Slashdot Mirror
Ask Slashdot: Becoming a Network Administrator?
J. L. Tympanum writes "After many years as a star programmer, I have taken a position which involves maintaining and rebuilding the in-house network of a small company. There are maybe 100 machines, a mix of blade servers running Linux and desktop PCs running Windows of all flavors. Basically, I have to learn networking from scratch. I have been given an 'unlimited' budget to buy routers, switches, etc., to set up my own little test network as part of the learning process. So the question is: what's the right strategy here? What routers or switches or other equipment should I acquire? What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?"
Run, run as fast as you can, and don't look back.
--Nuintari
slashdot : where an opinion can be wrong.
Administering networks is best left to wizards and warlocks.
Can show you how to set up a network.
You might want to take a supplemental course for security tho...
Why would a star programmer want to transition to network management?
Why did you leave a position as a "star programmer" to move into network administration? Why restart at the bottom of the ladder?
Nobox: Only simple products.
Hire a professional :)
1) Use your unlimited budget to hire a network administrator.
2) Go golfing.
Go green: turn off your refrigerator.
I have this job now and my girlfriend tells me I wake up almost nightly screaming. I can't help but think they're connected.
Read the CCNA courseware. You'll learn alot.
Replace everything immediately, blame upper management, and start looking for a new programming job.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
Just take a CCNA course, they will have all the equipment you need to bone up on the basics. If this is only a few servers and 100 PC's, save the company some money and don't get too fancy. 3750 Switch with a few access layer switches and you are good to go. Or two 3750's running HSRP.
All you need is the cloud.
What you do is get a cloud. Just connect all your machines and networks and cables to the cloud and you will be aaaaalright.
You can't handle the truth.
After many years as a star programmer,...
Troll.
Why did they ask you to do it, instead of that guys geeky cousin?
Getting the core switch out was the easy part. The hard part was getting the core switch out! Hehehehehe...
If you have an "unlimited budget" and you're in charge, hire someone under you who is already familiar with networking. Sounds like you're familiar enough with the SA aspect of the job, but just need help on the networking portion. Not only will hiring someone get you going quicker, their's no better way to learn than hands on experience.
Why not use your star programming skills to study the following book about networking UNIX Network Programming Volume 1 by Stevens, Fenner, and Rudoff?
You should get a programming job that involves writing the embedded code for routers and switches. Taking a job as a network administrator is a step down.
The only viable route up in Salary is to become a Solutions Architect. This would involve perhaps working towards a CCIE and getting experience in a Software Architecture role on an IP based product. Architect salaries are higher than programmers assuming that salary is a factor in your decision.
Seriously. Stay away from Cisco Gear. Overpriced over complex over hyped. Look at the HP procurve line of switches. They have very good L3 L2+ switches that handle routing for small to large networks. Take the HP networking Fundamentals In Person Class. It is one week long and provides good hands on training. Their gear has a lifetime warranty and FREE Tech support during normal business hours. Did I also mention that Software Updats are FREE. No annual maintenance. Seriously look at HP Procurve. I took a job as a Net Admin 8 Years ago at a company that was an HP shop and have never looked back or ever been dissapointed by their products or support. The 2910al is a great Static Routing Gig Switch.
Forget Cisco. Phone your local HP Gold Partner - get them to put you in touch with the local HP Business Team. They'll give you free courses and training, and that is the end of that. For 100 networked devices, HP kit will do the job. I don't get the obsession with Cisco - I'm running 8 networks on 10 sites that are all HP, serving nearly 10,000 students and 1200 staff, and we've never regretted bypassing Cisco altogether.
...don't take any lessons from anyone employed by Sony.
The Network+ is decent for getting a general idea, but it doesn't give you many practical examples or skills. The CCNA was great for learning how to actually configure a switch/router (at least the book by Odom was. Amazing books by that guy). If you aren't planning on getting certified, you can probably go through the CCNA books in about two weeks of solid reading, and the CCNP book isn't too bad, either, if you're the same way I am and just find out you like networking. Not sure what to say on the whole server side of it though, since I haven't delved that far into that side of it yet, but I'm sure others here will have a wealth of information on where to look to learn that sort.
It's the can of worms popping open... You don't necessarily have to "buy" physical routers, switches, etc. These days, you can simulate pretty much any network setup you want via software and see how things work out: http://www.gns3.net/ Also, asking "us" what hardware you should buy is like asking someone what kind of computer you should buy, the question is too general and the answer will depend largely on the business/security needs of the company. Tannenbaum wrote a very good book about TCP/IP networking which you may want to read: http://www.amazon.com/Computer-Networks-Andrew-S-Tannenbaum/dp/0131651838 Aside from that, you should look into the basic requirements for network administration/security and make sure you understand and know how to apply them, the topics listed here could be a good starting point: http://en.wikipedia.org/wiki/CISSP
This is not a home network.
Peoples work and income depend on that network.
It might look like a great job, but even when it is a mess, it is a working mess now. You won't learn everything you need to know before this thing needs to be in the air, and you run a risk of being run out of town, lynched, or something worse.
If you have unlimited budget, name your self network architect, follow a few nice courses, and hire people who know what they are doing to do your job.
I am a 12 year veteran of the field. My official title is Sr. Technical Engineer. I work for a small (15 person) consulting firm. I’m being completely straight w/ you. Start looking for a programming job. This is the end of my advice.
If you need to fake it for a while, setup w/ a well-respected school in your area for your CCNA. If you have no budget concerns schools w/ equipment stacks and solid instruction will beat out any other option.
But seriously, you’re making a bad career move, this isn’t meant to be funny.
Dead simple installations, multitude of configuration options to do most everything. Still lets you get down and dirty if you need to.
Before trying all that it would be better to inventory what your network is doing right now as a starting point. Figure out what services are running, and how the current machines are configured to connect to the network. I'm assuming this wasn't all magically done and there must have been someone who did it before you. That's where I started and I learned a lot. I especially learned that our network was done horrifyingly wrong.
As for learning, the server type doesn't matter much (BSD/Linux) but you can learn a LOT by writing your own firewall rules from scratch (use FreeBSD myself). Not saying to do that for your company, but you'd be surprised at how much you learn from documentation, howto's and experimentation for firewalls.
Seriously. If you're learning networking from scratch you are not prepared to be in charge of a network with 100 computers. If you screw it up, you could mess things up for days. Start at the bottom and work your way up, or hire someone who knows wtf they're doing, you could contract in someone (there are always going to be consultants who do network around). Bring one of them in, have them go over some of it with you.
The 'go read a CCNA book' advice isn't far off. But if you're already in charge CCNA is at least one step down from where you want to be.
I reiterate: use your money to hire someone else. Either hire them to actually do the job and become network manager, or hire a consultant in (be prepared to see this person regularly for a year or so) to come in and help you get things going. Make sure you have people on staff who actually know what they're doing, and can tell you when you're being an idiot.
Going from programming to network administrator may as well be going to predator drone pilot. You use computers and networks, and familiarity with computer skills is great, but they are very, if not completely different skills. And while you're at it you need to learn to be a manager, because most programmers don't learn about budgets, HR practices, setting security and devices on the network policy and all that but from the sounds of it you have to decide how to spend money.
CCNA is definitely the way to go, you could take Net+ but its pretty much the same thing as CCNA, but not as proprietary, but seeing as how CISCO practically runs the background of the internet, its not such a problem. And even if you end up gettnig juniper products or something else, all the commands are very easy to pick up most router IOS's being unix based. CCNA helped me expand my knowledge ALOT, and I do mean ALOT. If you were going to get anything to test on, you might grab a CISCO 1841 router, there not cheap but if you have a "unlimited" amount id get one, o and me one :). If you sign up for a Cisco Netacad class, you get access to PacketTracer which is a router IOS emulator which is very useful and powerful and there are also other alternatives out there. Nowadays you can even make a Virtual Machines with a router IOS.
Configure static IP's on all the machines
Take a 100 port hub or build it yourself
connect all machines to it
Enjoy :)
Look at Adtran switches. HP's Procurve support has gotten flaky.
Why is this thus? What is the reason for this thusness?
what's the right strategy here?
Proceed with caution. Make sure you enjoy networking and that its challenges interest you. Networking is very different from programming and also different from desktop support.
What routers or switches or other equipment should I acquire?
I have extensive experience with HP Procurve equipment and I have been satisfied with their stuff. (In the network I manage we have about 120 HP switches.) They are pretty reasonable in price and have a lifetime warranty on their switches and routers (I just got a replacement for a part for something that was manufactured 10 years ago, no hassle). Cisco is good if you like features, have a large network, and enjoy spending money. I would avoid Netgear switches (unless you need a small desktop switch (e.g. GS108) to provide more ports) as I have heard bad things but I have no first-hand experience. Expect to pay around $1000-1800 for a good 48-port Gigabit switch.
What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?
