Best practice / convention for small network

Hi,

Apologies if any of the following questions / statements seem very
basic, I'm currently teaching myself how to build a network using
Ubuntu..!

I want to build a small network in a single-site (charity - hence lack
of money to employ someone or to buy Windows Server!) office. We
currently have several Windows computers, and I've played around with
Samba / Fedora before, so know I can get it to work..

My 1st question is about the best network layout. Different people
have different ideas / advice, so I've always been a bit confused
about which layout to use. I've always assumed that the 2 main types
would be:


internet --> router --> server --> hub --> workstations

internet --> router --> hub --> all computers (1 of which is the
server)

I've always tended towards the former layout, so that there is total
control over all the workstations. I know there is the downside of
needing 2 network cards in the server instead of 1, and there would
need to be a bit more configuration at the outset, but are there any
other pros / cons for either method?

Am I also thinking too advanced at this stage to consider, in the long-
term future, whether a wireless subgroup would be possible, whereby
wireless laptops could access files on the server (/filestore), and
also have access to networked printers? The router we've got is
wireless, so laptops will always be able to access the internet, but
would I need a 3rd (wireless) network card in the server for the this
kind of situation?

Thanks in advance for any advice anyone is able to give.

Chris

CCW wrote:
> Hi,
>
> Apologies if any of the following questions / statements seem very
> basic, I'm currently teaching myself how to build a network using
> Ubuntu..!
>
> I want to build a small network in a single-site (charity - hence lack
> of money to employ someone or to buy Windows Server!) office. We
> currently have several Windows computers, and I've played around with
> Samba / Fedora before, so know I can get it to work..
>
> My 1st question is about the best network layout. Different people
> have different ideas / advice, so I've always been a bit confused
> about which layout to use. I've always assumed that the 2 main types
> would be:
>
>
> internet --> router --> server --> hub --> workstations
>
> internet --> router --> hub --> all computers (1 of which is the
> server)

That is the "usual" arrangement. But do you want your server to be
accessible from the internet? If so, depending on your security
requirements, you may want to define some port forwarding in your router
towards the server or you may want to place your server in a
DeMilitarised Zone (so that the server is accessible to the internet but
the rest of your network is not).

Routing everything between the internet and your network through your
server just puts an unnecessary strain on the server.

And use a switch instead of a hub. Wikipedia will tell you the
difference; the cost difference is minimal these days.

>
> I've always tended towards the former layout, so that there is total
> control over all the workstations. I know there is the downside of
> needing 2 network cards in the server instead of 1, and there would
> need to be a bit more configuration at the outset, but are there any
> other pros / cons for either method?
>
> Am I also thinking too advanced at this stage to consider, in the long-
> term future, whether a wireless subgroup would be possible, whereby
> wireless laptops could access files on the server (/filestore), and
> also have access to networked printers? The router we've got is
> wireless, so laptops will always be able to access the internet, but
> would I need a 3rd (wireless) network card in the server for the this
> kind of situation?

No.

Robert

>
> Thanks in advance for any advice anyone is able to give.
>
> Chris

CCW wrote:

> I want to build a small network in a single-site (charity - hence lack
> of money to employ someone or to buy Windows Server!) office. We
> currently have several Windows computers, and I've played around with
> Samba / Fedora before, so know I can get it to work..
>
> My 1st question is about the best network layout. Different people
> have different ideas / advice, so I've always been a bit confused
> about which layout to use. I've always assumed that the 2 main types
> would be:
>
>
> internet --> router --> server --> hub --> workstations
>
> internet --> router --> hub --> all computers (1 of which is the
> server)
>
> I've always tended towards the former layout, so that there is total
> control over all the workstations. I know there is the downside of
> needing 2 network cards in the server instead of 1, and there would
> need to be a bit more configuration at the outset, but are there any
> other pros / cons for either method?

This will to a large extend depend on the capabilities of your router
device. Routing all traffic via a central server gives the advantage of
better control over the workstations. But as many modern routers offer
fine grained firewall settings for the attached systems it might not be
necessary to implement these functions on your server installation.

And replace the hub with a switch as Robert has already mentioned. Also
these come integrated on routers these days.

> Am I also thinking too advanced at this stage to consider, in the
> long- term future, whether a wireless subgroup would be possible,
> whereby wireless laptops could access files on the server
> (/filestore), and also have access to networked printers? The router
> we've got is wireless, so laptops will always be able to access the
> internet, but would I need a 3rd (wireless) network card in the server
> for the this kind of situation?

My routing device links the wired and wireless network into the very
same subnet. So from an user point of view it does not make a
difference how the systems get their network access. They all have
access to the outside world as well as to all systems on the local net.
But this will be different on other devices, and can be configured to
your needs on some. If you want to exclude some machines like notebooks
from certain services like SMB/CIFS shares on your Windows systems you
will have to set up according rules on the wireless access point, on
another router, or the local firewalls on the computers offering these
services.

