Upgrading an office setup - questions - vpn, firewall, switches, server.

C

cyclone3d

[H]F Junkie
Joined
Aug 16, 2004
Messages
16,305
I am getting ready to upgrade an office with some new gear, but I have some questions about a few things first. The office I am going to be upgrading has 11 total computers all running some version of Windows - XP through 7.

The firewall/router/VPN device I am looking at is a ZyXEL ZyWALL ZWUSG20. It looks like people like it a lot. It looks like it only allows one person to VPN into the network at a time. I think 1 connection will be plenty for them, but was wondering if the next model up (ZWUSG50) would be better to go with since it allows up to 5 (comes with 2 VPN licenses to start). Also, anybody know the pricing of extra VPN licenses for these things?

The Zyxel unit should allow me to eliminate their current old as dirt Linksys router, correct?

Everything is going to be upgraded to Gigabit, probably a couple 8 ports and 3 or so 5 port switches unless I want to add more drops to some of the rooms. Any recomendations on 5and 8 port Gigabit switches?

As for the server, they are going to be using it mostry as a file server, but are going to need at least RAID 0+1 on it. They will also be using it as the main Quickbooks server as well as the server for another accounting software. I was thinking that I would want a Quad i5 or Xeon with 8GB of RAM.

I was planning on either running Server 2008 Foundation or maybe simply Win7 Pro x64 on it since they will not be needing to use it as a domain server - they will be staying in a workgroup. What are the pros/cons of Server 2008 Foundation vs Win 7 Pro?

Forgot one thing. They are going to need the server to be an ftp server as well for clients to send them large files. What would be the easiest way for not-so computer literate clients to be able to ftp files to them? I was thinking of making a script that the clients would be emailed that they can run and it will add an ftp option in the send-to right click option for files. I really don't want to have to try and find something that the clients will have install and configure in order to be able to send files.
 
Last edited:
I've had good luck with Netgear gigabit switches. An 8-porter ran solid on the first floor till it was replaced with a 16-porter which is still running solid.

As for the server, you might want to look into virtualization, could make your life a lot easier.

For quick ftp uploads, I wouldn't want to modify someone's system without them knowing how to remove the modification. An easy way would be to setup a web-server running extplorer.

http://extplorer.sourceforge.net/

It allows for fine grained access controls as well as being free.
 
Do yourself a favor, do not install and expose FTP on your one server on the network. Yikes...talk about an open door. FTP is old, extinct, plenty of new web based secure file services these days.

For that many users on accounting software...you'll want SAS drives, not desktop SATA disks..in the server.

Do you want a hardware appliance for SSL VPN? Or are you open to software based suggestions? Something like Untangle or Astaro?
 
serbiaNem said:
I've had good luck with Netgear gigabit switches. An 8-porter ran solid on the first floor till it was replaced with a 16-porter which is still running solid.

As for the server, you might want to look into virtualization, could make your life a lot easier.

For quick ftp uploads, I wouldn't want to modify someone's system without them knowing how to remove the modification. An easy way would be to setup a web-server running extplorer.

http://extplorer.sourceforge.net/

It allows for fine grained access controls as well as being free.
Click to expand...

Netgear it probably is then..

As for virtualization, I really don't think that it is needed or wanted. QB and the other accounting software both have settings for the "host" computer. QB basically sets up so that the files that are hosted are able to be opened up by multiple people at the same time. Each client has to have QB installed.

I think the other accounting software is run straight from the server if memory serves me right.
 
YeOldeStonecat said:
Do yourself a favor, do not install and expose FTP on your one server on the network. Yikes...talk about an open door. FTP is old, extinct, plenty of new web based secure file services these days.

For that many users on accounting software...you'll want SAS drives, not desktop SATA disks..in the server.

Do you want a hardware appliance for SSL VPN? Or are you open to software based suggestions? Something like Untangle or Astaro?
Click to expand...

Thanks for the tips. As for not having an ftp server, would having the clients use Tirminal be a good idea?

http://www.tirminal.com/

It basically sends an email with a link to be able to access the files that the person wants to send.

I am open to software based VPN solutions. No need to run a hardware based one if I don't need to. The "lower end" Zyxel does include one VPN license and it does come with it's own client software. If they are not going to want to connect more than one person at a time, I will probably go ahead and just use that.

I 'll definitely look into SAS controllers.
 
I've decided on using OpenVPN as the VPN software. Looks to be a good setup unless someboddy knows otherwise.
 
