.
1. As above, take a CCNA course or find the materials. That will give you a good basis.
2. Read everything you can in regards to VLANs and how they work/best practices/management by hardware OS
3. Read everything you can about switch port management (i.e., access port vs. trunk port, again relies heavily on the chosen hardware OS)
4. Choose your hardware: If money is no object, Cisco is reliable but more upfront and much more for yearly support. HP ProCurve is a very good economical option.
a. Either way, use two stacked Layer 3 switches for core routing with Layer 2 switches for access layer.
b. For Cisco products, I'd recommend a pair of stacked 3750X's, with 2960 for access layer switches.
c. Save yourself pain later - have each access switch trunk to the core stack with an aggregated trunk, one port to each half of the core stack. (if half your core stack goes down, most of your network stays up. If one line/port of the trunk goes down, whole network stays up but speed may be affected depending upon bandwidth used)
5. Use one VLAN for infrastructure (i.e., switches, servers, printers, appliances), use one VLAN for workstations, use one VLAN for wireless if necessary.
a. Avoid using VTP, even if it seems like a good idea to you
b. Do all routing between VLANs on the core stack, access switch trunks should carry all VLANs however
c. Test the hell out of your config in a lab if you have time, lot less pressure telling them that the project is delayed by testing than telling them all work is delayed because you can't find the problem on the prod network
d. Thank god you get a test network
4. Once everything's built, configured, and running well - BACK ALL OF THE CONFIGS UP, and repeat whenever a config change is made.
Good luck, and you'd really better love troubleshooting problems with very little info to go on...
"I'd make a wooshing sound, but the post was so far over your head it was inaudible..."
No story or more appropriate troll tags on this one... programmers becoming network admins... bah!
Unlimited budget? Have Juniper, Cisco and HP bid on your project including installation and a managed service provider to look after it. Then take the training for which ever manufacturer you choose. I would tell you to do Juniper since you are a one man shop. I have a four man team with only two senior network engineers managing 19 sites in and out of state. The Juniper gear has proven to be the least cost of operation for us and the strange stuff we try to do. And learn one command "Commit confirmed"
If you want to do this task, and learn something relevant in the process, get a bunch of high-core-count servers that are on VMware's HCL. Provision 128GB of RAM per host with an EMC SAN backend and 4Gbit + FibreChannel storage network. Get yourself an Enterprise license with VDR, Virtual Center and VMotion. P2V the servers you have.
Then, at least you will have learned something modern that you can take with you, when you are inevitably replaced with a new college graduate with no years of experience who will work for a third of your salary.
What to learn: Learn networking fundamentals very well before touching anything.
What to buy: The cheapest thing that does the job and meets the requirements. Ignore anyone in sales or any geeks with axes to grind.
Caveat: Be very very carefull in gathering requirements.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
OK - the key is that you need to maintain the networking, while improving it as necessary. Start with a clear picture of what is there, what is working, and what is not. Understanding what is happening across a network is complex and often misleading; things that look like network problems frequently are not, and things that could not possibly be the network's fault just as often are resolved by fixing the network.
Research skills are the number one thing you need in support, where in programming they were often your own knowledge and creativity. You cannot say "I don't know", your answer has to be "I will find out", as the problem will not solve itself for you, nor will the people waiting for you accept that answer.
Start with building a diagram of what you have, what it connects to what, and what you need to get from here to there without spilling. Few of us can keep a picture of that size and complexity in our heads, so get it on paper and build on it as you gain more information., 100 systems is more than enough to bring a networking segment to its knees just in normal operations, but a well segmented and managed switch configuration can handle that without breathing hard, so use a divide-and-conquer approach - the less that has to share bandwidth with anything else, the better.
On the other hand, complexity will create more work than necessary, and bite you when your back is turned., A few good switches with a solid backbone between them will do enough to manage the traffic between the end devices; separating the types of traffic with VLANS (VoIP across one VLAN, PC traffic on another, server to server or backup traffic on another, etc) will keep the overall broadcast and chatter from impacting everything rather than the systems that it needs to reach and not all the rest.
As you can see, the process is a lot of compartmentalized steps that build on each other to create your solution. Don't be too quick to tear down until you know what the system you are replacing is doing, and get a good picture of what you have and what you need to build on. Be honest with your management about the need to get either training or consulting support to help you; getting the basics right will make all the difference as you build the network towards what the company really needs.
Lat major piece of advice - DOCUMENT EVERY STEP!!! There is absolutely no going back to get it all written out later - keep track of each thing you do and where each things connects as you do it and you will be able to identify your successes as well as your mistakes.
As an applications programmer I can tell you that we have network consultant's at our customer's sites. They get paid T&M, and little config issues we handle ourselves.
By getting network support from a third party:
1) Network will stay up with few hiccups
2) Your transition to Network Dude will leave you with hair on your head
3) Your education will not interfere (too much) with the operation of the network
4) You'll get book learning and practical OJT
5) PHB won't have to bitch about downtime or cover his own butt
I do not understand why people underrate networking as if becoming a network admin can be done just with a " 'unlimited' budget to buy routers, switches, etc., to set up my own little test network as part of the learning process".
Seriously. Have you asked yourself for example, who's going to do the troubleshooting? Yourself?
Think about a network admin that asks here what computer, software and books need to buy to become a "star programmer". What would you answer?
Advice is one thing but this is a "do my job for me because I'm not qualified to do it" question.
You mean this is not Slashdot Consultants, LLC?
Hire consultants. Buy juniper. Point finger if it breaks. If you have no experience, getting dropped in the deep end is a recipe for failure. Read up as much as you can to get an overview of the concepts involved but leave implementation details to someone who knows what they are doing. Then learn by example. Maintaining an existing well set up network will keep your hands full enough for a while.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I'd like to become an expert in a field in which I have no experience.
It takes many years for most of the folks working in this field to gain the knowledge required to be effective, but I am very, very smart. So much smarter than most people, infact, that it shouldn't take me more than a month or two to get a firm gasp on things.
There's just one small problem that is preventing me from teaching myself everything that I need to know to be able to do my job well. See, I'm not smart enough to know how to even begin to teach myself anything about this field. I'm sure if someone could just point me in the right direction, I'm quite sure that I'll be able to make sense of things.
Also, which vendors provide "easy" buttons on their gear?
Please advise.
MrGenius
Never eat more than you can lift -- Miss Piggy
After you get it all set up, check out Zabbix as a free, open-source cross-platform option to monitor them all ( http://zabbix.com )
1) Cisco is naturally the big boy. Most companies come close to emulating ios. Learning it won't hurt.
2) I wouldn't do courses. Based on (admittedly old) experience, they are a joke.
3) Sign up to NANOG, it won't help your knowledge directly, but will keep you updated on the latest trends/concerns/flame wars.
4) If you thought there were "more than one way to do it" in programming, you are going to love networking.
5) A host is a host, From coast to coast And nobody talks to a host that's close, Unless the host that isn't close Is busy, hung, or dead.
-- MrMud
I did pretty much exactly this, starting in 2004. It looks like you have the opportunity to make this fun for yourself. Show some initiative and try something new. Off-hand, my advice would be:
Comment removed based on user account deletion
$100K for me, $100K for you and we pay the H-1B guy from India $20K to run the thing.
Have gnu, will travel.
I'm buried so far down here, I'm sure no one will read this. But here is what you need to do.
1. Before you begin, attend a Cisco / Global Knowledge CCNA bootcamp. You may not leave able to program routers like a master, but you'll learn how networks work.
2. Visit every PC, Server, Router, Switch. Put eyes on everything. Create a master spreadsheet. Document model numbers, IP addresses. Create Visio documentation of the way your network is set up. Document everything. You need a good deal of cabinets to store it all.
3. Decide what is the most deficient part of the network, fix it with the simplest solution. If you're using hubs, buy switches. If the routers need to be rebooted constantly, buy new routers. Above all, keep it simple. If possible, stay away from V-Lans, encryption software, Linux, or anything else complicated. Do this every year.
4. Buy one third of the total number of PCs of the network plus ten percent. Buy only one model. Create a central image with Acronis and modify that image as necessary. Deploy these models. Repeat for the next three years.
5. Outsource security. That way, when it breaks you can blame someone. At the same time, make sure you can monitor security to prevent breakage.
6. If possible, outsource your main application. You don't want to support the product that everyone in the institution depends on. You need to keep the network up, not software.
7. At the end of year one, bring in a network assessment. Tell the assessor what he needs to find before he arrives. Use that the next year to justify your new purchases.
8. Make sure you stay friends with the president / CEO. When it is necessary to reorganize the server, etc, it will be necessary to have his good will.
9. Be prepared to work like a sunuvabitch for two years. Take your spouse / GF out when you can.
10. Don't let them make you program again. You're a network admin. You cannot support your old programming team.
Hoist Number One and Number Six.
Man I would be learning everything I could get my hands on/enrolled in. Having said that, don't over do it. A good network is a simple network and don't forget that everything will be running on it so if it breaks everything breaks.
They guy above who said to contact an HP Gold Partner has the right idea but do the work yourself that way you learn it instead of just contracting it out. From the sounds of it it's not like you're going to be buying insane networking gear that supports OC-19whatever so sticking with a firm like HP and taking the best practices route is the way to go.
