I was brainstorming on how to create a school computer lab LAN... a few questions.

[wkrofl]

I was brainstorming how I would create a school computer lab and came up with a plan. I was wondering if anyone could A)Tell me if I missed anything and B) Answer my questions.

Here is the set up:

There are 80 computers. 10 Computers per island. I initially set up the hardware (Connect monitor to the back of the PC, mouse, keyboard and connect the computer to the power.) I also plug in an RJ-45 ethernet cable to the network port and leave the cable hanging on the other end on all of the PCs.

I then install Windows 7 on the computers and set DHCP and DNS settings.
Question #1 : What is the benefit of having your own DNS server? (Versus using your ISP's?) and how would I go about setting one up?

I then add the computers to a Domain. Question #2: What is the point of a Domain?
I then download Windows Updates.
I then set up a Firewall.
I then install any Software.
I then create an image of the OS.
Question #3: What is the benefit of having seperate Subnets?

There are 10 computers connected to 1 switch. 80 Computers total and 8 switches.

Question #4 :Is it recommended that I connect 8 ethernet cables to one router?

I then connect an 81st computer directly to the Router.
Question #5: How do I set up this computer to be an " Admin Main Server " which is "In charge" of the 80 PCs?

Question #6 : Will I be able to see the 80 computers and set user permissions/rights/reset passwords on the "Admin Main Server" if it is connected to the router?


Thanks for your time.

Bonus questions:

Do UPS' connect to the router/switch or each individual PC?
Remedy Ticketing software has to be configured so a network can access the tickets, how is this done?

 

[Danimal1209]

Domains are used to manage and control all of the host pc's on a network.


For each section of 10 computers, they should all go in to one switch. Then, that switch should go in to a router. Then, all the routers should be plugged in to one switch. This will allow routing for each network to any other network.

The previous suggestion is from college experience and not real world implementation, so it may or may not be the best option.

 

[wkrofl]

Why would the router be plugged into a switch? Technically speaking I don't understand that. "This will allow routing for each network to any other network" could you word that differently? Each network already has routing to any other network through being d to the router and modem.

LAN -> WAN

How are Domains used to manage and control the host PC's? I'm getting that they are managed by a central computer? Is that called a server? How would I go about setting that up?

Thanks for the response,

 

[Danimal1209]

Domain:
Each host pc needs to login to the domain. When they login, their settings, rules, etc are all controlled by the server. For example, on the server you can prevent users from opening the control panel. Things like that.

You would need quite a bit of money to set up a school lab that big on a domain. You need to purchase the server operating system, then you need to purchase a client access license for each pc. I would recommend to not use a domain. What I would do is set up a host pc exactly how you want it and create an image. If something goes wrong, then just reload the image. This is how we have it set up at DePaul.

Network Design:
Network 1 Network 2 Network 3 Network 4
PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC PC
Switch Switch Switch Switch
Router Router Router Router
Switch

Lets say each network has 5 pc's. Each pc is plugged in to a switch which then goes in to a router. All the routers are plugged in to the switch so they can all communicate.

I mean, I guess you could essentially just use a bunch of switches, but I'm not sure how efficient that would be for network resources.

Let's wait for another person to chime in to get more opinions.

EDIT: The forum removed my pro spacing for that network design....Sorry. I'll make a picture.

EDIT 2: You need to have routers if you want to computers to use IP addresses. Switches don't operate on layer 3(IP). They only operate on layer 2, which is mac addresses. You NEED to have routers.

 

[Udgnim]

Question #1 : What is the benefit of having your own DNS server? (Versus using your ISP's?) and how would I go about setting one up?

I then add the computers to a Domain. Question #2: What is the point of a Domain?

To join computers to a domain you will need some kind of internal DNS server that can resolve SRV records to find a LDAP server (the domain controller).

For any queries the internal DNS server can not resolve, you can have it forward those queries to an external DNS server (ISP, openDNS, google) and depending on your external DNS choice, you can have some control over what the external DNS server will resolve or not (example no well known porn sites, 4chan, facebook, etc).

Users can just get around this by inputting the IP instead of address name, so you will need a proxy server that will filter requests to deal with the IP address workaround.

I then download Windows Updates.
I then set up a Firewall.
I then install any Software.
I then create an image of the OS.

I am assuming the above steps are to create a master image which will then be used to simultaneously deploy the master image to all other workstations with something like WDS.

