[project] What would a kicka** home network look like?

Discussion in 'Networking & Security' started by kevineugenius, Jul 17, 2014.

  1. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    This is a fact-finding mission that I plan to implement, at least partially, to teach myself and to construct a series of guides that others can follow to learn as well.

    Motivation: lately I've been learning about enterprise level SAN and NAS storage and, although I know enough to set up a rudimentary home network, it's become very apparent that I don't really know anything about networks and/or security. Building one of my own will be my way of learning things.

    I am not asking people to answer all these questions. What I'm looking for is guidance on what I should be researching, what I should be skipping, and what the components of a kicka**, feature-rich, secure, and just plain impressive home network are. Once I know what they are and how to, roughly, organize them I will locate guides and whatnot on how to actually implement them and perhaps some more specific questions may come here. I don't expect anyone to answer this vague of a question on here.

    To-do List:
    • What features are useful in a home network? This is where I think I need the most help. What do I actually want? Is a dedicated file server better than just sharing a folder? Is a separate media center style box useful or is a Slingbox or Xbox or ___ a better alternative? My current feature list that I'd like to see, but I feel should be expanded, is this:
      1. Shared files
      2. Storage Redundancy
      3. Automatic Backup
      4. Remote PC Access
      5. Intruder Prevention
      6. Wireless that actually works consistently*
      7. Optimized Speeds, LAN and WAN
      8. Good VOIP
    • What things can be built using spare parts or very inexpensive parts? Here I'm specifically thinking about a Linux box for a firewall. But what else have I not thought of?
    • How do you secure a network? The aforementioned firewall should be a somewhat decent place to start, right? It seems like you can also secure things with routing (I could be off base here) and I'm not sure how the firewall would keep wireless secure (it would secure WAN traffic but not a local hacker who is trying to get through the wireless).
    • Is a server of any kind necessary or can a 'home' PC handle everything? Do I want a small NAS for shared storage? Should I use recycled parts to build a file server and load it up with drives and create a $SHARE? Is it even worth the trouble or should each PC just have a shared folder?
    • How can you optimize a network up to, and including, settings that will maximize performance between ISP and each individual NIC? No clue here. A guy at work once said that when he telecommutes he has a great connection because he did bla bla settings and called Comcast and made them change the bla bla foo bar to make the bla bla more efficient. No idea what he said. I will, however, start working from home 2x per week so if it's possible, I'd love to do it. I don't even know where to start though.
    • What sort of topology should be used to connect all of these ideas? I can attempt to diagram out how everything will connect once the feature list gets more filled.
    • DNS, Subnetting, IPv6, routing tables, etc? Is it necessary/useful?

    Any additional thoughts? I don't mind if some of the suggestions are over the top. The point of this isn't exactly to use all of these features on a daily basis but to learn how the stuff works.

    *Ever go somewhere with free wifi and try to connect to their network and it just sits at 'authenticating' or connects and then drops a second later to never be seen again? I hate that crap. I want my wireless to a quality product. I don't need five 9s of uptime but I'd like at least two 9s...
     
    Last edited: Jul 18, 2014
  2. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    It all comes down to how much you want to fiddle around by yourself....

    * File Sharing
    Using shared folders does work but not having a "somewhat" centralized storage does lower availability and reliability as the workstation will most likely be rebooted from time to time and not run backups, consistency checks, reliable filesystem and RAID depending on your needs.

    A NAS can be anything from a router to a fully fledged server, depending on your requirements. It can be a small ARM-board such as the hummingbord or a built PC/prebuilt server from Dell, Fujitsu, Lenovo etc. A router can be enough if you don't use it too heavily but you most likely want to run a decent firmware such as OpenWRT. You can find a bit more information here, http://hardforum.com/showthread.php?t=1823659 . This is pretty much bare bone and runs the mostly like things you'd need. It is however not scalable and performance is limited. Next level would be ARM based boards which pretty much are just faster, they usually don't provide any more funtionality and comes both as bare motherboards (SoCs) or as prebuild NAS units by Netgear, Thecus, Qnap, Synology. The latter comes with a WebUI which might be easier to use than CLI and some kind of web server functionality. I would however not recommend you to use the web server feature as such software needs to be updated frequently if it faces the web due to exploits and bugs but if you don't care about your data go ahead. The last stop would be a "real" PC, if you're going this route I highly recommend you either build a computer that supports ECC memory (error correction) or grab a server that supports it (pretty much anything does). You're free to run whatever you want but if you want reliability using an OS/distro that supports ZFS is recommended overall, these can be something that mimics a NAS such as FreeNAS or Nas4Free or a standalone operating system such as FreeBSD or Debian.