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
Shit where do you live I need a job :-D
...hire someone who actually knows the job you've been hired for. The fact that you have to ask these questions tells me you are the wrong person for the job.
Get comfortable with Wireshark. And read all the Laura Chappell you can find. She's my go to for network errors, diagnosis, and everything that goes on the wire. Just be thankful you don't have to learn Token-Ring. No one will let you alone for a moment without pointing out to you how much it sucks.
deleting the extra space after periods so i can stay relevant, yeah.
Cisco VS HP, the big idea here is visibility if you go all cisco you will have a way easier time of it. If you go hp things aren't as clean but for the price it is hard to argue. If you need speed Cisco is the clear winner. For simple internet connectivity hp is a good choice. Cisco smart net sucks, but it really comes in handy.
If you are going to be engineering a modern network with security, vlan, and routing then i would go Cisco. Simple flat networks will work great with HP gear.
There is no difference in cat5, cat6, or cat6a they all perform the same at 1gig copper connections. Dont go to cat6 until 10Gig copper nics and equipment are cost efficient. the difference is the t and tx working modes. most all equipment uses the t standard so cat 6 is useless until higher data rates come out for copper, and the engineered physics aren't there yet.
in either instance call your local vender, create an RFP choose a sensible solution and get training on that solution. with your computer back ground things should fall in to place.
Many are not so lucky.
My advice is this: do not trust the vendors. Do not trust the documentation. Do not trust that there even will be documentation to mistrust.
I don't care if you are buying the top shelf gear from the leading vendor, do not assume that gear will be competent.
Figure out what features you need, and if you need a feature, test it, and test it thoroughly on live hardware. Test all possible scenarios you can conjure. You'll learn how to use the feature better than if you merely read the manual, and save yourself a lot of sleep.
As far as training Cisco's is very overwrought, and is at least half sales pitch.
Someone had to do it.
Network setup is pretty easy anymore. It's the hard core config you have to worry about.
Only 100 users doesn't require a lot of config.
First, figure out what type of network. (Wireless, cabled or both.) For ease sake I would say stick with cabled. Wireless may sound easy but after you get past three nodes it becomes a pain in the ars. Each node will jam another out if you're not careful.
Next, figure out what services you will have to offer. File and print (certainly), VPN (maybe), Proxy, Media server, web services, FTP, E-mail, etc.
The more services the more complex your config will have to be.
I recommed going over the business wants first. Get with the business Manager and figure out exactly where they are now and where they will be in five years. (long term planning for networks is very important)
DO NOT BUY SOME SOFTWARE THAT'S SAYS IT WILL DO IT ALL. It won't. Software sales men are born liars and once you're hooked it will cost ten times the start up cost to get out.
Next, evaluate your assets. Do you already have 100 wired desktops? Will you have to run your own CAT6, Do you have any switches or routers now, etc.
That will give you a good idea of your starting point and what you need.
For only 100 user you don't need a hardware firewall. But I do recommend a pretty good router with a firewall built in. Cisco is good but not the most user friendly. Kind of expensive too.
I don't want to insult anyone intelligence, but Don't buy a router at best buy or circut city. Those is consumer products. Not business products. The are way too small and insecure for business platforms.
Do some research on google to figure out which router and switch hardware would be best. Just guessing, but I would say three gigabit 48 port switches with fiber port. You will have to buy the Gbic's separate. 144 ports is plenty for servers and a little growth.
Also research Network typology's. You'll probably want to go with the standard single DMZ setup for such a small network.
Two routers, two firewalls. (one software on hardware. in this case in the first router) with a DMZ machine in between them.
Figure around $35-$40 thousand depending on number of servers and nodes you have to setup.
File and printer server and the domain controller can be on the same box, but I recommend your FTP server be on it's own box (since it might need to be outside the firewall).
Proxy server and WSUS (if you use it instead of Win Auto-updates) should be on it's own box. They get a ton of traffic.
Also make sure your switches and routers are Gigabit port speed. And if you are connecting many switches always use the Fiber connections. Fiber is still pricy but it's well worth it for speed. Gigabit is cheap enough now there is no reason not to get it for standard connections.
Hope this helps.
I've been in a similar situation and what we did was buy large gigabit switches hooked into two nice sonicwalls sharing various outbound connections. All computers were 1 hop away from the switch, that meant running cables through the roof, and everything should be withing 100ft cable. If you need longer you should install switches (no need for routers). After you have your network up test your latency between points and if you find some switches are slow, switch the switches out. VPN with shared keys. A wireless DMZ with no internal access. Networking is pretty easy if you just keep it to the basics.
As with many, I question the "star programmer" bit but that angle not withstanding. Take you're budget and hire a consultant. Position yourself as supervisor to this group. Mean while if you really are a "star programmer" go look for another job.
Two of my imaginary friends reproduced once
The last sony network team didn't do too good!
Since you have an unlimited budget, get certification from Microsoft and Cisco. You might actually learn something, and it makes you more valuable at performance review time (valuable to your current company as well as potential new employers).
I'm curious--and jealous--as to how the OP landed this gig with no experience.
Sent from my iPhone
Talk to your manager/director/ceo....whoever. Try and understand what it is they require of their network, what are your real deliverables on this project? What problems are they trying to solve. Find out what your budget really is because unlimited sounds a little vague. Get a project plan together and determine what is you actually need to do. Hire some expertise to help you with the technical aspects of the project. Throw away your books, you need to manage the project and that means hiring the right people to carry out the tasks and reach various project milestones. You will be too busy managing these people and keeping the project on time and on budget to really waste time learning all aspects of network administration. There is no shame in contracting out aspects of the infrastructure (maybe you keep maintaining servers in house and contract out switches, routers, firewalls etc etc). You sir are now a project manager, not a network administrator. Good luck.
...is a great resource, if you only ever want to work with Cisco products.
There doesn’t seem to be many serious responses here. My recommendations
Find a consultant who 1) knows his/her stuff, 2) you trust, and 3) is willing to sit with you and explain what they are doing, why they are doing it, and review your work when you make changes (preferably before the changes are made). You don’t want to be learning from someone who is wrong and you will need someone to fall back on when things get really hairy (and they will, I promise). You also need to set expectations with the consultant early. They need to understand your intention is to manage the network yourself and not rely on them 100%. Consultants often are reluctant to release passwords to someone if they believe you will only screw stuff up and then likely blame them for the failure (though not to imply that a consultant would ever forcibly withhold passwords). They need to know up front this will be a dual-managed environment and have an accurate understanding of your expectations of them.
I highly recommend a few structured professional training courses. Go to their training facilities for the classes (minimize distractions while learning). Wait till you are a little more experienced before trying online at home courses. For intro level network stuff, nearly any vendor will do. Pick one and roll with it. Just don’t get too caught in certifications. They are great and all but won’t give you what you need to run a network. You need *practical* knowledge. Save the certifications for when you want to leave this job.
Consume any information you can: books, podcasts, YouTube How-To’s, etc. Just remember, trying to find time during what will soon be your very busy schedule to read books and play in your lab will be tricky. Hence the structured professional training above. CCNA books are considering to be a good starting point. Just remember, these only teach fundementals. When it comes to "how will this router react when I make this change", those answers take time and experience to learn.
As for the lab, get a minimum of two switches, two routers, and two firewalls. They should match or be smaller versions of what you have in production wherever possible (if the lab doesn’t closely represent production, it won’t help much when you try to reproduce problems or test solutions). This will give you enough to build most typical network scenarios. Beyond that, it’s a crapshoot on lab gear. When it comes to hardware vendors, buy what fits your need. I don’t personally care if it’s Cisco, HP, Brocade, or Bob’s Networking Stuff. I would encourage keeping the total number of manufactures low in order to maintain manageability but which manufactures you choose is a business question only you and your company can answer.
The less you talk, the more people hear you say.
You learn server administration and networking by doing, in particular, solving problems. You learn architecture by knowing what was done wrong in the past, and not doing it that way.
Use your unlimited budget to bring in a contractor who has a ton of experience in the field. Learn everything that you can from them while they are available. And make sure everything gets documented.
The only thing worse than a Democrat is a Republican.
As someone who, thankfully, went the other way, here is the only advice I can give you.
"Down, not across."
With such modest setup (~ 100 hosts), if You're a real programmer, then You should be able to handle it easely.
Task 1: learn how Ethernet technology works (for example: what a collision, why frames have certain length, why there are no crossover cables for gigabit ethernet, how 802.1q and 802.1d works). Some historical knowledge won't hurt it will give you solid bases and intuition valuable for troubleshooting.
Task 2: learn how IPv4 work, specifically stating routing. You must become proficient with netmasks (not only those containing 255's and 0's), broadcast addresses, RFC1918, NAT, TTL, and so on. At this point You do not need to bother Yourself with such things as multicast or dynamic routing.
Task 3 : learn protocols and related tools supporting IPv4: ARP, DHCP, ICMP
Task 4 : learn IPTables (this is an arbitrary choice of mine, but I like it).
Those are not steps but tasks that can be performed in parallel.
By preforming those tasks You will discover other topics of interest.
