Office network setup

[Matwagem]

Hi everyone,

 

I'm not sure whether this is the right forum, or whether LTT even deals with these kinds of questions, but I'll give it a shot nevertheless.
A dear friend asked me whether I could help out regarding IT jobs and Networking solutions in his office, but the network is slightly more advanced than I'm used to.
The previous owner of the building left 36 connections pressed into 2 patch panels (unlabelled and just lying on the floor right now).
Our ISP has installed a modem and a below average performing router which will need to be replaced.

 

The office is the size of a modest house and contains 3 floors (bottom, first, second) (if needed I can acquire specific measurements). My aim is to make sure every nook and cranny has

sufficient wireless speed. The line going into the office right now supports 100mbps down and approx. 10mbps up. 
The network will need to include some sort of file system or server in which files can be stored and/or archived as the company is a real estate agency (pictures, video etc.).

The owner has also requested that there is some sort of (IP) CCTV available throughout the office (approx. 4/6 cameras).

 

My question for you all is, what equipment would you recommend, and how would you suggest I set up this network?
Since the company is only a startup the budget is not too big, however he prefers paying more for quality than having to replace equipment only a couple of months down the line.

I know I would be able to put together a decent network myself, but I was hoping that by asking for help on this forum I'll be able to put together something which will be much better than "decent".

 

Thanks

 

[MariusJS]

Go with something good and easy!

 

Start with a mikrotik or ubiquiti router, then add a 48 port switch!

 

Do 5+ AC access points.

 

For the IPCAM you have lots of options, but ubiquiti has some that are ok, and "cheap"

 

You could do all the manual labor and see what node is connected to what wall point, or just hook them all up...

 

To get a specific recommendation you would need a budget.

 

But anyways, this is perfect for a small business setup, and quite easy to manage!

[Blake]

-snip-

First thing you need is a cable tester, and a label printer. connect one end of the cable test to the endpoint at the users desk and then find which cable it is near the patch panel, then label both the ports with the same number. Make sure everything is documented.

 

2nd thing to do is to hook up the router, i'd say a Cisco/HP (Hp is basically Cisco, without the massive mark-up) would be best, but you need to know how to use a CLI, which if you don't just use a ubiquiti and do the config from the gui. i'd plan for ~2 ports per employee, make sure half are POE (if you get IP phones you'll need the POE) + any future servers. this could be 48, could be 100, etc.

 

3rd, setup a Domain, i'd say windows server, but if you know how to setup and configure a domain etc on a unix box that'd be another option for you. Due to you 'low' budget set this up as the NAS also and configure with (a lot of people on this forum will scream FreeNAS, as that is the buzzword on this sub-forum currently, and they don't actually know how to match technical requirements with business requirements - there is not as much supply for unix admins, which means they get paid more, do the math)

 

4th, Get a 2nd DC, also configure with DFS, set up the DFS replication service.

 

5th, (management may push back on this one, if they do, don't even look at taking this roll, run away, very far away) get backup server, make sure you have the 3, 2, 1 rule enforced. 3 backups, 2 different media types, 1 offsite.

[techguru]

if its for an office..I would definatly hardwire everything...probably wouldn't be very hard

[MariusJS]

if its for an office..I would definatly hardwire everything...probably wouldn't be very hard

1: Everything is already hardwired if you read what he is saying...

2: It's a shit ton of work...

[techguru]

1: Everything is already hardwired if you read what he is saying...

2: It's a shit ton of work...

2..depends what the main building is made of...if its concrete and brick..yea..if its wood and drywall or even plaster...then no not really

[MariusJS]

2..depends what the main building is made of...if its concrete and brick..yea..if its wood and drywall or even plaster...then no not really

Have you ever done it? I can at least say that I have, putting up all the panels, doing all the cables etc... It's not a 1-day job, and most professional companies would outsource it... (And there is multiple reasons for that)

[Matwagem]

All the office ports have already been wired (fortunately), although I found out yesterday that some ports might be dead (probably due to the shoddy patch-panel job done). I fully agree on the cable tester, the cables need to be sorted out before I start plugging them in. 