    * Firewall, Remote PC Access, Wireless, QoS, VoIP
    You'll have a hard time finding a consistent answer as most (esp here) wants to use ridiculously overpowered hardware for this task.

    In all honesty, if you have a connection that's up to ~150mbit/s a TP-Link TL-WDR3600 or a WD MyNet N600/N750 will provide you with everything you need in a home network if you run a decent 3rd party firmware such as OpenWRT which provides all the above. Stock settings will be fine although you probably want to enable QoS for better efficiency on your WAN connection and most likely UPNP due to some services and devices. This however poses as a security issue if misused. Pretty much the only reason you'd use a PC/much more powerful hardware is if you'd faster (Open)VPN-performance as normal routers/gateways are capable of ~10-20mbit/s.

    Regarding network topology you want it to be as flat as possible as some devices uses broadcasting over the network and it'll be hell/not worth the time to fix all interesting issues you'll run into sandboxing everything. That said, you can however use VLANs to secure your home LAN from guest WLAN or such.

    You might want to consider an extra AP as coverage might be bad at some spots, you can either use something that runs OpenWRT (CLI, "unofficial support") or a dedicated product such as the UBNT UniFi which does the same thing (11n uses the an older Atheros (OCA) platform the the TP-Link/WD routers mentioned above)) but with a UI that might be easier to use compared to Linux CLI depending on what you're used to.

    So in short:

    A decent router WD MyNet N600 or N750 running OpenWRT (EOLed but still available at Amazon.com @ ~<50 USD) otherwise go with TP-Link but it won't do DLNA-sharing if you need that.
    Some kind of NAS or use the router depending on your requirements
    Additional AP if needed
    VLAN capable switch such as HP 1810, 1910 or Zyxel GS1910 (recommended) if you need more ethernet ports/drops.

    Done and it'll work just fine...

    As for VoIP, I guess hardware will be provided but otherwise I'd recommend you grab a Gigaset N510 Pro base station and as many handsets as you need. Great sound quality and performance, free firmware updates and they're very solid given the price. If you're a lot on the phone both handsets supports Bluetooth which means that you have a very large selection of hands.

    http://www.broadbandbuyer.co.uk/products/12672-gigaset-s30852-h2217-l101/
    http://www.amazon.de/dp/B005OV6RRK?...st-ama-pk-21&ascsubtag=dPZZBEm_74v2p6d_0H_w0g

    http://www.broadbandbuyer.co.uk/products/10726-gigaset-s30852-h2152-l101/
    http://www.amazon.de/Gigaset-SL400H...&qid=1405629571&sr=8-2&keywords=gigaset+SL400
    SL400H is only a handset with charger, SL400A comes with an analogue base station.

    http://www.amazon.de/GIGASET-SL610H...ie=UTF8&qid=1405629644&sr=8-1&keywords=SL610H
    http://www.broadbandbuyer.co.uk/products/12897-gigaset-s30852-h2352-l101/

    //Danne
     
    Last edited: Jul 18, 2014
  3. /usr/sbin

    /usr/sbin Successfully Trolled by Megalith

    Messages:
    3,927
    Joined:
    Jul 18, 2010
    I'd add in VPN. Put all of your services behind the VPN. This means you'd only be opening up VPN to the outside world. Once you VPN into the network you'd be able to access everything remotely as if you were on the network (remote desktop, file shares , etc.).

    I'd also look at running things on esxi in multiple VMs. Personally I have a separate VM for each network service. This means I only need to take that service offline for updates. IE. If I want to update and reboot my webserver, only the webserver gets rebooted.
     
    Last edited: Jul 17, 2014
  4. ekuest

    ekuest [H]ardness Supreme

    Messages:
    6,091
    Joined:
    Feb 23, 2009
    subbed because i want to learn this stuff too!
     
  5. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    From a physical side of things you also want a server rack with some kind of cable management on the sides (I use a 4 post rack and custom built my cable management). It's so much more clean and sharp with everything all neat and tidy in a rack.

    If you want some ideas here's how my setup progressed:

    http://hardforum.com/showthread.php?t=1741530

    It's still not 100% done as I need to do the hvac and also want to upgrade the power plant to -48v dual conversion.
     
  6. +Eric

    +Eric Limp Gawd

    Messages:
    128
    Joined:
    Jul 4, 2012
    There are endless options. I run pfSense in ESXi on an HP DL140 g3 and have an HP 1810-24g. I do some vlans (my internet connection runs over my switch on it's own vlan, main vlan for my stuff, and a guest wifi vlan to keep wifi guests off my network), and I run some other servers on esxi, like my UniFi controller, TinyTinyRSS server, among other things.

    I keep everything behind my vpn and use openvpn android client to get in.

    I haven't done anything with NAS yet, although I'd really like to.
     
  7. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    It's a home network, a rack is clearly overkill... Yes, it's nice but most of your common home network stuff isn't even rackable.

    To be clear, the routers/gateway can both be a server and/or a client depending on how you want to set it up.

    As for the ESXi stuff, this isn't what you find in a "normal" home network. It's not a low budget option and most likely unnecessary unless you know that you need it.
    //Danne
     
  8. Thuleman

    Thuleman [H]ardness Supreme

    Messages:
    5,834
    Joined:
    Apr 13, 2004
    Basically it's like this; that $29 wireless router you can buy at any grocery store will do 100% of what the OP wants to do. The other 100% (yes, the total is 200%, because it's a big job!) are already done by the ISPs modem.
     
  9. jabbernotty

    jabbernotty n00b

    Messages:
    43
    Joined:
    Sep 2, 2013
    I don't see backup being mentioned (unless you conflate it with storage redundancy? Don't do that :)).
    Just to be sure, I'd like to note that shared folders are no good at all for backups. It leaves you wide-open for Cryptolocker-like problems and overenthusiastic rm commands on client machines.
     
  10. Quartz-1

    Quartz-1 [H]ardness Supreme

    Messages:
    4,257
    Joined:
    May 20, 2011
    Think about children. Your children should have their own network behind their own router. This is so you do things like restrict access and monitor activity.
     
  11. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    Alright, I have a lot of acronyms to look up but I think understood most of what is on this page so far. What I have no idea about is how to use the router as a NAS. I can assume that we're flashing the router(s) in question to not use the stock firmware (especially the $30 "grocery store" one) and there's some settings in there for NAS. Cool enough, but last I looked none of my hard drives had ethernet ports on them. Now I'm assuming I need a little lunchbox sized doohickey that has ethernet ports on the outside and hard drive connections on the inside. But, if I'm going to buy something like that, what does the router actually have to do? Don't the lunchbox doohickeys have all the configuration in them and the router only needs to know the IP of the lunchbox?

    Added backup to the feature list. I had it in my mind but it never made it to the keyboard.

    For other people who are following, here's my acronym/definition table thus far:
    OpenWRT - Linux distro for embedded devices
    Embedded (just in case) - a computer with a dedicated function and, usually, real-time constraints. Usually exists as part of a larger electronic and/or mechanical system
    ECC memory - error check memory (as already said but I've honestly never paid attention to it... is it server only? super expensive? etc) newegg no longer has an ECC checkbox (I know I've seen it before). I picked 3 desktop memory modules of DDR3 and different manufacturers and none were ECC. Then I went to the server section and everything I saw was ECC. So, yes they do cost more and you won't find it in the "desktop" section. I also don't think it can be used in a standard desky motherboard but I'm only 90% sure. That being said, I'm probably not going to use it unless we somehow determine that an actual server is needed.
    ZFS - a file system that is strong in terms of data corruption protection, compression, large capacity storage, etc. I *believe* this uses the NFS protocol exclusively(?) which means some form of Unix is required and nothing running Windows will have this. Windows users can access files stored on something using ZFS/NFS though (am I right?).
    QoS - Quality of Service, a network's ability to provide better service to selected traffic
    UPNP - Universal Plug and Play, allows devices on a home network to discover each other, often used for media streaming devices
    ESXi - VMWare hypervisor used for vSphere 5.x. Probably costs money
    Hypervisor (just in case) - I didn't look it up but essentially it's another level on a machine allowing that machine to run multiple things concurrently at the operating system level. Hardware->hypervisor->OS,OS,OS,OS,OS,OS

    A couple additional notes:
    I am not thinking about children for 5 more years, but that's not a bad suggestion and I should probably learn how to do restricted access in certain network segments (vLAN?).
    I am not buying a rack. They're super awesome. And huge and expensive and no networking novice who attempts to follow any guides I might write as a result of this project will want to buy one and lose a refrigerator sized piece of his house to use maybe 5U of the thing.
    One other thing to add: the VOIP will be used for international calling so I could use some input on how to best (most cost effective) achieve that end. Seems like $0.19/min Google Voice might be a good option. (El Salvador if you need to know the country)

    And thanks for all the input so far.
     