Once You are good with all that, refrain from over complicating things (read my other post:http://slashdot.org/comments.pl?sid=1244813&cid=28091781)
Given the environment and the job title, I'm guessing that you will be responsible for both servers and the network. I would start out by hiring a local network consultant to review your LAN/WAN requirements and suggest a packaged solution. Given the small number of devices, this should take no more than a few hours consulting time. Meanwhile, I would start taking OS classes (Microsoft, Unix, etc.) and/or perhaps a BootCamp.
While it is cool to learn networking, if you are in charge of the servers you will need to understand how to configure, administer, back-up, and recover these systems. Since the network won't change much once configured, you are better off focussing on the server side. Once you understand the server side, you can then start playing with networking. Honestly, with the size of your network, you aren't going to get heavily into network engineering.
If you are truly interested in the networking side vs the Server side, then you should focus on getting a CCNA/CCNP and finding a job in a bigger company. Then again, your company could be one of the few that is poised for explosive growth.
Good Luck,
David
Also learn SNMP. It will be your friend if you set up traps right. It will let you know what is going down hopefully before your users notice.
And for the love of all that is holy please change the community names to something other than "public" and "private".
Bestbuy has ALL the hardware your need. Buy linksys or dlink or netgear. Oh, and their off the shelf computers are great too. remember lots of harddrives, that's important for a good fast server... So get some of those external cases and a bunch of USB hubs. Spindles = Good, for some reason.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
Get good core switches for your serveroom(s) (Cisco, HP, Juniper, Foundry, depending on your network connections
are you a single site of 100 users or a 5 sites of 20 users? If the former be consistent and use good switches to deliver to your end users, otherwise if your a collection of small offices with basic routing requirements use commodity switches to deliver to the end user... (linksys, dlink) the price per port is dramatic. Your choices will also be impacted with whether your providing ip telephony and need PoE features...
If you just need office interconnect and/or internet let get a good telecom provider and let them manage the router(s) that way you've always got an sla and when your on vacation someone else in the office can phone the issue in to the provider.
The biggest two steps are document and standardize.
Pick one or two switch vendors, (subject to the qualifications above)
Pick one firewall vendor.
Pick one desktop vendor
Pick one server vendor
Pick one storage vendor
Anything that's different or flaky either replace it now or plan to replace it in the near future as part of a decent lifecycle. Get commitments and budgets to lifecycle equipment.
For the desktops get a remote administration client and an enterprice antivirus/antispyware client on them if you want to get any other work done.
Lastly pick an authenticator, either MS AD, or LDAP backend and be consistent.
Avoid complexity all the fancy gear has fancy features, you don't neet them. Know your data ... you may have internal security requirements outside of just the perimiter security isolate the desktops from the servers (seperate vlans). Your servers might require more ......
should be pretty cheap on ebay. Just run the cabling behind the desks and under the carpet - add a hub whereever you need a couple more sockets. Problem solved!
You can learn to do this, but it will take years. You need someone who knows what they are doing now. Go hire someone and have them teach you.
Personally I would go with Cisco, I've found them to be more reliable and easier to get the info you need troubleshooting wise. Juniper is Ok, but depending on the equipment, not as reliable as Cisco. Course wise there are plenty from tech colleges to dedicated courses from VARs, all though they tend to be somewhat more costly.You haven't explained what kind of network, ie. is this a flat topography? typically all vlans, layer 3 routing going on? it's sounds like a rather small network. If it's pretty flat then focus on the switching mostly for learning, routing is another level and could cause you a lot of headaches, both in design and troubleshooting. Then you have to throw in network security, firewalls,IPS/IDS, no matter how small a network, you will need these. It's a lot for someone to learn right off the bat, but should be doable after a few years.
Document everything you can.
Backup configs, make sure you save them frequently when things are working.
Get a good network management/monitoring package which uses SNMP to monitor the equipment.
Take as many classes and training sessions as you can.
Purchase vendor support for equipment. Cisco TAC is invaluable when the excrement hits the oscillating device. When the network is down, and the boss comes into the server room to ask when it's back up, it's much more comforting to hear that the vendor is helping you investigate the issue than to hear you have no idea what the problem is or when it might be fixed.
Build a lab to test/learn new protocols/ways of doing things. Have a couple servers in there, as well as the same type or smaller versions within the same family. If you're running Cisco 3945 routers in production, a lab with 1720s running 10 year old code doesn't help you troubleshoot production issues or test code upgrades.
A good podcast which covers CCNA/CCNP level topics with examples:
http://www.ciscohandsontraining.com/
How to backup your devices:
http://www.shrubbery.net/rancid/
Netdisco, good tool for network discovery and host tracking
http://www.netdisco.org/
Join and read network mailing lists. NANOG, Cisco-NSP, Juniper-NSP are a good place to start. http://puck.nether.net/mailman/listinfo/ to subscribe to several of those.
Beyond that, good luck. Speaking as someone who has been doing systems/network administration for close to 15 years, you will learn something new every day. If you don't, you're not trying hard enough.
I'm a network engineer with 30 years of experience . That word is important because our field changes so quickly that universities can't keep up. As a result, our field is experience driven, and the universities hate that, because they don't get their piece of the pie. I don't have a degree, but I will pit my skills against anybody that does, or has that newb A+ certification, any day.
When I started, a person either knew computers, or didnt. If you did, then you knew the hardware, the operationg system, how to program, and operate them. Today, it is extremely diversified. So much in fact that people are specializing in not just infrastructure, but a specific subset of infrastructure such as Routers. people specialize in Information security for Desktops, and Information security for Microsoft server, or Novel or Linux, etc. etc. Once you make it to generalist like myself, you can expect at least 5 job offers a year. and if anybody comes up to you with a smartass attitude and says "Do you need your job?" you can honestly say "No" and that will shut them up real quick.
You are starting at the beginning, and what you really need is to start off as a wire puller, then assist the PC technicians, then infrastructure experts, then the network administration, and finally Information security.
The important thing to remembers is if everything is working fine, no problem, but when it goes wrong, it goes very wrong. Have your ducks in a row, and a list of phone numbers you can call for people to come in and help you.
This sounds like a tall order. I'd be scared. Buying equipment is not going to fix anything. You've got to learn the existing network before you can make educated purchases. From the scope of the network you describe, here are the basic things I think you'll need to learn about.
Learn about routing. Subnets, CIDR, the differenec between a subnet mask and a wildcard, the difference between static routing protocols and dynamic routing protocols. Default routes. Policy based routing. Observe and document the different subnets you see in your network, figure out their purpose. Look at the default gateway of the clients and the servers. Figure out what device that represents. If you have only one subnet, your network is probabbly to flat. I'm guessing you have at least 2 or 3. Make a diagram.
Learn about VLANS. Tagged VLANS (802.1q), Cisco VLAN discovery (if applicable). I prefer Brocade equipment for switching / layer 2. But I digress. What VLANS are in each switch and how do the physical wires correlate? What subnets run on what VLANS? If you have fiber, you have another heap of things to learn about. Learn how to make an ethernet cable.
:-)
Learn about firewalls. iptables (if Linux), ASA / PIX if Cisco etc.. Learn the difference between access-lists and statefull firewalls. Learn how to add rules to whatever firewall you use. What networks route where and what firewalls are between the networks?
What are the single points of failure? Learn to deal with those single points of failure. What are the entry points? What software is everything running? What are the link speeds, where does traffic go, aggregate and split up?
Gather all the contract information for your equipment. Make a printed list of numbers for who to call about what. Seek consultation to fill any uncovered gaps.
Look into graphing software with auto discover. PRTG is wonderful and not that expensive.
In my experience, things don't usually break. When they do it's because:
A.) Someone touched something.
B.) The power went out.
C.) Someone touched something they were not supposed to.
D. ) You ran out of capacity (in a hard drive, on a link.)
E.) A server got overwhelmed.
Lastly, make sure everyone does their Windows updates
1.) If it's not broke, don't fix it. Why does this network need "rebuilt?" What's not working?
2.) Make sure you can put it back exactally how you found it before trying anything.
3.) Never, ever, make a change at the end of the day, or on a Friday. Come in early, real early, for big stuff.
4.) Listen to your users. If they say somethings different, it probabbly is. Take everything seriously.
