Upgrade Server From 2001 With No Firewall,
Tags:
- Firewalls
- Computers
- Networking
-
Business Computing
-
Servers
Last response: in Business Computing
zlawson13
July 15, 2013 4:25:07 PM
I was wanting some experts opinions on this setup, my client has 5 computers that does medical billing and coding, 6 reporting computers for that contains very sensitive information, and 10-20 tablets and ipads connected to it, what are you guys thoughts on a setup, wipe it out and start over? or just upgrade everything?
And they also want most of it wireless, with a tower server,
Thought about this firewall,
http://www.firewalls.com/firewall/sonicwall-firewall/so...
budget is 2000-4000
And they also want most of it wireless, with a tower server,
Thought about this firewall,
http://www.firewalls.com/firewall/sonicwall-firewall/so...
budget is 2000-4000
More about : upgrade server 2001 firewall
zlawson13
July 15, 2013 4:35:14 PM
Related resources
- Trying to run NAS server on a dell from 2001.... and failing miserably. - Forum
- Firewall-Error 2001 - Forum
- HELP Minecraft Server Problems- Firewall? Port Forward? - Forum
- Should Fortinet Firewall, PowerConnect Switch or Comcast Router be DHCP Server? - Forum
- Got two old computers at home. Which build should I choose for a firewall and which for a home server? - Forum
I'll work more on the server aspect in a bit when I have some more time to reply. I wanted to comment on the firewall that you were linking to. I personally use Sonicwalls and they are great devices, and you get a lot of features for the cost. However, if you've got that number of wireless clients, I would not put your wireless in the firewall. Just get a standard non-wireless Sonicwall TZ 215 or even a 205. Then, put in an enterprise-class wireless access point system using Ubiquiti UniFi access points. This will give you much more reliable, flexible wireless service and better coverage as well.
The UniFi APs have been great, I have installed them at numerous locations and they can be very nice to configure multiple VLANs and SSID networks for public and private usage. You can also manage all of your access points from a single computer and single management software piece so you don't have to individually roll out configurations to each device.
The UniFi APs have been great, I have installed them at numerous locations and they can be very nice to configure multiple VLANs and SSID networks for public and private usage. You can also manage all of your access points from a single computer and single management software piece so you don't have to individually roll out configurations to each device.
m
0
l
zlawson13
July 15, 2013 5:01:12 PM
USAFRet said:
zlawson13 said:
Yeah that is what i was thinking, what would you think option wise, i can't decide on a server,Assuming the software they use is Windows based (and it probably is), Server 2012 would be a good start. But that is just the beginning.
There billing software will only run on windows 7/xp/vista or server 2008r2 right now there using windows xp and windows 7 its all jacked up
m
0
l
Supermuncher85
July 15, 2013 5:41:24 PM
Well my2cent this will heavily depend on the current infrastructure as well. But since it's from 2001 I'd guess they are using old 100 if not 10 ethernet, switches and an upgrade there alone would be huge.
Server wise I'd personal go with HP(well I always recommend them hehe), something like the ML350p. The $2000 model comes with a single CPU (6 cores, 8gb ram) but it can be upgrade to a second one later if wanted. As always it is completely tool less design, and very easy hot-swap bays for HDDs. Apart from this guy being super camera shy (stutter voice) the video goes over it fairly well. https://www.youtube.com/watch?v=MiUF-pYDWHE
You'd probably want to up the RAM and get server 2012 essential ($400 for 25 person license & 50devices) as well as hard drives that suit your specific needs.
I've never deployed large scale wifi so someone else can probably fill you in better on that. And as always every location is different and needs different quantities of APs though as choucove said, you'll be looking at some VLANs both public and private for BYOD that they are trying to implement.
Edit: added a link to the 350 homepage http://shopping1.hp.com/is-bin/INTERSHOP.enfinity/WFS/W... HP business website is............yeah...big pile of horse shits
Server wise I'd personal go with HP(well I always recommend them hehe), something like the ML350p. The $2000 model comes with a single CPU (6 cores, 8gb ram) but it can be upgrade to a second one later if wanted. As always it is completely tool less design, and very easy hot-swap bays for HDDs. Apart from this guy being super camera shy (stutter voice) the video goes over it fairly well. https://www.youtube.com/watch?v=MiUF-pYDWHE
You'd probably want to up the RAM and get server 2012 essential ($400 for 25 person license & 50devices) as well as hard drives that suit your specific needs.
I've never deployed large scale wifi so someone else can probably fill you in better on that. And as always every location is different and needs different quantities of APs though as choucove said, you'll be looking at some VLANs both public and private for BYOD that they are trying to implement.
