Hi guys
I am in the process of re-configuring my home and home-office network(s). The diagram below is a slight improvement on what I've been running for 6 months: the current setup is without the large switch at the centre of it and has some lower grade consumer/SOHO kit generally. The new kit has been bought (despite maybe not being absolutely optimal) and it was a choice between functionality and cost, with the latter being an important consideration given the home-office only has 2 users (me and my wife) - so too late to change that now except by burning more cash.
The reason for this architecture is that I wanted a secure zone containing my local but largely untrusted devices over which I may not have complete control (including guest devices - friends bringing phones and laptops into our house). I then wanted a "more secure" zone which could still access the assets of the secure zone but was protected again. I decided to layer a second firewall inside the less secure network and make it a parent-child setup, rather than "sibling" networks. I guess there are advantages and disadvantages to both, but I have the flexibility to change the architecture if I need/want to.
So, onto the reason for the post - apart from posting the pretty network picture above:
I have a server (HP Proliant with a good amount of RAID storage) which I'm intending to deploy as a fileserver. I don't need AD (I don't think) but I just need somewhere to store files for access by my office desktop PC as well as one of two destinations for desktop PC file backups (the laptops are closer to being disposable in terms of backup requirements)
The server will also contain files (music and perhaps eventually video but currently not) which I want to access within the less secure network - basically Kodi running on the FTV boxes points to this NAS (the files are presently hosted on a conventional SOHO NAS device which sits within the less secure subnet .1.x).
I have a couple of questions:
1. Which subnet should I locate the server so that all appropriate devices can access? Initially, for file storage only but if I deploy WS2008 then I could do something more sophisticated with the office desktop, for example - which would then lead me to place the server into more secure subnet .2.x.
2. I'm going to trial WS2008 to have a play (and it's the easiest way of flashing the firmware on the server to the latest versions when it arrives) but I'm otherwise fairly OS-ambivalent. Ubuntu server with desktop sideloaded could be an alternate option even though I've only dabbled with Ubuntu previously... Any advice welcome in this regard
3. I'll also be placing a networked printer somewhere - probably less secure subnet .1.x so that guests can access it. I'll need to ensure that the desktop PC and laptops are set up for windows sharing to its specific IP address on the other subnet - does that sound sensible?
4. As well as drive backups, I was wondering about versioning - if I did go the whole hog with Windows Server, I'm presuming I could set up some sort of versioning system capable of retaining old copies? I'd love for this to work for the desktop PC's D (data) drive as well, so wondering how that could work... maybe a nightly robocopy from the D drive across to the RAID storage (a dedicated area for just that?)
Any and all advice welcome. Feel free to tell me I've bought the wrong kit or set up the wrong architecture to achieve what I want - which is largely physical segregation of the two networks because of a lack of trust regarding connections (and devices) within subnet 1.x. The requirement for certain devices in certain instances to cross the rubicon complicates it though...
I am in the process of re-configuring my home and home-office network(s). The diagram below is a slight improvement on what I've been running for 6 months: the current setup is without the large switch at the centre of it and has some lower grade consumer/SOHO kit generally. The new kit has been bought (despite maybe not being absolutely optimal) and it was a choice between functionality and cost, with the latter being an important consideration given the home-office only has 2 users (me and my wife) - so too late to change that now except by burning more cash.
The reason for this architecture is that I wanted a secure zone containing my local but largely untrusted devices over which I may not have complete control (including guest devices - friends bringing phones and laptops into our house). I then wanted a "more secure" zone which could still access the assets of the secure zone but was protected again. I decided to layer a second firewall inside the less secure network and make it a parent-child setup, rather than "sibling" networks. I guess there are advantages and disadvantages to both, but I have the flexibility to change the architecture if I need/want to.
So, onto the reason for the post - apart from posting the pretty network picture above:
I have a server (HP Proliant with a good amount of RAID storage) which I'm intending to deploy as a fileserver. I don't need AD (I don't think) but I just need somewhere to store files for access by my office desktop PC as well as one of two destinations for desktop PC file backups (the laptops are closer to being disposable in terms of backup requirements)
The server will also contain files (music and perhaps eventually video but currently not) which I want to access within the less secure network - basically Kodi running on the FTV boxes points to this NAS (the files are presently hosted on a conventional SOHO NAS device which sits within the less secure subnet .1.x).
I have a couple of questions:
1. Which subnet should I locate the server so that all appropriate devices can access? Initially, for file storage only but if I deploy WS2008 then I could do something more sophisticated with the office desktop, for example - which would then lead me to place the server into more secure subnet .2.x.
2. I'm going to trial WS2008 to have a play (and it's the easiest way of flashing the firmware on the server to the latest versions when it arrives) but I'm otherwise fairly OS-ambivalent. Ubuntu server with desktop sideloaded could be an alternate option even though I've only dabbled with Ubuntu previously... Any advice welcome in this regard
3. I'll also be placing a networked printer somewhere - probably less secure subnet .1.x so that guests can access it. I'll need to ensure that the desktop PC and laptops are set up for windows sharing to its specific IP address on the other subnet - does that sound sensible?
4. As well as drive backups, I was wondering about versioning - if I did go the whole hog with Windows Server, I'm presuming I could set up some sort of versioning system capable of retaining old copies? I'd love for this to work for the desktop PC's D (data) drive as well, so wondering how that could work... maybe a nightly robocopy from the D drive across to the RAID storage (a dedicated area for just that?)
Any and all advice welcome. Feel free to tell me I've bought the wrong kit or set up the wrong architecture to achieve what I want - which is largely physical segregation of the two networks because of a lack of trust regarding connections (and devices) within subnet 1.x. The requirement for certain devices in certain instances to cross the rubicon complicates it though...