First, write two letters...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
There are a lot of variables so some answers may or may not be relevant, but take what you can use and discard the rest. I had exactly the same task set before me excepting the lack of network knowledge. I did have a lack of knowledge of their network however. 1. Look at the current points of failure. Often if you inherit something in dire need of an overhaul if you touch change or modify or fix one thing, you will break something else. It could be roaming profiles in the Novell network failing due to bandwidth bottlenecks. It could be the m0n0wall BSD that was incorrectly implemented and allowing SQL queries from the outside. It could be the fact that they are running Small business servers licenses and already have over 100 machines and employees. These are some painful memories.... 2. Take a serious look at licensing. Do you have Open Value? Are you running pirated versions of Windows 2000 and Adobe Acrobat 6 standard on every machine? Make certain you factor the costs of actual compliance in when you make a ledger of what the complete costs are going to be during the overhaul. If the company has never spent money on licensing in the past expect a shock and horror response when you tell them about how the BSA works. 3. What are the possible upgrade paths with current servers? Are they running outdated GroupWise, and they want Exchange? Good luck migrating to Outlook 2010. Are the backups working? Are they backing up the relevant pieces? Are they backing up to tape? to the cloud!? To a desktop in the corner of the Accounting cubicle? 4. If you decide to implement new servers: What is the current state of AD? 2000 2003 native? 2008 etc? You might have trouble upgrading the AD level depending on the desktop OS versions. You may need to have a contingency plan for mass desktop upgrades. If you are doing a complete ground up overhaul, be aware that you may be a good candidate for VMWare servers, and Citrix VDI/desktop solutions. Make a list of the Apps you use that will not work over a virtual desktop. Auto CAD, Photoshop, AVID. Any lag in the system and they will hate you. Don't screw it up. Make certain the SAN you buy in that scenario has enough i/o to work effectively. 5. As for the core network upgrade. Rerun the entire network with Cat 6 dual runs. Double them up so there is a lot of room to move, and be prepared for growth. Gig switches absolutely. They don't need to be Cisco, Juniper is great too. Perimeter security: leave that to an expert. outsource to a reputable a responsive company. You are not a cisco expert. nor will you become one over night. You can learn how to support them and do minor configurations but CYA. If you are investing in all new telephones, VOIP and POE be careful Cisco to be supported will need an entire core of all Cisco. (Hidden tax) Don't go go low end don't go high end, don't get a system that has a million features you won't ever use. 6. I'd suggest not reinventing the wheel. Get a powerful mail server with lots of room for growth. Make certain you cover your ass with a solid and effective back up system. Standardize hardware. 25% a year get a refresh . Full cycles every 4 years. Look at inboxes and email usage. Employees want to use it as a filing system now. Be careful who you piss off. In my scenario, there were no email inbox cap sizes or message size limitations. Try to transfer a 8GB GroupWise inbox into Exchange or anywhere, you'll see how corrupt the files really are. You might learn people get really upset when you tell them they can't run as local admins any more, Watch their indignation when you explain to them they can't install pirated software or the version of Photoshop their cousins friend gave them. They will be mad at you when you explain to them that just because you bought a new mail server that they can no longer email 600mb videos of them skydiving to the their friends in the company. When they hear they are getting a complete system overhaul they think it will mean that they can send bigger files, store their itunes collection
"After many years as a star programmer..."
A star programmer? Wow. That must be awesome.
I'm a programmer. A mediocre programmer, at best. I've met some truly awesome programmers, though, and you know what? The better they are, the less they feel the need to brag about it.
Small company and you have an "unlimited budget"? What the hell man, did you start working for a drug kingpin or something?
Might want to take a closer look at the books before staying there...
No, no, not those books...I mean the other set of books.
I've been a Network Admin/specialist for over 8 years and now at a Sr. level with a large global company. Honestly, you are not ready or equipped no matter what you buy hardware or book-wise. The reason is that Networking relates to almost nothing except if you had previous telephony experience. There is a lot to learn to even crawl, WAY before test labs and equipment. My suggestion would be to start with Network+/A+ to get some background in general hardware and networking. Then do your CCNA and probably starting with the easy track. At that point you will have touched some gear and have some idea of what you are doing, that is also a solid 6 month or so commitment alone. IMO, though, I would probably steer clear of Cisco for the actual products and possibly go with HP (cheaper and life support) switches. I have used Alcatel, Juniper, Cisco, and even Dell depending on the needs and fit.
Here is the next part of the issues though... security, addressing, VLANs, port bonding/aggregation for VMs, and even cursory knowledge of troubleshooting, punchdown tools, cabling standards, local code, etc. You WILL get most of this horribly wrong. You will have massive amounts of downtime, you will have angry users, you will have catastrophic cockups... all of these things can become very complex very fast.
Honestly, my suggestion would be to get more into the systems side if you have the interest and slowly learn networking. If you believe you truly love networking, you will be certain if/when you pass net+ and CCNA... or you will realize you have no interest or passion for it and have some good knowledge under your belt to work on the systems side.
http://teasphere.wordpress.com - A little spot of tea
First step is to hire me - I have the actual experience to accomplish whatever needs the organization has and I will train you along the way. I'll show up and act sloppy, dress poorly and stutter and blink a lot. If anyone asks me direct questions I'll yammer on about slightly related topics and then tell them I have to go ask you. In short, we'll deliver a scalable, resilient, deterministic network and you'll get the glory and the training. I just want a piece of the unlimited budget.
One place I used to work at had everyone on the same subnet. The QA team started seeing strange things with their QA systems. It turned out the devs were trying something new on the server side of things and were spamming the network with garbage traffic, causing chaos for the QA team. A few weeks later the different depts were all on different subnets.
I found CCNA classes extremely helpful in learning how to manage networks of all sizes. The best part is that you have a budget to buy the stuff you need to practice and the opportunity to play around with the stuff you learn in class. I'm not sure where you're located but this link might help get you started. Good luck! http://www.cisco.com/web/learning/netacad/course_catalog/index.html
Now they have a skilled programmer and net admin. Except pay probably hasnt doubled but your workload most likely has doubled.
If you have an unlimited budget, why not just hire an experience network engineer to do all the work for you?
Buy lots of coaxial cable and a bunch of BNC connectors.
Anyone that trips on the cable and knocks the connector off their PC, fire them.
I should have been more clear: the whole story is a troll. The first line is highly obnoxious and is designed to get indignant responses.
The body of the question is an archetype of the 'tell me how to do my job' Ask Slashdot question. The author doesn't just claim ignorance and ask for help on some particular subject, he claims complete ignorance of the entire topic - for which he is paid - , and asks for advice on literally every aspect of the job - what kind of book to buy? what kind of equipment to buy? what courses to take? The only way it could have been more explicit is if he'd literally asked 'how do i do my job'.
The icing on the cake is the 'unlimited' budget (which has never existed anywhere, and the idea of which can only provoke envy), and the clearly phony name.
This story is a troll, in the old sense of the word, and is designed to elicit indignant, angry, and blissfully ignorant responses from the slashdot crowd.
Same on Timothy for posting it, and shame on the people who responded for not picking up on the truth.
build skynet.
Why would a company hire someone not qualified to rebuild their entire network. Pad your resume much?
make sure your up on the latest Client/Server technologies.
Find a consultant to help with both upgrade and initial maintenance, not only will they take a big load off of you initially for the proper setup, they can teach and show you what is applicable to YOUR network, and take the blame if things go wrong down the road. Full Disclosure: I'm a network consultant. PS. Do you want my card? I like the sounds of unlimited budget :P
Two books to buy (or one if you only want to read one) is Unix Network Programming - Networking APIs: Sockets and XTI by W. Richard Stevens. Its technical. It leaves no ambiguity, no stone unturned, and is at the very very top of the pile of books you could read on this topic. Its not for the faint. There is a lot there. If you go through at least the first 6 chapters, you will know more about networking than 99% of all the network admins out there. If you read the whole thing, you will know more than 99.9% of the network admins out there. If you read that and his other books, it will be 99.99%. After that, you are best reading books on network security. Don't let the "Unix" part throw you off. Everyone runs networks like "Unix". A runny-nosed newb might mutter "but I run da windoze" and you can yell at the sniveling little twerp "Yes you incompetent little snip, and ever since windows NT, they have been shipping TCP/IP clients instead of the chatty, troublesome netbeui protocol". Bill Gates wanted windows users to be on a proprietary internet, not the public one, so he used a version of IBM's token ring networking protocol to try and lock them in. It didn't work. So go read the book I suggested, and somehow come to terms that this 'unixy stuff' is what we use for "teh internets".
"After many years as a star programmer. . ."
Dear Slashdot,
After many years as an expert carpenter, I've found a need at my current employer for a plumber. I've made extensive use of plumbing in the past both for input and output and know I can handle the work. Many of the concepts are the same between carpentry and plumbing (i.e. cutting things and joining things), so I only need to brush up on the mechanics of how to do it. The pipes in our current building are all old and leaky, so we want to replace them. I have been given an 'unlimited' budget for pipes, tools, etc to set up a small toilet in the basement and after that I plan to replace all of our plumbing. What tools and materials should I acquire? What books should I read? Should I take classes?
First: learn about networking generally. In your case I'd recommend the Doug Comer/Dave Stevens Xinu networking books, volumes I and II, but a lot of folks also like the books by W Richard Stevens TCP/IP Illustrated set. The Xinu books, particularly volume II, have the entire source code of a straightforward impelementation, which is really good if you're a person who reads code well.
Then pick 2 network vendors you like and learn how to configure their gear. Probably start with whatever gear you have now; it may be perfectly serviceable if setup properly, or at least usable as a corner of a better network design.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Google "networking." Seriously though, since "unlimited" budget in my experience usually means "nonexistant," I'd have to say pfSense and OpenVPN ftw. If they are that small there is no way they can really afford to give you a limitless budget. What exactly is running on these blades? Any specialized software? What kind of business is this? How is the wiring in the building? If you want to build a network for a business, you need to understand what they need to do and find the most transparent way to let them do that. You should also google "networking."
Sorry, but you aren't qualified and won't be in a year.
Use that budget to hire someone who is and can build a network that supports
- desktop zones
- VoIP zones
- internal servers
- backup network
- admin network
- remote access
- unsecured WiFi (all wifi is unsecured)
- DMZ
Don't forget redundant connections for the servers and core switches/routers. I'm partial to the Cisco 65xx series, but that would be overkill for your network. ;) Hint: Refuse to deploy Linksys.
