General discussion

Locked

Is a VPN the right choice for me?

By RAGEDBULL ·
I have been asked to completely redevelop an organization?s computer infrastructure. They are set up in two small offices, in two separate towns. I have heard that a VPN is the right way to go; however, I am not familiar with the technology because I usually set up end-user home networks. I need a lot of help in this area. I can go in any direction with this project, costs at a minimum. All I am starting with is that all computers in the network will be running windows 2kpro. My first question: Does this situation require a VPN? My second question: If it does require a VPN, what software-wise do I need to do, and what external hardware should I purchase to set this up (I also want each office, of no more than 20 users, to be connecting to the internet via a cable or DSL connection)?

This conversation is currently closed to new comments.

42 total posts (Page 3 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Lower Requirements

by RAGEDBULL In reply to Yes you can BUT

I made the 20 computer assumption pre-visinting the offices- they have about 6-8 there after i visited. Purchasing win 2k and win server are not involved in the cost of my project. They will be readily available from some other source.

This afternoon I read up on the whole Domain networking stuff.

Speed is not an issue for these people: They are using slow systems under 500 Mhz, and work slowly at any rate. The speed restriction from a 10/100 network will be just fine. Also, is SCSI really necceasary, while I am aware it is faster-than again is not neccesary. If i give them a regular PC with 120 gig ATA harddrive, and add some extra ports in the back for a second printer, won't this sufice? They will likely be storing minimal amounts of data on the server and the networks traffic will be mostly just web browsing.

Then, if I have 2 PCs set up as servers in each location- how can I set up one continuous domain for both offices?

Also, I believe since they do social work with medical records and such, I need the most secure network. Therefore, what routers do I need to purchase that will hold up 8 users (maybe 16 users if its not that more expensive for future expanability) and how do i set up the VPN with the server and such, they have not told me if they need to meet HIPPA regulations, but I believe they probably do.

Do you set up the server as a member of the network, or do you have the cable modem connection go into the server through one lan, than out from the computer to the router, then do the rest of the network- how does the physically set up work.

I am sorry I keep posting such incomplete information, but I am posting as I recieve more and more info.

Collapse -

I'm going from memory here as I couldn't reply directly

by HAL 9000 Moderator In reply to Yes you can BUT

But if there are any "Medical Records" being held there they must be covered by some relevant laws you'll have to look into these before you even think about offering them any form of setup.

The setup will then depend on what the "Laws" require.

Don't worry about not knowing all the details as you are new to this game and obviously haven't been told everything that they need.

Perhaps it would be a good idea to offer the work to someone else with the proviso that you are involved in the setup that way you could learn what is required but not leave you're self libel in the event of any adverse action occurring.

Col

Collapse -

You forgot that

by HAL 9000 Moderator In reply to Getting warmer ...

W2k Pro will only support up to 10 computers on a Peer to Peer network any thing bigger than that requires W2k Server which isn't at all cheap so that is defeating the original purpose as well.

As the guy originally said 20 users per site that would require a domain of some kind and the only real security needed is around the "Accounting Software" as the rest is really unimportant.

Now accepting that there are no really secure systems and the best that can be hoped for is that by the time that the data is hacked it is no longer of any use you could expect to setup a small network fairly cheaply and by following the "KISS" principal {Keep It Simple Stupid} everything that you have recommended is workable and should suffice and not require much in the way of constant maintenance or user intervention as this will just not happen in this type of organization.

But I'm a bit confused here as this guy originally said 20 users per site and then dropped it back to 6 users per site so I'm a bit in the dark here about exactly what would be required. But you always have to remember that right at this point in time Windows is far more "Hackable" than any Linux system but then again it is also far easier for most people to use so you have to balance what is usable against what is required to suit you're/their needs.

Just a word of warning here go with really good products when you supply the computers and not the cheap junk as a few $ spent in buying decent components in the first place will save you endless sleepless nights down the track, and what is really important here is used really good power supplies with any server that you build as currently I'm going to be wasting a very lot of my time in a court appearance against a large "Home" computer maker who supplied a business server where the cheap unbranded and underrated power supply failed and allowed mains voltage into the case and across the entire network.

You certainly don't need something like this to happen to anything that you build.

Oh I'm ranting again ain't I?

Col

Collapse -

Correction

by dwdino In reply to You forgot that

Luck,

You are close, W2K will support 10 CONCURRENT connections. With 12 PCs (est.), the likely hood of having 10 open sessions at one time on one pc is slim.

Collapse -

Well in a Dr Surgery

by HAL 9000 Moderator In reply to Correction

Near here thay have a W2k Pro setup with 12 units conected and a lot of the time some of the doctors can not log on but that is only about 75% of the time.

Collapse -

Best guess...

by dwdino In reply to Is a VPN the right choice ...

From the information supplied I will give my best guess as to a solution for your situation. There are still many open considerations, but here goes.

1) File/print servers: Linux
Install RH9 or Suse9 (both have served me well and are simple to use). Research and configure Samba for file sharing and printing. Connect dedicated laser printer to this server. I would recommend something like an HP TC2120. This is not an industrial workhorse so get what you need. Processor - not important. Storage - mirrored 80GB ATA should suffice (hardware is better, but software would suffice). Memory - 512MB should be plenty. NIC - any. I would also recommend an optical backup be it CDRW or DVDRW. Total system cost should be easily under $1000

2) Communications - 10/100 in office and you specified Comcast for external.