Edit: added a link to the 350 homepage http://shopping1.hp.com/is-bin/INTERSHOP.enfinity/WFS/W... HP business website is............yeah...big pile of horse shits
m
0
l
zlawson13
July 15, 2013 6:44:48 PM
Supermuncher85
July 15, 2013 7:15:28 PM
Yeah but just beware, thick walls =/= easier with wifi, far from it. Deploying it EVERYWHERE might become a total nightmare. I've been there for 3 stories of reinforced concrete. Thank god they had the Ethernet cables already done before I joined. I still had to upgrade the existing switches, and add a few for hardwired stuff like VOIP and video conferencing, the router they had, and install the APs for the wifi per level obviously. Thankfully SSID hopping worked out of the gate without fault, with devices switching to new APs on the fly as they should.
Regardless you should do an complete layout of the mess they have (yes I've spent my weekend doing nothing but labeling cables, who hasn't). End of the day someone has to sort that patch panel mess out. Do it right the first time and you will thank yourself later. Also a good point for when doing the cost analysis, since you are preparing three different options for the client right?
The reason I say don't disregard the Ethernet is if they want backups per user machine, your going to bog down that wifi, even N, real fast especially if they have legacy tablets with older wifi chips. Unless you get an AP with dual wifi chips and then VLAN that off to make sure that the desktops always get maximum performance vs. the tablets or other legacy devices that might slow down the network. Otherwise you need to create a backup solution that works outside the normal work hours (if it's 24/7 operation that will be difficult, otherwise batch and WOL is your friend).
But again these are things you have to consider now before deploying anything. Hope I'm not mumbeling your ear off, I'm trying to do a VPN gateway right now myself and need something to get my mind off for a few minutes
Regardless you should do an complete layout of the mess they have (yes I've spent my weekend doing nothing but labeling cables, who hasn't). End of the day someone has to sort that patch panel mess out. Do it right the first time and you will thank yourself later. Also a good point for when doing the cost analysis, since you are preparing three different options for the client right?
The reason I say don't disregard the Ethernet is if they want backups per user machine, your going to bog down that wifi, even N, real fast especially if they have legacy tablets with older wifi chips. Unless you get an AP with dual wifi chips and then VLAN that off to make sure that the desktops always get maximum performance vs. the tablets or other legacy devices that might slow down the network. Otherwise you need to create a backup solution that works outside the normal work hours (if it's 24/7 operation that will be difficult, otherwise batch and WOL is your friend).
But again these are things you have to consider now before deploying anything. Hope I'm not mumbeling your ear off, I'm trying to do a VPN gateway right now myself and need something to get my mind off for a few minutes
m
0
l
Best solution
Given the age of the network infrastructure currently, start from scratch. You're going to have a much better experience starting from scratch than trying to upgrade already antique equipment, and only getting half of it working right that way. It's going to cost to do an upgrade like this. The original budget of $2000 - $4000 is about half of what you need to even accomplish a properly secured and stable network infrastructure and server architecture. But it is the absolute heart of the business. Put it in the ways of risk management: If they can't afford the $5,000 - $10,000 it's gonna take to get things working right and secured properly, how are they gonna afford $250,000 to $millions in fines for having confidential patient records or even confidential employee records exposed? Suddenly $10,000 looks pretty appeasing! Still, I know it's not easy, but it MUST be done. I don't know what country that you are in, but in the US if a state health department inspector came in and saw the state of this network, the clinic would be closed immediately and there would be hundreds of thousands of dollars in possible fines!
So lets start with the network. A good solid firewall appliance that is easy to maintain is going to give you great results. Something that isn't too complicated but offers a log of flexible options and ideally can accommodate multiple networks or VLANs. The Sonicwall TZ 215 that you linked to is a great firewall, and you can get additional services in the future with these if you like, such as Content Filtering, Client-side antivirus protection, and dynamic support packages. However, as I stated before, I would not go with the wireless-integrated unit. Segment this out to enterprise wireless access points, which work in conjunction with the router. First off, Sonicwall's wireless system is just, well, strange. I bought a Sonicwall WAP to set up with a new Sonicwall TZ 105 and even though the wireless worked I had TONS of problems with it. Since then I've used enGenius and Ubiquiti products and I have to say I really have a love of the Ubiquiti offerings and cost. They have indoor standard 2.4 Ghz and long range 2.4 Ghz wireless AP for as little as $120 and their range coverage is excellent! These units are all Power over Ethernet (PoE) capable, which means you don't have to worry about locating the unit somewhere near a plugin. The units have a PoE injector that allows power to go over the ethernet cable, so you just plug in the one Cat5/6 cable and you are running the power and data. There is a very handy configuration utility you can use to connect to and configure all of your WAP. The other nice thing is you can broadcast multiple SSID wireless networks from each WAP, placing them in separate VLANs, and give you a secure separation of private networks with confidential records and public networks for staff or customers to use if necessary.