    Last edited: Jul 18, 2014
  12. jabbernotty

    jabbernotty n00b

    Messages:
    43
    Joined:
    Sep 2, 2013
    ZFS and NFS are entirely unrelated technologies.
    One is a filesystem (a highly complex one at that), the other is a service allows one to share files over a network.

    Unfortunately, to the best of my knowledge, Windows only supports NFS on the most expensive Windows versions (Ultimate and such).

    Regarding racks and patch panels: these things will get recommended to you, and you certainly should use patch panels. People in the networking field will be able to coherently explain the need for them (I cant right now).
     
  13. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    I might also mention I *think* I have an extra DIR-655 I could experiment with unless that's a terrible option with known difficulties. A quick search looks like it is a terrible option.
     
  14. Quartz-1

    Quartz-1 [H]ardness Supreme

    Messages:
    4,257
    Joined:
    May 20, 2011
    With regards to racks, you can get ones which aren't full-size.
     
  15. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    I use a 12U rack on casters and mount gear on both sides. Small yet easy to work on.
     
  16. je55e

    je55e n00b

    Messages:
    19
    Joined:
    Mar 12, 2005
    Subbing as well
     
  17. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    Yeah, I guess I hadn't really thought of smaller racks but I still kind of feel like as soon as you get into a rack you've kind of moved from a home network into a ... I dunno ... enthusiast/hobbyist network maybe? Now, this is entirely subjective and will be influenced nearly 100% by opinion since a "home" network really only requires that it be in your home. You could build a full-on, albeit small scale, data center in your garage if you wanted to and it would still be a home network. Let's just try to shy away from that because one of the other things I'm really shooting for is not having to buy a lot of additional hardware and hopefully being able to recycle hardware that you might have lying around from previous PCs. Maybe I should call it a newb network instead.

    jabbernotty - are they entirely unrelated? I'm asking because I honestly don't know. If you have some storage system out there, be it a SAN or a NAS based system, is the file system completely invisible to the client systems? I mean, if a file is written to disk in abcFS and the client reading the disk understands xyzFS, will the client be able to see the file and understand it? If not, then if ZFS runs only on Unix boxes then the protocol used between the storage and the client would be NFS then the client would have to be able to also understand NFS in order to understand ZFS. This was my thought process and may be entirely wrong.
     
  18. Cottons

    Cottons n00b

    Messages:
    6
    Joined:
    May 4, 2014
    Great thread idea. Subbing to this to learn as well.
     
  19. je55e

    je55e n00b

    Messages:
    19
    Joined:
    Mar 12, 2005
    I can speak from experience on this one.

    ZFS and SMB are two completely different things - different types of technology if you will. However, with the help of the OS, they do work together to share your files/folders.

    I have a Linux server sitting in the basement. It uses ZFS as it's file system (think NTFS, FAT, FAT32, etc)

    To share the files/folders I use the SMB file sharing protocol so that my Windows machines can see the files/folders. SMB is just a mechanism to share the files/folders that Windows also understands. I'm sure there's a lot more that goes on in the background but in a nut shell that should help explain it.

    If I had a hard drive that used ZFS and put it into a Windows machine, Windows wouldn't know what to do with it and would probably tell you you had to format the drive.

    Must fly, hope this helped.
     
    Last edited: Jul 18, 2014
  20. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    I'm going to summarize this as I'm a bit short on time right now...

    If you want to use your router as a NAS you in most cases use HDDs over USB as that is the only connection a router has. External HDDs with Ethernet are essentially the same thing with the exception that they're usually slower as the hardware is very slow. You can also forget the ability to update firmwares as these usually have minimal storage available in flash. If you need something more powerful, look at a NAS unit that uses internal HDDs.

    How you're going to handle backups depends somewhat on how you want to stor things. If you're going with the router your only option is pretty much rsync to another device/system. If you go for a fully fledged server you can use pretty much any backup service available but due to limited space for applications in router and the fact that they aren't x86/AMD64-based makes the list very slim/non-existent.

    OpenWRT is the name of a Linux distro that's highly customizable and runs on common consumer routers.

    ECC memory works just like any other type of memory in a computer but with the exception that it has error correction. This is mainly to avoid silent corruption (you can google that expression), it's slightly more expensive than non ECC memory but not by much.

    ZFS tries to prevent data corruption by doing checksums but if the checksum is wrong well, there goes your data unless ZFS manage to catch it before it gets corrupted. It also supports a bunch of other nifty things but you need a real server for this filesystem.

    NFS is a way to share files over the network on UNIX systems, pretty much like SMB which Windows uses. ZFS does have native support for NFS sharing in some operating systems which increases performance but you can use external applications to handle NFS etc.

    QoS/Shaping is in short a data packet classifier which prioritizes "important" data packages over less important ones. Important ones are usually services that are latency sensitive such as VoIP.

    UPNP is both used for media servers but also for port mapping in games and consoles as an example
    //Danne
     
  21. Mackintire

    Mackintire 2[H]4U

    Messages:
    2,891
    Joined:
    Jun 28, 2004
    I'll bite...


    Ok so there's a couple of things going on here.

    Some things that all "kick ars" home network/environment would have:

    • A non-basic router with adv controls
    • A managed switch....for visible and control
    • Properly implemented wireless, that has been optimized, guest wireless access
    • Centralized storage
    • A real backup... to something offsite




    Other things that such as system may have include:

    • Additional front end network boxes including firewalls, traffic shaping boxes, IDS, content filtering, proxy, VPN servers, etc
    • Networking Labs
    • Virtual environments or testing labs
    • (Media services, including but not limited to PLEX, Playon, XMBC, DLNA server, etc)
    • IP camera
    • VoIP


    Other things that drive how you build/design your system include:

    • Budget
    • Technical know how
    • Requirement
    • Desire
    • Location constraints
     
    Last edited: Jul 18, 2014
  22. stormy1

    stormy1 [H]ard|Gawd

    Messages:
    1,047
    Joined:
    Apr 3, 2008
    plus home automation and integrated alarm.
     
  23. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
  24. MysticRyuujin

    MysticRyuujin Limp Gawd

    Messages:
    507
    Joined:
    Oct 1, 2013
  25. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    Okay, so this is what I'm thinking so far (note: I can't get rid of the appliance provided by my ISP because it also runs the TV in one box...):
    Disable the wireless on my ISP appliance
    Plug only a router into the ISP appliance, nothing else
    Run a custom system on that router with, hopefully: firewall, VPN
    Recycle an old PC into a file server, purchase only new HDs to enable RAID
    USB drive on router for backups
    Multiple APs
    VOIP, although I'm not sure how to proceed. I'll figure it out
    2 VLANs to help privatize etc
    Perhaps additional stuff will be added depending on time constraints, budget, and whether or not I absolutely have no fun and hate this kind of thing (it happens when I work on printers...)

    As per the co-worker who said he got his ISP to change x setting and got everything so optimized that he can VPN into a work box with no latency whatsoever... Is that a load of horse-sh*t or are there things I should be learning here?
     
  26. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    Since you're obviously using some kind of "triple service" can your provider give you a bridged port that gives you a public IP or is it forced to do NAT? If it's the latter then you're just wasting money getting another router additionally.
    //Danne
     
  27. vsboxerboy

    vsboxerboy 2[H]4U

    Messages:
    3,662
    Joined:
    Oct 17, 2005
    I think one important thing to consider is the Wife Acceptance Factor of any network. Sure you can have a pfsense router on esxi, but if you ever have to reboot the server for whatever reason, or move it, or something happens to whatever, stick of ram goes bad, fan is clogged with cat hair, whatever... it's probably worth considering that basic network services should be a resilient as possible.

    I'm planning my home (emphasis on home) network to have front and center a run of the mill wifi router and then do anything more complicated than that from a subnet. Yes, it's possible to have a more complex network that is totally reliable, but it's something to consider, especially if your spouse works from home part time.