3) Router/VPN - I will stick with Astaro. Everything you need, room to grow, cheap, etc.

4) Desktops - W2K is fine. Make sure to set Automatic Updates to on, notify or auto install is your choice.

5) Place accounting software on seperate Samba share and allow only needed permissions.

6) Create home space for all users (easy, already defined in smb.conf). Connect through simple logon scripts. Example:

@echo off
username1 = %username%
echo Logging on $username1

rem User home directory
net use H: \\server1\home
if error = 0 (lookup syntax)
echo $username1 's home drive connected

rem User accounting access
net use P: \\server1\accounting
if error = 1
echo $username1 does not have permission to access this file
else
echo $username1 connected to accounting

echo $username1 login completed

-------------------------------------------------

If need be you can copy this server to both sides of the VPN (office 1 and 2), the only downside you will have to work with is making sure that the accounting software supports synchonizaton of mutliple copies.

Also, I would only make one printer on each side available to the other. That way if office 2 calls and says I will print out document1 for you, they know it will come out on printer1. Else if the printer "accidentally" gets changed, they will have to hunt down the document.

Pricelist
-----------------------
Server x1 $1000
Red Hat 9 x1 $ 0
Windows 2K x15 $1500 (can be done cheaper with upgrade disks)
Astaro x2 $ 80 (may be free if allowed to use home license)
Astaro HW x2 $ ? (donor PCs are great for this)
------------------------
$2580

Collapse -

That's pretty good

by HAL 9000 Moderator In reply to Best guess...

Although I'd personally go with SUSE rather than Redhat as they are dropping their current line soon and going with a costly alternative so there will be no more support from Redhat and if this guy has never seen Linux/Unix previously he may have a few problems.

But as I'm from AU this is where I draw the line as he did mention "Medical Records" so I'm not exactly sure what the Laws there require but I would imagine that they would be of a similar nature to what they are here so all these records will need to be heavily protected.

I suggested the he farm out the work to another party with the proviso that he be allowed to help with the design and installation that way he could learn something but not be exposed if anything was to go wrong. Most of these places want the cheapest installation possible and are quite willing to leave the supplier libel for any invasion and loss of records. This way they get a cheap installation and no liability and I'm sure that this guy doesn't need the hassle that will come about when there is a data intrusion into the system. But maybe the Laws are different over there where he is but I honestly wouldn't be betting my future income on it!

Col

Collapse -

More About Astaro

by RAGEDBULL In reply to Is a VPN the right choice ...

I want to know more about this, but am having trouble understanding it on their web site. First off, this is Linux software to be run on a linux box correct? Therefore my server is a Linux box, and with samba it can be the server for a windows network, allowing for user management across the VPN? This server will also be hosting printers and a HD for file sharing, and that too works through samba just fine between all the windows boxes? So therefore to use Samba i just buy it, install it on Red Hat open it up and it'll be self explanatory? Then if this is my server managing everything, how does it relate to the network. Do I plug the cable modem connection directly into this linux box, then connect it to a router (as the internet source?) (and which router is the best and most secure and will meet Hipaa regulations), which has all the other computer connected to it? I need to understand the entire physical infastructure, can you please explain it in a manner like this: In office A, i have the cable modem connection going to a computer, then to a router, then to the other computers and office B connects through the internet (but is secure because of the VPN?) from its LAN router to the server in office A.

I really do appreciate everyone's help.

Collapse -

Have you ever used any Linux DIstro previously?

by HAL 9000 Moderator In reply to More About Astaro

If not you are in for a very steep learning curve and everything you said was pretty well right except for the paying bit and everything being fairly seld explanatory. Remember everything Linux comes under a GPL and is downloadable for free if you want to or you can buy a copy but the main difference is that with the bought copy you get some form of support where as with the downloaded copy you're on you're own unless you count the Linus user forums that are around.

Secondly I would not be thinking of using RedHat either as it is soon being changed from the current product to something far more expensive and all support for the current product is ending that will be within a few months from now I can't remember exactly when but if you like I'll dig back through all my Linux Newsletters and find out exactly when Redhat is ending. SUSE, Mandrake or any of the others will do the job as well but the main difference between Windows and Linux is that with Linux you get most of the software with the OS install disks and you certianly get Samba as it is a necessary part of any Linux installation.

If you've never used Unix/Linux previously you will have problems as it is completely different to Windows so anything that you currently know about Windows will count for nothing with Linux. You could also go with Free BSB which is something similar to the Linux OS but without the current problems with SCO {which I personally think will amount to nothing but there are law suits being issued so it may prove a problem with some company people as they would want to avoid any legal action.}

Otherwise as you have worded everything above that is pretty much the way that you would do something like this BUT the Medical Records are a problem that will have to be looked into to at the very least cover you're arse to stop any form of legal action against you which I'm sure you can not afford.

Col

Collapse -

RedHat info

by LordInfidel In reply to Have you ever used any Li ...

They are just going to stop devlopment on the Free distro and will not have it available for download.

Instead they will only sell the Enterprise editions.

RedHat is being spun into Fedora. Fedora are the ones who have typically been the biggest creators of RH rpms anyways.

It's not clear if kernel rpm pckgs will be available for RH 9/8. But then again, just upgrade from source.

Back to IT Employment Forum
42 total posts (Page 3 of 5)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums