Network Design Help

January 7, 2011 at 09:01:50
Specs: Windows XP
I have a project that needs to be completed within the near future and I would like any guidance that can be given. I have to set up a small network for an instructor, but the instructor has multiple classes with different material that is sensitive to each class. What would be the ideal way to set up the network so that each class can access the server but not be allowed to access any folders outside of the folder for their class? Im assuming i will have to set up a server (WinServer2003) and windows xp pro on the client computers. but what would i have to do from there? any help would be greatly appreciated. thanks!

See More: Network Design Help

Report •


#1
January 7, 2011 at 09:08:48
Home work question? Google Windows 2003 VPN and you will get your answer.

Another solution would be to subnet the class rooms. If you go this way you will need to know how many computers will be in each class room. Google Subnetting.

You could go either way or both depending on if you need the the professors computers to talk to each class room but not the students. If not you could setup VLANs, Google VLAN.

If I was writing the report I would probably give all of the options along with the pros and cons. You will also probably need to show if you are going to use preshared keys or certificates and their pros and cons.


Report •

#2
January 7, 2011 at 09:12:24
Thanks. Its actually not home work. A relative is starting a business and asked me to look into network options to meet his needs. I'm going to look into what you suggested. Thanks! i appreciate it

Report •

#3
January 7, 2011 at 09:14:09
Wow if this is for real I highly recommend you contract with a networking company to help you out with this.

Report •

Related Solutions

#4
January 7, 2011 at 09:22:33
I dont think the budget allows for a networking company. There will be 3 classrooms with about 10 computers per classroom. Lets say i want to create 4-5 user accounts, but each account can only access one folder on the server. Would it be necessary for me to go through a networking company, or can this solution be implemented relatively easily?

Report •

#5
January 7, 2011 at 09:39:07
When you say "the server" you mean you are only going to have one server. That's gutsy.

I would have at least 2 so that you can setup file replication and a second domain controller. This is an advanced project and if I was you, I would get someone one to help. Maybe you could get a work study from one of the Universities to help you pro bono.

You are going to have to take into consideration Internet Access and the fact that we are talking bord students. I would setup a proxy server and maybe a network monitor to watch the type of activity they are doing. You will also want to know if someone is hacking your server. You may want an IDS/IPS system installed and if it is a tight budget you will need something like SNORT but you have to know how to configure black lists on something like this. You will need to setup ACLs for each user which will require some OUs and some GPOs to be setup and you may need to put in some kink of logon script and logoff script that will audit logon time, open ports and newly installed software. You will need to know if you are going to support Roaming Profiles or prevent students from saving files all together on the workstations.

Again, I would seek some help with this project. If you try to do it on the cheap on the front of the project it will cost you more in the end.


Report •

#6
January 7, 2011 at 09:49:42
"Lets say i want to create 4-5 user accounts, but each account can only access one folder on the server."

Are you saying you are adding onto something that is already built? If so Google how to setup ACLs and User Groups on Windows Server 2003.

P.S. this is not a Network issue it is a Server issue. There is a Server 2003 forum under General Forums.


Report •

#7
January 7, 2011 at 09:57:53
I understand. Thanks for the feedback. How much do you think it will run to get a network company to set this up?

Report •

#8
January 7, 2011 at 10:04:01
Sort of. There is no server in place, but the labs are already set up with the computers. they arent connected to the internet because there is no need for it. however. i think there may be somewhere down the line in the future. so i would like to have whatever solution we decide to implement be able to be scaled if necessary

Report •

#9
January 7, 2011 at 10:27:28
"Sort of. There is no server in place, but the labs are already set up with the computers. they arent connected to the internet because there is no need for it. "

If there is no server or Internet then I am guessing the there is no Ethernet running in the labs because there is no need for it. If there is already wireing in the Labs I would get an inventory of the what is already installed like the type of wire (hopefully CAT5 or better), the switches/hubs and their model numbers. I am guessing there is no routers because you don't have internet and no subnets. You will also need to know about what size the files are going to be so you can sec out the hard drive size on the server. Include the minimum space for Windows or Linux if you decide to go cheap. Once you get all of theses questions answered take the data to one of these companies and they will give you a quote one what it would take to upgrade your network.


Report •

#10
January 7, 2011 at 10:30:52
Ok, that sounds good. Thanks for the help!

Report •

#11
January 7, 2011 at 10:35:58
"There is no server in place"

Then you have no way to accomplish what you desire.

Once you have a server in place and its running AD you can easily setup a group per classroom. You would grant access to the folders needed via the group.

Only issue that will come up is if the same user is in two classes. Way to address this is your user account naming convention: username-classname [or abrevation]

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#12
January 7, 2011 at 10:41:33
Just off the top of my head using the following statement as your main goal.

"What would be the ideal way to set up the network so that each class can access the server but not be allowed to access any folders outside of the folder for their class?"

Based on the above statement, I would say you don't really need too fancy of a setup. I would recommend a domain, preferably with dual, redundant DC's if budget allows. A domain allows for centralized control/administration.

You can achieve the above goal by using shared folders, user/group accounts and permissions allowing and restricting access to the shared folders as need be.

There's no need for subnetting and VLAN tagging in this case since all you seem to need is the ability to allow/restrict access to data.

What you need most of all is somebody who knows how to do the adminstrative tasks which you obviously don't. How much this would cost is hard to say. You could call a couple consultants and ask them for RFQ's (request for quotes)

As for future internet connectivity that's really not a big issue. When the time comes, you buy a SOHO Router and connect your internet to it's WAN port (and get it working of course) and then you would connect a LAN port on the SOHO Router to a port on the switch that feeds all client/server PC's in your environment. Change your DHCP server to give out the router's LAN IP as the "default gateway" for the clients and they'll be accessing the internet. I could do this in about 1 hour.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#13
January 7, 2011 at 10:55:49
@wanderer
There wont be the same student in two classes so that shouldnt be a problem. Thanks for the suggestion. I will look into that also.

Report •

#14
January 7, 2011 at 11:01:55
@ Curt R: I just got off the phone with a friend who suggested the same thing. His simplified explanation said the cheapest and best route would be really simple since the main focus is just data sharing and the restriction there-of. I am meeting with him afterwork to get some more details. I will post what we come up with later to run it past you and everyone else who responded. Thanks for the help. SN: invictus is by far one of my favorite poems. good quote

Report •

Ask Question