I would look to achieve a "CCNA level" knowledge. For a network of about 100 devices you won't need much more. You can do that by simply reading a book (e.g. the CCNA prep by Lammle or Cisco Press), self-study (e.g. books alone or with video) then trying to pass the test, or taking a classroom course with Cisco or GlobalKnowledge. The material covered in CCNA is useful even if you use Procurve devices (although vocab will be different, such as "vlan trunking" (Cisco) vs. "vlan tagging" (Procurve, IEEE 802.1Q))
Background: I managed a network at a scientific research center (1000+ end user devices and a couple hundred servers). Its a mix of Cisco (core) and Procurve (edge). I have been working in networking full time for 2 years (I was in the poster's shoes not long ago) and with computers for about 5 years in a professional setting.
I'm a Network Administrator. With 100 computers, you have a nice small network to test already. First, you have an unlimited budget. Take advantage of that ASAP. Give it a couple years, and you'll be saying, "Budget? Don't I get a budget?"
Get setup with some nice Cisco Gigabit. Probably just 1 or 2 routers, maybe 5 or 6 24/48 port switches. Next, get a HANDLE on your network. Either go corporate, or go free. Look into Spiceworks, Hyperic, OpenNMS, Zenoss, etc (spiceworks actually has a nice community of Network admins that you can talk to and ask questions).
Next, get your anti-virus in order. I recommend ESET. (I assume with 100 computers, you're also the Systems Administrator, that's typical).
Focus on security, security, security. I'd get OpenDNS on it immediately, lock out malware sites. You may find several computers already running trojans, maybe conficker. It'll be a fun learning experience.
I'd advise avoiding Active Directory or anything Microsoft. Then again, that's laughable advise. Good LUCK avoiding AD! And then, good luck with your windows users not getting pissed because there are no policies on the Mac users! (Just remember, control them at the DNS/router level, and you'll be fine. Active directory is good for pretending like you're doing something that looks important.)
Most importantly, go to community college. Get a degree if you need it, but at least pick up some certs. They're not worth anything, but you'll learn. Hell, if they're paying, free education is always good.
Screw books, you don't have time for books. Go to some SANS Institute workshops (unlimited budget will cover that) and learn some hard core skills. College and workshops will give you real hands on experience no book on Cisco Routing will do.
Now, get ready to crawl your ass over rafters and in dank dark closets. Get ready for your finger tips to bleed as you make Cat-5e cables by the hundreds.
Get ready for the wake up calls at 4am on a Sunday because your email server is unreachable. (You got the budget, plan a cloud failover now... hell, plan everything failover now. If it's not on VMware or HyperV or Xen, make them buy all the hardware you need to get it there. Remember, it's all YOUR fault!)
But it's worth it. Because, in the end... you are God on your network. Just remember, benevolent gods get their heads chopped off. Make them fear you a little. Take away their facebook and youtube for a week on accident... let them know you can make them cry at the push of a button. Use inexperience as a mask for your mind games and plots. "Whoops! Gee, did I do that?"
Muhahahaha...
Seriously... it sucks. You are always to blame for everything. Eventually, you will make believe you are God and fantasize about taking away facebook and youtube... probably while crawling through your ten thousandth spiderweb pulling another wire behind you and remembering the last Bastard Operator from Hell story you read.
I8-D
"After many years as a star programmer, I have taken a position which involves maintaining and rebuilding the in-house network of a small company.
Learn how to do it, get it done, then work hard on getting a better job. Being an administrator for a small network is a miserable job.
1. As above, take a CCNA course or find the materials. That will give you a good basis.
2. Read everything you can in regards to VLANs and how they work/best practices/management by hardware OS
3. Read everything you can about switch port management (i.e., access port vs. trunk port, again relies heavily on the chosen hardware OS)
4. Choose your hardware: If money is no object, Cisco is reliable but more upfront and much more for yearly support. HP ProCurve is a very good economical option.
a. Either way, use two stacked Layer 3 switches for core routing with Layer 2 switches for access layer.
b. For Cisco products, I'd recommend a pair of stacked 3750X's, with 2960 for access layer switches.
c. Save yourself pain later - have each access switch trunk to the core stack with an aggregated trunk, one port to each half of the core stack. (if half your core stack goes down, most of your network stays up. If one line/port of the trunk goes down, whole network stays up but speed may be affected depending upon bandwidth used)
5. Use one VLAN for infrastructure (i.e., switches, servers, printers, appliances), use one VLAN for workstations, use one VLAN for wireless if necessary.
a. Avoid using VTP, even if it seems like a good idea to you
b. Do all routing between VLANs on the core stack, access switch trunks should carry all VLANs however
c. Test the hell out of your config in a lab if you have time, lot less pressure telling them that the project is delayed by testing than telling them all work is delayed because you can't find the problem on the prod network
d. Thank god you get a test network
4. Once everything's built, configured, and running well - BACK ALL OF THE CONFIGS UP, and repeat whenever a config change is made.
Good luck, and you'd really better love troubleshooting problems with very little info to go on...
"I'd make a wooshing sound, but the post was so far over your head it was inaudible..."
Unlimited budget? Have Juniper, Cisco and HP bid on your project including installation and a managed service provider to look after it. Then take the training for which ever manufacturer you choose. I would tell you to do Juniper since you are a one man shop. I have a four man team with only two senior network engineers managing 19 sites in and out of state. The Juniper gear has proven to be the least cost of operation for us and the strange stuff we try to do. And learn one command "Commit confirmed"
yes Cisco use a small network of 3/4 buildings and 2000 Hosts as the case study in the CCNA academy course work.
What to learn: Learn networking fundamentals very well before touching anything.
What to buy: The cheapest thing that does the job and meets the requirements. Ignore anyone in sales or any geeks with axes to grind.
Caveat: Be very very carefull in gathering requirements.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
If you want to get fancy with it, you can VLAN the workstations from the printer and the servers, then setup some ACLs. Thats the ONLY reason I say it's diffrent than a cable router.
As an applications programmer I can tell you that we have network consultant's at our customer's sites. They get paid T&M, and little config issues we handle ourselves.
By getting network support from a third party:
1) Network will stay up with few hiccups
2) Your transition to Network Dude will leave you with hair on your head
3) Your education will not interfere (too much) with the operation of the network
4) You'll get book learning and practical OJT
5) PHB won't have to bitch about downtime or cover his own butt
I do not understand why people underrate networking as if becoming a network admin can be done just with a " 'unlimited' budget to buy routers, switches, etc., to set up my own little test network as part of the learning process".
Seriously. Have you asked yourself for example, who's going to do the troubleshooting? Yourself?
Think about a network admin that asks here what computer, software and books need to buy to become a "star programmer". What would you answer?
I have supported developers for over a decade, and rarely have I found one with a grasp on how hardware, drivers, network stack and logical and physical layers work.
I can assume they're Java developers.
Trolling is a art,
Hire consultants. Buy juniper. Point finger if it breaks. If you have no experience, getting dropped in the deep end is a recipe for failure. Read up as much as you can to get an overview of the concepts involved but leave implementation details to someone who knows what they are doing. Then learn by example. Maintaining an existing well set up network will keep your hands full enough for a while.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I'd like to become an expert in a field in which I have no experience.
It takes many years for most of the folks working in this field to gain the knowledge required to be effective, but I am very, very smart. So much smarter than most people, infact, that it shouldn't take me more than a month or two to get a firm gasp on things.
There's just one small problem that is preventing me from teaching myself everything that I need to know to be able to do my job well. See, I'm not smart enough to know how to even begin to teach myself anything about this field. I'm sure if someone could just point me in the right direction, I'm quite sure that I'll be able to make sense of things.
Also, which vendors provide "easy" buttons on their gear?
Please advise.
