Networking 101

laurel7172

Since a colleague left six months ago, another colleague and I have been babysitting our network, with the hard stuff done by a freelance technician.

The freelancer has now given notice, and the boss seems reasonably open to the idea that although training the two of us ( willing but currently out of our depth) as network administrators would be expensive, it's still cheaper than hiring another member of staff.

We're currently a Viglen network on a single site (about sixty workstations), but shortly to move to a Windows network across two sites (separate servers) and 100-120 workstations in total.

In terms of training, where should we start? We're both reasonably numerate, bright and handy with a PC, but no systematic network expertise should be assumed! I've read that CCNA is the baseline qualification, but is that only for Cisco hardware??

Thank you

Ant555

My initial reaction is to concentrate on the servers and the server OS not necessarily the network itself.

Is there existing network cabling?
Who is installing your servers and do you know what they are - Windows Server 2008/2012?
Is your email hosted externally or is the new setup going to include email such as MS Exchange?
Are you running an application such as an ERP or CRM system or is it just to share files?
How are the sites going to be linked - presumably a VPN setup on your routers/security gateways over broadband between the sites.

If I asked you what the 'IP range' of your new networks are going to be and also if you know what a DHCP server is then would you know the answer?

CCNA is good general network grounding (I did it) although if you are not actively and regularly working and changing with your network setup then, in your situation, its probably not going to be good use of your time.


If someone else is setting things up then you will need to know on a day to day basis is how to change things such as user and file/folder permissions. How to perform the backups/restore files (users will not necessarily delete files but they will overwrite files from the server accidentally when they meant to rename them)
How to check the logs for errors - what is important and what isn't.

In terms of training - post back ref the above questions and we can advise better. However if its an external company setting things up for you initially then a very good use of time and resources would be to pay them an extra day or two for the techie that sets it all up to sit and just show you - he/she will see it as a very easy days work and you will learn a lot.
Take plenty of screen shots. Write things down. and if it were me then I would print out everything and keep it in a physical file.

bluesnake

Think you should get an experienced networking contractor in. 2 remote sites is not just double the work of 1 site.

If you really mess it up and get spanning tree errors, your whole network can go down and people will not be able to work, may loose and corrupt files. If all 120 people are on £10 an hour, you have cost the company £1200, miss deadlines, plus lost sales, plus catchup time too, and your manager will be unhappy with you. This is not the time to learn networking. If too much breaks, or too much downtime then your positions in the company might be compromised.

CCNA exam without experience is a bit like me who does not cook, but have eaten many meals, claiming to be a head chef because I read "How To Become World Class Chef" book and i can also quote bits from memory, even though in real life I can not boil water.

However, if you want to do it yourself, do the setup and configuration now asap, and not on the day you move. Stress test that network.

Be very aware of the most important item - the time source and let all your servers etc get their time from that one item. Hopefully your time source is a router and not windows server connecting to NTP pool on the internet.

laurel7172

Ant555 wrote: »

My initial reaction is to concentrate on the servers and the server OS not necessarily the network itself.

Is there existing network cabling?

Yes, on the current site, a multiply extended Victorian building. The new site (ground not yet broken) will have the cabling built in. Planning is not yet fully formalised.

Who is installing your servers and do you know what they are - Windows Server 2008/2012?

Decision not yet made.

Is your email hosted externally or is the new setup going to include email such as MS Exchange?

Good question. Currently hosted by an educational specialist who ticks all boxes re child protection. Service very unreliable, and change a definite possibility.

Are you running an application such as an ERP or CRM system or is it just to share files?

Share files/software. Really, we also need to be able to access files/upload planning from home-not possible at present.

How are the sites going to be linked - presumably a VPN setup on your routers/security gateways over broadband between the sites.

A secure link over broadband, yes.

If I asked you what the 'IP range' of your new networks are going to be and also if you know what a DHCP server is then would you know the answer?

Erm....no....

CCNA is good general network grounding (I did it) although if you are not actively and regularly working and changing with your network setup then, in your situation, its probably not going to be good use of your time.


If someone else is setting things up then you will need to know on a day to day basis is how to change things such as user and file/folder permissions. How to perform the backups

Doing this at present...

/restore files (users will not necessarily delete files but they will overwrite files from the server accidentally when they meant to rename them)
How to check the logs for errors - what is important and what isn't.

