Newbie question here...I need to create a closed mac network. Right now, I have 35 new Mac minis and a Promise Technology 8TB Pegasus2 R4 Thunderbolt 2 Raid Storage Array. I want the computers to be connected so I can administrate them through Remote Desktop and so the students can turn in music and video projects to the RAID drive. I know this is possible, but I have no clue how to do it or what other hardware I need to accomplish it. Internet access is through wireless, so I think it will have to be wired. Due to reasons I will not get into, we will not be allowed to connect to the school's wired network. The powers that be want it totally closed off to the rest of the school and only have access through the wireless access that all students have access to. Any help and/or advice is appreciated.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Creating a mac lab
- Thread starter tayproductions
- Start date
- Sort by reaction score
First of all, you need to completely wipe the idea of using wireless as the method of connection out of your head. If, due to policy reasons, you cannot use the wired Ethernet jacks you must create a separate wired network. Fortunately, you can setup a private wired network which would still allow access over the Wi-Fi connection. Essentially, you would have a 48 port Gigabit switch to connect all of the Mac Minis together and then a client bridge that would connect to the Wi-Fi network and serve DHCP. Personally, I would petition the IT department to allow Ethernet access. When doing music and video work, you are talking about a large amount of network traffic and therefore wireless simply is not up to the job.
As for the RAID array, I would recommend getting a Mini or another Mac setup with OS X Server. This will allow full management of the Minis as well as roaming profiles. This way, students can sign in on any Mini and all of their files are stored on the server. Keep in mind that this is resource intensive and requires a very powerful machine to host that sort of setup. I deal with building networks all the time and am more than happy to help but your budget is what plays a key factor here.
Altemose,
Thank you! This is exactly what I was looking for. So to be clear...Create a WIRED private network and allow students to access internet via the school wireless network, correct?
I do have a question...Students will not need access to files from other computers. I would rather everything be kept on the local machine and have a networked drive where students can turn in final projects. Will I need to have a dedicated computer for that or will just the networked RAID array be okay for that?
Also, I am assuming I can use my mac and ARD to manage the computers and re-image them if need be. Is that correct?
Thanks for your help. I have been left out on an island here. The IT department feels Macs are entirely too vulnerable to allow them on the network.
As you can tell, I am NOT a network person, but I have been tasked with figuring this out
Thanks again
Thank you! This is exactly what I was looking for. So to be clear...Create a WIRED private network and allow students to access internet via the school wireless network, correct?
I do have a question...Students will not need access to files from other computers. I would rather everything be kept on the local machine and have a networked drive where students can turn in final projects. Will I need to have a dedicated computer for that or will just the networked RAID array be okay for that?
Also, I am assuming I can use my mac and ARD to manage the computers and re-image them if need be. Is that correct?
Thanks for your help. I have been left out on an island here. The IT department feels Macs are entirely too vulnerable to allow them on the network.
As you can tell, I am NOT a network person, but I have been tasked with figuring this out
Thanks again
I managed a deployment of over 160 Macs in an Education setting. To image the machines we use Deploy Studio its free. We use Munki to push new software packages to the Macs. Profile Manager which is part of OS X Server can be used to force some settings. We have them bound to our Active Directory.
I laughed at your IT Department comment saying they believe the Macs are entirely to vulnerable to allow on the network, no doubt they have lots of Windows machines which are the most scary of them all. If thats their attitude your going to have a struggle.
I laughed at your IT Department comment saying they believe the Macs are entirely to vulnerable to allow on the network, no doubt they have lots of Windows machines which are the most scary of them all. If thats their attitude your going to have a struggle.
I help manage a similar setup, albeit my work uses all PCs. We have a server that manages login credentials (using AD) and stores everyone's files. People access the network with VPN if they are outside the building. Works pretty well and if there's ever an issue with a computer, you can just wipe it since they aren't (or shouldn't be) storing anything on the local hard drive.
I agree with Altemose though. Wifi won't handle video traffic very well, especially with that many machines. We have 30 people accessing small Word files through a wired network and it's slow sometimes (our servers are older though). And you will most definitely want a server to manage all those machines.
Not sure what your IT department means by Macs being too vulnerable.
I agree with Altemose though. Wifi won't handle video traffic very well, especially with that many machines. We have 30 people accessing small Word files through a wired network and it's slow sometimes (our servers are older though). And you will most definitely want a server to manage all those machines.
Not sure what your IT department means by Macs being too vulnerable.
8281 and Quackers82,
Thanks for the replies. I also was puzzled when they mentioned the vulnerability of macs. Unfortunately for me, I am not educated enough on networks to mount a well reasoned argument. All I have is practical experience as a mac user on a network.
Feel free to give me any ammunition to help me communicate with our IT department.
Once again, thanks for the help!
Thanks for the replies. I also was puzzled when they mentioned the vulnerability of macs. Unfortunately for me, I am not educated enough on networks to mount a well reasoned argument. All I have is practical experience as a mac user on a network.
Feel free to give me any ammunition to help me communicate with our IT department.
Once again, thanks for the help!
If your IT department is going to act like a bunch of uneducated fools in their statement that Macs are entirely too vulnerable on the network, then I doubt much is going to change their (wrong) opinion. I can fabricate a way to get this all working in my mind but you do need to understand that it is a less than ideal scenario you are working with.
The Pegasus 2 you mentioned only connects via Thunderbolt so you will need some machine to serve a "server" role. I would personally get another machine to run OS X Server that way it can host the Thunderbolt array with the proper setup and also host images for the Mac Minis. Apple Remote Desktop is the way to go for this usage as well.