MrGenius
Never eat more than you can lift -- Miss Piggy
After you get it all set up, check out Zabbix as a free, open-source cross-platform option to monitor them all ( http://zabbix.com )
This response is misleading. A network with 100 workstations could easily have dozens of L2L VPNs and attendant routing, access lists, and natting involved. I should know, i work in such an environment. 115 employed end users, maybe 800 federated end users, 37 servers, 7 routers, 2 offices with 2 firewalls in each, multiple internet connections, multiple point to point connections. Honestly, the first thing you really need to do is study the network thats in place. What hardware is in place. Generally I lean toward Cisco because its solid, dependable, and has good tech support available. However Cisco is not a one size fits all pile of equipment. For instance, if you are working for an ISP then you probably want to go with Juniper. Clearly, you want to steer clear of the Small Business and SOHO lines of hardware like Linksys and Netgear. Once you have a grasp of the layout, networking connections [i.e. connections within your building (LAN), from your building to the internet (DIA), from your building to other offices, if you have them (WAN), and from your business to other business (typically VPN, but can be others) then you will have a grasp of what technologies you're looking to learn. Hitting something as broad as CCNA or other certifications doesn't get you up to speed as rapidly as possible on your environment. CCNA has a wide range of topics that you may eventually need to know by may never ever see. Focus on what your environment holds and learn those technologies. You may want to hire an outside consultant to assist you with this aspect if you have no clue as to how to go about such discovery. This should probably take less than a day for a knowledgeable networking consultant to discover, and some time more for him/her to parse. Once you have this list, including the models of the hardware you have you should begin digging into those technologies. Top of that list needs to be IP addressing and subnetting, if you don't already know those. Follow this by routing - especially if you have an environment like mine that includes multiple routers. You need to have an understanding of IP addressing and subnetting to get your systems talking to each other. With that, DHCP and DNS are are essential server services, so you should probably learn about that right from the start. THis just brushes the surface and doesn't include things like SSH, Telnet, L2L VPN, remote access VPN, and the various routing protocols. Not to mention certificate services, encryption standards, etc, etc. I found that this book has a good overview of a lot of the technologies. Its pricy, but to me it was worth it just to get a very good grasp of how everything from LAN to WAN to Wireless fits together. http://www.amazon.com/Telecommunications-Data-Communications-Handbook-Horak/dp/0470396075/ref=sr_1_1?ie=UTF8&qid=1304626364&sr=8-1 Additionally, there is a veritable mother load of data available on the web. Cisco is really good about having detailed configuration manuals for their products that are publicly available.
1) Cisco is naturally the big boy. Most companies come close to emulating ios. Learning it won't hurt.
2) I wouldn't do courses. Based on (admittedly old) experience, they are a joke.
3) Sign up to NANOG, it won't help your knowledge directly, but will keep you updated on the latest trends/concerns/flame wars.
4) If you thought there were "more than one way to do it" in programming, you are going to love networking.
5) A host is a host, From coast to coast And nobody talks to a host that's close, Unless the host that isn't close Is busy, hung, or dead.
-- MrMud
I did pretty much exactly this, starting in 2004. It looks like you have the opportunity to make this fun for yourself. Show some initiative and try something new. Off-hand, my advice would be:
Comment removed based on user account deletion
$100K for me, $100K for you and we pay the H-1B guy from India $20K to run the thing.
Have gnu, will travel.
I'm buried so far down here, I'm sure no one will read this. But here is what you need to do.
1. Before you begin, attend a Cisco / Global Knowledge CCNA bootcamp. You may not leave able to program routers like a master, but you'll learn how networks work.
2. Visit every PC, Server, Router, Switch. Put eyes on everything. Create a master spreadsheet. Document model numbers, IP addresses. Create Visio documentation of the way your network is set up. Document everything. You need a good deal of cabinets to store it all.
3. Decide what is the most deficient part of the network, fix it with the simplest solution. If you're using hubs, buy switches. If the routers need to be rebooted constantly, buy new routers. Above all, keep it simple. If possible, stay away from V-Lans, encryption software, Linux, or anything else complicated. Do this every year.
4. Buy one third of the total number of PCs of the network plus ten percent. Buy only one model. Create a central image with Acronis and modify that image as necessary. Deploy these models. Repeat for the next three years.
5. Outsource security. That way, when it breaks you can blame someone. At the same time, make sure you can monitor security to prevent breakage.
6. If possible, outsource your main application. You don't want to support the product that everyone in the institution depends on. You need to keep the network up, not software.
7. At the end of year one, bring in a network assessment. Tell the assessor what he needs to find before he arrives. Use that the next year to justify your new purchases.
8. Make sure you stay friends with the president / CEO. When it is necessary to reorganize the server, etc, it will be necessary to have his good will.
9. Be prepared to work like a sunuvabitch for two years. Take your spouse / GF out when you can.
10. Don't let them make you program again. You're a network admin. You cannot support your old programming team.
Hoist Number One and Number Six.
Man I would be learning everything I could get my hands on/enrolled in. Having said that, don't over do it. A good network is a simple network and don't forget that everything will be running on it so if it breaks everything breaks.
They guy above who said to contact an HP Gold Partner has the right idea but do the work yourself that way you learn it instead of just contracting it out. From the sounds of it it's not like you're going to be buying insane networking gear that supports OC-19whatever so sticking with a firm like HP and taking the best practices route is the way to go.
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
Advice is one thing but this is a "do my job for me because I'm not qualified to do it" question.
You mean this is not Slashdot Consultants, LLC?
I'll believe it when I see their name on my paycheck ... *checks mailbox* ... nope, nothing yet.
...hire someone who actually knows the job you've been hired for. The fact that you have to ask these questions tells me you are the wrong person for the job.
Not true at all. Programming is about logic, and logic is what you need when you're troubleshooting a tangled mess of gear and wiring. Then you write the scripts that monitor and maintain everything, that's pure programming.
Routing can be a headfull, but again, if you've already nurtured a critical, information-heavy thought process, it should be easy to pick up.
As someone who made the same transition over a decade ago, I can't quite remember how I did it, and it certainly had its moments, but I always had the tools and problem-solving skills to work my way through problems. Can't quite nail a concept ? Write a program that tests your assumptions. I learned more things that way than from any books or teachers.
-Billco, Fnarg.com
Get comfortable with Wireshark. And read all the Laura Chappell you can find. She's my go to for network errors, diagnosis, and everything that goes on the wire. Just be thankful you don't have to learn Token-Ring. No one will let you alone for a moment without pointing out to you how much it sucks.
deleting the extra space after periods so i can stay relevant, yeah.
Many are not so lucky.
My advice is this: do not trust the vendors. Do not trust the documentation. Do not trust that there even will be documentation to mistrust.
I don't care if you are buying the top shelf gear from the leading vendor, do not assume that gear will be competent.
Figure out what features you need, and if you need a feature, test it, and test it thoroughly on live hardware. Test all possible scenarios you can conjure. You'll learn how to use the feature better than if you merely read the manual, and save yourself a lot of sleep.
As far as training Cisco's is very overwrought, and is at least half sales pitch.
Someone had to do it.
As with many, I question the "star programmer" bit but that angle not withstanding. Take you're budget and hire a consultant. Position yourself as supervisor to this group. Mean while if you really are a "star programmer" go look for another job.
Two of my imaginary friends reproduced once
The last sony network team didn't do too good!
Since you have an unlimited budget, get certification from Microsoft and Cisco. You might actually learn something, and it makes you more valuable at performance review time (valuable to your current company as well as potential new employers).
I'm curious--and jealous--as to how the OP landed this gig with no experience.
Sent from my iPhone
Talk to your manager/director/ceo....whoever. Try and understand what it is they require of their network, what are your real deliverables on this project? What problems are they trying to solve. Find out what your budget really is because unlimited sounds a little vague. Get a project plan together and determine what is you actually need to do. Hire some expertise to help you with the technical aspects of the project. Throw away your books, you need to manage the project and that means hiring the right people to carry out the tasks and reach various project milestones. You will be too busy managing these people and keeping the project on time and on budget to really waste time learning all aspects of network administration. There is no shame in contracting out aspects of the infrastructure (maybe you keep maintaining servers in house and contract out switches, routers, firewalls etc etc). You sir are now a project manager, not a network administrator. Good luck.
I'd recommend splitting the workstations up by division and putting them on separate VLANs. Why?
1: The guy in HR runs a Trojan which phones home. Instead of nailing the complete company, it only nails his department.
2: Be able to comply better with Sarbanes-Oxley. For example, I'd probably put machines in Finance on an isolated network that isn't connected to the outside world, but have some Citrix or Terminal servers for Web browsing. This way, internal stuff can't make it out even if boxes do get compromised.
3: You want your IT guys to have access anywhere, but other departments not to be able to touch servers that are internal, such as the TSM/NetBackup/Networker box.
Oh, and the OP better think of other things other than just basic connectivity:
IDS: You want to see where the nasty 0-day malware infection is coming from.
IPS: You want non-zero day malware infections stopped, or the guy who thinks he is awesomesauce and is running nmap dealt with.
Site blocking: Depends on the corporate culture. Pr0n blockers may be needed, or just something to block the rogue sites used for phishing, or known botnet C&C machines.
SSL interception: BlueCoat may be needed depending on what rules/regs/contracts are put in place.
Transparent proxy to ask for a username/password before Web access is granted. This will help with keeping malware from phoning home, as well as provide audit trails (which are needed in some businesses). Other places don't need this. It is all up to the corporate culture.
Just having connectivity is just a tiny part of the entire picture. You have to have security and the ability to have software automatically isolate machines.
oops, I posted that anonymously...
Cheap storage VM.
...is a great resource, if you only ever want to work with Cisco products.
There doesn’t seem to be many serious responses here. My recommendations
Find a consultant who 1) knows his/her stuff, 2) you trust, and 3) is willing to sit with you and explain what they are doing, why they are doing it, and review your work when you make changes (preferably before the changes are made). You don’t want to be learning from someone who is wrong and you will need someone to fall back on when things get really hairy (and they will, I promise). You also need to set expectations with the consultant early. They need to understand your intention is to manage the network yourself and not rely on them 100%. Consultants often are reluctant to release passwords to someone if they believe you will only screw stuff up and then likely blame them for the failure (though not to imply that a consultant would ever forcibly withhold passwords). They need to know up front this will be a dual-managed environment and have an accurate understanding of your expectations of them.