Question #3: What is the benefit of having seperate Subnets?

limit broadcast traffic within a specific subnet, security / ACL control over a specific subnet, allows logical separation of departments / groups, greater flexibility than physical

Question #4 :Is it recommended that I connect 8 ethernet cables to one router?

not too familiar with router models, but I'm fairly certain most don't have 8 ethernet ports unless you add modules with ethernet ports and/or pay quite a price for a router model that has that # of ethernet ports

standard procedure would be use some kind of 3 layer switch architecture: core, distribution, access

I don't really want to try to explain the roles of the different switch layers in-depth, but for something like your 80 PC scenario, you would use something like the following:

- 2 48 port switches as access switches for the PCs to connect to
- then connect those 2 48P switches to 1 core/distribution switch via trunk links
- then connect that 1 core/distribution switch via a trunk link to a router or Layer 3 switch
- Layer 3 switch will be able to direct VLAN traffic or router needs routing on a stick set up to receive VLAN traffic and route between the different VLANs
- can use STP, VRRP, or anything else that is for redundancy for redundant links between access, distribution, core, router

Question #5: How do I set up this computer to be an " Admin Main Server " which is "In charge" of the 80 PCs?

you create a domain with a domain controller. the domain controller is a server that can provide centralized administration over any other computers / resources in the domain.

so using Windows Server 2008 and Active Directory as an example, you can use Group Policy to set up password policies, restrict things like USB / disk drives, etc

WSUS for Windows updates
WDS for image deployment
DNS for internal DNS record resolution
DHCP assignments, reservations, exclusions, lease times
DFS file sharing
file quotas
and so on

Question #6 : Will I be able to see the 80 computers and set user permissions/rights/reset passwords on the "Admin Main Server" if it is connected to the router?

as long as the "Admin Server" can communicate with the other domain PCs in whatever VLAN they are located in, yes

Do UPS' connect to the router/switch or each individual PC?

depends on priority and budget. whatever holds critical data and must be up as long as possible to allow for a graceful shut down.

so you'd probably really want to have any important servers connected to a UPS so data doesn't get corrupted

data is typically kept on a central file server, so usually can assume UPS for PCs are less critical

Remedy Ticketing software has to be configured so a network can access the tickets, how is this done?

I'm guessing here

I assume there will be a Remedy server that needs to be set up along with a database

users will use some client program on their PC or access the ticketing system via web browser which interacts with the Remedy server/database

just need to make sure the PCs in different VLANs can all communicate with the Remedy server

 

[wkrofl]

I understand what you're saying.
You're saying create a network with 5 PCs (Or 10) connect them to a switch, then a router, then a switch. then to a modem?

If I do this though will I be able to set permissions using a server?

 

[Udgnim]

I understand what you're saying.
You're saying create a network with 5 PCs (Or 10) connect them to a switch, then a router, then a switch. then to a modem?

If I do this though will I be able to set permissions using a server?

if this is for a real-world implementation, I suggest you talk with a professional

 

[Danimal1209]

Here is a picture of what it could look like. I also agree with udgnim about contacting a professional if you plan to implement this scenario

A firewall or another router would be in between the main switch and the internet, but you get the picture.

 

[wkrofl]

To join computers to a domain you will need some kind of internal DNS server that can resolve SRV records to find a LDAP server (the domain controller).

For any queries the internal DNS server can not resolve, you can have it forward those queries to an external DNS server (ISP, openDNS, google) and depending on your external DNS choice, you can have some control over what the external DNS server will resolve or not (example no well known porn sites, 4chan, facebook, etc).

Users can just get around this by inputting the IP instead of address name, so you will need a proxy server that will filter requests to deal with the IP address workaround.