Be certain you get managed switches.
I'm just sayin' it like it is. Home networking is different from business networking.
BTW, your budget is not unlimited - I've been told that and they killed the project after we'd already spent $500M. There is a limit.
Deploy Juniper products where you can. Commit confirmed alone will help keep you sane.
You mean the firewall vendor that can't even get passive FTP right?
http://www.google.com/advanced_search?q=juniper+FTP+ALG
Please help metamoderate.
I learned how to do this the hard way, by screwing up a lot. Here are some rules:
#1: Always have a fallback plan. Assume that every thing you touch will literally explode in flames and kill everyone near by, and have a plan to return to the old stuff. It will cost more to do it that way, but being able to fall back to something that's worked for years will cost a lot less than the network being down for days while you have no idea how to fix it.
#2: Test, test, test. And then, test some more. And assume that you have only tested 1/10th of what the users will actually do. Pick out two users to help you test: the best with computers, and the worst. Between them, they'll find the stupidest and smartest mistakes you miss.
#3: Complain a lot. Seriously. Complain about what a pain in the ass stuff is to do stuff, and give examples. But show consistent progress. Nobody will have any clue what you're talking about, but they'll get the idea that you're working hard at it, and that you're succeeding. The biggest issued I've had was when major projects went off so smoothly (because I was well prepared) that nobody noticed the work that went it to it. After getting a COLA raise after a two year project to build a mission critical WAN, I learned.
You say you have unlimited budget - just buy Novell back from Attachmate. There will certainly be one or two knowledgeable guy who could run your network for you.
For giving you such an amazing advice for free, may I suggest you keep Novell suing SCO out of their pants?
...a stunned silence fell upon the hall.
Classes are great for teaching "theory" to "practical people" because the "theory oriented guy" teaching the class understands what "trying things" means in his particular domain. I'd imagine you've used some calculous for work on occasion, but presumably you'd never have sat down and just tried things involving integrals.
I'd expect all those system administration courses are designed for people who don't know soo much about computers, but need some elementary networking theory before they'll become remotely competent administrators. If this guy's a developer, then he's likely already seen anything those students would find "theoretical", meaning he's already well set up for "just trying" more practical stuff.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Someone has already suggested Tannenbaum's book. "Computer Networks"
I worked for 3 years in a MS shop supporting MS systems for clients, I attended classes and earned my MSCE. All of the classes which I took for MS were centered around 'go to this menu' 'click this' 'entered this'. Yes I could set up networks, VPN's, servers, but I didn't really start learning the nuts and bolts until I started working for a company that supported Linux servers.
Once you understand the basics from Tannenbaum's book then you might go to 'Wireshark Network Analysis' by Laura Chappell.
If you have time go to 'Linux Firewalls' I used Ziegler's book, but there are a number of sources. On your network you may want to try and setup a muilti-homed linux system protecting a linux system. You can learn a lot about how a computer handles packets by setting up a server with iptables and adjusting it to allow certain packets or to allow only certain services. Also look at studying Computer security and security tools.
Switches, You should look for switches that will allow you to monitor ports on the switch. If you only have a 100 computers on your network they may not allow you to budget for a network analyst to come in and analyze your network if there is a problem.
Look for any tools, such as Snort or installing a computer which can tap into your internet traffic, that will give you a raw eye onto what is happening on the network. Nothing is worse than having a network problem with multiple computers on the network and being blind.
You will still get to use your programming skills, there are few programs which offer exactly what you want or need to monitor your network and your computer systems. Eventually once you know more about what you want, then you can take results from other programs and craft your own system with reporting tools.
To prepare you for this, imagine you have just been given a new position within the company where the previous programmer has left the company. You have an application which he has built up and put into production over the last five years. You are now in charge and there are no comments on the code. Your first ethernet card failure will be like your first bug. Same for switches. No one told you they could fail like that. Welcome to Hell.
A networking company much better for this need than a Server company.
Seriously? "Maybe 100 machines" and people here are advising you to run for the hills? Can I send this: Diagnosis to all of you? (Don't worry, it's not going to bring the internet to it's knees).
I hope you *insisted* on getting some kind of compensation for OT.
The job will eat your life - if you let it.
Read:
TCP/IP Network Administration - Hunt
Essential System Administration - Frisch
The Practice of System and Network Administration - Limoncelli
Is the current system seriously broken?
Did the previous admin leave any useful documentation?
Learn the difference between Support (Administration) and Development (Programming). The best you can do in Administration is put things back they way there were before they all broke so the users stop complaining or at best make small and slight improvements to a screwed up systm. Your job as administrator is to deal always with problems and very little time is devoted to improvements. In Programming you fix or improve applications or build fresh new ones. Go back to Develpment if you still have a choice.
Study
Otherwise if this is a bottom-up approach to learning networking and server administration without any previous hands-on experience with servers and managed switches then start with the certification tracks and books because they are well planned out, have plenty of books available, have training classes or web instructions. Get books and materials for CompTIA A+, Network+, Server+, Inet+, Security+, Linux+ since you can learn these generalized topics quickly and easily and at least be introduced to very basic ideas and terms that you never had to deal with such as RAID, iSCSI, LUN, VLANs, trunks, aggregated links, routing, CIDR, OSPF, core, edge, etc. You can skip the CompTIA tests for those since they are not really worth the money anymore with expiration dates.
Move onto Cisco CCNA for more in-depth networking and one of the CCNP specialties for advanced topics. Touch some Microsoft and Linux server admin certs because you'll need to understand the servers and how they actually function and comminicate on the network to plan out your setup.
If you have a chance look into SANs (storage area networks) and expecially iSCSI (i.e. Storage over Ethernet) because you will have to support it now or very shortly. Fibre Channel also while you're at it, learn zoning, provisioning, find out who Brocade, Qlogic, and EMC are.
Also be sure to learn about Wireless networking using Enterprise level products and access points because that can get difficult quickly when it comes to proper setup, authentication, RADIUS, encryption, WPA2, TKIP/AES, certificates and auto-enrollment.
Vendors
Blades - HP, Dell, IBM, Cisco
Switches - HP ProCurve, Juniper, Cisco, Netgear, Alcatel
Servers - HP, Dell, IBM
Recommendations
Network - 10.A.B.C/8 for your network. A=site or core segments, B.=floor or edge, C=each subnet. Use /24 as default mask for 254 hosts and /22 for larger special subnets for terminal servers, virtual guest farms.
DMZ - NAT your public IPs to a dedicated DMZ VLAN, firewall it from inside with static explicit per IP and Port rules.
Vendor Systems - Segregate on seperate VLANs or subnets since you don't own or control these devices. Firewall from Production.
Production Network - Keep small /24 subnets, edge to core (i.e. like a pointed star with center as core or multipe stars joined at core)
Workstation Network - VLAN and keep subnets small and logically devided by physical barriers, floor, building, site, etc.
Server Network - Try to keep server types separated on their own VLANs and subnets and concentrate them physically and by switch/card. Separate unlike and strage servers, applicances, vendor boxes away from regulat servers.
Backup Network - Physicially separate the cables, switches/cards for workstation and server centralized backups, (Symantec/Veritas NetBackup).
Wireless Network - Firewall and separate on VLAN
Virtual Server Network - Dedicated VLAN and get 10Gb cards for switches and servers/blades.
Storage Network (iSCSI) - Dedicated cables, switches/cards.
VoIP Network - Separate VLANs & inter-switch trunks to keep away from all other traffic, separate switches/cards for sure.
There are many more suggestions but at this point I'd have to start charging consulting fees. Find people to help you and pay them well.
Good luck!
Given an unlimited budget I hear BMW makes some nice routers...
I would focus on finding a book or instruction that focuses on explaining the fundamentals of building a network and security rather than worrying what devices you need or which vendor to go with. Right now you know your network has 100 devices but there are still so many more questions to ask and have answered before you can formulate a strategy on what changes need to be made to your network. Physical requirements such as power, cabling, cooling, devices, physical security etc. LAN requirements like segmenting those 100 computers into x number of vlans, access lists, ip schemes, WIFI? etc. WAN Natting, patting, bandwidth requirements, does this office connect to other company offices? Network security. IDS. Device monitoring, Device config backup and management. OMG im so glad I dont have to do this.... On second thought find a new job... Uhhh...
1) Use your unlimited budget to hire a network administrator.
2) Go golfing.
That is easy.
1) Buy 3x 48 port Cisco 2960's will give you more than enough ports with some expandability (3 x 48 = 144 - 3 (for uplinks) = ~141 ports for devices) at a decent price, especially if you can get on some kind of discount contract (such as state price, etc.). Layer 3 switches are the way to go. Configure the switches inside a single vlan (unless you want to get fancy).
2) As long as you are getting an Ethernet hand-off from whatever ISP you are using (fiber seems unnecessary for 100 devices), get a Cisco ASA 5505 with the UNLIMITED license (ASA5505-UL-BUN-K9) so you won't have to deal with user licenses or if the network grows past the limited licenses. 5505's are perfect because they are super cheap and provide most of the functionality of a higher end model like a 5520 but are mostly just lacking GBIC slots for fiber handoffs. The ASA will act as your firewall, and allow for remote connections using VPN (using Cisco's awesome AnyConnect client). Follow online instructions for getting ASDM setup for the ASA so you don't have to deal with CLI and can do straight GUI configuration (very handy if you don't feel like learning to program an ASA from the command line).
