Questions

Small office best practices

+
0 Votes
Locked

Small office best practices

raffy2946
I'm setting up a network in a small office of 10 users. I will be setting up a Windows 2003 domain with AD. Users will need access to the Internet and will likewise be connecting remotely from their homes, hotels, etc. There's currently a Linksys wireless router in the office that issues out IP addresses via DHCP. Would it be better to leave DHCP on the router or use the Win2k3 server to do this? What are the pros and cons with each setup?

Thanks in advance for anyone's input on this.
  • +
    0 Votes
    fosiul

    hi,
    i will prefer to configure windows 2003 server to serve IP address.
    because you have to enable remote and routing access due to vpn connection.

    without remote and routing access i dont think any one will be able to access to your office network.
    and for this you need dhcp configured to give ip to Vpn client.

    this is my idea.

    +
    0 Votes
    beads

    Really depends on how much your really going to be using NSLOOKUP to determine whos using what address and what the needs of the software your using.

    For a small LAN with what I hope will be two DCs plus email and everything else you could allow one or both DCs to run DHCP at a small performace hit. DCs are renown for booting up slowly and generally work much harder than their file server only counterparts. Allowing DHCP on the router might relieve some of the performance hit a slight bit but nothing to loose sleep over.

    Not having used a Linksys router in the commercial/business side of things I could not begin to tell you how the VPN may or may not work accross the network. Chances are you should be able assign VPN addresses through the router like its bigger brother PIX/ASA box does here. Check the documentation and confirm of course but I suspect that to be the case. If so just separate a small portion of addresses for VPN traffic. This will help with determining when people are on the LAN via VPN as well. So thats a consideration.

    Software. Some software packages are a real challenge to install on DHCP due to the dynamic nature of things. Two ways to view this. One would be to segregate static based machines from the DHCP addressing. Allowing for any persnickity software installs - usually anti-virus packages, etc.

    Going completely DHCP means a bit more back-end administration as I have outlined above but with some more router work to be able to find DCs. Unless of course you don't use Ports: 53 (DNS); 25 (SMTP); or NTP (Network Time Protocol) through your router to the DCs or email. These are generally static but can be setup for DHCP as well. I just find it to be more of a pain than culling these services off with static addresses.

    Conclusion? Confusion? Personally, I would go with a purely static address system limiting the address system. But, as I said above it depends on how you administer the system. I am always looking at where traffic is comming from. Logging incidents, SYSLOG, and all those other wonderfull things. If your less likely to want or need to do a great deal of checking up on the system work then go with the DHCP based system. I really believe that DHCP works wonderfully in large organizations but not so much with a smaller network.

    Here at ETSI (my company) I have 6 people, 22 devices I use static all the way through with fewer headaches than if I were to be using DHCP. ETSI is also under a great deal of regulatory compliance issues such as HIPPA, et. al. that requires me to constant auditing making DHCP more of a hassle than it would be worth.

    They both have there pluses and minuses but for the smaller network I'd still go static in this case. If I were to do it all over again with this particular network - I'd still go static if nothing else for the ease in auditing it allows me. Besides, I can always go DHCP easier from static than I can static to DHCP.

    Simple? Nope, just depends on how you want to manage your network.

    - beads

    +
    0 Votes
    raffy2946

    I will consider using static IPs. However, since there will not be a full time admin nor will there be anyone around that can administer the server quickly (in the event of something urgent) because the office is located in a tropical island resort and I am only a "visiting" consultant, I may place them on DHCP.

    But thanks for the input.

    Raffy

  • +
    0 Votes
    fosiul

    hi,
    i will prefer to configure windows 2003 server to serve IP address.
    because you have to enable remote and routing access due to vpn connection.

    without remote and routing access i dont think any one will be able to access to your office network.
    and for this you need dhcp configured to give ip to Vpn client.

    this is my idea.

    +
    0 Votes
    beads

    Really depends on how much your really going to be using NSLOOKUP to determine whos using what address and what the needs of the software your using.

    For a small LAN with what I hope will be two DCs plus email and everything else you could allow one or both DCs to run DHCP at a small performace hit. DCs are renown for booting up slowly and generally work much harder than their file server only counterparts. Allowing DHCP on the router might relieve some of the performance hit a slight bit but nothing to loose sleep over.

    Not having used a Linksys router in the commercial/business side of things I could not begin to tell you how the VPN may or may not work accross the network. Chances are you should be able assign VPN addresses through the router like its bigger brother PIX/ASA box does here. Check the documentation and confirm of course but I suspect that to be the case. If so just separate a small portion of addresses for VPN traffic. This will help with determining when people are on the LAN via VPN as well. So thats a consideration.

    Software. Some software packages are a real challenge to install on DHCP due to the dynamic nature of things. Two ways to view this. One would be to segregate static based machines from the DHCP addressing. Allowing for any persnickity software installs - usually anti-virus packages, etc.

    Going completely DHCP means a bit more back-end administration as I have outlined above but with some more router work to be able to find DCs. Unless of course you don't use Ports: 53 (DNS); 25 (SMTP); or NTP (Network Time Protocol) through your router to the DCs or email. These are generally static but can be setup for DHCP as well. I just find it to be more of a pain than culling these services off with static addresses.

    Conclusion? Confusion? Personally, I would go with a purely static address system limiting the address system. But, as I said above it depends on how you administer the system. I am always looking at where traffic is comming from. Logging incidents, SYSLOG, and all those other wonderfull things. If your less likely to want or need to do a great deal of checking up on the system work then go with the DHCP based system. I really believe that DHCP works wonderfully in large organizations but not so much with a smaller network.

    Here at ETSI (my company) I have 6 people, 22 devices I use static all the way through with fewer headaches than if I were to be using DHCP. ETSI is also under a great deal of regulatory compliance issues such as HIPPA, et. al. that requires me to constant auditing making DHCP more of a hassle than it would be worth.

    They both have there pluses and minuses but for the smaller network I'd still go static in this case. If I were to do it all over again with this particular network - I'd still go static if nothing else for the ease in auditing it allows me. Besides, I can always go DHCP easier from static than I can static to DHCP.

    Simple? Nope, just depends on how you want to manage your network.

    - beads

    +
    0 Votes
    raffy2946

    I will consider using static IPs. However, since there will not be a full time admin nor will there be anyone around that can administer the server quickly (in the event of something urgent) because the office is located in a tropical island resort and I am only a "visiting" consultant, I may place them on DHCP.

    But thanks for the input.

    Raffy