This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Domain Server or Vlan or is it a combination of all and many others
« on: May 04, 2016, 03:01:34 pm »
All,
Could you please advise the best way tackling the issue we have best way, currently I am planning to setup a network for different application within a small user environment.
The network will consist of 6 different applications, these are
a) Normal Domain controller users with Printers and file sharing facility. (IP address range will be
10.10.x.x/16 )
b) VoIP system for the above users currently there is a PBX box which servers all Telephone routing, so
the users only need an IP to be issued from the above server different to PC applications, all connection
it requires will only be outside facing Internet communication with pre-defined open ports for VoIP
communications. (IP address range will be 10.20.x.x/16 )
c) Media Centre, this will have access to server dependant on the type of machine which is connected to
the server, if the machine which is connected to the system is like TV then the server will only assign it
with IP address, if in other hand the machine which is connected is PC type then it will be assigned
network share folder drive. (IP address range will be 10.30.x.x/16 )
d) CCTV system, this will be connected to the same system, again like the VoIP it will be assigned with
different IP address to any other system, the assignment of this will only have access to the outside
Internet only and will not be allowed to see any internal network systems. (IP address range will be
10.40.x.x/16 )
e) Closed system for application and systems where internet access not provided and not required, this
access will allow any machine or user connected to this will only be assigned an internal IP address
where they will not be able to see any of the outside world, at the same time they will not be assigned
any shared drive also. (IP address range will be 10.50.x.x/16 )
f) Dirty system, this as the name suggest it will used for any guest wanting access to Internet for
temporary bases, they will be put outside the firewall facing the public. (IP address range will be
10.60.x.x/16 )
g) The last point in this setup will be, none of the above should be able to cross talk, e.g any equipment
which is connected VoIP LAN must not see CCTV, Closed, Normal DC or Dirty IP address or PING to it.
Now there are many suggestions I was considering based on the above brief,
1) The 1st solution I had in mind was to create every IP address with in the firewall and serve it in VLan
arrangements Layer 2 switch, this will cut down the number of servers it is required to run and
manage. This is similar to the old ISA and Domain server arrangement in old Windows 2008 R2, as
currently Microsoft is no longer providing ISA server any longer hence the above arrangement.
2) If the above route is considered or taken, then LDAP and other certificates will be required to manage
users and machines access and egress by synchronizing it with the firewall system. Thus this will lead
us to have one Domain Controller server to manage and maintain.
3) The other option would be to have a number of servers within Primary Domain Controller (PDC) and
add as many tree or child server to generate and manage all areas apart from Normal Domain as this
will be server by the PDC, the others we mean by such as CCTV, HiFi etc… will be managed by their
allocated child server.
4) I am sure there are more than one way to skin the cat, if anyone can think even a better way than
what I have listed, I am open for any suggestions.
Once again many thanks for all your comments in advance.
Could you please advise the best way tackling the issue we have best way, currently I am planning to setup a network for different application within a small user environment.
The network will consist of 6 different applications, these are
a) Normal Domain controller users with Printers and file sharing facility. (IP address range will be
10.10.x.x/16 )
b) VoIP system for the above users currently there is a PBX box which servers all Telephone routing, so
the users only need an IP to be issued from the above server different to PC applications, all connection
it requires will only be outside facing Internet communication with pre-defined open ports for VoIP
communications. (IP address range will be 10.20.x.x/16 )
c) Media Centre, this will have access to server dependant on the type of machine which is connected to
the server, if the machine which is connected to the system is like TV then the server will only assign it
with IP address, if in other hand the machine which is connected is PC type then it will be assigned
network share folder drive. (IP address range will be 10.30.x.x/16 )
d) CCTV system, this will be connected to the same system, again like the VoIP it will be assigned with
different IP address to any other system, the assignment of this will only have access to the outside
Internet only and will not be allowed to see any internal network systems. (IP address range will be
10.40.x.x/16 )
e) Closed system for application and systems where internet access not provided and not required, this
access will allow any machine or user connected to this will only be assigned an internal IP address
where they will not be able to see any of the outside world, at the same time they will not be assigned
any shared drive also. (IP address range will be 10.50.x.x/16 )
f) Dirty system, this as the name suggest it will used for any guest wanting access to Internet for
temporary bases, they will be put outside the firewall facing the public. (IP address range will be
10.60.x.x/16 )
g) The last point in this setup will be, none of the above should be able to cross talk, e.g any equipment
which is connected VoIP LAN must not see CCTV, Closed, Normal DC or Dirty IP address or PING to it.