OpenVPN is pretty good....I have it on my laptop here to remote into a lot of clients of mine that I have behind Untangle.
 
I would look at several VPN licenses.

You might only have one remote worker, however, you also have to consider training and management. What happens if you have one person working remote, and then a new hire needs to be trained on how to use the VPN (so you have to demo it, but you can't login because the one licensed slot is in use).
 
cymon said:
I would look at several VPN licenses.

You might only have one remote worker, however, you also have to consider training and management. What happens if you have one person working remote, and then a new hire needs to be trained on how to use the VPN (so you have to demo it, but you can't login because the one licensed slot is in use).
Click to expand...

Which is partly why I have decided to use OpenVPN.
 
The Cisco RVS series of routers allow for 5 users to access the network, however that is the maximum. Personally if I were on a budget of under $500 for everything I would look at a Untangle or pfSense setup and use OpenVPN or PPTP for client connection.
 
I would recommend against using openVPN. It is an unessential added hassle to the setup. Just get yourself a good UTM appliance and call it a day. The new Netgear Prosecure UTM appliances have good reviews and are very affordable.

http://www.scmagazineus.com/netgear-prosecure-utm25/review/3219/

I would recommended centralizing all the drops and get one larger switch. It will alleviate possible network issues and make troubleshooting and setup much better.

Don't mess with an i5 or other desktop processor for a server. Get a Xeon and 8GB of ECC ram. SAS drives if you can at all afford it. I would go for a Dell R210 or R410 if you are looking for a low cost rack mount. The 410 adds redundant power and front hot swaps.

As for FTP I just wrote up some simple install and usage instructions for fireFTP that I email out to computer illiterate people when they need FTP access. Messing with scripts and stuff sounds like a good idea at first but it ends up being more trouble than it is worth when you have to support it too.
 
Last edited:
schnell said:
I would recommend against using openVPN. It is an unessential added hassle to the setup. Just get yourself a good UTM appliance and call it a day. The new Netgear Prosecure UTM appliances have good reviews and are very affordable.

http://www.scmagazineus.com/netgear-prosecure-utm25/review/3219/

I would recommended centralizing all the drops and get one larger switch. It will alleviate possible network issues and make troubleshooting and setup much better.

Don't mess with an i5 or other desktop processor for a server. Get a Xeon and 8GB of ECC ram. SAS drives if you can at all afford it. I would go for a Dell R210 or R410 if you are looking for a low cost rack mount. The 410 adds redundant power and front hot swaps.

As for FTP I just wrote up some simple install and usage instructions for fireFTP that I email out to computer illiterate people when they need FTP access. Messing with scripts and stuff sounds like a good idea at first but it ends up being more trouble than it is worth when you have to support it too.
Click to expand...

I ended up getting a Dell PowerEdge T110.

I am putting 8GB RAM in it and 4x 320GB Samsung F4 SATAII drives on a PERC 5/i in a RAID 10 array.
I would have rather gotten 4x 1TB drives since they were only slightly more expensive, but they didn't think that they would ever need that much, and from the data they have now, I didn't try to push it since I really have no reason to think that they will need 2TB in the forseable future.

I'll probably try a few different options for large file transfer and end up using one that is very easy for the clients to use.

Only two rooms in the office have switches, and in the past 4 years I have only had to replace one NIC and one switch - and the switch that went out was a crappy $12 8 port switch from a local cheapie store. It is a pretty reliable setup as is, they just need stuff to be faster.

They don't really have any trouble with QB as it is now, but their other accounting software is being hosted off of the slowest machine they have.

The T110 and switching to gigibit should be magnitudes faster then it has ever been, even when they only had 3 people total.

I'm pretty set on using OpenVPN for at least a few years. I know they don't want to spend $600+ for a UTM + a yearly rate for a UTM.
 
quickbooks server doesn't do jack but server files, so you dont need a super computer to do that.

Untangle +OpenVPn = free.
 
cyclone3d said:
I ended up getting a Dell PowerEdge T110.

I am putting 8GB RAM in it and 4x 320GB Samsung F4 SATAII drives on a PERC 5/i in a RAID 10 array.
I would have rather gotten 4x 1TB drives since they were only slightly more expensive, but they didn't think that they would ever need that much, and from the data they have now, I didn't try to push it since I really have no reason to think that they will need 2TB in the forseable future.

I'll probably try a few different options for large file transfer and end up using one that is very easy for the clients to use.