Thank you-good points. And, presumably, how to handle important errors?

The jobs that keep our tech busy are mostly to do with things that theoretically should work, but don't. Software that *should* upload to the server and be available to all, but doesn't. Printers that take themselves offline for no apparent reason. Interactive whiteboards that will only calibrate if the drivers are reinstalled from the original disc *every time*. And don't get me started on the hopefully-to-be-ditched email system... If I told you one year group has been without mail for *two months*?? :eek:

It is, as you say, unlikely that we will be spending much time laying cable. But we would very much like to be able to keep the network running smoothly, provide reliable printing, cope with minor hardware changes-new laptops/PCs/peripherals-and generally to be a lot more useful when bad things happen than we are at present.

In terms of training - post back ref the above questions we can advise better. However if its an external company setting things up for you initially then a very good use of time and resources would be to pay them an extra day or two for the techie that sets it all up to sit and just show you - he/she will see it as a very easy days work and you will learn a lot.
Take plenty of screen shots. Write things down. and if it were me then I would print out everything and keep it in a physical file.

Thank you for your time-it's much appreciated.

bluesnake

There are a few ways of doing this, some nasty and some expensive.

Put all the servers on 1 location and treat the system as normal. Or a dhcp server (domain controller perhaps?) on each site and file servers on 1 site. Or mirrored setup on both sites, so that if one site fails, the other site is still live, or if one server room dies, both sites still can function - disaster recovery.

***************

i would segment the network virtually in two. One for the office, servers and staff only offices with locked doors. The second network is for students and staff behind unsecure locations like classrooms, libraries.

probably would install a few servers on hypervisor for all student apps and work.

definately would separate staff and students on both network and server levels.

disable all unused rj45 ports on the switches. Only allow through the the necessary ip protocols and ports.

would think about adding to the ip layer telephony, and in your case possibly multicasting ( video conferencing/presentations?) into the current design

in the student locations, i would not allow staff to directly access any staff or student data. Instead i would set up terminal services up so they can access 'the office' files indirectly.

would try and use av from 2 different products, one for students and another for staff and servers.

things you know are going to happen: mice go missing, ping of death, network flooding, port scanning, server storming, local password capturing from the pc administrator accounts (often the same as the domain admin p/w ), torrents and physical equipment theft.

a ips or ipd solution would be useful. unsure if snort will work

for nonstaff probably opendns - child friendly one, and then dansguardian on top, or purchase something

you may want to consider security screws. we had 5 switches consecutively stolen a few days after the new one was replaced.

would think more about fibre as in BT infinity, than adsl and would be easier backing up over the wire.

you can get free system monitoring by using zabbix, nagios, spiceworks etc.

if you have printserver issues, or troublesome devices that do not play well, that stops other things from working, so could be worth while putting these ones on their own separate exclusive virtual windows server.

To get files back quickly use Volume Shadow Copy, it is free and built into windows server. However this is not a backup solution. Do not let users get to it as they will loose the files.

*****************
Email is a pain in the A?? From people wanting to send 650Meg attachments, mail not going through, unreceived mail, spam mail, deleted mail, lost mail, virus scanning mail and attachments, personal folders not working, inbox enlargement, corrupt inboxes, corrupt mail store, copying inboxes, opening up inboxes for others due to long term sickness, forwarding email, email scanning because someone has been bad and the legal team are involved and want every email in the last 6 years. distribution group, shared inboxes.... and the list goes on.

We regularly have 3 people constantly working on email. This is another item I would farm out especially because you are so small, and email can be terribly complex and fiddly for a small number of users. Or avoid MS exchange and get something simple and reliable.
***********
get a webcam with a built in microphone (you only need the microphone part), then the free blueberry web capture and record whole sessions and get the person to explain while he is doing it, and ask stupid questions like "How do I fault find this?" and "What are the common problems". The whole lot is recorded including mouse clicks with a running commentary. This becomes your documentation, training, setup guide, and fault finding manual.

You need crib sheet on how to reconfigure failed switches. You need a crib sheet that has on it all your settings for the switches. Watch out for newer firmware in switches and incompatibility with older firmware and extra settings. Crib sheet for mail virus out break. Crib sheet for PC virus outbreaks.

***********************
And windows often has difficulty with keeping the correct time and time syncing.
***********************

If you have more than one DHCP, mirror all the changes to them all, not just to the one that is in use.