I highly recommend a few structured professional training courses. Go to their training facilities for the classes (minimize distractions while learning). Wait till you are a little more experienced before trying online at home courses. For intro level network stuff, nearly any vendor will do. Pick one and roll with it. Just don’t get too caught in certifications. They are great and all but won’t give you what you need to run a network. You need *practical* knowledge. Save the certifications for when you want to leave this job.
Consume any information you can: books, podcasts, YouTube How-To’s, etc. Just remember, trying to find time during what will soon be your very busy schedule to read books and play in your lab will be tricky. Hence the structured professional training above. CCNA books are considering to be a good starting point. Just remember, these only teach fundementals. When it comes to "how will this router react when I make this change", those answers take time and experience to learn.
As for the lab, get a minimum of two switches, two routers, and two firewalls. They should match or be smaller versions of what you have in production wherever possible (if the lab doesn’t closely represent production, it won’t help much when you try to reproduce problems or test solutions). This will give you enough to build most typical network scenarios. Beyond that, it’s a crapshoot on lab gear. When it comes to hardware vendors, buy what fits your need. I don’t personally care if it’s Cisco, HP, Brocade, or Bob’s Networking Stuff. I would encourage keeping the total number of manufactures low in order to maintain manageability but which manufactures you choose is a business question only you and your company can answer.
The less you talk, the more people hear you say.
You learn server administration and networking by doing, in particular, solving problems. You learn architecture by knowing what was done wrong in the past, and not doing it that way.
Use your unlimited budget to bring in a contractor who has a ton of experience in the field. Learn everything that you can from them while they are available. And make sure everything gets documented.
The only thing worse than a Democrat is a Republican.
This is true, I see all kinds of expensive recommendations on here, some reasonable ones and some crazy ones. You can can the same performance at a quarter of the price if you hire a competent Network Admin. And spending 4 times as much doesn't guarantee you a good network experience if you don't have a competent Network Admin.
At the very least you should consider hiring someone to look over your shoulders, there are all sorts of pitfalls and mistakes you can easily blow $10k on if you are new to the game. Of course you have to hire someone who isn't looking to butter their bread on both sides, sometimes difficult in the world of IT consultants.
Cheap storage VM.
As someone who, thankfully, went the other way, here is the only advice I can give you.
"Down, not across."
With such modest setup (~ 100 hosts), if You're a real programmer, then You should be able to handle it easely.
Task 1: learn how Ethernet technology works (for example: what a collision, why frames have certain length, why there are no crossover cables for gigabit ethernet, how 802.1q and 802.1d works). Some historical knowledge won't hurt it will give you solid bases and intuition valuable for troubleshooting.
Task 2: learn how IPv4 work, specifically stating routing. You must become proficient with netmasks (not only those containing 255's and 0's), broadcast addresses, RFC1918, NAT, TTL, and so on. At this point You do not need to bother Yourself with such things as multicast or dynamic routing.
Task 3 : learn protocols and related tools supporting IPv4: ARP, DHCP, ICMP
Task 4 : learn IPTables (this is an arbitrary choice of mine, but I like it).
Those are not steps but tasks that can be performed in parallel.
By preforming those tasks You will discover other topics of interest.
Once You are good with all that, refrain from over complicating things (read my other post:http://slashdot.org/comments.pl?sid=1244813&cid=28091781)
Given the environment and the job title, I'm guessing that you will be responsible for both servers and the network. I would start out by hiring a local network consultant to review your LAN/WAN requirements and suggest a packaged solution. Given the small number of devices, this should take no more than a few hours consulting time. Meanwhile, I would start taking OS classes (Microsoft, Unix, etc.) and/or perhaps a BootCamp.
While it is cool to learn networking, if you are in charge of the servers you will need to understand how to configure, administer, back-up, and recover these systems. Since the network won't change much once configured, you are better off focussing on the server side. Once you understand the server side, you can then start playing with networking. Honestly, with the size of your network, you aren't going to get heavily into network engineering.
If you are truly interested in the networking side vs the Server side, then you should focus on getting a CCNA/CCNP and finding a job in a bigger company. Then again, your company could be one of the few that is poised for explosive growth.
Good Luck,
David
Bestbuy has ALL the hardware your need. Buy linksys or dlink or netgear. Oh, and their off the shelf computers are great too. remember lots of harddrives, that's important for a good fast server... So get some of those external cases and a bunch of USB hubs. Spindles = Good, for some reason.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
You can learn to do this, but it will take years. You need someone who knows what they are doing now. Go hire someone and have them teach you.
Personally I would go with Cisco, I've found them to be more reliable and easier to get the info you need troubleshooting wise. Juniper is Ok, but depending on the equipment, not as reliable as Cisco. Course wise there are plenty from tech colleges to dedicated courses from VARs, all though they tend to be somewhat more costly.You haven't explained what kind of network, ie. is this a flat topography? typically all vlans, layer 3 routing going on? it's sounds like a rather small network. If it's pretty flat then focus on the switching mostly for learning, routing is another level and could cause you a lot of headaches, both in design and troubleshooting. Then you have to throw in network security, firewalls,IPS/IDS, no matter how small a network, you will need these. It's a lot for someone to learn right off the bat, but should be doable after a few years.
Pick one desktop vendor
Pick one server vendor
Pick one storage vendor
For the desktops get a remote administration client and an enterprice antivirus/antispyware client on them if you want to get any other work done.
Lastly pick an authenticator, either MS AD, or LDAP backend and be consistent.
All that stuff is a Sysadmins job, not a NetAdmins job. No they are not the same thing.
Document everything you can.
Backup configs, make sure you save them frequently when things are working.
Get a good network management/monitoring package which uses SNMP to monitor the equipment.
Take as many classes and training sessions as you can.
Purchase vendor support for equipment. Cisco TAC is invaluable when the excrement hits the oscillating device. When the network is down, and the boss comes into the server room to ask when it's back up, it's much more comforting to hear that the vendor is helping you investigate the issue than to hear you have no idea what the problem is or when it might be fixed.
Build a lab to test/learn new protocols/ways of doing things. Have a couple servers in there, as well as the same type or smaller versions within the same family. If you're running Cisco 3945 routers in production, a lab with 1720s running 10 year old code doesn't help you troubleshoot production issues or test code upgrades.
A good podcast which covers CCNA/CCNP level topics with examples:
http://www.ciscohandsontraining.com/
How to backup your devices:
http://www.shrubbery.net/rancid/
Netdisco, good tool for network discovery and host tracking
http://www.netdisco.org/
Join and read network mailing lists. NANOG, Cisco-NSP, Juniper-NSP are a good place to start. http://puck.nether.net/mailman/listinfo/ to subscribe to several of those.
Beyond that, good luck. Speaking as someone who has been doing systems/network administration for close to 15 years, you will learn something new every day. If you don't, you're not trying hard enough.
This sounds like a tall order. I'd be scared. Buying equipment is not going to fix anything. You've got to learn the existing network before you can make educated purchases. From the scope of the network you describe, here are the basic things I think you'll need to learn about.
Learn about routing. Subnets, CIDR, the differenec between a subnet mask and a wildcard, the difference between static routing protocols and dynamic routing protocols. Default routes. Policy based routing. Observe and document the different subnets you see in your network, figure out their purpose. Look at the default gateway of the clients and the servers. Figure out what device that represents. If you have only one subnet, your network is probabbly to flat. I'm guessing you have at least 2 or 3. Make a diagram.
Learn about VLANS. Tagged VLANS (802.1q), Cisco VLAN discovery (if applicable). I prefer Brocade equipment for switching / layer 2. But I digress. What VLANS are in each switch and how do the physical wires correlate? What subnets run on what VLANS? If you have fiber, you have another heap of things to learn about. Learn how to make an ethernet cable.
:-)
Learn about firewalls. iptables (if Linux), ASA / PIX if Cisco etc.. Learn the difference between access-lists and statefull firewalls. Learn how to add rules to whatever firewall you use. What networks route where and what firewalls are between the networks?
What are the single points of failure? Learn to deal with those single points of failure. What are the entry points? What software is everything running? What are the link speeds, where does traffic go, aggregate and split up?
Gather all the contract information for your equipment. Make a printed list of numbers for who to call about what. Seek consultation to fill any uncovered gaps.
Look into graphing software with auto discover. PRTG is wonderful and not that expensive.
In my experience, things don't usually break. When they do it's because:
A.) Someone touched something.
B.) The power went out.
C.) Someone touched something they were not supposed to.
D. ) You ran out of capacity (in a hard drive, on a link.)
E.) A server got overwhelmed.
Lastly, make sure everyone does their Windows updates
1.) If it's not broke, don't fix it. Why does this network need "rebuilt?" What's not working?
2.) Make sure you can put it back exactally how you found it before trying anything.
3.) Never, ever, make a change at the end of the day, or on a Friday. Come in early, real early, for big stuff.
4.) Listen to your users. If they say somethings different, it probabbly is. Take everything seriously.
First, write two letters...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
There are a lot of variables so some answers may or may not be relevant, but take what you can use and discard the rest. I had exactly the same task set before me excepting the lack of network knowledge. I did have a lack of knowledge of their network however. 1. Look at the current points of failure. Often if you inherit something in dire need of an overhaul if you touch change or modify or fix one thing, you will break something else. It could be roaming profiles in the Novell network failing due to bandwidth bottlenecks. It could be the m0n0wall BSD that was incorrectly implemented and allowing SQL queries from the outside. It could be the fact that they are running Small business servers licenses and already have over 100 machines and employees. These are some painful memories.... 2. Take a serious look at licensing. Do you have Open Value? Are you running pirated versions of Windows 2000 and Adobe Acrobat 6 standard on every machine? Make certain you factor the costs of actual compliance in when you make a ledger of what the complete costs are going to be during the overhaul. If the company has never spent money on licensing in the past expect a shock and horror response when you tell them about how the BSA works. 3. What are the possible upgrade paths with current servers? Are they running outdated GroupWise, and they want Exchange? Good luck migrating to Outlook 2010. Are the backups working? Are they backing up the relevant pieces? Are they backing up to tape? to the cloud!? To a desktop in the corner of the Accounting cubicle? 4. If you decide to implement new servers: What is the current state of AD? 2000 2003 native? 2008 etc? You might have trouble upgrading the AD level depending on the desktop OS versions. You may need to have a contingency plan for mass desktop upgrades. If you are doing a complete ground up overhaul, be aware that you may be a good candidate for VMWare servers, and Citrix VDI/desktop solutions. Make a list of the Apps you use that will not work over a virtual desktop. Auto CAD, Photoshop, AVID. Any lag in the system and they will hate you. Don't screw it up. Make certain the SAN you buy in that scenario has enough i/o to work effectively. 5. As for the core network upgrade. Rerun the entire network with Cat 6 dual runs. Double them up so there is a lot of room to move, and be prepared for growth. Gig switches absolutely. They don't need to be Cisco, Juniper is great too. Perimeter security: leave that to an expert. outsource to a reputable a responsive company. You are not a cisco expert. nor will you become one over night. You can learn how to support them and do minor configurations but CYA. If you are investing in all new telephones, VOIP and POE be careful Cisco to be supported will need an entire core of all Cisco. (Hidden tax) Don't go go low end don't go high end, don't get a system that has a million features you won't ever use. 6. I'd suggest not reinventing the wheel. Get a powerful mail server with lots of room for growth. Make certain you cover your ass with a solid and effective back up system. Standardize hardware. 25% a year get a refresh . Full cycles every 4 years. Look at inboxes and email usage. Employees want to use it as a filing system now. Be careful who you piss off. In my scenario, there were no email inbox cap sizes or message size limitations. Try to transfer a 8GB GroupWise inbox into Exchange or anywhere, you'll see how corrupt the files really are. You might learn people get really upset when you tell them they can't run as local admins any more, Watch their indignation when you explain to them they can't install pirated software or the version of Photoshop their cousins friend gave them. They will be mad at you when you explain to them that just because you bought a new mail server that they can no longer email 600mb videos of them skydiving to the their friends in the company. When they hear they are getting a complete system overhaul they think it will mean that they can send bigger files, store their itunes collection
Small company and you have an "unlimited budget"? What the hell man, did you start working for a drug kingpin or something?
Might want to take a closer look at the books before staying there...
No, no, not those books...I mean the other set of books.
I've been a Network Admin/specialist for over 8 years and now at a Sr. level with a large global company. Honestly, you are not ready or equipped no matter what you buy hardware or book-wise. The reason is that Networking relates to almost nothing except if you had previous telephony experience. There is a lot to learn to even crawl, WAY before test labs and equipment. My suggestion would be to start with Network+/A+ to get some background in general hardware and networking. Then do your CCNA and probably starting with the easy track. At that point you will have touched some gear and have some idea of what you are doing, that is also a solid 6 month or so commitment alone. IMO, though, I would probably steer clear of Cisco for the actual products and possibly go with HP (cheaper and life support) switches. I have used Alcatel, Juniper, Cisco, and even Dell depending on the needs and fit.
Here is the next part of the issues though... security, addressing, VLANs, port bonding/aggregation for VMs, and even cursory knowledge of troubleshooting, punchdown tools, cabling standards, local code, etc. You WILL get most of this horribly wrong. You will have massive amounts of downtime, you will have angry users, you will have catastrophic cockups... all of these things can become very complex very fast.
Honestly, my suggestion would be to get more into the systems side if you have the interest and slowly learn networking. If you believe you truly love networking, you will be certain if/when you pass net+ and CCNA... or you will realize you have no interest or passion for it and have some good knowledge under your belt to work on the systems side.
http://teasphere.wordpress.com - A little spot of tea
One place I used to work at had everyone on the same subnet. The QA team started seeing strange things with their QA systems. It turned out the devs were trying something new on the server side of things and were spamming the network with garbage traffic, causing chaos for the QA team. A few weeks later the different depts were all on different subnets.
I found CCNA classes extremely helpful in learning how to manage networks of all sizes. The best part is that you have a budget to buy the stuff you need to practice and the opportunity to play around with the stuff you learn in class. I'm not sure where you're located but this link might help get you started. Good luck! http://www.cisco.com/web/learning/netacad/course_catalog/index.html
Now they have a skilled programmer and net admin. Except pay probably hasnt doubled but your workload most likely has doubled.
Buy lots of coaxial cable and a bunch of BNC connectors.
Anyone that trips on the cable and knocks the connector off their PC, fire them.
build skynet.
make sure your up on the latest Client/Server technologies.
Find a consultant to help with both upgrade and initial maintenance, not only will they take a big load off of you initially for the proper setup, they can teach and show you what is applicable to YOUR network, and take the blame if things go wrong down the road. Full Disclosure: I'm a network consultant. PS. Do you want my card? I like the sounds of unlimited budget :P
Dear Slashdot,
After many years as an expert carpenter, I've found a need at my current employer for a plumber. I've made extensive use of plumbing in the past both for input and output and know I can handle the work. Many of the concepts are the same between carpentry and plumbing (i.e. cutting things and joining things), so I only need to brush up on the mechanics of how to do it. The pipes in our current building are all old and leaky, so we want to replace them. I have been given an 'unlimited' budget for pipes, tools, etc to set up a small toilet in the basement and after that I plan to replace all of our plumbing. What tools and materials should I acquire? What books should I read? Should I take classes?
The "Preview" button ate it all after you clicked on it. ;)
First: learn about networking generally. In your case I'd recommend the Doug Comer/Dave Stevens Xinu networking books, volumes I and II, but a lot of folks also like the books by W Richard Stevens TCP/IP Illustrated set. The Xinu books, particularly volume II, have the entire source code of a straightforward impelementation, which is really good if you're a person who reads code well.
Then pick 2 network vendors you like and learn how to configure their gear. Probably start with whatever gear you have now; it may be perfectly serviceable if setup properly, or at least usable as a corner of a better network design.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Google "networking." Seriously though, since "unlimited" budget in my experience usually means "nonexistant," I'd have to say pfSense and OpenVPN ftw. If they are that small there is no way they can really afford to give you a limitless budget. What exactly is running on these blades? Any specialized software? What kind of business is this? How is the wiring in the building? If you want to build a network for a business, you need to understand what they need to do and find the most transparent way to let them do that. You should also google "networking."
Deploy Juniper products where you can. Commit confirmed alone will help keep you sane.
You mean the firewall vendor that can't even get passive FTP right?
http://www.google.com/advanced_search?q=juniper+FTP+ALG
Please help metamoderate.
I learned how to do this the hard way, by screwing up a lot. Here are some rules:
#1: Always have a fallback plan. Assume that every thing you touch will literally explode in flames and kill everyone near by, and have a plan to return to the old stuff. It will cost more to do it that way, but being able to fall back to something that's worked for years will cost a lot less than the network being down for days while you have no idea how to fix it.
#2: Test, test, test. And then, test some more. And assume that you have only tested 1/10th of what the users will actually do. Pick out two users to help you test: the best with computers, and the worst. Between them, they'll find the stupidest and smartest mistakes you miss.
#3: Complain a lot. Seriously. Complain about what a pain in the ass stuff is to do stuff, and give examples. But show consistent progress. Nobody will have any clue what you're talking about, but they'll get the idea that you're working hard at it, and that you're succeeding. The biggest issued I've had was when major projects went off so smoothly (because I was well prepared) that nobody noticed the work that went it to it. After getting a COLA raise after a two year project to build a mission critical WAN, I learned.
You say you have unlimited budget - just buy Novell back from Attachmate. There will certainly be one or two knowledgeable guy who could run your network for you.
For giving you such an amazing advice for free, may I suggest you keep Novell suing SCO out of their pants?
...a stunned silence fell upon the hall.
Classes are great for teaching "theory" to "practical people" because the "theory oriented guy" teaching the class understands what "trying things" means in his particular domain. I'd imagine you've used some calculous for work on occasion, but presumably you'd never have sat down and just tried things involving integrals.
I'd expect all those system administration courses are designed for people who don't know soo much about computers, but need some elementary networking theory before they'll become remotely competent administrators. If this guy's a developer, then he's likely already seen anything those students would find "theoretical", meaning he's already well set up for "just trying" more practical stuff.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Someone has already suggested Tannenbaum's book. "Computer Networks"
I worked for 3 years in a MS shop supporting MS systems for clients, I attended classes and earned my MSCE. All of the classes which I took for MS were centered around 'go to this menu' 'click this' 'entered this'. Yes I could set up networks, VPN's, servers, but I didn't really start learning the nuts and bolts until I started working for a company that supported Linux servers.
Once you understand the basics from Tannenbaum's book then you might go to 'Wireshark Network Analysis' by Laura Chappell.
If you have time go to 'Linux Firewalls' I used Ziegler's book, but there are a number of sources. On your network you may want to try and setup a muilti-homed linux system protecting a linux system. You can learn a lot about how a computer handles packets by setting up a server with iptables and adjusting it to allow certain packets or to allow only certain services. Also look at studying Computer security and security tools.
Switches, You should look for switches that will allow you to monitor ports on the switch. If you only have a 100 computers on your network they may not allow you to budget for a network analyst to come in and analyze your network if there is a problem.
Look for any tools, such as Snort or installing a computer which can tap into your internet traffic, that will give you a raw eye onto what is happening on the network. Nothing is worse than having a network problem with multiple computers on the network and being blind.
You will still get to use your programming skills, there are few programs which offer exactly what you want or need to monitor your network and your computer systems. Eventually once you know more about what you want, then you can take results from other programs and craft your own system with reporting tools.
To prepare you for this, imagine you have just been given a new position within the company where the previous programmer has left the company. You have an application which he has built up and put into production over the last five years. You are now in charge and there are no comments on the code. Your first ethernet card failure will be like your first bug. Same for switches. No one told you they could fail like that. Welcome to Hell.
Seriously? "Maybe 100 machines" and people here are advising you to run for the hills? Can I send this: Diagnosis to all of you? (Don't worry, it's not going to bring the internet to it's knees).
I hope you *insisted* on getting some kind of compensation for OT.
The job will eat your life - if you let it.
Read:
TCP/IP Network Administration - Hunt
Essential System Administration - Frisch
The Practice of System and Network Administration - Limoncelli
Is the current system seriously broken?
Did the previous admin leave any useful documentation?
Learn the difference between Support (Administration) and Development (Programming). The best you can do in Administration is put things back they way there were before they all broke so the users stop complaining or at best make small and slight improvements to a screwed up systm. Your job as administrator is to deal always with problems and very little time is devoted to improvements. In Programming you fix or improve applications or build fresh new ones. Go back to Develpment if you still have a choice.
Study
Otherwise if this is a bottom-up approach to learning networking and server administration without any previous hands-on experience with servers and managed switches then start with the certification tracks and books because they are well planned out, have plenty of books available, have training classes or web instructions. Get books and materials for CompTIA A+, Network+, Server+, Inet+, Security+, Linux+ since you can learn these generalized topics quickly and easily and at least be introduced to very basic ideas and terms that you never had to deal with such as RAID, iSCSI, LUN, VLANs, trunks, aggregated links, routing, CIDR, OSPF, core, edge, etc. You can skip the CompTIA tests for those since they are not really worth the money anymore with expiration dates.
Move onto Cisco CCNA for more in-depth networking and one of the CCNP specialties for advanced topics. Touch some Microsoft and Linux server admin certs because you'll need to understand the servers and how they actually function and comminicate on the network to plan out your setup.
If you have a chance look into SANs (storage area networks) and expecially iSCSI (i.e. Storage over Ethernet) because you will have to support it now or very shortly. Fibre Channel also while you're at it, learn zoning, provisioning, find out who Brocade, Qlogic, and EMC are.
Also be sure to learn about Wireless networking using Enterprise level products and access points because that can get difficult quickly when it comes to proper setup, authentication, RADIUS, encryption, WPA2, TKIP/AES, certificates and auto-enrollment.
Vendors
Blades - HP, Dell, IBM, Cisco
Switches - HP ProCurve, Juniper, Cisco, Netgear, Alcatel
Servers - HP, Dell, IBM
Recommendations
Network - 10.A.B.C/8 for your network. A=site or core segments, B.=floor or edge, C=each subnet. Use /24 as default mask for 254 hosts and /22 for larger special subnets for terminal servers, virtual guest farms.
DMZ - NAT your public IPs to a dedicated DMZ VLAN, firewall it from inside with static explicit per IP and Port rules.
Vendor Systems - Segregate on seperate VLANs or subnets since you don't own or control these devices. Firewall from Production.
Production Network - Keep small /24 subnets, edge to core (i.e. like a pointed star with center as core or multipe stars joined at core)
Workstation Network - VLAN and keep subnets small and logically devided by physical barriers, floor, building, site, etc.
Server Network - Try to keep server types separated on their own VLANs and subnets and concentrate them physically and by switch/card. Separate unlike and strage servers, applicances, vendor boxes away from regulat servers.
Backup Network - Physicially separate the cables, switches/cards for workstation and server centralized backups, (Symantec/Veritas NetBackup).
Wireless Network - Firewall and separate on VLAN
Virtual Server Network - Dedicated VLAN and get 10Gb cards for switches and servers/blades.
Storage Network (iSCSI) - Dedicated cables, switches/cards.
VoIP Network - Separate VLANs & inter-switch trunks to keep away from all other traffic, separate switches/cards for sure.
There are many more suggestions but at this point I'd have to start charging consulting fees. Find people to help you and pay them well.
Good luck!
That is easy.
1) Buy 3x 48 port Cisco 2960's will give you more than enough ports with some expandability (3 x 48 = 144 - 3 (for uplinks) = ~141 ports for devices) at a decent price, especially if you can get on some kind of discount contract (such as state price, etc.). Layer 3 switches are the way to go. Configure the switches inside a single vlan (unless you want to get fancy).
2) As long as you are getting an Ethernet hand-off from whatever ISP you are using (fiber seems unnecessary for 100 devices), get a Cisco ASA 5505 with the UNLIMITED license (ASA5505-UL-BUN-K9) so you won't have to deal with user licenses or if the network grows past the limited licenses. 5505's are perfect because they are super cheap and provide most of the functionality of a higher end model like a 5520 but are mostly just lacking GBIC slots for fiber handoffs. The ASA will act as your firewall, and allow for remote connections using VPN (using Cisco's awesome AnyConnect client). Follow online instructions for getting ASDM setup for the ASA so you don't have to deal with CLI and can do straight GUI configuration (very handy if you don't feel like learning to program an ASA from the command line).
3) Configure a simple network (with only 100 devices you can get away with a /24 mask on whatever subnet you use (255.255.255.0 mask). If you want you can go 255.255.254.0 and give yourself some extra breathing room if you think the network will grow past 254 unique devices. Configure your DHCP server (or whatever will hand out addresses for DHCP) to leave a range for static IP's that you will set on your servers. Workstations can pull DHCP as long as you have an internal DNS server so that people can remote to their desktops via the computer name. If not, then you'll need statics on your workstations as well for remote desktop.
4) Depending on your needs, you can add a few wireless access points to the mix as well to blanket the area in wireless. Preferably I like to use a controller (I use a 5508 @ work) but that might be overkill for you since you'd most likely only need a handful of access points. Although a 4400 with support for a limited number of AP's would be nice and on an "unlimited" budget, managing it is cake with the controller. Anyway, get the CIsco 1142's, esp if you go the controller route, since they can come with the LWAPP (Lightweight Access Point Protocol) enabled IOS image already on there. Don't forget to consider power/ethernet drops to where you will be placing the access points, and do a wireless survey with a test unit and a program like inSSIDer to gauge distances between where you should place them for maximum coverage.
I am a network engineer for my day job, and 1 of only 2 people who manage and maintain an enterprise network of over 5000 devices and ~8000 users. While we are stretched pretty thin, we manage to take care of that account and still have time to do things on other contracts (we are contractors), although there is a separate IT help desk staff at the main location to deal with specific user issues and workstation stuff so at least we aren't removing viruses and crap like that.
I did go to school for it (Bachelor's in Network Engineering) and got certifications, but really unless its a huge enterprise network there isn't much of a learning curve beyond the CLI commands and maybe wrapping your head around some ASA/Firewall stuff (NATs and Access Lists will be your main nemesis). Especially if they are giving you an unlimited budget, you can take a few classes to get the basics down ("Networking Fundamentals") and go from there if you are more comfortable having some kind of founcation. The biggest thing is getting used to the syntax of programming a device via CLI, and if you were a programmer you will most likely pick it up fast. If you can get your hands on a couple switches to play with, between that and Google you will be able to setup a fairly simple network to provide all the services I menti
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
This must be a hoax message - either way the post and subsequent comments have made my day. Welcome to hell.
I would tend to agree with that, except with the subnetting. I have seen a lot of people have problems with it. Of course, being a programmer gives you a leg up, as you have probably dealt with binary and Boolean before also.
If you do you'll always end up with FOSS (Free and Open Source Software) solutions and love your job. Either that or you'll end up with too much stuff that doesn't work and you'll hate your job.
That's the problem with this line of work. More than anything, sysadmins love stuff that works and it's often the grubby little details that make all the difference. However, it usually doesn't work out this way for them. If you're serious about your job, it won't take long before you to realize two important things about the world you live in:
* Commercial software companies just want your money
Unfortunately, it's not just about selling licenses (if only that were true): it's also about limiting the customers in what they can do with the products after they buy them. For instance, they typically use proprietary file formats, databases and protocols so that their products do not work with those of anyone else except their own, or those of their choosing. They call this "being competitive", but it's simply about limiting your choices so that they can steer you (the consumer) in whatever direction they want. They don't care about helping you to get everything to work they way you'd like, so functionality is severely limited. Basically, these companies just want your money, and preferably as much of it as they can get.
* FOSS developers just want things to work
These are the people who are on your side. They're just like you: they dream of systems that do everything you want and of users who are happy. Your system should be like that box of Lego blocks that you played with when you were a kid: everything fits together, even if now things are much more complex. This is accomplished by using open standards for file formats, databases and communications, as well as by providing the source code for the software.
What this means is that your success and happiness will depend on how much you can limit the use of commercial software in your network environment. Unfortunately, the average user (including your boss) has zero understanding of these concepts. Instead, their choices are much more likely to be influenced by a complex combination psychological factors, such as the marketing efforts of the big commercial software companies, their own limited experience, the advice of their favorite vendors and sales representatives, their desire to avoid learning to work with anything new, and even what their friends think they should do. In other words, unless they really respect you, your advice will not be taken seriously. Instead, they will likely tell you what software to work with and your efforts will ultimately be frustrating, the results disappointing. However, if you're lucky and good at explaining, maybe your boss won't blame you too much for the results.
Pretty much the same thing happened to me back in the late 1990's. However, I had a very good background in hardware (my first programming language was a soldering iron) and I am a graduate engineer. If you learn fast and don't believe too much of what sales weasels tell you then you might be all right. Being very comfortable with both hardware and software is a real advantage since it gives you a perspective from both sides of the great divide. Don't focus too much on any one vendors "solution d'jour" but try to understand the real principles behind what you are doing. The best example of that I can think of off hand is if you know what a Netmask REALLY does in the hardware and think of it in BINARY then you never have to memorize silly rules about how to figure out what one needs to be. Hint -- study the XOR function and realize that an XOR gate was and is a piece of hardware. It took me several months of intensive study (mostly nights and weekends) to get up to speed and I never really stopped learning. The only formal training I ever got was a three day class on the Firewall we were going to use and that was well worth it, since it got me started thinking about how EVERYTHING had an effect on Network Security -- It also got me another hat a few years latter as the Network Security Officer. Now, for the downside. Networks are utilities and the only time your work is REALLY noticed is when the network is down. As a network administrator no one notices if you do your job right -- outages just never happen. When things do happen, however, they are ALWAYS your fault and you ALWAYS take far too long to fix them -- even if it is 3am in a blizzard when you had to come in and do it! Good Luck
So you want to be a sysad eh? Well there's only one good sysad and that's the bastard who has become one with the bastard.
First your going to need a small wad of money, cause your going to want to own the network, not work for it.
To get that wad, I suggest lawnmowers, chainsaws, trimmers, edgers, roto-tillers, backhoes, and trucks, don't laugh, just do it, knock door to door and get jobs until you make a name for yourself.
Work and Try to get a General Contractors license.
You have your wad of cash and you still want to be a sysad.
No you don't. Not yet.
Learn Lockpicking, Survival, First Aid, Electronics, Transmitters, Receivers, Gardening, Pipe Fitting, Drilling, Trenching, Soldering, Engine Maintenance, Electrical Power Distribution, Load Control, Basic Business and Law. It helps to know lots of math, lots of on the fly scripting, if you can program yourself out of any problem, your close to being ready.
Your actually starting to live like a king now and you still want to be a sysad,
But not yet.
Start investing in precious metals like gold, silver, copper, learn to read world events. You'll need a pistol now.
Start studying international corporations, how do they work, where does their money come and go to, what does their infrastructure look like, where are they located, is it close to your resources, or too costly to do a TDY? Sell some excess tools, tech, on eBay, take a vacation somewhere exotic. Make connections, friends, people you can sub-contract and trust to get things done because they're independent and fast.
Learn photography, cameras, surveillance, audio mastering, streaming
Make a few plans for networks. Make friends with Senators, Congress, Chamber of Commerce, pnac, aipac, cfr, rothchilds, bilderbergs, DHS, cops, and sheriff.
When you finally do find a target, tear it up. Your ready for nearly anything.
You could be the one who pulls a national psyop. A bastard you are now!
I went through a similar process. You will only survive if you work hard.
Start looking at packets now. You must eat, sleep, and breath packets to survive. Use Wireshark and TCPDump. Don't let anybody abstract away any of the layers. You have to understand every network layer from 1 to 4 before you can begin. You have to be able to think like a packet.
Physically touch and diagram every piece of network equipment. You must be able to draw a map of your network from memory. DRAW the map, verify it's accuracy and keep it in a safe place. When something goes wrong, you will forget everything and that map will become very important to you.
You can have reliability or complexity. You can't have both. Educate yourself, then educate your boss. Make sure he understands that any complexity will reduce reliability. If you can't agree on the level of reliability and complexity, find another job.
Don't believe salesmen. Cisco sales are worst. They will destroy you in a minute if it means a sale. Divide all Cisco performance figures by 3 to get YOUR performance. At your size, you should be able to mostly avoid Cisco. Avoid them as much as possible. If your network design is simple, HP and Foundry (now Brocade) switches will consistently outperform Cisco, dollar for dollar.
Don't believe vendor performance figures. Evaluate equipment based on your own measurements.
READ THE BUGFIXES for the current and previous versions of your firmware. There are always more bugs. Future bugs will tend to occur in the same feature sets that gave rise to previous bugs.
Wait till you have a year or two of experience before tackling the following feature sets:
1) Redundancy. Redundancy is Cisco slang for: "I sold unnecessary equipment to a gullible customer." Redundancy is hard. In spite of everything you have heard, redundancy virtually always reduces reliability. Simple network designs, based on simple equipment will almost always be more reliable than redundant ones. Don't experiment with redundancy until you completely understand your network. Then only deploy redundancy after extensive testing.
2) VLANs. VLANs are a simple idea that enable you to create limitless complexity. Once you start, you will not stop until you have created a network that you can not understand or debug.
3) Multicast. You are not a true network person, until you loath and despise multicast. Wait till you fully understand why you hate multicast, before you depend on it.
Surprisingly, you should not hesitate to play with IPv6 (in a non-production environment of course). Nobody else understands all the implications of IPv6. It is one of the few areas where you will not be at a disadvantage :)
Miles
Hi, My name is Peter Revill, I have a little blog you might like to visit at http://ccierants.blogspot.com
I also have two CCIE's (CCIE #18371 Routing and Switching, CCIE #18371 Voice)
First of all, I want to address the idea that there is no jobs for network adminstrators, recently the company i was working for previously had some difficulties and I left: I had more offers than I knew what to do with, I am not trying to brag, i am just trying to allay fears that there is no work. I took a voice bootcamp in San Jose and all my class mates are drowning in job offers.
So there you have it, the job market is strong for network engineers, final proof would be
http://www.itjobswatch.co.uk/
Look up CCNA and CCIE etc on that, you will see a good demand
so that's my first bit of advice, second bit of advice would be: Aim extremely high and keep going, everyone get's there CCNA and then settles, that's not enough.
Finally: So much Cisco Bagging going on here, No idea why: the fact is that Cisco realise the network is more than just a way to connect PC's, it is a platform in and of itself, converged voice video and data (Unified Communications) is a great architecture and works very well. IP can transport _anything_ and we might as well start using it everywhere. Please take my advice on this: Cisco is not going anywhere, it's in the most demand of any vendor and will always win out over other vendors when it comes to features.