Günther

CCW wrote:

> Hi,
>
> Apologies if any of the following questions / statements seem
> very basic, I'm currently teaching myself how to build a
> network using Ubuntu..!
>
> I want to build a small network in a single-site (charity -
> hence lack
> of money to employ someone or to buy Windows Server!) office.
> We currently have several Windows computers, and I've played
> around with Samba / Fedora before, so know I can get it to
> work..
>
> My 1st question is about the best network layout. Different
> people have different ideas / advice, so I've always been a bit
> confused
> about which layout to use. I've always assumed that the 2 main
> types would be:
>
>
> internet --> router --> server --> hub --> workstations
>
> internet --> router --> hub --> all computers (1 of which is
> the server)

First: You don't use hubs, you use switches. If you still got
hubs in use, um... how do I say that in a polite way... Just get
rid of them.

> I've always tended towards the former layout, so that there is
> total control over all the workstations.

What do you mean by "control"? Controlling the internet access of
the workstations? Good routers can do that themself.

> I know there is the
> downside of needing 2 network cards in the server instead of 1,
> and there would need to be a bit more configuration at the
> outset, but are there any other pros / cons for either method?

Good 100MBit/s PCI-NICs go around for about 10$, the cheapos for
even less. That should not be the problem.

If you go for the 2 NIC apporach you could abandon the router
completely and let the server do this job. This requires a bit
more careful configuration though, to not expose private
services on the public interface. Subnets and NAT itself don't
provide security (a often made misconception) anyway.

>
> Am I also thinking too advanced at this stage to consider, in
> the long- term future, whether a wireless subgroup would be
> possible, whereby wireless laptops could access files on the
> server (/filestore), and also have access to networked
> printers? The router we've got is wireless, so laptops will
> always be able to access the internet, but would I need a 3rd
> (wireless) network card in the server for the this kind of
> situation?

If the router is configured as AP, then a WLAN-NIC in the server
would make it just another station.

There's another solutin: VLANs. Some layer 2 switches allow it to
ports to participate in separated networks (VLAN access). Ports
can also be confiigured to be parts of multiple VLANs (VLAN
tagging). That way the server/router needs just one NIC, which
internally is split into several virtual NICs which can be
configured individually. This is what I am running here at home,
i.e. the server is also the router, is connected to a tagged
VLAN on the switch and on the switch the different parts of the
network are separated in access VLANs.

This setup is working flawlessly for some months now.

Wolfgang

On 02/01/2009 04:57 AM, CCW sent:
> Hi,
>
> Apologies if any of the following questions / statements seem very
> basic, I'm currently teaching myself how to build a network using
> Ubuntu..!
>
> I want to build a small network in a single-site (charity - hence lack
> of money to employ someone or to buy Windows Server!) office. We
> currently have several Windows computers, and I've played around with
> Samba / Fedora before, so know I can get it to work..
>
> My 1st question is about the best network layout. Different people
> have different ideas / advice, so I've always been a bit confused
> about which layout to use. I've always assumed that the 2 main types
> would be:
>
>
> internet --> router --> server --> hub --> workstations
>
> internet --> router --> hub --> all computers (1 of which is the
> server)
>
> I've always tended towards the former layout, so that there is total
> control over all the workstations. I know there is the downside of
> needing 2 network cards in the server instead of 1, and there would
> need to be a bit more configuration at the outset, but are there any
> other pros / cons for either method?
>
> Am I also thinking too advanced at this stage to consider, in the long-
> term future, whether a wireless subgroup would be possible, whereby
> wireless laptops could access files on the server (/filestore), and
> also have access to networked printers? The router we've got is
> wireless, so laptops will always be able to access the internet, but
> would I need a 3rd (wireless) network card in the server for the this
> kind of situation?
>
> Thanks in advance for any advice anyone is able to give.
>
> Chris

Hello Chris:

Although you've supplied some good information, please relate the number
of near future local network devices in use, what are/will the computers
(be) running, and what is the /current/ topology. Is their ISP ADSL,
cable or otherwise? Try to characterize their need/regard for security.
What might be their upper dollar limit for all this? Labor plus
material costs...

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

On 2009-02-01, CCW <(E-Mail Removed)> wrote:
> internet --> router --> hub --> all computers (1 of which is the
> server)
Use this. A simple router does DHCP, DNS, WiFi and cabled connections, port
forwarding, Internet access control and maybe even offer a printer port for
no money at all. If you do it on your server, you have to configure it all
yourself. Don't give yourself extra work and headaches.
If one day you need more refined options than your router can handle, it'll
still be time to use an old machine for that.

Besides, why waste you server's resources? Use it for more usefull purposes
(backup, mail, files, news, database, intranet webserver...).


> I've always tended towards the former layout, so that there is total
> control over all the workstations.
And the entire network stands or fails with a server you'll have to setup
and maintain.


> Am I also thinking too advanced at this stage to consider, in the long-
> term future, whether a wireless subgroup would be possible, whereby
> wireless laptops could access files on the server (/filestore), and
> also have access to networked printers? The router we've got is
> wireless, so laptops will always be able to access the internet, but
> would I need a 3rd (wireless) network card in the server for the this
> kind of situation?
Again, apply the KISS principle. Why people want to consider Wireless to be
something different/separate... It's just a form of network connection.
Slower and less safe than cable, but safety can be handled by any
inexpensive router.

Connect the router, use MAC lists and encryption for the wireless, multiply
the number of cabled connections with 100Mbits/s switches, and you're off.

The first real limit you're going to find is the router's limit of 253
adresses, if it's DHCP uses a C-class (192.168.) range. Do you expect that
volume of machines?

--
Elevators smell different to midgets