PDA

View Full Version : Networking Advice




crackpip
Dec 9, 2010, 11:32 AM
I am responsible for building a new computer lab at my university. Due to budget issues and a dispute with the university IT, our initial plan has changed and my dept chair wants me to create an internal network rather than use all university supported connections.

I've got two Mac Pro's functioning as servers with proper outside connections. Each server (with internal RAID) will be dealing with a 50-80 mbit/s incoming datastream as well as providing authentication and networked home directories.

What I'm thinking is having a gigabit router connected to a third outside connection. Then I'll have my nine clients (Mac Minis) and the second ethernet ports on the two servers connected to the gigabit router.

So... inadvisable? feasible? Better ideas?

TIA
crackpip



belvdr
Dec 9, 2010, 11:34 AM
Personally, I'd go for a dedicated firewall device. Then just plug everything into a switch. It's 11 computers, so there's no need to overcomplicate things by having two servers connected to one connection.

After re-reading your setup, I'm not sure why you would want the two Mac Pro system to be connected to both the internal and external network. I'd still suggest getting a dedicated firewall. If the Mac Pro systems need to be accessed from the Internet, then put them in a DMZ and allow only the proper ports.

crackpip
Dec 9, 2010, 12:16 PM
Personally, I'd go for a dedicated firewall device. Then just plug everything into a switch. It's 11 computers, so there's no need to overcomplicate things by having two servers connected to one connection.

After re-reading your setup, I'm not sure why you would want the two Mac Pro system to be connected to both the internal and external network. I'd still suggest getting a dedicated firewall. If the Mac Pro systems need to be accessed from the Internet, then put them in a DMZ and allow only the proper ports.

I was thinking of internal connections for the servers because all 9 clients will be generally be hitting the home directories and the packaged data from the two streams at the same time. Mostly I'm concerned with getting the most out of the connections between the clients and the servers without affecting the two incoming data streams.

As for the external connections, maybe they're not necessary. I should be able to combine the two incoming streams onto a single outside connection without it lagging.

I won't be able to DMZ both servers because if multiple machines request an ip, all connections gets disabled. But, I'm sure I could work around this.

Thanks,
crackpip

belvdr
Dec 9, 2010, 12:28 PM
I won't be able to DMZ both servers because if multiple machines request an ip, all connections gets disabled. But, I'm sure I could work around this.

I'm not clear what you mean by the above statements. If you are running DHCP on both systems, then make the scopes non-overlapping and call it a day.

hmmfe
Dec 9, 2010, 07:08 PM
I am responsible for building a new computer lab at my university.... So... inadvisable? feasible? Better ideas?
TIA
crackpip

Yeah, you would be best served by putting in a decent firewall. You can use it to connect your entire internal network to a single University supported "outside" connection.

So, basically, connect the outside connection to the WAN port of the firewall (each firewall has its own port naming convention). Connect the internal or LAN port of the firewall to a switch. Plug all your stuff into the switch and there you go. You will need to configure the firewall correctly but it is very basic and easy - NAT, basic firewall rule or two, and assign ports appropriate ip addresses.

BertyBoy
Dec 11, 2010, 05:41 AM
If you're going to be laying cable, you need to consider any large research equipment in the university buildings your internal network will be serving or passing through. If there's anything like a Physics department, you may need to use fibre-optic, rather than copper-based cables. For that you need to call in the professionals, it'll be out of the capacity of a university IT department also.

crackpip
Dec 11, 2010, 09:31 AM
Thanks guys. I think I will just get a firewall; unless the dispute is resolved, so I can activate the eleven gigabit lines IT ran. There's no major equipment I need to worry about in my wing.

<RANT>It's pretty ridiculous I have to deal with this ******** at a university with more than 20,000 students. IT has nickel and dime'd us to the point that most of the department's annual operating budget goes to pay IT for data lines. New professors should be spending their time writing grants and doing research when not teaching.</RANT>

crackpip