3) Configure a simple network (with only 100 devices you can get away with a /24 mask on whatever subnet you use (255.255.255.0 mask). If you want you can go 255.255.254.0 and give yourself some extra breathing room if you think the network will grow past 254 unique devices. Configure your DHCP server (or whatever will hand out addresses for DHCP) to leave a range for static IP's that you will set on your servers. Workstations can pull DHCP as long as you have an internal DNS server so that people can remote to their desktops via the computer name. If not, then you'll need statics on your workstations as well for remote desktop.
4) Depending on your needs, you can add a few wireless access points to the mix as well to blanket the area in wireless. Preferably I like to use a controller (I use a 5508 @ work) but that might be overkill for you since you'd most likely only need a handful of access points. Although a 4400 with support for a limited number of AP's would be nice and on an "unlimited" budget, managing it is cake with the controller. Anyway, get the CIsco 1142's, esp if you go the controller route, since they can come with the LWAPP (Lightweight Access Point Protocol) enabled IOS image already on there. Don't forget to consider power/ethernet drops to where you will be placing the access points, and do a wireless survey with a test unit and a program like inSSIDer to gauge distances between where you should place them for maximum coverage.
I am a network engineer for my day job, and 1 of only 2 people who manage and maintain an enterprise network of over 5000 devices and ~8000 users. While we are stretched pretty thin, we manage to take care of that account and still have time to do things on other contracts (we are contractors), although there is a separate IT help desk staff at the main location to deal with specific user issues and workstation stuff so at least we aren't removing viruses and crap like that.
I did go to school for it (Bachelor's in Network Engineering) and got certifications, but really unless its a huge enterprise network there isn't much of a learning curve beyond the CLI commands and maybe wrapping your head around some ASA/Firewall stuff (NATs and Access Lists will be your main nemesis). Especially if they are giving you an unlimited budget, you can take a few classes to get the basics down ("Networking Fundamentals") and go from there if you are more comfortable having some kind of founcation. The biggest thing is getting used to the syntax of programming a device via CLI, and if you were a programmer you will most likely pick it up fast. If you can get your hands on a couple switches to play with, between that and Google you will be able to setup a fairly simple network to provide all the services I menti
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
This must be a hoax message - either way the post and subsequent comments have made my day. Welcome to hell.
If you do you'll always end up with FOSS (Free and Open Source Software) solutions and love your job. Either that or you'll end up with too much stuff that doesn't work and you'll hate your job.
That's the problem with this line of work. More than anything, sysadmins love stuff that works and it's often the grubby little details that make all the difference. However, it usually doesn't work out this way for them. If you're serious about your job, it won't take long before you to realize two important things about the world you live in:
* Commercial software companies just want your money
Unfortunately, it's not just about selling licenses (if only that were true): it's also about limiting the customers in what they can do with the products after they buy them. For instance, they typically use proprietary file formats, databases and protocols so that their products do not work with those of anyone else except their own, or those of their choosing. They call this "being competitive", but it's simply about limiting your choices so that they can steer you (the consumer) in whatever direction they want. They don't care about helping you to get everything to work they way you'd like, so functionality is severely limited. Basically, these companies just want your money, and preferably as much of it as they can get.
* FOSS developers just want things to work
These are the people who are on your side. They're just like you: they dream of systems that do everything you want and of users who are happy. Your system should be like that box of Lego blocks that you played with when you were a kid: everything fits together, even if now things are much more complex. This is accomplished by using open standards for file formats, databases and communications, as well as by providing the source code for the software.
What this means is that your success and happiness will depend on how much you can limit the use of commercial software in your network environment. Unfortunately, the average user (including your boss) has zero understanding of these concepts. Instead, their choices are much more likely to be influenced by a complex combination psychological factors, such as the marketing efforts of the big commercial software companies, their own limited experience, the advice of their favorite vendors and sales representatives, their desire to avoid learning to work with anything new, and even what their friends think they should do. In other words, unless they really respect you, your advice will not be taken seriously. Instead, they will likely tell you what software to work with and your efforts will ultimately be frustrating, the results disappointing. However, if you're lucky and good at explaining, maybe your boss won't blame you too much for the results.
Pretty much the same thing happened to me back in the late 1990's. However, I had a very good background in hardware (my first programming language was a soldering iron) and I am a graduate engineer. If you learn fast and don't believe too much of what sales weasels tell you then you might be all right. Being very comfortable with both hardware and software is a real advantage since it gives you a perspective from both sides of the great divide. Don't focus too much on any one vendors "solution d'jour" but try to understand the real principles behind what you are doing. The best example of that I can think of off hand is if you know what a Netmask REALLY does in the hardware and think of it in BINARY then you never have to memorize silly rules about how to figure out what one needs to be. Hint -- study the XOR function and realize that an XOR gate was and is a piece of hardware. It took me several months of intensive study (mostly nights and weekends) to get up to speed and I never really stopped learning. The only formal training I ever got was a three day class on the Firewall we were going to use and that was well worth it, since it got me started thinking about how EVERYTHING had an effect on Network Security -- It also got me another hat a few years latter as the Network Security Officer. Now, for the downside. Networks are utilities and the only time your work is REALLY noticed is when the network is down. As a network administrator no one notices if you do your job right -- outages just never happen. When things do happen, however, they are ALWAYS your fault and you ALWAYS take far too long to fix them -- even if it is 3am in a blizzard when you had to come in and do it! Good Luck
So you want to be a sysad eh? Well there's only one good sysad and that's the bastard who has become one with the bastard.
First your going to need a small wad of money, cause your going to want to own the network, not work for it.
To get that wad, I suggest lawnmowers, chainsaws, trimmers, edgers, roto-tillers, backhoes, and trucks, don't laugh, just do it, knock door to door and get jobs until you make a name for yourself.
Work and Try to get a General Contractors license.
You have your wad of cash and you still want to be a sysad.
No you don't. Not yet.
Learn Lockpicking, Survival, First Aid, Electronics, Transmitters, Receivers, Gardening, Pipe Fitting, Drilling, Trenching, Soldering, Engine Maintenance, Electrical Power Distribution, Load Control, Basic Business and Law. It helps to know lots of math, lots of on the fly scripting, if you can program yourself out of any problem, your close to being ready.
Your actually starting to live like a king now and you still want to be a sysad,
But not yet.
Start investing in precious metals like gold, silver, copper, learn to read world events. You'll need a pistol now.
Start studying international corporations, how do they work, where does their money come and go to, what does their infrastructure look like, where are they located, is it close to your resources, or too costly to do a TDY? Sell some excess tools, tech, on eBay, take a vacation somewhere exotic. Make connections, friends, people you can sub-contract and trust to get things done because they're independent and fast.
Learn photography, cameras, surveillance, audio mastering, streaming
Make a few plans for networks. Make friends with Senators, Congress, Chamber of Commerce, pnac, aipac, cfr, rothchilds, bilderbergs, DHS, cops, and sheriff.
When you finally do find a target, tear it up. Your ready for nearly anything.
You could be the one who pulls a national psyop. A bastard you are now!
I went through a similar process. You will only survive if you work hard.
Start looking at packets now. You must eat, sleep, and breath packets to survive. Use Wireshark and TCPDump. Don't let anybody abstract away any of the layers. You have to understand every network layer from 1 to 4 before you can begin. You have to be able to think like a packet.
Physically touch and diagram every piece of network equipment. You must be able to draw a map of your network from memory. DRAW the map, verify it's accuracy and keep it in a safe place. When something goes wrong, you will forget everything and that map will become very important to you.
You can have reliability or complexity. You can't have both. Educate yourself, then educate your boss. Make sure he understands that any complexity will reduce reliability. If you can't agree on the level of reliability and complexity, find another job.
Don't believe salesmen. Cisco sales are worst. They will destroy you in a minute if it means a sale. Divide all Cisco performance figures by 3 to get YOUR performance. At your size, you should be able to mostly avoid Cisco. Avoid them as much as possible. If your network design is simple, HP and Foundry (now Brocade) switches will consistently outperform Cisco, dollar for dollar.
Don't believe vendor performance figures. Evaluate equipment based on your own measurements.
READ THE BUGFIXES for the current and previous versions of your firmware. There are always more bugs. Future bugs will tend to occur in the same feature sets that gave rise to previous bugs.
Wait till you have a year or two of experience before tackling the following feature sets:
1) Redundancy. Redundancy is Cisco slang for: "I sold unnecessary equipment to a gullible customer." Redundancy is hard. In spite of everything you have heard, redundancy virtually always reduces reliability. Simple network designs, based on simple equipment will almost always be more reliable than redundant ones. Don't experiment with redundancy until you completely understand your network. Then only deploy redundancy after extensive testing.
2) VLANs. VLANs are a simple idea that enable you to create limitless complexity. Once you start, you will not stop until you have created a network that you can not understand or debug.
3) Multicast. You are not a true network person, until you loath and despise multicast. Wait till you fully understand why you hate multicast, before you depend on it.
