Server and network setup for a small private school

networking storage filter g-suite

I work for a school of similar size. My recommendation:

Focus on the network infrastructure as the first priority. Get beyond consumer level switches and internet access by implementing say, a Cisco ASA 5505 firewall combined with a Squid web proxy to do edge and http filtering and VPN connectivity.

An ASA 5505 is probably less than 500$ with a support contract, and Squid is open source, you have to build it on a decent machine but you can use it with Cisco's wccp protocol, which redirects http requests to the proxy for approval, but if the proxy machine dies, the system "fails open", meaning access is still allowed. )

Connect that to a main backbone switch. I recommend say a Cisco 2960 48 port switch. Get any other random switches and the wireless ap's plugged back into it. This type of managed switch will prevent switching loops and gives extensive monitoring capabilities if there are problem, as well as providing security mechanisms.

Yes Cisco gear is expensive and can be intimidating to set up when you are new to it, but it is solid, feature rich, and conforms to every network protocol out there. It can be the foundation of resilient networking.

I'm guessing the wireless network is shabby and performance sucks. Run around with netstumbler and see what is interfering and how the wireless range is. Be sure to configure the radios to use non overlapping frequency of channels 1, 6, or 11.

Server? A modest Dell or HP rack server for $4K or $5K with Windows 2008 R2 will work fine. You can use it for user and group management, group policies, print serving, file serving. Get as much RAM and the fastest hard drives you can afford. Sure *nix based systems will work too. Supporting it in the future if you aren't around might be trickier than finding a MS admin.

I'd virtualize that server on a VMWare ESXi install, and size the physical server so I can add another guest machine.

Don't forget to plan for power supply, UPS, and heat mitigation in equipment areas. Enterprise grade gear gets hot fast and uses plenty of power.

No reason to not use both local file storage, and Google Docs, if they want. Let the users needs drive their particular situation.

Antivirus? Probably something that's managed in the cloud, or not managed at all, like MSE? Maintaining a Symantec or Sophos enterprise install is a pain in the ass and licensing is hugely expensive. Give them MSE, take away admin priviliges from their user accounts on their local pc, and call it mitigated. Without admin rights they'll have to try a lot harder to get infected.

Trick here is budget I'm sure. Convincing management that IT is important infrastructure that will break fast and catastrophically if not done correctly is key.


Network backbone is going to make or break this, lay ethernet to all rooms, the wifi will be a mess and basically unusable with a lot of traffic on it.

These would all need strongly filtered internet access,

Some firewalls come with content filtering, but that costs $$$, haven't had much experience outside of that but is typically your best bet (especially for a school). This is probably the last thing I'd cut considering a school can get into big trouble involving kids and access to the net (plus you don't want kids killing the DSL line).

data storage,

Any computer with shared storage will do, maybe even a NAS for cheap, Linux based boxes can get you far.

security,

AD is pretty much required for this, again, $$$. I've heard of people getting by with OpenLDAP, but good luck implementing the security you need (GPOs) to keep kids from breaking everything.

printer access,

Print server with CUPS is cheap and awesome.

backups,

Removeable hard drive is your budget option, buy a few, rotate them offsite.

and I'm sure they'd eventually want VPN's.

If you have an AD server that's easy, any firewall that filters content should have VPN support too.

Biggest things you're looking for is: Network infrastructure, Active Directory, and content filtering firewall I would say. We use a Cisco firewall (ASAs), they're nice but kind of pricey, maybe someone can recommend something cheaper.

I'd say:

  1. Start with infrastructure, ethernet backbone, get the classrooms wired (get bulk cable from Geeks.com or something).
  2. Get a content filtering firewall.
  3. Kids can use computers at this point, but lock them down with local policies and keep ghost handy, you'll have to reimage a lot.
  4. Active Directory as soon as you have the budget.

Some ideas to get the ball rolling, a lot of this has to do with how much you have for a budget, we kind of need numbers to get into software and hardware to purchase.

Related

Proof that hibernating the server over the weekend is not a good practice
multiple internet connection at office
How to allow some (non-admin) users to edit address/phone properties for all AD users?
What's faster for copying files from one drive to another? [closed]
How can I run command and select core to be used
LPR command won't recognize CUPS printer
Local and remote servers with different Linux distros?
MySQL Error: Too many connections
Do i need swap memory on my CentOS vps?
Ubuntu, How do I see a log of logins made?
Bash script exit on error (set -e) closes putty SSH session
Script to restart server when no user is remotely connected