Also, you'll probably want to see what your network switches are. What speed, what brand, what port density? These may need to be upgraded as well, but fortunately there are some very wonderful low cost high performance switches now. I prefer the HP 1810 series of switches because they have the best features and longevity at the lowest cost. These come in many different configurations from 8 port to 48 port, 10/100 and gigabit capable. If you might possibly be considering going to VOIP for your phone communications in the future as well, then you may now consider putting in PoE capable switches, as it makes it much cheaper to upgrade switches once then having to buy new ones now and then a year or two down the road buying again that are PoE capable.
Now, let's move on to the server. Your server is a pretty critical element, and it's one of the areas I tend to see people skimp on only to run into not having enough space or performance for their needs a year or two down the road. Save yourself the hassle and the money, and invest wisely to begin with! You want a server that is going to grow with your business needs (and trust me, they will continue growing once you have the capabilities to grow in place!) As Supermuncher85 suggested, I prefer the HP ProLiant servers. If you have a place that you can start setting up a rackmount system, then good, do it! However, I know this isn't always an option, and you can look into a pedistal server. The ML350p G8 would be a good fit because it gives you a decently powerful starting place to run basic network services such as a domain controller, print server, and file sharing services. However, it also has the capabilities of really expanding to fit greater demands as you need into the future. Many of the ML350p G8 Smart Buy servers come configured with a hardware RAID controller with cache and flash backed cache which is a huge benefit in data performance and reliability in RAID arrays for your business data.
Here's where I'd make a different suggestion than above though. Purchase Server 2012 Standard instead of Essentials. This gives you the option to virtualize, and isn't limited by the number of users and devices. Server 2012 Standard is more expensive, but the ability to virtualize your workload alone is worth the additional cost. Virtualization in Hyper-V allows you to create multiple virtual machines to run your services that are completely independent of the underlying hardware. What this means is if your physical server completely dies, you can move the VHD files that make up your virtual machines to another server or even another computer running Windows 8 Professional, start them up again in Hyper-V, and you're back up and going again like nothing happened. It cuts your down time and recovery process from days or weeks to possibly minutes or hours. It can also help facilitate backing up your systems (you just copy a single VHD file and you have backed up your entire server and data) and migrating data in the event that you need to replace or upgrade hardware. Since the virtual machine really doesn't rely on the underlying hardware, you can move the VM to a different server with completely different hardware and you won't have to worry about reinstalling all your OS, drivers, and applications all over again.
A single license of Server 2012 Standard can run two virtual machines on that same license. This can be done nicely on a single six-core processor (with hyper threading) and 8 GB of RAM, though you will probably want to add in some more RAM for good performance and expandability. The amount of data space you will need is going to be hard for us to determine because we don't know what kind of data storage you are currently using. I'd recommend setting up two identical high-performance SAS drives in RAID 1 for your host OS and running your primary VMs, and then a second set of high-capacity hard drives in RAID 1, or four identical drives in RAID 10 if you really need the performance and large amounts of storage space, and passing that directly through to your storage or domain server virtual machine.
In the end, my big recommendation is going to be contacting the experts for some real hands-on consulting. If nothing else, contact to Dell or HP and speak with their server, storage, and network experts about the project and see what they recommend for you. If you have a business local that would be willing to help you with a walkthrough and consulting, it may be worth it to get their input and opinions if you aren't quite sure what you need and how to get it all going. Having something put together right the first time can cost a LOT less than having to go and try to fix continual issues from not having it put together right the first time.