I am assuming the above steps are to create a master image which will then be used to simultaneously deploy the master image to all other workstations with something like WDS.



limit broadcast traffic within a specific subnet, security / ACL control over a specific subnet, allows logical separation of departments / groups, greater flexibility than physical



not too familiar with router models, but I'm fairly certain most don't have 8 ethernet ports unless you add modules with ethernet ports and/or pay quite a price for a router model that has that # of ethernet ports

standard procedure would be use some kind of 3 layer switch architecture: core, distribution, access

I don't really want to try to explain the roles of the different switch layers in-depth, but for something like your 80 PC scenario, you would use something like the following:

- 2 48 port switches as access switches for the PCs to connect to
- then connect those 2 48P switches to 1 core/distribution switch via trunk links
- then connect that 1 core/distribution switch via a trunk link to a router or Layer 3 switch
- Layer 3 switch will be able to direct VLAN traffic or router needs routing on a stick set up to receive VLAN traffic and route between the different VLANs
- can use STP, VRRP, or anything else that is for redundancy for redundant links between access, distribution, core, router



you create a domain with a domain controller. the domain controller is a server that can provide centralized administration over any other computers / resources in the domain.

so using Windows Server 2008 and Active Directory as an example, you can use Group Policy to set up password policies, restrict things like USB / disk drives, etc

WSUS for Windows updates
WDS for image deployment
DNS for internal DNS record resolution
DHCP assignments, reservations, exclusions, lease times
DFS file sharing
file quotas
and so on



as long as the "Admin Server" can communicate with the other domain PCs in whatever VLAN they are located in, yes



depends on priority and budget. whatever holds critical data and must be up as long as possible to allow for a graceful shut down.

so you'd probably really want to have any important servers connected to a UPS so data doesn't get corrupted

data is typically kept on a central file server, so usually can assume UPS for PCs are less critical



I'm guessing here

I assume there will be a Remedy server that needs to be set up along with a database

users will use some client program on their PC or access the ticketing system via web browser which interacts with the Remedy server/database

just need to make sure the PCs in different VLANs can all communicate with the Remedy server

Thanks for the reply man.

You answered a lot of my questions.

If I connect the 80 computers to the 2 48 port switches what settings will I have to configure? I have only configured routers. The switches then connect to a router which connects to a modem right?

So lets say I have a central server ( the one I am sitting at when everyone else is using the PCs) which is running a server OS. The other PCs are running windows 7. What kind of configurations do I need to do to be able to set the group policy and active directory settings? Will the fact that the 80 PCs are connected to the same router as the Server PC be enough for the server OS to connect to them? (This kind of also brings up a question of whats stopping me from accessing a PC on a WAN if this is the case) Oh... I guess because the 80 PCs would be a part of a domain that is password protected right?

Is the only reason to join a Domain to allow file sharing?

An internal DNS server would just be a PC running a Server OS that is configured to act as a DNS server? A little confused here. I only have the A+ Certificate so I'm a bit noobish but this is fascinating.

 

[Danimal1209]

With most switches, just plugging the computers in will allow them to communicate with each other. So essentially, if you don't want to implement VLANS or security, there wouldn't be anymore configuration.

As said previously, a domain controller(your central server as you call it) administrates every PC on the domain.

 

[wkrofl]

With most switches, just plugging the computers in will allow them to communicate with each other. So essentially, if you don't want to implement VLANS or security, there wouldn't be anymore configuration.

As said previously, a domain controller(your central server as you call it) administrates every PC on the domain.

Danimal for poster of the year I SWEAR!:thumbsup::thumbsup::thumbsup:

Do you have any EBOOK , Audiobook or book recommendations for me sir?

 

[Danimal1209]

No, I don't actually. DePaul lectures own.
It would not be a bad idea to get some basic IP routing books so you understand how it works.

 

[VirtualLarry]

Could they go with something like a Dell Windows SBS server? Or is that hard-limited to 10 clients? (Can you buy more CALs? Would something like that be able to function as a domain controller, or is that limited to more pricey versions of Windows' Server?)

 

[Demo24]

I may not be understanding the post, but I don't believe you can add a PC to a domain if its not there, guessing this was not actually done yet and simply steps you plan to take? ( someone correct me if wrong). Most schools I've come across already do this, so guessing must be relatively small?

Anyway, I would change the steps a bit.

First is to create the 'image' that will be pushed to all the others. This would include whatever programs, etc you want on there.

Secondly, create the domain on the server. Use the image PC to do testing and insure compatibility. Note, you will not need to change network settings on the PC. Your dhcp server will push the DNS you want, which is typically your domain controller. From here you'll have a good bit of control over the PCs and can adjust settings, etc, with relative ease in group policy. And no, a domain is not specifically about file sharing, its first about security with PC and user central authentication, but this conveniently allows you to assign network resources.


The image above by danimal is about what I would do, although i don't see the need for routers in between the two switches. I would just place one router between main switch and internet.