Surprisingly, you should not hesitate to play with IPv6 (in a non-production environment of course). Nobody else understands all the implications of IPv6. It is one of the few areas where you will not be at a disadvantage :)
Miles
shill
[shil] Show IPA Slang .
–noun
1. a person who poses as a customer in order to decoy others into participating, as at a gambling house, auction, confidence game, etc.
2. a person who publicizes or praises something or someone for reasons of self-interest, personal profit, or friendship or loyalty.
- or - a person who pretends to be a burgeoning network administrator to collect information/
Hi, My name is Peter Revill, I have a little blog you might like to visit at http://ccierants.blogspot.com
I also have two CCIE's (CCIE #18371 Routing and Switching, CCIE #18371 Voice)
First of all, I want to address the idea that there is no jobs for network adminstrators, recently the company i was working for previously had some difficulties and I left: I had more offers than I knew what to do with, I am not trying to brag, i am just trying to allay fears that there is no work. I took a voice bootcamp in San Jose and all my class mates are drowning in job offers.
So there you have it, the job market is strong for network engineers, final proof would be
http://www.itjobswatch.co.uk/
Look up CCNA and CCIE etc on that, you will see a good demand
so that's my first bit of advice, second bit of advice would be: Aim extremely high and keep going, everyone get's there CCNA and then settles, that's not enough.
Finally: So much Cisco Bagging going on here, No idea why: the fact is that Cisco realise the network is more than just a way to connect PC's, it is a platform in and of itself, converged voice video and data (Unified Communications) is a great architecture and works very well. IP can transport _anything_ and we might as well start using it everywhere. Please take my advice on this: Cisco is not going anywhere, it's in the most demand of any vendor and will always win out over other vendors when it comes to features.
I hope this helps
The Practice of System and Network Administration, 2nd Ed. by Limoncelli, Hogan, and Chalup. You've got so much to learn technically and administratively, but it can be done with time.
-- Wondering how long until the internet becomes fully corporatist, like television.
If you're serious about the unlimited budget thing, and you want to be responsible, don't try to "learn by doing" with someone's production network. Go out and hire a network consultant to help you. A consultant shouldn't have any problem if you want to be the one pushing the buttons, but you should have someone there to at least check your work to verify that what you're doing is sane and isn't going to cause any type of major problems down the road. As far as learning, there is so much covered by "networking" that you really can't learn effectively by being thrust into a position where you have to come up with something that works on the first try. You need to identify the specific areas that are important to you. A good TCP/IP foundation is pretty much a universal requirement for anything to do with networking these days, so I would recommend either getting a good network essentials book or taking a class at your local CC. A lot of the early networking stuff is memorization, I.E. what's the max cable length for the various types of ethernet, what is an SSID, how do you update the code on a router, etc. Being totally realistic with you, a lot of the early on, basic stuff isn't that fun to learn about. Especially if you're coming from the programming discipline. You'll get bored very easily. But once you start doing more advanced stuff it gets more interesting. I've always enjoyed VPN and firewall/security stuff more than configuring routers. Once you learn about VLANs and the cool stuff you can do with them, you will start to see the various ways you can accomplish a task, and you'll see where you have the opportunity to get creative with your solutions. Virtualization and storage networking are huge right now, and there's a ton of good info you can learn about them available for free online. If you have a basic, flat network, then it's not all that complicated to get something up and running. Buy a firewall to do your NAT/VPN for you, connect that to switches for your clients and servers and you're off to the races. Cisco is a good recommendation and I'll tell you why. Cisco engineers are widely available everywhere, plus you have the TAC at your disposal. If you run in to a problem that you can't figure out, you have very well defined avenues for getting help. Juniper engineers are also out there, but they're not as easy to find, and that may command a price premium.
If you're going or using Cisco, I'd make sure you get Cisco support to download IOS. You can then use the GS3 emulator to simulate all sorts of different configurations for learning.
1. Take the money.
2. Hire someone else to do it.
3. Charge the company 2x what you're paying that guy. (PROFIT!)
You see? You see? Your stupid minds! Stupid! Stupid!
Truer words have not been spoken -- especially about Cisco Sales weasels. I had one tell me that I couldn't mix brands of Routers and Switches in a network. Specifically that the 3-Com switches we had then would NOT work with their 2600 series routers. They were wrong of course.
Changing inode_bits to 64 from 32 may get ya better performance but it is a one way conversion AND nfs mounted clients don't convert 32 to 64.
Sys Admins and programmers are two completely different animals. When most of us were young we made a decision on which path to follow. The path of enlightenment, or the path of programming. If there is an unlimited budget, hire an admin.
You should consider Mikrotik equipment. The best resource for learning about this equipment is a website gregsowell.com. Greg is a routing consultant that offers some of his talent on tap via the videos on his site. I have found the videos to be a bible for the Mikrotik Router OS. You can find his videos here. http://gregsowell.com/?page_id=951
Sorry, but seems to me like you got a demotion. Me thinks you were a mediocre programmer and they offered you an IT position as a kind opportunity opposed to kicking you to the curb. How do I know this? Because you can't even Google "How to setup a computer network" and figure this stuff out for yourself. Being a good programmer involves basic problem solving skills involving research. None of this is rocket science, there are tons of books, online websites and school courses in this stuff not to mention entire contracting firms already in place to do this work with a simple phone call if you really want the easy way out.
Sorry for being critical, but the number one complaint I have about most IT guys is that they all love to dabble with the hardware and talk a good game but can't keep a system running to save their lives largely because they failed into IT, this is a prime example.
Dead simple installations, multitude of configuration options to do most everything. Still lets you get down and dirty if you need to.
Unless you're trying to do something like server publishing or VPN, in which case it will fail repeatedly and you'll get no support from Sonicwall. Not to mention the slow, pants on head retarded UI and poorly written help files. Try a Foritgate instead. Fortinet publish comprehensive admin guides for their FortiOS and dedicated guides to connecting VPN. Easy to configure from scratch, have useful metrics and logging not to mention a command line built into the web based UI.
Calling someone a "hater" only means you can not rationally rebut their argument.
If network engineering is what you want to do in your career then go get your Cisco certs. Doesn't matter how you learn it self-study, classes etc .. whichever one is best adapted to you. Ignore the idiot that said to ignore Cisco and go only with HP. Reasoning is if you really want to get recognized and have certs that do matter in the industry then get your Cisco certs. Cisco is a networking company and as such actually develop the different networking technologies far above what the plain standard says that technology should do. HP well they try to get their hands into everything really. Sure Cisco gear is a bit pricey but when you put it in and you configure it exactly the way you want it using the console it will be worth every $.
Also doing only network administration as a career will get boring after 2-3 years even if you change jobs and don't forget that nowadays recruiters blend systems administration in the position description and label it network administration and before you know it you're stuck helping staff figure out why they can't print or why that legacy system from an outdated company is not doing what it is supposed to do.
As for your position for what you want to achieve a CCNA routing and switching level certification should be enough.
Lots of great advice in here has already been modded up. I have just a few things to add regarding worst case scenarios, that I'm sure plenty of us have gone through.
"...maintaining and rebuilding the in-house network of a small company..."
I've been there, and it's a lot of responsibility. Not that you can't handle it, but expect to be awake at all hours of the day and night at any given time. There may be times when the $#!7 hits the fan, and you're at work for 24+ hours straight. Make sure you've got something semi comfortable in the server room (or elsewhere) to sleep on so you don't kill yourself, or anyone else, trying to drive home after that. A decent cot, blankets, and pillows. Seriously. Unless there's a hotel next door.
Also, disaster readiness has been touched on, but I'd add in some very good quality squirrel cage fans if they're not already there. They'll really save your ass when the AC goes out. You want something small that can really move some air in and/or out of the room I've had 2 occasions where primary and backup AC have failed due to power outages, and didn't come back up with the power. Good fans can save you from having to safely bring down 100 servers while you're waiting for the AC guy to show up.
Make sure you understand how to implement and follow a disaster recovery plan. Spend a good amount of time learning and understanding best practices.
Oh, and RUN! Run fast, and run far!
http://mj12net.org/index.php/system-administrator-interview-cheat-sheet.html
Slashdot = Sarcasm
How about "Learning to be modest" by Dr. Humil I. Ty.
As a former instructor (way back in the previous millennium) at Global Knowledge, I found that the Cisco classes at Global Knowledge are fantastic. I "audited" several of them and learned tremendous amounts from them. But, let me be frank. This is 2011. Unless you need hand holding or a paid vacation, video courses tend to be equally complete (especially the ones which use the Cisco course materials) and are MUCH more affordable. The budget could be spent elsewhere.
Also as a "star programmer", there are many questions you should have which could never be covered properly in a Cisco training course. I personally develop network infrastructure equipment for broadcast video over IP. As a programmer, when I hear about routing protocols, I want to clearly understand the protocols. Recently, I have been working on developing an in-house course for my colleagues regarding IPv6. Compared to the Cisco courses on the topic, it's far more compact and far more detailed. It makes the assumptions before starting that I don't need to explain hexadecimal, it's assumed that when discussing the routing protocol instead of spending ages covering drop through mechanisms, I can simply present the algorithm and it will be understood. So the Cisco theory classes are insanely overpriced and painfully boring for "star programmers".