    But my list of desires are:

    Guest vs trusted wifi
    Networked printer / scanner / copier
    HTPC / appleTV / etc
    ~4TB centralized storage
    Backup centralized storage to offsite
    Music streaming to speakers (spotify, stream from NAS)
    VPN if possible
    DynDNS or other way to access home network
    Monitoring / logging
    QoS
    IP camera(s)
     
    Last edited: Jul 21, 2014
  28. tdowning

    tdowning Gawd

    Messages:
    518
    Joined:
    Oct 7, 2000
    Ok, to answer a few questions...

    ECC Memory on Newegg:
    It looks like newegg has created a new category on the left side for "Server Memory" and that is where you will find ECC memory. ECC memory is also refered to nowadays as FB-DIMM or Fully-Buffered Dual Inline Memory Module. FB means there is a buffer between the memory chips themselves and the memory bus. this buffer increases the latency of the RAM (the time from when the CPU says "fetch data from block x" until the time that the data is available to the CPU to use.) FB memory allows you to have more modules/channel and thereby achieve massive amounts of RAM.

    Use of ECC Memory:
    AFAIK, modern CPUs have the memory controller integrated onto the CPU die. (this used to be a function of the "Northbridge" chip, but has been moved to the CPU for faster throughput) From what I have seen, Intel Xeon CPUs and AMD Opteron CPUs are the only ones that support ECC.

    Theory behind ECC:
    No RAM is 100% reliable, and things like cosmic rays have a non-zero chance of passing through your RAM chip and and changing the state of a single bit of data. ECC memory stores additional data that allows it to find and correct such "Wrong" bits. this is used for servers to maximize uptime/avalability

    That said: I personally am running 2 Windows Server 2008 R2 servers using commodity hardware, (A Pentium D and a Core i3) I am not using ECC memory, and have not had any stability issues, however I also will shut them both down during electrical storms, so that may be part of it, but they will run for many months without issues
     
  29. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    ..."but they will run for many months without issues".

    I though so too, until I found silent corruption on my old Opteron system... (non ECC)
    //Danne
     
  30. Mackintire

    Mackintire 2[H]4U

    Messages:
    2,891
    Joined:
    Jun 28, 2004
    Now you're making my point on why to have a off-site backup.
     
  31. tdowning

    tdowning Gawd

    Messages:
    518
    Joined:
    Oct 7, 2000
    Curious to know more about the corruption issues you had...

    As far as backups go, the thing to remember is you have to cover the 3 "O"s
    Online, Offline, and Offsite.

    For Online, I have a Drobo 5S attached to one of my server, and the Windows Server Backup Tool makes regular backups to it.
    For Offline, I have a tape drive... (I'm trying to run my network like a business network, and as has been stated in the network pics thread tape is cost effective at the very low end, and the very high end, but the cost to do it right in the middle ground is absolutely astronomical.)
    For Offsite: The only irreplaceable data is the digital photo archive, and I can burn it to 2 DVDs so I give a set of DVD's toall the family members when we get together for the holidays, (Christmas and Easter)

    Regarding securing external vs internal:
    I don't think anyone has addresses this yet so... your firewall works to protect you against all the malicious parties on the Internet. WPA encryption protects your wireless traffic from passive snooping, or active attacks, by someone in the vicinity of your house getting on to your network.

    Recently, it was revealed that several major home router manufacturers had left UPnP services available on the WAN/Internet side of the router. This can allow external attackers to gain access to your internal network, and if you are running a consumer router you should use the UPnP vulnerability test at https://www.grc.com in the ShieldsUp! section. In general you should disable UPnP on your router anyway, because it allows programs running on machines inside your network to open up paths for incoming connections. (Some devices support NAT-PMP which does the same thing and is mainly used by Apple AirPort and Time Capsule routers, and should also be disabled for maximum security.)

    I personally have all my network equipment on APC battery back-up units, and I can say, at least anecdotally I have spent far less on replacing switches and routers since I closed the last loop and got ethernet surge supression between the cable modem and the router. (others on the network pics thread have also suggested isolating cable/dsl modem from router using a fiber-optic cable and a pair of media converters.)

    If you are pursuing this for your own education, feel free to experiment, but if you plan to use this to further a career in IT I would recommend you do what I have and try to run your home network like a business network as much as you reasonably can.
     
  32. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    Off-site backups doesn't help if your source data is corrupted unfortunately unless you had the data there before the corruption occurred of course.