An extra tidbit of information regarding the setup:
Currently the internet is hooked up to a modem/router combination (Cisco EPC3925), which the ISP requires to be in the setup.

 

The building was built quite a while ago, it is a combination of solid brick and fake walls. The previous company that was in the office drilled holes in some very odd places to wire the place. I will have more information regarding the budget around Thursday/Friday.

 

Thank you all so far for the suggestions! Keep 'em coming if you think of anything else 

[techguru]

Have you ever done it? I can at least say that I have, putting up all the panels, doing all the cables etc... It's not a 1-day job, and most professional companies would outsource it... (And there is multiple reasons for that)

I do it often in office building..its usually only 2 level tho..but I have done ones that are up to 5 level...2-3 levels take only a day...if its more..then yea it would take longer

[MariusJS]

All the office ports have already been wired (fortunately), although I found out yesterday that some ports might be dead (probably due to the shoddy patch-panel job done). I fully agree on the cable tester, the cables need to be sorted out before I start plugging them in. 

An extra tidbit of information regarding the setup:

Currently the internet is hooked up to a modem/router combination (Cisco EPC3925), which the ISP requires to be in the setup.

 

The building was built quite a while ago, it is a combination of solid brick and fake walls. The previous company that was in the office drilled holes in some very odd places to wire the place. I will have more information regarding the budget around Thursday/Friday.

 

Thank you all so far for the suggestions! Keep 'em coming if you think of anything else 

If you don't get paid by the hour, I wouldn't care to do the cable tester job, just hook up all the points, and you will find out if they work or not...

 

 

I do it often in office building..its usually only 2 level tho..but I have done ones that are up to 5 level...2-3 levels take only a day...if its more..then yea it would take longer

You are telling me that you alone is doing up to 1km+ of cable a day (including the cable ties and all) (Split up into 40+ smaller cables) + the mounting of the rest of the equipment?

[techguru]

If you don't get paid by the hour, I wouldn't care to do the cable tester job, just hook up all the points, and you will find out if they work or not...

 

 

You are telling me that you alone is doing up to 1km+ of cable a day (including the cable ties and all) (Split up into 40+ smaller cables) + the mounting of the rest of the equipment?

running of ethernet in the walls and ceilings...and setting up the equipment...routers...switches...printers

[MariusJS]

running of ethernet in the walls and ceilings...and setting up the equipment...routers...switches...printers

You didn't answear my question, in 8 hours you do 1km of cabling and setting up the equipment?

[.:MARK:.]

You didn't answear my question, in 8 hours you do 1km of cabling and setting up the equipment?

LOL, and I can fly. Damn Spiderman would be the best at wiring.

[MariusJS]

LOL, and I can fly. Damn Spiderman would be the best at wiring.

I was wondering, cuz I'd totally hire that guy if he could do that, he'd have to be a superhuman or smth. tho...

[techguru]

You didn't answear my question, in 8 hours you do 1km of cabling and setting up the equipment?

10-20 pc's per level...

how long does it take you to fish a wire through some holes?

 

long as you have the right tools wiring a building is easy

 

I just did a building back in may ..2 levels...about 30 pc's total...took me from like 8am to 6-7pm

[MariusJS]

10-20 pc's per level...

how long does it take you to fish a wire through some holes?

 

long as you have the right tools wiring a building is easy

 

I just did a building back in may ..2 levels...about 30 pc's total...took me from like 8am to 6-7pm

1: Yeah, in 10hrs you might be able to do 20-30 PC's, but then set up all the equipment (and program it)...

2: 10Hrs is not a normal workday...

3: Tbh, the building layout is much more important, but I'll say that 9/10 office spaces I've been at has a shitty layout for wiring...