I'll chime in on #10 as well.
Now that you're not being paid to program any more, take advantage of it. If you need a programmer for a task, hire one. Programming is something you should do for fun now. Find the open source project you always wanted to work on. And build on it. The hiring someone for a task theme is good for much of the rest of it as well. You can't be an expert on every technology. Hell, I want to be, but when it comes to the output quality of the video codec I'm working on, the girl with the Ph.D. that sits next to me is far better suited to design and prove those algorithms and I am. But I'm damn good at making them work and making suggestions as to where we should cut some corners if the math allows it. There are some things you'll have to maintain, but maintaining a mail server for example is just plain stupid. You can administer it, but outsource it if you can. Programmers have a bad tendency of reinventing the wheel over and over again. Remember, there's probably already a solution for it out there. Much of your job should be about finding the right one.
An additional issue with issue 4. If you're not only the network administrator but also the help desk, use some of that unlimited budget to get a slave to answer support requests and reimage machines. Even if that slave barely knows a thing about computers, their your front line to make sure you're not spending your time changing toner cartridges. If you setup remote installation services (or whatever it's called this week) properly, it should be possible to train a monkey to install new images on machines. In fact, I once configured a system so that GRUB was installed on a USB stick (mounted within each computer) with imaging software on the stick. It made it so that you could reinstall the image yourself by pressing 5 keys on boot-up. If the users keep their documents on the network, this is a perfect solution. Then just keep your images up to date.
The real point here, leaving technical details aside is that you shouldn't be imaging machines. I would however highly recommend you learn all you can about Windows PE and imaging services. StarGoat mentions you should buy the same machine in batches, but understand that with Windows 7, the same hardware imaging requirement is gone. Hard drive controllers are now standardized, you don't need a new driver for every machine, just a new optimal driver which will most likely be automatically installed from Windows Update. A well maintained image for desktop PCs is the key to a fluffy life.
Also, this is 2011, you can bully users into using online services for most things. So, you can use Citrix or some other type of remote solution for application streaming.
How can I filter all useless comments and leave only the comments answering the damn question ...
Definitely do CCNA. You need that. Then read all the Linux HOWTOs @ tldp.org That last one is maybe not apparent how its pertinent, but I have learnt things in there that I haven't learnt from any other book or teacher in my 8 years as an SA.
* what's the right strategy here?
OUTSOURCE. EVERYTHING.
* What routers or switches or other equipment should I acquire?
Routers and switches: depends on $x connections and @y traffic volumes. You'll also need:
* A cable tester
* An 8P8C crimp tool
* Rollover cables and DB9 adapters
* At least 1 PDU per rack
* patch panels (NOT belkin! They suck and your budget allows for anything worth its salt, e.g. Matrix)
* cable management brackets
* A KVM drawer
* USB hubs like these (any decent hub will do)
* RS232 to USB adapters
* UPSes
* A SAS tape autoloader should be sufficient in most cases, otherwise get an iSCSI tape library. Stay away from Veritas and Symantec software, try bacula.
* If you need more storage, an iSCSI SAN server (there's AoE and it works but I doubt the cost-effectivenes and only CoRaid supports it).
On the networking equipment (and PDUs), connect the rollover cables to the console port and the other end to a DB9 adapter. Connect all the serial ports to the USB adapters and to the USB hubs. Connect the USB hub to the server you operate with the KVM drawer. Require at least public key authentication for ssh access to that box.
Set up the Linux servers to boot on the serial port (in the BIOS, grub and init) so you can easily remote in even when you can't ping it. You could even use a modem and pppd with MS-CHAPv2 to provide a remote getty when the Internet is down. You can further restrict it using e.g. pam_opie. Alternatively, set up a VPN over 3G but that requires a third server somewhere. Or simply cross your fingers and hope you'll never need it (it's all about cost-benefits).
* What books should I read?
Linux In A Nutshell, ISBN13 978-0-596-15448-6. Using Samba 3rd edition, ISBN13 978-0-596-00769-0. Something on IPv6 as well as both "CCNA 1 and 2 Companion Guide" and "CCNA 3 and 4 Companion Guide" from Cisco press (doesn't cover IPv6, so that's why you'll need a separate book for that). If that's not enough, read up on open LDAP. But most of all, Read The Friendly Man pages.
* Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?
Yes, as a network admin you should get CCNA. LPI is nice to have but not essential and I doubt you'll ever need RHCE.
Don't buy network appliances (e.g. spamfilter/proxy/etc.) unless you have a really good reason to because most of the time these are black boxes hiding Linux with a crap (and potentially vulnerable) userland. As a general advice, Brocade FastIron switches are great for an "unlimited" budget. They support just about every standard under the sun and then some. If the budget is not /that/ unlimited, HP ProCurve will do. Cisco Catalyst is hardly worth the expense.
Lastly, do not accept anything less then 1000Base-T for every port on your network. Do not use UTP for the cabling between the patch panels and wall outlets (use STP or at least FTP instead, STP is perfect for an "unlimited" budget).
AMA!
The tool I learned the most from: Wireshark (well, it was called differently, but that's the hip tool of the day).
But take some time to see what really goes over the wires and through the air.
Besides that get to know your basic protocols, everything else is configuration and common sense.
Think about what you are doing, and where which packets flow how.
If the network is email/web for 100 non-technical office workers then just buy five £100 24-port switches and forget about it. If you are supporting 100 stock traders, or the storage/rendering for 100 3d/video editors then just hire five £100k pa network administrators and forget about it.
They gave you a network manager position when you don't know ANY networking? Who is running this company? A 5 year old child?
Send me the name of your company, I have feng shui consulting to sell them...
Don't expect too many responses mate. You've been put in charge of a network with zero network admin experience. Either go and do at least a CCNA or hire someone who already has one (and actually knows what they're doing).
I've done both for over 20 yrs. now, and the real fact of the matter is this (and it's simple): Coders have to invent things that the network people merely use. The things that do not have a "turnkey" instant already prebuilt solution (which is pretty much what network admins work with, occasionally writing scripts via batch, powershell, PERL, Python, or NIX shell scripting etc./et al). Whereas by comparison - Network techs/admins? They, 99% of the time, merely use that which programmers invent for them to use, and read a manual on how to use it. Now, often, without said prebuilt solutions? They're very often, helpless.
Therein lies the big difference between programmers, and network techs/admins.
By the time you've been in this field for over 2 decades you start realizing this is how it is.
Now, as to learning network operations or even network architecture? Cake compared to coding.
Why? The tools work and are already created. You read the manual, and apply it to your network (using the known ports lists to help you. The documentation's there already, and if you've done any sockets coding, you pretty much know what you're doing already, anyhow, on that front too).
The networkers won't like me stating this, but it is fact. I know, I have done both job titles and can comment freely on the differences (main ones) between both jobs, and why they pay differently as well.
The article poster can do it with just about anything without a lot of trouble.
Cheap whitebox gigabit switches from two or three dozen brands crap all over the stuff HP hasn't updated properly for years unless you want to also use the switches as firewalls - and even then there is midrange stuff that craps all over HP in both speed and features.
What the hell did you do to warrant such a demotion?
Consult with and hire an experienced networking team to assist you. Ask a lot of why questions, and also ask if there are other options to their recommendations. I do not know what your time constraints are and there are numerous good recommendations above. However, for you to really know what you are doing and why, will take a significant time period, possibly even years!
Promote yourself to the ICT manager.
Hire an System Administrator experienced with Citrix.
Hire an Network Administrator experienced with Cisco
Hire someone for first line Servicedesk
Hire someone for second line servicedesk
That will be your normal every day in house staff.
For the initial setup hire an company with experience in Citrix and with them build the new network. Make sure your own Sys and network admin work closely with the company so that knew exactly how everything works. Also make sure EVERYTHING is documented.
1. use some of that unlimited budget to hire someone who knows EXACTLY what they are doing and watch what they are doing for at least 3 years
2. advise your CTO that hiring a "star programmer" to do network admin is tantamount to professional negligence
3. politely decline the "opportunity" because you WILL screw up
From my experience, someone who boasts to be a 'star' programmer usually is not one. I'm just saying...
FTP? What year is this? 1993?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
You're a programmer - I would hope you understand a fair amount of networking, etc. You should be able to pick this up quickly. Get whatever hardware - don't buy low end but you don't need to be buying Cicso crap or something that is intended for tens of thousands of end users. Read a few books about whatever system you're going to implement (Are they running Winblows Server?), and about TCP/IP / networking and you'll pick it up in 2 minutes (bet you could read a book a day). Definitely avoid anything Windows and AD - the network is too small to even be worth dealing with how awful it is. Maybe use CentOS (to avoid paying for Redhat Enterprise, as long as you're confident in your ability to fix stuff).
Troubleshooting networks is not hard, it's the peopleshooting that presents the real problem.
you are in a twisty maze of different passages.
I love being a network admin!
In the UK here, I'm not even a CCIE, but I still make about £95k a year ($155k).
If you don't mind constantly learning, it's a great career to be in. Once I've got around to doing the CCIE I should add another 20% to my salary. And given most days I'm sat in the pub for at least 2 work hours, I really feel like I can't complain.
To Become network administrator you have to take certification from Microsoft and Cisco without it no company will take you seriously