Wednesday, March 4, 2009

Re-engineering the Network—from the Ground, Up

This post is a continuation of my series of posts related to the network re-engineering project I've undertaken at work. A lot of work has already been done, but there is still a lot that has yet to be done. If you need to get a quality, professional network in place, but don’t want to spend the money (or don’t have the money) to buy the requisite hardware, eBay is a great place to shop. I found much of the hardware that we required at up to 50% off, or more, most of it brand new.

Here’s the hardware that was bought for this project:

  • 3 Dell Dimension 2400 Desktop Mid-Towers (2004)
  • 2 Dell Inspiron 700 Laptops (2004)
  • 2 Custom PC Towers with FoxConn motherboards (Intel 865A chipset) (2004)
  • 1 Dell PowerEdge 860 1U Rack-mount Server (2006)
  • 1 Dell Dimension E520 Desktop Mid-Tower (2007)
  • 1 25U 19in. server rack
  • 1 Dell PowerConnect 5324 1U Rack-mount 24-port Gigabit Managed Ethernet Switch
  • 1 Gruber 48-port CAT 6 Patch Panel
  • 1 3U Rack-mount APC Smart-UPS 3000R
  • 1 Dell 110T PowerVault LTO Backup Tape Drive
  • 1 1U Rack-mount Belkin 8-Port KVM
  • 1 TalkSwitch VoIP PBX Phone System and 12 IP phones of various models
  • 1 Hewlett-Packard AMD-based x64 SFF Desktop (2009)
  • 1 Hewlett-Packard 7650n ScanJet Color Network Scanner w/ ADF

All of the client computers have been upgraded such that the machines contain no less than 1.5GB of RAM (most of the machine’s video cards are so old that they preclude using the Windows Vista Aero user interface anyway, so we won’t need as much memory). The 64-bit machine, however, was upgraded to have 4GB of RAM, as well as the PowerEdge 860 server (since I only have the 32-bit version of Windows SBS 2003).

The software we’ll be implementing is as follows:

  • Microsoft Windows Small Business Server (SBS) 2003 R2 Premium, which includes:
    • Microsoft Windows Server 2003
    • Microsoft Exchange Server 2003
    • Internet Security and Acceleration (ISA) Server 2004
    • Windows SharePoint Services 2.0 (which we'll be upgrading to 3.0 SP1
    • Windows Software Update Services (WSUS) 2.0 (which we'll be ugrading to 3.0)
    • Microsoft SQL Server 2005, Workgroup Edition (we'll be upgrading to Standard Edition, courtesy of Microsoft Volume Licensing)
  • Microsoft Office 2007 Professional Plus
  • Microsoft Windows Vista Business/Enterprise (with SP1)
  • Microsoft Desktop Optimization Pack (MDOP, from which we'll be using:
    • Microsoft SoftGrid Application Virtualization
    • Advanced Group Policy Management (AGPM)
    • Microsoft System Center Desktop Error Monitoring
    • Asset Inventory Service
    • Diagnostics and Recovery Toolset
  • Trend Micro Worry Free Business Security
  • Symantec BackupExec 12.5 (soon to be Acronis, too many problems with Symantec, more on that later)
  • ACT! by Sage 2008
  • UPS WorldShip 2009
  • Possibly Adobe CreativeSuite4
There are probably some items I forgot about, but you get the gist.

Where We’ve Been, Where We Are

At this point, we have laid down a new cable plant consisting of CAT 5e cable. We ran two different sets of wires for each drop location, one for data, one for voice.

This was done for a number of reasons. One, VoIP is still not quite there. I can recall on numerous occasions getting a phone call at work from someone who was (most likely) overseas, trying to peddle some wares. The call was so broken up and choppy that I simply told the caller, "Your call is breaking up. Try calling me back on a real landline and we can talk," at which point, I hung up. I don’t have time to waste constantly telling someone to please repeat themselves when I’m probably not going to be interested to begin with. (Usually it’s people calling trying to get me to outsource our IT—for what? Ten client workstations? Please.) Two, after doing other research, I came to the conclusion that while VoIP has made great strides over the last 4 years, it’s not ready for prime time and I don’t want to trust that it’ll work ok over the same network over which data travels. What if someone is downloading a 600MB CD (which would probably be me)? Will the call be dropped, or broken and chopped up? We can’t afford to have that poor of a level of service for our customers since a majority of our business is still conducted over the phone. So, for all of those reasons, we will have VoIP traffic running over its own network, internally. Once the voice traffic leaves the premises, it’ll be traveling over the POTS.

I’m fortunate that our Clydesdale is still running and functioning. That means that I can mess around with the PowerEdge 860 all I want. I have installed and configured Windows SBS 2003 R2 Premium. Perhaps, in a later post, I’ll go through the configuration process. Right now, this is an "experimental" setup. Basically, because I’m installing and uninstalling software, I plan on reinstalling the server when I’m ready to go to production so it is a clean and error free system. But since I have the process pretty much down, this should only take a few hours.

I had only one desktop computer left which is not in production. I really needed another machine. Here’s the problem: Windows Vista cannot be completely managed from Windows Server 2003. Mostly, this has to do with GP administration and management. Luckily, we qualified for a new desktop computer through UPS's Customer Technology Program. So we acquired a Hewlett-Packard small form factor (SFF) desktop machine sporting an AMD 64-bit processor (dual core). So this is becoming my management workstation, for now, and the remaining client that is left will be the test production client whose configuration will be that of all desktops in the organization (less specific drivers for each of the different machines we'll have in use).

Where We’re Going

My company is small, but that doesn’t mean that it can’t benefit from automation, especially when it comes to IT. So I have set the following goals:

  • An Active Directory-based domain
  • An internal e-mail server (Exchange Server 2003). Our ISP e-mail is showing its inadequacies.
  • Central Management and Administration
    • Group Policy
    • Application Virtualization
  • Implementation of a Secure, Managed Desktop
  • A lightweight helpdesk system (included with SharePoint Services)
  • Implementation of VPN access (if needed) and/or remote access via Terminal Services, mainly for remote administration

I feel these goals will accomplish a few things for me. I won’t always need to be in my office in order to work. This is important since I am currently only working part time while attending Kutztown University. The users can expect a consistent desktop experience. I can expect a consistent desktop experience—this means I know exactly what’s installed on the desktop, what the security topology is, and therefore, I know better how to diagnose and repair problems when they arrive.

Next Steps

I’ve been using the Microsoft Deployment Toolkit (MDT) 2008 to develop the deployment process. It’s been working quite well. Unfortunately, the documentation is geared more toward large corporate users (even though they say even small corporations will find the tool useful). The toolkit is useful, just there’s not much help. And when you first begin to use it, it’s quite overwhelming. However, over the last few weeks, I’ve really learned the ins and outs of this toolkit, some of which I’ll be sharing over the next few posts. So keep checking back for information on using the MDT 2008.