Announcement

Collapse
No announcement yet.

Question: network change at office i need some advice -FW-Exchange-storage-etc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question: network change at office i need some advice -FW-Exchange-storage-etc

    Hello to all

    i post this in the misc forum because its kind of mixed question and i think maybe its better to ask it in one post then make 5 posts and it get out of control...

    my target: new network infrastructure at my office and some changes.

    network today:

    adsl router (only internet gw for the company) 5mb down and a little up 25 kbs.
    1 server with fedora core6 (this is the main server) connected to the adsl router and to the network internal switch's
    this server is the FW -storage 500GB and the IIS (apache ) and dns dhcp vpn etc (in short the main server).

    so its like this:
    internet-->adsl router-->main server-->internal network.

    we also use external hosted exchange service
    most clients use outlook2003 with http connection to the exchange server and we also have linux and solaris user that use other mail clients and they also connect to the hosted exchange server. we can connect from every place.


    changes that i would like to do:

    internal domain (srv2003 r2) (1server approved)
    internal exchange2003 maybe2007(std) max50 mailboxe's (approved)
    E1 internet line (1mbit up/down or maybe 2mbit up/down) (approved)
    FW ipcop with some addons for vpn and p2p filter and QoS(freeware approved)
    backup veritas backup exec 11d with exchange agent(approved)
    faststore2 lto3 changer for 8 tapes (approved)



    ok so how do i do it good? i know that there are allot of solutions but i would like to get some feedback it could very help me not to find my self in a big problem


    so i was thinking something like this:

    internet-->E1 router-->FW with dmz-->internal network

    the ipcop fw has some addons for spam filtering and virus filtering and vpn for all users...
    so i will use it to get all the mails from the internet and route them to the exchange server

    i got only one server approved for DC and exchange
    what settings do i need on the exchange to enable both linux and windows clients to access it?

    i think RPC over HTTP?

    is it worth to fight for a second server for the exchange and not to place it on the dc? if yes y?

    so i still have the old main server... with all services on it...

    i was thinking something like this:

    fw server = FW+vpn+spam filter+virus filer+p2p filter+dmz
    1 new server = server2003 r2 DC + exchange2003/2007+dns
    old main server = storage+dhcp+IIS(apache)and some old services still there...

    and the backup drive where should i connect it? on the dc?
    if i connect it to the dc i can get trouble if a disasaster happen...
    i have some spare desktop's... maybe i should use on of them? or better the dc?


    maybe i dont have much options and i am just a little under stress because of the changes that i have to do... thank you for reading
    Last edited by yaniv; 23rd December 2006, 19:41.
    MCSE 2000 Done
    RHCE Done

  • #2
    Re: Question: network change at office i need some advice -FW-Exchange-storage-etc

    Use 2 DC/GC for internal. Install the Exchange on the strong server and connect
    the backup system to the second server.
    This isnt the recommanded design plan, but the best if you can buy only 2 servers.

    * Its dont recommanded to buy SBS edition.

    FW ipcop with some addons for vpn and p2p filter and QoS(freeware approved) -
    There is no a real "free" firewall. You will need Netscreen 25 SSG or Check
    point NGX Power UTM.

    Web site - Please host it the the ISP farm and not on the local server.
    Or, install it on the DMZ without a connections to the LAN.

    Backup - Consider to buy Legato workgroup edition.

    Mail - You can buy Exchange 2007 and enable IMAP for Linux/Solaris clients.
    You will need Win 2003 R2, one of them X64 bit.

    Antivirus - Trend suite for SMB (Office Scan + Scanmail for Exchange)

    Mail Relay - I guess that you wouldnt get a $ for it. Consider to use your ISP
    as mail relay with AV scan.