Now there are many suggestions I was considering based on the above brief,
1) The 1st solution I had in mind was to create every IP address with in the firewall and serve it in VLan
arrangements Layer 2 switch, this will cut down the number of servers it is required to run and
manage. This is similar to the old ISA and Domain server arrangement in old Windows 2008 R2, as
currently Microsoft is no longer providing ISA server any longer hence the above arrangement.
2) If the above route is considered or taken, then LDAP and other certificates will be required to manage
users and machines access and egress by synchronizing it with the firewall system. Thus this will lead
us to have one Domain Controller server to manage and maintain.
3) The other option would be to have a number of servers within Primary Domain Controller (PDC) and
add as many tree or child server to generate and manage all areas apart from Normal Domain as this
will be server by the PDC, the others we mean by such as CCTV, HiFi etc… will be managed by their
allocated child server.
4) I am sure there are more than one way to skin the cat, if anyone can think even a better way than
what I have listed, I am open for any suggestions.
Once again many thanks for all your comments in advance.
2
Installation and Upgrades / Domain Controller and File Server Step by Step Guide Start to Finish
« on: March 29, 2016, 12:39:03 pm »
This is the 1st time on this forum, I hope I am not asking the same question, it has been asked in the past.
I was wandering if you can help me solve one of the big problem I had. Currently I would like to create a DC server for users within my home, I would also like the same server to act like as a File server to all users. So based on this basic principle, what I hope to achieve is this;
1) Every user will have to join the DC in-order to login, once that is done they will be automatically mapped with H drive as their Home Drive and one other Public Drive this can be P drive.
2) When user B logged he/she will see this/her drive and the public drive only, a user should not see other users home drive at all.
3) The DC should also generate 4 independent IP address for different purpose, these are as follows;
a) 10.10.0.1 - 10.10.255.254 ( 255.255.0.0) any computer and users connected to this IP will have Full DC service as
described above.
b) 20.20.0.1 - 20.20.255.254 ( 255.255.0.0) all Machines connected to this IP address will have access to Internet traffic, no access to DC
privilege.
c) 30.30.0.1 - 30.30.255.254 ( 255.255.0.0) any Machine or User connected to this IP will have a limited services, like if they are users they will
be asked to sign to through DC if it is machine then I will have to create the account based on their MAC address in the system to be given
access but will not have any home or public drive at all. This is eventually will be joined with Media Server where all Films and music will be
served to users.
d) 40.40.0.1 - 40.40.255.254 ( 255.255.0.0) anyone who is connected to this IP will not have any access to Internet or DC services, this is a
closed internal only IP.
4) All this I would like it to be done using Linux, for cost saving.
5) All new users and Machine accounts will be created and managed using GUI interface for easy management.
6) The last point would be, the DC and File Server will be presented within VMware platform, where there is a firewall at the start in one end and Layer 2 Switch in the output end.
Please let me know if this is something you can help
I was wandering if you can help me solve one of the big problem I had. Currently I would like to create a DC server for users within my home, I would also like the same server to act like as a File server to all users. So based on this basic principle, what I hope to achieve is this;
1) Every user will have to join the DC in-order to login, once that is done they will be automatically mapped with H drive as their Home Drive and one other Public Drive this can be P drive.
2) When user B logged he/she will see this/her drive and the public drive only, a user should not see other users home drive at all.
3) The DC should also generate 4 independent IP address for different purpose, these are as follows;
a) 10.10.0.1 - 10.10.255.254 ( 255.255.0.0) any computer and users connected to this IP will have Full DC service as
described above.
b) 20.20.0.1 - 20.20.255.254 ( 255.255.0.0) all Machines connected to this IP address will have access to Internet traffic, no access to DC
privilege.
c) 30.30.0.1 - 30.30.255.254 ( 255.255.0.0) any Machine or User connected to this IP will have a limited services, like if they are users they will
be asked to sign to through DC if it is machine then I will have to create the account based on their MAC address in the system to be given
access but will not have any home or public drive at all. This is eventually will be joined with Media Server where all Films and music will be
served to users.
d) 40.40.0.1 - 40.40.255.254 ( 255.255.0.0) anyone who is connected to this IP will not have any access to Internet or DC services, this is a
closed internal only IP.
4) All this I would like it to be done using Linux, for cost saving.
5) All new users and Machine accounts will be created and managed using GUI interface for easy management.
6) The last point would be, the DC and File Server will be presented within VMware platform, where there is a firewall at the start in one end and Layer 2 Switch in the output end.
Please let me know if this is something you can help
Pages: [1]