

Ask HN: IT/Network setup for our 15-20 person office? - DevDoingIT

Hi everyone,<p>Can any networking experts here help? My company is about to move into a new office from old, shared space where all IT was taken care of. I&#x27;ve been put in charge of the phone and networking in the new space.<p>Our office is 15-20 people, plus visitors fairly frequently. The office is primarily developers and will have a FiOS connection with plenty of bandwidth. The electrician we&#x27;ve hired will take care of the actual ethernet wiring.<p>I&#x27;m a developer, and am somewhat familiar with networking but at a smaller scale. Can anyone provide some advice about what the best setup for this is along with recommended vendors&#x2F;models without spending a fortune? I don&#x27;t mind learning how to configure them.<p>My assumption is that the network will basically look like this, but please feel free to correct me (we don&#x27;t have any on-site servers; just computers and mobile devices):<p>Incoming ISP&#x2F;Verizon -&gt; Router -&gt; Firewall (?) --&gt; Switch --&gt; Cat5 to computers and SIP phones<p>Will most routers (or switches?) take care of the wireless connection or should we use a separate device (attached to the switch?)? Are there generally good manufacturers and product lines that we should look at? I assume my usual household choices aren&#x27;t right for this.<p>Also, we&#x27;re planning on using a hosted VoIP system so will need to set QoS for that.<p>Thanks in advance!
======
gvb
Verizon FIOS modem -> Firewall --> Switch --> Cat5 to computers and SIP
phones, wireless access point

* You absolutely want a firewall. Defense in depth. A firewall that supports a VPN that runs on your office's laptops is very handy for working from home or the road.

We have a Watchguard Firebox firewall. It works well but is very annoying to
configure: the primary configuration mechanism is a Windows program, but I run
linux, so that just pisses me off. The secondary mechanism is a web page
running Flash (I dislike flash). The configuration is a very leaky
abstraction, with further pisses me off.

* For the switch(es), you definitely want a "small business" managed switch ($500 and up) that supports RMON/SNMP. (We have some old Linksys/Cisco "managed" switches with no RMON - cannot tell me where my traffic is going - and can only be configured with IE 7 or older(!!!) POSes!!!).

* For wireless, I installed the Ubiquity UniFi wireless access points (threw away some older Cisco WAPs that were POSes). If you only have one AP, this is overkill... we have several of them to cover our facility. The system is very reasonable and the central management is very very convenient. The primary interface to the software is Flash (ugh) - but it works well enough. There are other ways of interacting with the controller, but I have not much that way (I have written some MongoDB scripts to extract useful information nightly).

* You are also going to need DHCP, DNS, etc. Windows Server with Active Directory is dominant at businesses. Linux and OSX interoperate fairly well with AD. LDAP (and Kerberos if you want single-sign-in) would be the alternative to AD. Being a linuxhead, I would run a Debian/Ubuntu server with bind (DNS) and isc-dhcp-server (DHCP) - that is what I'm running at home and it works well. You will probably (eventually) want to run Icinga/Nagios/equivalent and Cacti/equivalent to monitor your systems on this server as well.

* I assume your SIP phones will be using a SAAS outside company PBX. I don't have experience with that, we have an on-site PBX (predates me, and is now obsolete).

------
jlgaddis
If it were me:

    
    
      FIOS -> Cisco ASA -> Cisco switch -> PCs & IP phones
    

You may not want to spend the money on Cisco gear. I'm an ISP/Enterprise guy
and my customers expect their shit to work, so we do.

The switch should be managed so that you can put your PCs and VoIP phones (and
on-site servers, if you have them) onto separate VLANs.

You didn't mention what OS your users will be using. Hopefully, however, you
can avoid Active Directory.