 

Also I've seen a lot of stupid electricians take their lifts and put cat5e or cat6 behind them to "pull" the wires to where they want them, that is just plain stupid on so many levels! (At least with the wires that they used)

[Scheer]

Check what kind of cable is currently ran. Our IT guys are starting to have issues with their network due to using stranded Cat5e about 5 years ago when they re-wired, and they didn't know you can't use stranded cable for punch blocks... Over the years they start having intermittent connection issues, and it gets to the point it only works half the time for internet, but will always pass a cable test. Its going to be a heck of a lot easier to fix now when it isn't being used, rather than later where you are time constrained. If you do have stranded cable that is punched down the easiest solution I can think of would be crimping RJ45s on the end and using keystone inline couplers mounted in a keystone panel. The best option would be to replace it with solid Cat5e, or if you want to future proof use Cat6a.

 

A tone generator and wire tester will make easy work out of finding what goes where, be sure to label everything in generic terms (not names of people who will be using that port, as they can move locations). I always go overkill and personally would even do separate patch panels for each level of the building.

 

Ubiquiti does offer a complete ecosystem of products to cover you, and I'd had great success with their UniFi access points. The USG should be powerful enough and have enough features that it won't need to be replaced anytime soon. There were some teething issues with its software at first, but I believe that they have gotten it all taken care of. And they even now sell IP phones that integrate into the UniFi controller, so just about everything can be managed from one webpage.

 

Ubiquiti's switches are a bit on the expensive side, for home use I've been using TP-Link's "Easy Smart" switches and was really surprised at the amount of features for the cost.

 

Alternative to the USG for a router two options I can recommend are PFSense running on a PCEngines APU board or a Sonicwall of some kind. My favorite would be PFSense, even though it is fairly hard to navigate and get used to compared to a typical home router, I still find it much easier than a Sonicwall, and there is a lot more help online for PFSense than there is Sonicwall.

 

A year or two ago I bought one of Ubiquiti's first IP cameras, and it was easily the worst quality 720p camera I've seen, Foscams were better than it was... That camera was quickly pulled from sale though, so I think they realized it and worked on getting replacements out. I have not tried any of their new ones. Hikvision is well known for cheap, yet decent quality IP cameras and is worth looking into. Blue Iris is my software of choice for recording, I really liked iSpyConnect until the price kept going up and up and its just not worth it anymore. I only used Ubiquiti's NVR software for a few hours before I decided to return their camera, it looked pretty nice, but I didn't dig into it very much to know what limitations it has as far as remote viewing goes.

 

My personal opinion is that if something is going to be used in a business environment, where it is important that it works, and quickly fixed if it doesn't... is that you do NOT build the server unless it is something very specific that is not offered. Most manufactures offer guaranteed service times of less than 4 or 8 hours under a warranty contract, and then YOU are not held accountable for the issues. Lenovo offers a 100 TB storage server for a bit under $10k from Ingram Micro, it couldn't be DIY'd for much less... may as well get the warranty and peace of mind. It also has custom software that gives cloud access and full integration with Windows domains, and a million times easier to use than FreeNAS.

 

I would virtualize everything on a couple robust servers, rather than a server for each role. Backups are much easier to do, and the ability to revert to previous snapshots, as well as bare metal recoveries in a matter of an hour or two is awesome.

 

Don't get caught up in trying to get everything rack mounted if the budget is low, sure it is nice and convenient, but in some cases you can spend double on the same spec'd sever just because it has rack ears and rails. Go for sine wave UPS's, and again don't bother with rack mounted units as they will be much more expensive. Just buy a $20 rack shelf and lay a standard UPS on it if you really want it in a rack. However, I would try and put your networking equipment into something like this: http://www.amazon.com/dp/B00JZVUBFE/

They are fairly cheap, and give some protection against random people messing with it.

I really wish they made a smaller version of this: http://www.amazon.com/dp/B00DROZCV8/

It is more expensive, but if you will also be running phone lines you can then put your telco board and panels on the back part of this since the bulk of the unit swings off to the side. It will also be much easier to get to the back of your networking switches if ever needed.

 

EDIT: Apparently I didn't look very hard... there are smaller as well as deeper units available in that style: http://www.amazon.com/dp/B003WAT7WC/r

[Matwagem]

Hi everyone, I just wanted to give you all an update on how things are coming along.