So lets start with the network. A good solid firewall appliance that is easy to maintain is going to give you great results. Something that isn't too complicated but offers a log of flexible options and ideally can accommodate multiple networks or VLANs. The Sonicwall TZ 215 that you linked to is a great firewall, and you can get additional services in the future with these if you like, such as Content Filtering, Client-side antivirus protection, and dynamic support packages. However, as I stated before, I would not go with the wireless-integrated unit. Segment this out to enterprise wireless access points, which work in conjunction with the router. First off, Sonicwall's wireless system is just, well, strange. I bought a Sonicwall WAP to set up with a new Sonicwall TZ 105 and even though the wireless worked I had TONS of problems with it. Since then I've used enGenius and Ubiquiti products and I have to say I really have a love of the Ubiquiti offerings and cost. They have indoor standard 2.4 Ghz and long range 2.4 Ghz wireless AP for as little as $120 and their range coverage is excellent! These units are all Power over Ethernet (PoE) capable, which means you don't have to worry about locating the unit somewhere near a plugin. The units have a PoE injector that allows power to go over the ethernet cable, so you just plug in the one Cat5/6 cable and you are running the power and data. There is a very handy configuration utility you can use to connect to and configure all of your WAP. The other nice thing is you can broadcast multiple SSID wireless networks from each WAP, placing them in separate VLANs, and give you a secure separation of private networks with confidential records and public networks for staff or customers to use if necessary.
Also, you'll probably want to see what your network switches are. What speed, what brand, what port density? These may need to be upgraded as well, but fortunately there are some very wonderful low cost high performance switches now. I prefer the HP 1810 series of switches because they have the best features and longevity at the lowest cost. These come in many different configurations from 8 port to 48 port, 10/100 and gigabit capable. If you might possibly be considering going to VOIP for your phone communications in the future as well, then you may now consider putting in PoE capable switches, as it makes it much cheaper to upgrade switches once then having to buy new ones now and then a year or two down the road buying again that are PoE capable.
Now, let's move on to the server. Your server is a pretty critical element, and it's one of the areas I tend to see people skimp on only to run into not having enough space or performance for their needs a year or two down the road. Save yourself the hassle and the money, and invest wisely to begin with! You want a server that is going to grow with your business needs (and trust me, they will continue growing once you have the capabilities to grow in place!) As Supermuncher85 suggested, I prefer the HP ProLiant servers. If you have a place that you can start setting up a rackmount system, then good, do it! However, I know this isn't always an option, and you can look into a pedistal server. The ML350p G8 would be a good fit because it gives you a decently powerful starting place to run basic network services such as a domain controller, print server, and file sharing services. However, it also has the capabilities of really expanding to fit greater demands as you need into the future. Many of the ML350p G8 Smart Buy servers come configured with a hardware RAID controller with cache and flash backed cache which is a huge benefit in data performance and reliability in RAID arrays for your business data.
Here's where I'd make a different suggestion than above though. Purchase Server 2012 Standard instead of Essentials. This gives you the option to virtualize, and isn't limited by the number of users and devices. Server 2012 Standard is more expensive, but the ability to virtualize your workload alone is worth the additional cost. Virtualization in Hyper-V allows you to create multiple virtual machines to run your services that are completely independent of the underlying hardware. What this means is if your physical server completely dies, you can move the VHD files that make up your virtual machines to another server or even another computer running Windows 8 Professional, start them up again in Hyper-V, and you're back up and going again like nothing happened. It cuts your down time and recovery process from days or weeks to possibly minutes or hours. It can also help facilitate backing up your systems (you just copy a single VHD file and you have backed up your entire server and data) and migrating data in the event that you need to replace or upgrade hardware. Since the virtual machine really doesn't rely on the underlying hardware, you can move the VM to a different server with completely different hardware and you won't have to worry about reinstalling all your OS, drivers, and applications all over again.
A single license of Server 2012 Standard can run two virtual machines on that same license. This can be done nicely on a single six-core processor (with hyper threading) and 8 GB of RAM, though you will probably want to add in some more RAM for good performance and expandability. The amount of data space you will need is going to be hard for us to determine because we don't know what kind of data storage you are currently using. I'd recommend setting up two identical high-performance SAS drives in RAID 1 for your host OS and running your primary VMs, and then a second set of high-capacity hard drives in RAID 1, or four identical drives in RAID 10 if you really need the performance and large amounts of storage space, and passing that directly through to your storage or domain server virtual machine.
In the end, my big recommendation is going to be contacting the experts for some real hands-on consulting. If nothing else, contact to Dell or HP and speak with their server, storage, and network experts about the project and see what they recommend for you. If you have a business local that would be willing to help you with a walkthrough and consulting, it may be worth it to get their input and opinions if you aren't quite sure what you need and how to get it all going. Having something put together right the first time can cost a LOT less than having to go and try to fix continual issues from not having it put together right the first time.
