Need reccomendations on network rebuild

[jmcnamee]

I'm completely new to this style network and this forum so please bear with me. I just landed a job at my local Boys Club as the tech director. First day I came in, I find the network a mess. A mix of Win98 and Win2k computers (about 50), all with different programs (it's supposed to be standerdized) There are five servers in the server room, an unused webserver, a new webserver, lab server (used only as a print server), terminal server (dumb terminals), and an exchange server. The only ones currently used are the new webserver and the exchange server. The webserver acts as a proxy and content filtering server.
My plan is to wipe the webserver and format it as a domain controller with the website and exchange hosted on it. Since the lab server is the second fasted server, I am planning on making this the secondary domain controller, print server, and remote install server. No file server will be used since the kids use floppys. To take over the proxy and content filtering jobs, I am looking at a ZyWall 10 or a SonicWall SOHO3, though this might get nixed because of funding.
Also, if anyone has any idea, I'd like to allow people to send something printing but have a box pop up prompting for the administrator password so the kids don't go printing tons of stuff. Thanks for any help

 

[Garion]

I'd recommend using a separate firewall and proxy server. If you're in a school, you probably need some kind of content filtering, to make sure the kids aren't browsing porn. You can't do that on most stand-alone firewalls without paying for a large chunk of change. Find an older machine (A fast P2 or a P3 would be fine) and run Squid. there are public blacklists that you can use out there for content filtering. It's not perfect, and certainly not as good as you'd get with a commercial product, but it's probably the best you can do with the budget you've been given. Check out Squid Guard. They include a public blacklist that has 100,000 entries. Looks like it's Linux/Unix only, but at least it's free. There's a lot of good guides on installing Linux and Squid together, so you should be able to get to it without much problem.

Linux and Squid are, however, an undertaking. It's a great thing to learn, but I would get other things stable first and do this when you have the time, if you think it's going to stretch your talents. I'd also look at IPChains or some kind of firewall on this machine, too, if you think you're not going to get the budget. Otherwise, a SOHO firewall like you mentioned would be better. How much bandwidth do you have?

Next.. What do you NEED TO DO? This is key. You've got five servers to play with. Looks like you need a webserver, e-mail, term server, file services, print services and that's it. Look at what you really need and how much horsepower you need to do it. For example, do you just have a few accounts in Exchange, or do you give them out to all the kids?

Given what I know, I'd build servers for:

BDC / Exchange
PDC / File / Print
Web server
Proxy server
Terminal Server

.. In order of descending machine horsepower. Put your tape backup on the machine that has the most disk space and stuff that needs to be backed up. Printing isn't that much of a load on the network.

- G

 

[jmcnamee]

I would like to run the free Squid and Linux, but unfortunately I've never used either of those before. In reality, the term server isn't used because it is mind boggingly slow. The only reason the exchange server wasn't originally moved to the new webserver is that the migration to exchange 2000 failed. This was done before I got here. We have a ton of bandwidth here, we runs off fiber from a local ISP. Because of the lack of web traffic, my plan is to run exchange and the website on the same box. It is an infrequently visited website and there are only about 20 exchange users. We already have a SurfControl subscription for MS Proxy server and we have MS Proxy. One of the big problems is that there is a VPN product we would like very much to use, and MS Proxy does not allow VPN connections. I forgot to mention the server speeds. The fastest is a 1.13GHZ PIII, the second fastest is a 400Mhz PII, and it's downhill from there. Currently the webserver is our connection to the outside world and runs SurfControl and Proxy Server, along with it's IIS function. Somehow, this server bounces requests for the email through the proxy server to the exchange server. I have absolutely no idea how. There are literally no files being hosted. The kids aren't allowed to save anything directly to the computer, so file serving isn't an issue. There is only one user, which all the computers are logged into. There are way to many kids to have a user for each kid. As for VPN, is it possible to have the proxy server to set up a connection and then allow the other computers to tunnel through the proxy server? Sort of like having a router set up the VPN.