I hope this helps
The Practice of System and Network Administration, 2nd Ed. by Limoncelli, Hogan, and Chalup. You've got so much to learn technically and administratively, but it can be done with time.
-- Wondering how long until the internet becomes fully corporatist, like television.
If you're serious about the unlimited budget thing, and you want to be responsible, don't try to "learn by doing" with someone's production network. Go out and hire a network consultant to help you. A consultant shouldn't have any problem if you want to be the one pushing the buttons, but you should have someone there to at least check your work to verify that what you're doing is sane and isn't going to cause any type of major problems down the road. As far as learning, there is so much covered by "networking" that you really can't learn effectively by being thrust into a position where you have to come up with something that works on the first try. You need to identify the specific areas that are important to you. A good TCP/IP foundation is pretty much a universal requirement for anything to do with networking these days, so I would recommend either getting a good network essentials book or taking a class at your local CC. A lot of the early networking stuff is memorization, I.E. what's the max cable length for the various types of ethernet, what is an SSID, how do you update the code on a router, etc. Being totally realistic with you, a lot of the early on, basic stuff isn't that fun to learn about. Especially if you're coming from the programming discipline. You'll get bored very easily. But once you start doing more advanced stuff it gets more interesting. I've always enjoyed VPN and firewall/security stuff more than configuring routers. Once you learn about VLANs and the cool stuff you can do with them, you will start to see the various ways you can accomplish a task, and you'll see where you have the opportunity to get creative with your solutions. Virtualization and storage networking are huge right now, and there's a ton of good info you can learn about them available for free online. If you have a basic, flat network, then it's not all that complicated to get something up and running. Buy a firewall to do your NAT/VPN for you, connect that to switches for your clients and servers and you're off to the races. Cisco is a good recommendation and I'll tell you why. Cisco engineers are widely available everywhere, plus you have the TAC at your disposal. If you run in to a problem that you can't figure out, you have very well defined avenues for getting help. Juniper engineers are also out there, but they're not as easy to find, and that may command a price premium.
1. Take the money.
2. Hire someone else to do it.
3. Charge the company 2x what you're paying that guy. (PROFIT!)
You see? You see? Your stupid minds! Stupid! Stupid!
Truer words have not been spoken -- especially about Cisco Sales weasels. I had one tell me that I couldn't mix brands of Routers and Switches in a network. Specifically that the 3-Com switches we had then would NOT work with their 2600 series routers. They were wrong of course.
Changing inode_bits to 64 from 32 may get ya better performance but it is a one way conversion AND nfs mounted clients don't convert 32 to 64.
Sys Admins and programmers are two completely different animals. When most of us were young we made a decision on which path to follow. The path of enlightenment, or the path of programming. If there is an unlimited budget, hire an admin.
Dead simple installations, multitude of configuration options to do most everything. Still lets you get down and dirty if you need to.
Unless you're trying to do something like server publishing or VPN, in which case it will fail repeatedly and you'll get no support from Sonicwall. Not to mention the slow, pants on head retarded UI and poorly written help files. Try a Foritgate instead. Fortinet publish comprehensive admin guides for their FortiOS and dedicated guides to connecting VPN. Easy to configure from scratch, have useful metrics and logging not to mention a command line built into the web based UI.
Calling someone a "hater" only means you can not rationally rebut their argument.
http://mj12net.org/index.php/system-administrator-interview-cheat-sheet.html
Slashdot = Sarcasm
As a former instructor (way back in the previous millennium) at Global Knowledge, I found that the Cisco classes at Global Knowledge are fantastic. I "audited" several of them and learned tremendous amounts from them. But, let me be frank. This is 2011. Unless you need hand holding or a paid vacation, video courses tend to be equally complete (especially the ones which use the Cisco course materials) and are MUCH more affordable. The budget could be spent elsewhere.
Also as a "star programmer", there are many questions you should have which could never be covered properly in a Cisco training course. I personally develop network infrastructure equipment for broadcast video over IP. As a programmer, when I hear about routing protocols, I want to clearly understand the protocols. Recently, I have been working on developing an in-house course for my colleagues regarding IPv6. Compared to the Cisco courses on the topic, it's far more compact and far more detailed. It makes the assumptions before starting that I don't need to explain hexadecimal, it's assumed that when discussing the routing protocol instead of spending ages covering drop through mechanisms, I can simply present the algorithm and it will be understood. So the Cisco theory classes are insanely overpriced and painfully boring for "star programmers".
I'll chime in on #10 as well.
Now that you're not being paid to program any more, take advantage of it. If you need a programmer for a task, hire one. Programming is something you should do for fun now. Find the open source project you always wanted to work on. And build on it. The hiring someone for a task theme is good for much of the rest of it as well. You can't be an expert on every technology. Hell, I want to be, but when it comes to the output quality of the video codec I'm working on, the girl with the Ph.D. that sits next to me is far better suited to design and prove those algorithms and I am. But I'm damn good at making them work and making suggestions as to where we should cut some corners if the math allows it. There are some things you'll have to maintain, but maintaining a mail server for example is just plain stupid. You can administer it, but outsource it if you can. Programmers have a bad tendency of reinventing the wheel over and over again. Remember, there's probably already a solution for it out there. Much of your job should be about finding the right one.
An additional issue with issue 4. If you're not only the network administrator but also the help desk, use some of that unlimited budget to get a slave to answer support requests and reimage machines. Even if that slave barely knows a thing about computers, their your front line to make sure you're not spending your time changing toner cartridges. If you setup remote installation services (or whatever it's called this week) properly, it should be possible to train a monkey to install new images on machines. In fact, I once configured a system so that GRUB was installed on a USB stick (mounted within each computer) with imaging software on the stick. It made it so that you could reinstall the image yourself by pressing 5 keys on boot-up. If the users keep their documents on the network, this is a perfect solution. Then just keep your images up to date.
The real point here, leaving technical details aside is that you shouldn't be imaging machines. I would however highly recommend you learn all you can about Windows PE and imaging services. StarGoat mentions you should buy the same machine in batches, but understand that with Windows 7, the same hardware imaging requirement is gone. Hard drive controllers are now standardized, you don't need a new driver for every machine, just a new optimal driver which will most likely be automatically installed from Windows Update. A well maintained image for desktop PCs is the key to a fluffy life.
Also, this is 2011, you can bully users into using online services for most things. So, you can use Citrix or some other type of remote solution for application streaming.
How can I filter all useless comments and leave only the comments answering the damn question ...
Definitely do CCNA. You need that. Then read all the Linux HOWTOs @ tldp.org That last one is maybe not apparent how its pertinent, but I have learnt things in there that I haven't learnt from any other book or teacher in my 8 years as an SA.
If the network is email/web for 100 non-technical office workers then just buy five £100 24-port switches and forget about it. If you are supporting 100 stock traders, or the storage/rendering for 100 3d/video editors then just hire five £100k pa network administrators and forget about it.
They gave you a network manager position when you don't know ANY networking? Who is running this company? A 5 year old child?
Send me the name of your company, I have feng shui consulting to sell them...
The article poster can do it with just about anything without a lot of trouble.
Cheap whitebox gigabit switches from two or three dozen brands crap all over the stuff HP hasn't updated properly for years unless you want to also use the switches as firewalls - and even then there is midrange stuff that craps all over HP in both speed and features.
What the hell did you do to warrant such a demotion?
You've just reminded me why I'm so happy I run a network with mostly *nix machines on it and the people using it mostly act like adults. If I had to go around chasing malware I think I wouldn't be able to handle 1/4 the number of machines on my own.
Promote yourself to the ICT manager.
Hire an System Administrator experienced with Citrix.
Hire an Network Administrator experienced with Cisco
Hire someone for first line Servicedesk
Hire someone for second line servicedesk
That will be your normal every day in house staff.
For the initial setup hire an company with experience in Citrix and with them build the new network. Make sure your own Sys and network admin work closely with the company so that knew exactly how everything works. Also make sure EVERYTHING is documented.
From my experience, someone who boasts to be a 'star' programmer usually is not one. I'm just saying...
FTP? What year is this? 1993?
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
You're a programmer - I would hope you understand a fair amount of networking, etc. You should be able to pick this up quickly. Get whatever hardware - don't buy low end but you don't need to be buying Cicso crap or something that is intended for tens of thousands of end users. Read a few books about whatever system you're going to implement (Are they running Winblows Server?), and about TCP/IP / networking and you'll pick it up in 2 minutes (bet you could read a book a day). Definitely avoid anything Windows and AD - the network is too small to even be worth dealing with how awful it is. Maybe use CentOS (to avoid paying for Redhat Enterprise, as long as you're confident in your ability to fix stuff).
Troubleshooting networks is not hard, it's the peopleshooting that presents the real problem.
you are in a twisty maze of different passages.
To Become network administrator you have to take certification from Microsoft and Cisco without it no company will take you seriously