    The reason was a faulty memory stick... :/
    At the same I had 4Gb or RAM (DDR(1)) and while this machine rarely went above 3Gb in memory usage sometimes it did which made it hard to figure out the cause.
    //Danne
     
  33. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    The problem I see with ECC is this train of thought:
    Even among hardcore computer hobbyists, almost no one has spare server hardware lying around. This means a purchase of more-expensive-than-usual parts that the hobbyist likely has no experience with. Server operating systems are much more... hmmm, how to put it... finicky than end-user oriented desktop operating systems. I just foresee a lot of increased cost and increased difficulty for only an itty bitty benefit.

    Yes, this is for my own education/entertainment and I will not be running it like a business. I'll learn how to run enterprise-level stuff at work etc.

    As per offsite backups, what are people using? A pay-per-GB storage service? I will do nearly anything to avoid monthly costs and I don't (yet) have anything so ludicrously important that I'm willing to add to my monthly outlay for it. I'll put things on thumb drives and stick them in a ziploc in my trunk before I'll pay a subscription.

    But, back on topic. Yes I'm on some sort of triple play kind of thing. AT&T U-verse TV/Int to be specific. Not really sure what the NAT comment means, though. I was thinking: hacker->WAN->AT&T.router->my.router||firewall the end.
     
  34. Mackintire

    Mackintire 2[H]4U

    Messages:
    2,891
    Joined:
    Jun 28, 2004
    Crashplan on the file server
     
  35. FrostBite

    FrostBite [H]ard|Gawd

    Messages:
    1,082
    Joined:
    Jun 2, 2004
    I'll throw in my network which I chosen to be a bit more simplistic but still offer me a lot of versatility.

    NAS
    - Windows 7 running FlexRAID with single PPU (aka RAID 4 / parity)
    - FD micro ATX case with i3 ITX motherboard
    - 3x 4TB + 2x 2TB = 12TB usable space + SSD OS + 1TB non-RAID
    - Runs Plex, AirVideo, and BlueIris (security)

    HTPC
    - Intel NUC i3 with 2.5 HD support
    - 1TB Hybrid HDD
    - Windows 7 using WMC for TV and XBMC streaming

    Security
    - 24 port layer 3 PoE gigabit switch
    - 8x 3mp ESC cameras
    - 1x 720p wireless FOSCAM

    Gaming PC
    UniFi AP-LR
    Huappage OTA dual tuner
    Lots of UPC's in case of power outages
    XBox 360
    Patch panel
    3x Chromecast
    iPads
    iPhones
    Laptops
    Dropbox
    Teamviewer

    This is a pretty simple solution for my home networking needs. I originally was considering the ZFS route but just the cost, overall complexity, and my needs just didn't justify when something much simpler and cheaper was available.

    Starting with the NAS, it's a micro-ATX case so it isn't large yet has 6 HDD bays plus a 5.25 that I can convert to 3 more 3.5 bays which I don't use. I've slowly converted the 2TB to 4TB and just need 2 more to go. I've got 16TB raw now, can remove the 2x2TB for 20TB raw. My other option was a Norco which is overkill for my needs. In regards of the software, ZFS looks very sexy, but was just overkill for my needs. Windows 7 plus FlexRAID was a good solution and is what I consider a good balance of function vs. use. I also prefer RAID 4 (vs. 5/6) and as a bonus, it doesn't spin up your hard drives since all data is not stripped across multiple drives. Computer is headless and I use Teamviewer to access it from my network if I need to do anything which I typically don't. Also runs Plex for streaming to Chromecast via iPhone, AirVideo to stream to iPad's/iPhone's, and BlueIris for security. It's pretty much maxed out the tiny little i3 but it's pretty damn power efficient.

    HTPC was an Intel NUC because of it's tiny design and quietness. I choose not to build one instead and pay the premium since it does everything I need it to do. It's my media front in my living room and dishes out all of my media needs from TV via WMC to online movie/TV streaming via XBMC. Using a Harmony 650 remote which is streamlined to do everything. Also have an Xbox 360 in the bedroom in extender mode to watch TV and stream.

    Network gear goes into a Nortel 24 port PoE layer 3 gigabit switch. Pretty much overkill but I got an amazing deal and needed the PoE for the security cameras which is wired throughout the house via the attic. Cables goes into a 24 port patch panel and 6 inch cables connect into the switch. WiFi is done through a UniFi AP-LR with main, guests (throttled), and home automation networks. Also have a old E3000 for B/G access in case anyone needs it. Lastly, a Hauppage dual network tuner that gives OTA to the HTPC.