Only two rooms in the office have switches, and in the past 4 years I have only had to replace one NIC and one switch - and the switch that went out was a crappy $12 8 port switch from a local cheapie store. It is a pretty reliable setup as is, they just need stuff to be faster.

They don't really have any trouble with QB as it is now, but their other accounting software is being hosted off of the slowest machine they have.

The T110 and switching to gigibit should be magnitudes faster then it has ever been, even when they only had 3 people total.

I'm pretty set on using OpenVPN for at least a few years. I know they don't want to spend $600+ for a UTM + a yearly rate for a UTM.
Click to expand...

If you're adding the Perc yourself, make sure you have dedicated cooling.
 
C7J0yc3 said:
The Cisco RVS series of routers allow for 5 users to access the network, however that is the maximum. Personally if I were on a budget of under $500 for everything I would look at a Untangle or pfSense setup and use OpenVPN or PPTP for client connection.
Click to expand...

they hate being loaded down with 5 users too!

I vote,, lets here it from Dash UNTANGLE!!!!!!!
 
MrGuvernment said:
quickbooks server doesn't do jack but server files, so you dont need a super computer to do that.
Click to expand...

If you don't want the users of Quickbooks to rip their hair out from the frustration of it running slowly...you'll want a decent server. Quickbooks is on .NET Framework, you want fast disks and hefty memory.

A lot of people hate recent version of Quickbooks..complaining that it's gotten so slow....they just accept it as slow. Yeah..it's gotten hefty..but if you put it on REAL server hardware (SAS drives...not desktop SATA drives)...stuff RAM in there, host the data files on a RAID array separate from the server OS (pretty much a standard for any decent server) and minimum dual core processors and 4+ gigs of RAM on the workstations...it can boogie quickly for many concurrent users.
 
didnt have the recent one, only used upto... 2008 i think it was, didn't think they had changed that much on newer versions, good to know, glad we ditch em!
 
YeOldeStonecat said:
If you don't want the users of Quickbooks to rip their hair out from the frustration of it running slowly...you'll want a decent server. Quickbooks is on .NET Framework, you want fast disks and hefty memory.

A lot of people hate recent version of Quickbooks..complaining that it's gotten so slow....they just accept it as slow. Yeah..it's gotten hefty..but if you put it on REAL server hardware (SAS drives...not desktop SATA drives)...stuff RAM in there, host the data files on a RAID array separate from the server OS (pretty much a standard for any decent server) and minimum dual core processors and 4+ gigs of RAM on the workstations...it can boogie quickly for many concurrent users.
Click to expand...

In that case, should I just use the 250GB drive that the T110 is coming with for the OS, and then have the RAID array be for the shared files, QB, their other accounting software, and other shared files?

Would it really be that much better than having the OS on the RAID?

Should the swap file be on the RAID or on the OS drive?

I would just have to add another drive so I could RAID 1 the OS drive.
 
dashpuppy said:
they hate being loaded down with 5 users too!

I vote,, lets here it from Dash UNTANGLE!!!!!!!
Click to expand...

I've already ordered a Zyxel Zywall ZWUSG20 to act as the router/firewall.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833181144

That takes care of me having to use pfSense or Untangle and is a lot cheaper than me having to build and maintain a box for pfSense.

I will be messing with the Zyxel box once I get home tonight to get familiar with it before I do the actual install - the T110 isn't supposed to get here till the beginning of next month.
 
One drawback with the Sonicwalls/Zywalls is that if you need reporting features then you'll need to install a reports server on another piece of hardware (i.e. perhaps a virtualized instance on a server box or a dedicated box itself). While Untangle has everything built in to it, so you don't need to use an external resource.
 
cyclone3d said:
In that case, should I just use the 250GB drive that the T110 is coming with for the OS, and then have the RAID array be for the shared files, QB, their other accounting software, and other shared files?

Would it really be that much better than having the OS on the RAID?

Should the swap file be on the RAID or on the OS drive?

I would just have to add another drive so I could RAID 1 the OS drive.
Click to expand...

You wan the OS on a RAID....I never do a server with just a single drive doing anything. (well...a backup drive...removeable..yeah)
RAID 1 OS...pair of small drives
RAID 1 or 5 or 10 (depending on servers job..size of network..users...etc)....for a second drive letter on the server. Install/store data stuff here.

Put system managed pagefile on BOTH
 
You must log in or register to reply here.
Back
Top