Share
zlawson13
July 15, 2013 8:17:35 PM
Yeah i agree, i have did mid range servers before, but nothing this major, i'm going to go in tomorrow, and outline what they currently have setup and draw a picture, i may even upload it here for you guys to take a look at, the only issue with 2012 is that there billing program does not support that, along with there goofy reporting software, it is terrible i know, but the billing computers do support 2008r2, but not so much on the reporting software, have to have windows xp/v/7/8... that is part of my issue as well.
m
0
l
zlawson13 said:
Yeah i agree, i have did mid range servers before, but nothing this major, i'm going to go in tomorrow, and outline what they currently have setup and draw a picture, i may even upload it here for you guys to take a look at, the only issue with 2012 is that there billing program does not support that, along with there goofy reporting software, it is terrible i know, but the billing computers do support 2008r2, but not so much on the reporting software, have to have windows xp/v/7/8... that is part of my issue as well.If a particular bit of software requires a specific level of OS, and will not run elsewhere, virtualize that OS and run it. But with Server 2012 as the base.
m
0
l
USAFRet said:
zlawson13 said:
Yeah i agree, i have did mid range servers before, but nothing this major, i'm going to go in tomorrow, and outline what they currently have setup and draw a picture, i may even upload it here for you guys to take a look at, the only issue with 2012 is that there billing program does not support that, along with there goofy reporting software, it is terrible i know, but the billing computers do support 2008r2, but not so much on the reporting software, have to have windows xp/v/7/8... that is part of my issue as well.If a particular bit of software requires a specific level of OS, and will not run elsewhere, virtualize that OS and run it. But with Server 2012 as the base.
This is one of the other great benefits of using virtualization. I prefer to use Server 2012 anymore because it is the latest supported OS and has some great new features for virtualization and file storage, but Server 2008 R2 Standard will work just as well. The difference is that Server 2008 R2 Standard licenses only a single VM instance with that same license, so it can be more expensive than Server 2012 Standard if you need to run multiple VMS which, given your network and your workload, is most likely going to be the situation.
The nice thing with running a virtualization platform as well is you can install Server 2012 on the physical host computer, and then create a VM running Windows XP or Windows 7 if you have a particular piece of software that HAS to be run from there. You can then set up network share access or remote desktop if necessary. You may need to consider setting up a Remote Desktop Session Host server (formerly terminal server) if you need to allow remote desktop access to multiple simultaneous users, however.
All in all, this is a pretty big undertaking, and it's going to be hard for us on the outside to really give you good recommendations on specifics such as processing power or storage needs for your server because simply we don't know the software demands, requirements, or compatibilities. We don't know how you want to use your network, your server, or your planned upgrades into the future. This is ultimately why I recommend consulting with a local expert if you can to get some better information together. If I were in your area I'd love to assist you, as this is the kind of project that I find really exciting! Best of luck, and please feel free to let me - and the rest of us here - know if you have any questions or need any help!
m
0
l
zlawson13
July 16, 2013 6:20:01 PM
I've personally had great luck with the HP ProCurve switches. Honestly I haven't tried a whole bunch of different brands for the higher priced switches, but I have seen several ones that just didn't last compared to the HP ProCurve. These seem to have a great reputation around for having the best features at the lowest cost. If you're not an expert with networking, then the HP 1810 series is pretty great because you can still do a wide variety of management features (such as VLAN and link aggregation) all in an easy to manage web GUI. If you've got the money and want the absolute best you can go with Cisco, but for the type of network you are looking at I think your best economic use of budget would be towards HP ProCurve switches.
m
0
l
kanewolf
July 17, 2013 8:27:26 AM
@choucove suggested the ML350p (an HP product) -- sticking with his recommendation of ProCurve switch(es) minimized the number of vendors and support contracts to be dealt with. If you chose DELL as your server vendor, you could use DELL managed layer 2 or layer 3 switches. You want at least a web-GUI, managed layer 2 switch for your "core" switch.
m
0
l
Related resources
- We inherited several firewall, server, router components... Forum
- how windows 7 firewall can use in server Forum
- how do ca i use proxy server without firewall Forum
- SolvedWhat memory do I need to upgrade my Dell PowerEdge T100 Server? Forum
- Network/Server/Firewall issue Forum
- Recommend a firewall for a personal mail server Forum
- Server or Hardware Firewall? Forum
- SolvedBudget Personal Home Server upgrade/build Forum
- SolvedFirewall Preferences Not Saving After OS 10.6.6 Upgrade Forum
- Solvedin windows server 2008 i upgrade ram to 8 gb but it showing only 4 gb Forum
- SolvedNeed Advice for Server Upgrade Forum
- XP firewall stopping my ftp server Forum
- Connection lost to server after 30-45 sec while firewall on Forum
- SolvedUpgrading the ram can increase the speed for the shared folders in server ? Forum
- Free firewall for windows server 2003 standard edition Forum
- More resources
Read discussions in other Business Computing categories
!