Essentially, would you or someone you know be able to run the Ethernet to each Mini from a switch in the room? If so, you are onto a good start!
I'm not technically trained in any of this stuff either, I've just taught myself through experience. I can say with some confidence though that those Macs should be sitting behind your school's firewall, in which case I'm not sure how they are more vulnerable than the Windows machines already connected to the network. Macs can connected to Windows server Active Directory as well pretty easily.
I would ask for specific vulnerabilities they are concerned about, and then someone here with more technical knowledge might chime in with advice. We use Trend Micro on our network for AV and network monitoring, and it will work with Macs. Not sure what software your organization uses, although it does seem many popular options are Mac compatible.
Please forgive the nitpicking, there is great information listed above about how to best accomplish your goals.
You can ALSO setup one of the mac minis or any computer actually as a wireless server. On a mac it is as simple as clicking the WiFi icon > Create Network. Give it a funny name, something like WindowsAntiVirus and have the rest of the computer connect to this computer via their WiFi. The WindowsAntiVirus computer should have a web server (MAMP) running for them to pop into by default. A simple WordPress site with links and daily assignments is what we have in our test lab. This isolates the lab from the 'real' internet and allows the lab to see only what you've previously downloaded and made accessible. It also focuses them on the daily tasks. Easy to do and up to 255 clients can connect simultaneously.
iPads, windows computers, androids, Macs, whatever can 'log in'.
PS. The server does so much more. We create tests that the students take 'online' with their iPads / Macs / PCs / Chromebooks. This gives us immediate results, we can watch the test being taken and see struggling students in real time. We take and keep attendance records with it. We can serve videos, documents, ect. Saving the best to last. When the power goes out, everything stops, except in the lab. The server is running off of battery backup. The iPads, laptops, chromebooks are still connected, and testing, studying, whatever.. in the dim glow of the computer screens and emergency lighting. It doesn't matter that the main WiFi has gone off line. Grades and attendance and homework is still getting turned in.
PPS. The mac vulnerabilities comment was hilarious. I work in the same environment. We have a company that makes money off stuff breaking ( Windows ) and licenses ( Office365, Windows8.1 Pro, ect, ) and repairs. Most of this would go away if we ran all Ubuntu or Macs on an Ubuntu server. They would lose their millions of dollars contract. 100s of people would lose their jobs. So it is in their best interest to dissuade users from Macs. Ignorance of other Operating Systems kills me. It is like computer racism. Did I just type that? Oh my.
Last edited:
While that is a good suggestion and may suit your needs perfectly fine, the sheer amount of bandwidth required for the audio and video resources to move across the network is insane and would likely be too much for the internal Wi-Fi card. I am suggesting that they wire everything into a 48 port Ethernet switch which would provide a gigabit backbone to the server.
"The IT department feels Macs are entirely too vulnerable to allow them on the network"
Fire them.
But what Altemose said.
Fire them.
But what Altemose said.
That is what I did in my office. We have several mac minis and one is the server with all the drives. We use Cat6 cables and a router. Everyone do their project locally and then they transfer it to the server. We have a folder per week of the month. I have a google sheet with all the names of the editors and the name of the project they are working on per day. At the end of the day I have to see all those projects finished in the folder of that day. You should arrange week_day. The network won't be your problem but the file management will.
So you have an IT department and not only do they "feel Macs are entirely too vulnerable to allow them on the network", but they have left you to do this?
What a pack of absolute lazy rank amateurs. You have to understand, the IT guys you are dealing with are the absolute bottom of the barrel.
As mentioned, get yourself a decent 48 port switch. A good business grade switch which is easily managed by a novice is here:
http://www.amazon.com/HP-1820-48G-Switch-J9981A-ABA/dp/B00V3YDBWQ
Last edited:
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
I'm not sure what they meant by that, but it could be that they don't want malicious students on the lab computers to be able to poke around their network, which is entirely sensible. I'm a big fan of isolating everything on the network from everything else whenever possible, even when you think they're secure.
Absolutely, but if they knew what they were doing they'd manage the network and VLAN the Macs off if they were concerned. This more sounds like OP has created more work for them, they might have to do the unthinkable (learn something new) and they just can't be arsed doing it.
SICKBOY,
Love the comment. Yes, I believe that is it. In all honesty, our IT guys are overworked, but any IT department worth anything should be able to deal with Macs and/or Windows based machines.
I do understand their concerns, but they are just acting like adding the macs will basically open the entire school network to the world - a line of thinking I can not possibly understand.
The more I think about it, the better this closed network is going to be for me. I will be much less reliant on the IT guys to do little things that they do not trust us with. Plus, I welcome the opportunity to learn about creating a network with macs. It just adds to my skill set.
Love the comment. Yes, I believe that is it. In all honesty, our IT guys are overworked, but any IT department worth anything should be able to deal with Macs and/or Windows based machines.
I do understand their concerns, but they are just acting like adding the macs will basically open the entire school network to the world - a line of thinking I can not possibly understand.
The more I think about it, the better this closed network is going to be for me. I will be much less reliant on the IT guys to do little things that they do not trust us with. Plus, I welcome the opportunity to learn about creating a network with macs. It just adds to my skill set.
On top of that, you can get internet access by using two AirPort Expresses.
Yes. You use one to connect to the basic Internet only wireless network and connect that to the other one to function as a router for the switch.
As far as I can tell neither Airports are needed.
Internet access is via the WiFi gear which the school already has in place and this is an isolated network so no need for a router
I was offering it as a recommendation to allow Internet access to the lab as the IT dirtbags are limiting OP to using the wireless network.