I'm going to be purchasing, setting up, and maintaining a small office network in about a month. I have most of the software side figured out, but I'm still a bit fuzzy on the hardware details.
First off, a bit of information about the network:
- 5 users initially, 15 users at the MOST after more employees are hired
- All users will probably be using Skype for voice services
- Online/offsite backup performed every night, probably 25GB or so of data that needs to be uploaded and mirrored to a backup service
My biggest unknown factor here is the internet connection. Most of my networking knowledge comes from classes/books, and I have limited experience in this kind of thing so I'm a little lost here.
The most cost effective connection in our price range is a 6mbit business DSL connection. During business hours, Skype and basic internet research/browsing will account for the vast majority of internet traffic (our website is hosted offsite). After hours, the connection will be consumed by scheduled backups and such. I assume 6mbit is enough to cover this with 5 users. If I'm incorrect in this assumption than I would appreciate someone pointing that out.
What I'm confused about now is how the internet will be set up physically. I believe I want to use a Squid proxy server to provide fine-tuned control over user's access and caching services (I anticipate most users will be using the same 5 websites primarily, so caching could cut down on bandwidth usage).
How will this all be set up though? Obviously the DSL will come in via a phone line. I assume from there it goes into a DSL modem. From there, would it go directly to the squid server or would it go into the main switch/router, then circling back through the squid server then out to workstations?
I think you're over killing it. Grab a Cisco Small Business RV042 router or even go up a couple of models to the 16 port one, but personally I like to seperate the router from the switch.
The router will take care of your internet connection, & VPN connections for your employees. Its one less server to take care of, less power consumed, etc. Even if you think Linux can run on older hardware sure it can, until that hardware craps out cause you didn't have a decent RAID in it or the power supply fries. Want to see people flip when everything is though that one connection? Purpose built hardware is better for this.
For content filtering if that is an issue use OpenDNS. Just setup an account, point the router's DNS settings to it, and you're all set. With 5 to 15 people though it shouldn't be an issue unless the boss is a total a**
For 15 people you won't need a caching server. It might be nice but it really isn't needed and it's just something else to fail.
For you backup, check your upload speed and make sure you get 6 megs both ways. You might only get 1 meg upload speed. It might be a case where you can only backup differential to off site if the 25 gigs takes too long
I ran an office of 20 who used skype for all inter-company communications, there were about another 20 people off site we usually were talking to. Also almost all our project work was kept off site in a co-located server though a web portal. About 80 gigs of stuff there people worked though. Our network connection at the time was 1.5 meg both ways.
EDIT:How to hook it up
Phone Line --> DSL "modem" --> RV042 WAN Port (internal link) LAN Port --> Workstation Switch --> Workstations.
Assuming that the 25GB of data is the total amount you will be backing up rather than a nightly amount, a 6MB connection should be ok. At most, Skype will use 16k per connection when in use, so the connection should be sufficient for this as well. One thing to consider is how often Skype is going to be used, and if that usage combined with your projected bandwidth usage for backup will exceed any caps imposed by your ISP.
I second Russ's recommendation for Untangle, although if you are set on Squid, I would suggest looking at this tutorial for setup instructions.
Since you plan on an expansion up to 15 users, don't settle for a consumer-grade router. At the least, pick up a soho router with QoS support.
Actually, your Squid server will have 2 NICs. One NIC will accept the unprotected Internet, the other will service your private network.
If you're looking for another security device similar to Squid, I would check out untangle. It has a great open source community and terrific enterprise support.
That should be fine for 5 users, but not 15.
Squid seems like a bit of overkill to me. Just one more box to manage, when a dedicated device would do the trick. I would recommend a Linksys WRT54G with Tomato (ebay link) or DD-WRT. I would recommend Tomato in this case over DD-WRT for the better QoS setup, which will be helpful with Skype.
DSL Line->DSL Modem->Tomato Router->Switch->Workstations.
I'd recommend taking a look at IPCop or pfSense. For your situation I like IPCop as it has almost everything you need built in and the interface is very easy to use.
I've set up several businesses similar to the configuration you describe above and never had an issue.
The only issues you're going to see are when you have several people talking on Skype and someone attempts to download a huge file (bittorrent, etc).
Even then, its pretty easy to see what's going on with the IPCop system graphs, etc.
If I were you I would set it up with Endian as a firewall. Build a small form factor machine with the capability to hold 3 NIC's. This way if you grow you are able to have a primary link, a backup link, and your private network all tied through the Endian firewall. Untangle is another good solution.
After you have your firewall selected, setup an account with OpenDNS. Use OpenDNS servers as your DNS in your firewall. Through your OpenDNS account you can manage it like a squid proxy and limit what sort of sites your users can visit. I currently use this setup in a very similar environment and it works great.
As for offsite backups you could just setup a little box or attach an external drive to a machine at home and use something like GFI's free backup solution or something called Ace Backup and ftp the backups to your home machine's ftp server.
http://www.gfi.com/backup-hm/free-backup-software
http://www.acebackup.com/
It seems nitpicky in light of the above, but be aware that the business cable has all the issues of shared bandwidth versus dedicated (as you'd get with a T1). We've got a T1 to host all customer-facing servers - yes it's slower, but a predictable 1.5 (-ish) all the time.
The business cable line can and does fluxuate fairly wildly, depending on what other businesses on the line are doing. I love it, and the price can't be beat, but I've got it set up exclusively for user browsing - where the variations aren't truly disruptive.
I see you are based in the US, so apologies if your local ISP's do not offer it. When shopping for a DSL line request a business grade 'SDSL' line. This will have the same upload as download speed as opposed to ADSL which usually has a pathetic upload speed of around 256-384kbits. If all your backups are one way, you can save a little money by using ADSL at the receiving end.
Also utilize something like rsync for your offsite backups so that you are only sending a delta of the files. If you are still shopping around for hardware I'd suggest something like a qnap NAS. Which will give you local filesharing with redundancy and has inbuilt rsync backup to either a 2nd QNAP or any vanilla rsync server across the WAN. It'll also provide you with a ready built proxy to control web access. This is of course if you prefer pre-packaged as opposed to rolling your own.
NB. i have no affiliation with QNAP just fancy the look of their neat little boxes.
Regards Michael