    Again, it fulfills all my needs, is versatile enough to stream throughout my home, and was very cost effective versus if I went ZFS and the associated higher end, balls out hardware costs. Lastly, everything is pretty low powered so it helps with the power bill too.
     
    Last edited: Jul 22, 2014
  36. kevineugenius

    kevineugenius [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Dec 9, 2006
    Aside from the Apple products that sounds pretty sick. I almost understand everything... are you dual-booting on the NUC or am I confused?
     
  37. FrostBite

    FrostBite [H]ard|Gawd

    Messages:
    1,082
    Joined:
    Jun 2, 2004
    No dual boot, just need to minimize/close WMC to access XBMC which is just a shortcut on the desktop. A more full explanation is that the HTPC itself automatically starts into WMC since we primarily watch TV with it, and it has the MediaBrowers plugin which allows us to watch our BluRay movies. I've programmed the Harmony 650 remote to turn on the TV and automatically switch to WMC regardless of what the currently running.

    As far as the Apple products, it plays nicely with the Chromecast. I've got a large covered patio detached from the house so I don't have any wires run. I am able to stream via Plex to a TV using Chromecast to watch any movie from the NAS wirelessly at 1080p and no frames dropped. Also, AirVideo, which is Apple only, can transcode WMC TV recordings so I can stream that anywhere whether it be at home or at work.

    I guess my final pitch, not that I'm selling you anything, is that you don't need the most expensive and hardcore items for a kickass network. What matters is that you can use it. Would I prefer a much more expensive and all inclusive system? Of course, I love tech, I would want the most bad ass stuff just for fun! Would I spend 2-3 times more then what I did for basically the same real life performance? No

    Edit: few other things I should mention:
    - I use DYNDNS to route everything and that has made my life so much easier. I paid for the service but there are plenty of free alternatives.
    - Teamviewer is a great way to access your network. On your home side, you can set it to remote mode so it will automatically accept the invite. On the access side, you can choose to run it one time and not install in case you don't have administrative privileges. It's also free.
    - Home automation, which I use, is a hit or miss depending on how much time and money you are willing to spend on it. I've got a Nest thermostat so the wife or I set the AC to run 10 minutes before we get home, I can schedule and time when the AC comes on, etc... This is absolutely worth the high ass price for a thermostat. All other home automation gadgets out there, meh, depending on whether you'd use it, but the introduction of the Raspberry Pi has created lowered the barrier to get into this. Some things I am interested in is the doorbell and deadbolt locks. Zone based music is something I am considering. Some things I'm considering but dropped are automated blinds (sunshine, on command, etc...), lights, and position based sensors (e.g., almost home, turn everything on).
     
    Last edited: Jul 22, 2014
  38. ekuest

    ekuest [H]ardness Supreme

    Messages:
    6,091
    Joined:
    Feb 23, 2009
    you guys make me want a house so bad so i can do all this cool stuff to it! frostbite i think you've got the right idea, practical and gets the job done as simply as possible. i love the threads where people build huge servers and stuff for home use, but really that's completely unnecessary for most people and runs your power bill through the roof.
     
  39. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    @ kevineugenius
    Depending on your needs/requirements...
    AMDs AM1 platform does ECC (some motherboards) which is about 75 EUR (CPU + Mobo) here in Sweden, memory is about the same as regular non ECC price-wise. What's left is the HDD controller which can be found on eBay ~75£ (IBM M1015) and cables ~20-25£ and a case so its not much more expensive if you wanna go that route. The now old but still decent HP Microserver might also be an option (N54L).

    As for the U-verse it appears that you can set your modem in bridged mode (which is what you want if you get a router).
    http://www.att.com/gen/general?pid=23697

    If you just want something to start with, get one of the routers I mentioned earlier and use an external HDD. Perhaps a friend can offer you rsync backup and the other way around. My friend and his parents does exactly this for phots setc.
    //Danne
     
  40. boss99

    boss99 2[H]4U

    Messages:
    2,598
    Joined:
    Dec 29, 2006
    Just from a network monitoring standpoint, I'd want something to collect flow information so you can track usage. I'm using scrutinizer and whenever anyone says that the network is slow, I just log into the interface and can see pretty quickly who is doing what and shut it down or take action if necessary. It's currently free for 5 interfaces or less, and to be honest, I'm only concerned with the egress point of my home network.