Questions[network-design](server)

I have a head office and a number of suboffices. Both head office and suboffices need to access some corporate server, which is physically in the head office. But suboffices should not be able to access head office or each other. Suboffices are at the substantial distance of each other and from the head office (many kms).

How do I design the network for this task?

I suppose, each suboffice should have internet access. Central Server LAN switch should have static IP and OpenVPN software installed. For example, SubOffice1 network is 10.0.1.x, SubOffice2 10.0.2.x etc, Head office 10.254.x.x, Central Server LAN 192.168.0.x.

When suboffice PC or head office PC needs to access Central Server, a PC starts VPN connection for this to the central server.

I should then use routers for each network and setup firewall so that it permits connections from inside network only except for the Central Server LAN router.

Is this correct? May be there are some important details I should keep in mind building this network? What hardware would you recommend for this (routers, supporting needed firewalling modes etc)?

ADDED 07/05/2012:

Our ISP can provide nothing except for Internet access. I cannot expect them to support anything like MPLS. ISPs are different in each suboffice and head office.

The number of suboffices are like 20.

Connections from suboffices into the head office needs to be encrypted because it will be routed through internet.

I want suboffices to be isolated from head office and from each other completely so that no packet can travel there and back.

I plan to have only Linux PCs in the offices, but there can be also some Windows machines. No Active Directory or something. Just a PC under Windows/Linux.

Any good books out there on the subject?

This is going to be a somewhat loaded question. I am programming in a company that has been around since 1962. A lot of things, especially computer / network stuff, is very dated. Let me give a bit more background.

The company already operates a Windows server. On the server, many computers have files in shared network drives, and there are some programs too. This is how company wide access to things like accounting and inventory is granted, and how files are shared. Unfortunately, there has never been a strong sysadmin play a part in any of the design. The accounting system is running on Foxpro. Files are totally chaotic. The employees seem to know their way around in general, but in order to grow and scale, we need to quickly get a handle on this network. Some of the things I see a need for:

• A relational database, accessible via all computers on the network which will store:
  • Files (ie drawings, quotes, pictures of completed projects, etc.)
  • Employees (then we can start doing things like computerized time card entry)
  • Invoices, Payments Receivable and Inventory
  • Password management
  • Job tracking

I'd like to build custom applications on top of this database to power everything, and build APIs that allow our websites to interact with our in-house stuff. Obviously I must leave existing systems intact as I build new ones. I'm coming from a web background...and am very comfortable with Unix (I've administered dozens of servers that serve websites), PHP, and front end development. I'd like to stick with those open source technologies I already know well.

The biggest question in my mind is where to start. Do I buy a server rack and just start building a totally new network? Do I push everyone to the new network once ready, or try to use both at the same time somehow and slowly migrate away from the old?

I realize this could be a project that takes a year or more. I'd really appreciate some guidance - any resources on system design, how I get started, whatever. I'm willing to put in the work - I just need help creating a vision.

I'm the new network manager for a school. I've inherited an environment made up of several Windows servers, about 100 Windows clients, 10 printers, 1 Cisco router, 6 Cisco switches, and 1 HP switch. Also, we're using VoIP.

There are four floors in our building. The hosts on each floor are assigned to a separate VLAN. An office on the first floor has its own VLAN. All the switches are on their own VLAN. The IP phones are on their own VLAN. And the servers are on their own VLAN.

For the number of hosts on the network, are all these VLANs really buying me anything? I'm new to the VLAN concept but it seems overly complicated for this environment. Or it's genius and I just don't get it?

Wouldn't you want your crucial hosts being served with the most signal-reliable/improved method of connectivity?

Gig Switch<->Cat5E<->Server?

or

Gig Switch<->Cat6<->Server?

My understanding about Cat6 is that it delivers improved signaling between two NICs. I've heard people suggest Cat5E for short distances and Cat6 for longer than 20'. Is this the correct assessment for choosing Cat6 over Cat5E cables?

I'd like to clear my notion of needing it for improved performance.

Under what conditions does one start to consider subnetting a network?

I'm looking for a few general rules of thumb, or triggers based on measurable metrics that make subnetting something that should be considered.