    Recommanded Hardware for DC/Exchange/File Server:


    #N/A
    1 433526-421 HP DL380G5 5320 EU Svr
    1 433522-B21 HP E5320 DL380G5 Kit
    1 397411-B21 HP 2GB FBD PC2-5300 2x1GB Kit
    7 431958-B21 HP 146GB 10K SAS 2.5 HOT PLUG HARD DRIVE
    1 264007-B21 HP Slim 8X/24X DVD-ROM Drive
    1 410570-B21 HP PCI-X/PCI-E NHP 380G5/385G2 Riser
    1 399771-B21 HP RPS 350/370/380G5/385G2 Kit
    1 263825-B21 HP iLO Advanced Pack 1-Server Lic
    1 405148-B21 HP SA P-Series 512MB SA BBWC Kit
    1 A8002A HP FC2142SR 4GB PCI-e HBA
    1 390164-B21 Slimline Ejectable Floppy drive

    Recommanded hardware for Check Point firewall/Mail relay:

    1 433527-421 HP DL380G5 e5310 EU Svr
    1 437943-B21 HP E5310 DL380G5 Kit
    2 397411-B21 HP 2GB FBD PC2-5300 2x1GB Kit
    3 375861-B21 HP 72GB 10K SAS 2.5 Hot Plug Hard Drive
    1 264007-B21 HP Slim 8X/24X DVD-ROM Drive
    1 410570-B21 HP PCI-X/PCI-E NHP 380G5/385G2 Riser
    2 391661-B21 HP NC340T PCI-X 4Pt Gigabit Svr Adapter
    1 399771-B21 HP RPS 350/370/380G5/385G2 Kit
    1 263825-B21 HP iLO Advanced Pack 1-Server Lic
    1 351580-B21 128mb bbwc for e200
    1 390164-B21 Slimline Ejectable Floppy drive
    Last edited by yuval14; 25th December 2006, 23:49.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Question: network change at office i need some advice -FW-Exchange-storage-etc

      yuval14


      thanks for your respond.


      Use 2 DC/GC for internal. Install the Exchange on the strong server and connect
      the backup system to the second server.
      This isnt the recommanded design plan, but the best if you can buy only 2 servers.
      1 server = DCand GC (global catalog you mean?) 2003 R2 32bit cpu
      1 server = srv2003 R2 64bit on 64bit hardware with exchange2007std (member server?)

      and the backup connected to the first server... the 32bit?

      FW ipcop with some addons for vpn and p2p filter and QoS(freeware approved) -
      There is no a real "free" firewall. You will need Netscreen 25 SSG or Check
      point NGX Power UTM.
      i got some quotes for checkpoint and another firewall but the prices are to high...
      starts at 6k $ with some basic modules that we need like VPN...

      so i have to stay at the moment with ipcop... where the modules VPN and QoS and P2P filters... are free at no charge...
      sure i would prefer some brand name like checkpoint... but i got no approval for it.

      Web site - Please host it the the ISP farm and not on the local server.
      Or, install it on the DMZ without a connections to the LAN.
      it will be in the DMZ from ipcop


      Backup - Consider to buy Legato workgroup edition.
      we closed a deal and purchased allot of hardware for our developers... and a new backup tape... the faststore2 and we got the backupexec11d with exchange agent in the deal at no extra charge...

      Mail - You can buy Exchange 2007 and enable MAPI for Linux/Solaris clients.
      You will need Win 2003 R2, one of them X64 bit.
      it will be on the second server... hopefully
      and what do i have to do to make it work from outside... with out vpn?

      Mail Relay - I guess that you wouldnt get a $ for it. Consider to use your ISP
      as mail relay with AV scan.
      ill ask our ISP about prices for it... and in addition ill route the mail first to the FW that also has spam and virus scan... and so i dont need to buy extra software for it... after reading allot about this... do i have to make the exchange certificate (ssl)with the FQDN from the FW to work? i will buy a cert at godaddy... very cheap 20$ for 2 years... i hope its ok to post it here...

      Recommanded Hardware for DC/Exchange/File Server:
      oh i got old servers that we have here... (not sooo old 2 month)

      tyan servers with 2GB memory ill got already one with opteron CPU i will add a qlogic raid card... and but 2 HDD's with 80GB for the DC and the backup...

      and ill try to get another tyan with 64bit and 2GB mem for the exchange server


      thank you yuval
      MCSE 2000 Done
      RHCE Done

      Comment

      Working...
      X