The right network – IT structures for planning offices

Setting up a few computers, installing programs and establishing a peer-to-peer1 network is quickly done; but when an office expands, problems often arise: safeguarding data and internet access, viruses and other matters. This article is meant to help readers understand the various components of such systems, therefore.

Servers have the function of providing access to files and data (file server) and to printing facilities (printing server). They protect data (back-up server) and act as a central control shield against viruses. In addition, servers provide a databank service (SQL server) and afford access to the web and e-mail.

In a larger network, these tasks can be distributed over a number of servers, which helps to improve the performance. Since nothing functions in the network without a server, care must be taken to ensure its operation at all times and to allow a certain fault tolerance. That is one reason for not buying computers from the next best supermarket. Brand goods are distinguished by a number of different features:

• they are easier to maintain;
• ideally they should contain two independent power-supply units;
• they should contain a special random access memory with a facility for recognizing errors (ECC-RAM);
• they should incorporate a motherboard with the ability to anticipate hardware problems;
• they should contain a fast-functioning network circuit (gigalink); and
• there should also be a hard-disk subsystem (RAID) (redundant array of inexpensive disks).

Since hard disks are electro-mechanical components, there is a greater likelihood of failure than with purely electronic elements. RAID systems provide one form of assistance in this respect by distributing data over a number of hard disks, thereby helping to prevent losses. A RAID system consists of a controller and at least two hard disks, and it can be extended economically with SATA- disks2. For the best performance and safety, expensive SCSI systems3 should be chosen.

Every office needs an internet link. Smaller offices will manage very well with an asymmetric DSL (ADSL) with at least 1 MByte upstream and 6 MBytes downstream, and operating on a flat-rate always-on basis. Larger offices that require extended server facilities, with their own e-mail server or LAN-LAN connection per VPN7, should opt for a symmetric DSL (SDSL) with a minimum of 2 Mbytes upstream/ downstream.

Linking the office network with the public network can, in the simplest case (i.e. ADSL), be effected by means of a router with integrated firewall and network address translation (NAT). With a proper configuration of the router, many parasites will have no access to the office network. At least the ports 135–139 in the firewall should be blocked against entry and exit. If these ports remain open, the entire data will possibly be accessible to unauthorized persons.

In the case of symmetric DSL with a fixed subnet, the router is usually supplied and configured by the provider. These routers forward all incoming packages to the internal interface unprocessed and without filtering or NAT. Here, too, a separate downstream firewall or security appliance is essential. More and more companies offer security appliances – often with Linux-based safety systems – in the form of a black box that provides the entire security management (i.e. firewall, virus protection, content filter and intrusion detection). An update service allows the box to keep abreast of developments.

When planning the cable runs for a network, the following aspects should be taken into account: the server switch, firewall and router require a dust-free environment with an optimum temperature of 20 °C. A central, enclosed server room with a 19-inch rack providing easy access to all components is ideal. If this is not possible, a closed server cupboard with the appropriate air filters and ventilation can be installed. Even small-scale installations can cause heat loads of 800 W, which have to be removed.

Every workplace needs two network connections for the computer and telephone. New components and cables should comply with category 6, since this will be the standard for 10-Gbyte networks in the future. A twofold connection, including a switchport, costs roughly €400 per workplace.

In view of their slower speed, wireless networks (WLAN) are no substitute for cablelinked systems. In many cases, their range is less than that stated by the manufacturer, particularly in concrete structures. A WLAN can nevertheless provide a useful complement to other systems.

Printers for general use should ideally be directly linked to the network. All printers installed for working groups have this option, which makes them spatially independent of the server. The server coordinates the queue of printing orders. Printers without a network option are suitable solely for individual workplaces. Modern copying machines can also be integrated in the network and used as printers and scanners. This is particularly useful in the case of colour copying.

Nowadays, most telephone installations are based on ISDN. In the meantime, though, VoIP (voice-over IP, i.e. phoning via the PC and internet) has advanced beyond the teething stage and offers many advantages, including savings in charges, flexibility in the configuration and security for the future. For example, transparent integration of phone extensions and home workplaces with no extra costs for phone installations mean that staff and assistants can always be reached on the same extension. Other features such as waiting loops, conference connections, individual voicemail boxes, dialling per mouseclick (CTI), etc. are feasible today and at much more reasonable rates than in the past. Telephone networks can also be replaced with the services of a hosted private branch extension (PBX), an alternative that is of interest especially to smaller offices. One disasdvantage of VoIP installations, however, is that by basing data and spoken communication services on a single technology, diversity is reduced.

Only virus scanners that have been specially developed for servers and that scan every stored file in real time should be installed in a server. Virus signature files are automatically updated every night. Special attention must be paid to notebooks that are used outside the office. They require an additional local virus scanner. E-mail is a common source of virus infection, and staff should be instructed to this effect. If a firm has its own mail gateway, it should be fitted with a plug-in virus scanner.

Effective protection against spam is an important factor nowadays. Various methods can be used to filter it out. A dummy address can be set up with a freemailer for dubious contacts. The address can be changed from time to time. A genuine e-mail address should be given only to serious partners and should never be freely advertised on one’s home page on the web. Spam can be filtered out at a number of points, such as in the ISP that operates the mailboxes, in one’s own mail/ exchange server, via a security appliance, or by means of specialized online services.

To protect a system against losses, a regular process of data storage on external media is essential. This should function automatically if possible and be housed in a safe place, ideally outside the office. Most commonly, the retrieval of wrongly deleted data is required, but a complete data-security system also protects against vandalism, theft, fire, human error and technical failure. A disaster recovery plan should ensure the necessary steps for the swift instatement of an emergency system.

The practice of employing used tapes is slowly yielding to a comparatively comfortable system of storing data on more economical external hard disks. A further advantage of this is the scope it provides for synchronization, whereby only changed data are copied, thus saving time and also wear on the hard disks. One well-tried security system consists of a complete saving of data on Friday evening, with differential saving from Monday to Thursday. The complete saving should extend back over at least three months. In addition to external storage, Windows-based servers have provided for “shadow copying” since 2003. Ultimately, all office owners must decide for themselves what demands they make of their IT infrastructure and how much they wish to invest for this purpose. Only when the appliance, software and the related services are coordinated and function smoothly with each other can maximum productivity be achieved.