We acquired a server rack (tripp-lite 12U) to put the patch panels and switch in, they decided they wanted to invest in a ubiquiti unifi switch in the end.
The only problem now, is that the cabling (cat5e) is pressed into a patch panel which doesn't allow for connections faster than 100mbit.
Because they went with a ubiquiti switch, they wanted to stick with the same company for the Access Points and we got two AC access points installed which cover

about the whole building (or at least the most important parts). The network is up and running and the wireless signal is hitting its max speed.

I had a look at the phone lines and some of them seem to have been cut, whereas others enter into what I can only describe as some sort of gateway with the letters BTL on it (no manual and I can't find the company online). The mysterious box is placed next to a modem with the label "2x Phone lines". I want to move to a VoIP solution, however the ISP is very particular about what one can and can't do when it comes to setting up phone networks. I think the best next step would be to call in one of their engineers and see what they suggest we do.

My final question is in regards to acquiring a server. I've been looking at both Lenovo and Dell servers, seeing as people say that Dell servers are more reliable and include a better warranty overall. Is there a specific server you would recommend for a SMB? Since the switch has a SPF+ port that would probably be a good thing to include to ensure rapid access. 

 

Thanks!
 

[Scheer]

Cat5e supports 1gbps, so you may just have bad punches where some wires aren't making good connection, or the other end of the cables may only have 2 pair tied down.

 

Could you get a picture of the box that has BTL on it?

 

Who is your ISP? Never heard of one who would care what VOIP you use, and I doubt they would be blocking ports on a business internet plan. I use 3CX as my PBX for my home VOIP and it works great, it would be worth looking into. 

 

 

The SFP ports are mainly intended for linking multiple switches together for large offices of 100+ employees, unless you will somehow be saturating a 1gpbs link all the time I wouldn't bother with 10gbps.

 

How much storage do you need in the server? How large are the files going to be and how often will they be accessed? If you only need a few TB that will be accessed a few times a day you may as well just get a little 4 bay NAS unit.

[Matwagem]

I think you might be right about only having 2 cables tied down. I will be down in the office tomorrow to get a picture of the box.
The ISP is Virgin Media (used to be UPC), I often get the answer that they do not allow for companies to have their own VOIP solutions.

The server was intended to be used as a database and for storage purposes. At first I foresee it not using a large amount of storage (couple of TB max), however
over time that will grow. The data will be accessed quite a few times throughout the day by multiple clients, and the amount of clients itself is set to grow quite a bit if they are successful. 

[leadeater]

The initial cost for a Dell, HP or Lenovo server is a fair amount, is it possible to start off using Office 365 Business Premium or Google Apps?

 

The other reason I ask this is the rack that has been purchased is not deep enough for server equipment, unless you have an extra depth model (SR12UB/UHD/US33)?. A Dell R530 is 66.8cm and a T430 is 58.4cm.

 

For the hard drive flexibility I would recommend a tower server with the rack mount conversion option. Dell T430 or a Lenovo x3500 M5 with the 16 2.5 + 6 3.5 disk cage configuration. Deployed and maintained a number of IBM/Lenovo servers and the biggest issue is supply chain, could just be my country but they have sent the wrong parts which is damn annoying. Happened to multiple clients but all around the same time, about the time Lenovo brought the x86 server line off IBM. I've also run an IBM x3500 M4 at home for about 3 years now with no issues.

 

I would also recommend using ESXi or Hyper-V with Server 2012 R2 Standard which gives you the right to run 2 VMs so you can have a dedicated DC, running other services on a DC is never a good idea. Combine this with Veeam Backup Free and a decent NAS; QNAP, Synology etc. A UPS that supports graceful shutdown of virtual servers would be a good idea e.g. Eaton 5PX with Network Card-MS add-on.

 

I've only ever really used 1 security camera product and that's Milestone XProtect. Expensive option as it is just software so needs server OS and hardware etc. I do see they have an all in one solution called Husky but I've never seen or used one.