Internet Cafe setup - some help please

Warbie · 8 Jun 2007 at 13:15

I've been asked by a friend of a friend to setup the network for their internet cafe. They don't want to pay the price for a professional installation and, seeing as i'm 'the guy who knows computers', have asked me. tbh I can do with the cash.

I finished my CCNA at uni, but that was years ago and I think i've drunk most of it away. Some help would be greatly appreciated:

There will be 12 stations and a print/file server. All the wiring is done.

I'm not quite sure on the correct topology, but am leaning towards PCs -> Switch -> Router -> Internet. Someone suggested PCs -> Switch -> Server -> Internet. This is the area I could most do with some advice.

Having never set up anything other than a gaming lan i'm also a little unsure where to stick the server - do you just add it to the network as you would a workstation?

Software has already been decided on - Softvision Explorer - and other than configuring print sharing and emails there's nothing else to do.

Any suggestions would be great.

swinnie · 8 Jun 2007 at 13:53

I am coming from the line that brings in your internet...

From there you will have a router --> Server --> Switch --> PC's

If you want to allow users to use wireless enabled devices you will need suitable hardware so a Wireless Router or a Wireless Access Point if range is an issue.

If you have more than one server you will obviously have the servers plugged into the router rather than the previous server.

Hope that makes sense!

Good Luck!!!

rick827 · 8 Jun 2007 at 14:03

You defo want a proxy server in there for logging/blacklisting without a doubt.. your friend could be held accountable for illegal activity on his broadband if he fails to show it was a customer.

you will also save on bandwidth by caching

Warbie · 8 Jun 2007 at 14:15

swinnie said:
From there you will have a router --> Server --> Switch --> PC's

Cheers

Do we actually need a router in this case? and just go Server -> Switch -> PCs?

As for proxy servers - I haven't a clue about these.Are they pretty straight forward?

rick827 · 8 Jun 2007 at 14:26

Its well documented so a bit of effort will sort you out no problem. Also the server lets you lock them down/administer them with GP and run your AV server. Id get a router rather than an adsl card in your server or anything like that, it will free up your server and for the small cost its a cheap boost

Warbie · 8 Jun 2007 at 14:51

Thanks rick, advice taken.

A quick question regarding server placement and switches:

Is placing the server between switch and router to allow easy monitoring of the workstations/security? I understand (roughly) that switches break up collision domains, but seeing as each station will have a port to itself I don't really get why pcs -> switch -> server -> router is preferable to pcs & server -> switch -> router.

Some basic networking knowledge I probably knew a while back is escaping me here.

rick827 · 8 Jun 2007 at 15:07

Not much difference. If anything it means you can attach your server to the gigabit uplink port on the switch with gigabit cards in the server rather than having the data traverse the switch twice like.. "pc -> switch -> server -> switch -> router" you get .. "pc -> switch -> server -> router" It also means your router is physically distanced from the PCs rather than logically seperated. If your router is attached to the switch and a PC is on the same switch you will need VLANs for security

Warbie · 8 Jun 2007 at 15:57

Thanks again, rick.

I don't quite get this bit:

'It also means your router is physically distanced from the PCs rather than logically seperated. If your router is attached to the switch and a PC is on the same switch you will need VLANs for security'

Why would vlans be necessary? I'd have thought a password would be enough to keep nosey people out of the router.

Also, would adding a server between router and switch not add an extra step for stations simply browsing and sending emails? I haven't a clue how to configure a server to pass data back and forth between router and switch and, as the server will be primarily used for printing, am not sure how often pcs will want to chat with it.

I should probably add that the clients want something quite basic - browsing, emails, skype, printing and that's it.

rick827 · 8 Jun 2007 at 16:29

The VLANs prevent the PCs being able to contact the router in any form, without it they can bypass your whole proxy/logging by communicating directly with the router/WAN.

The server wont add much overhead, its just acting like a transparent proxy, speeding up browsing with cache and preventing kids looking at porno.

Are you wondering why the server can't just sit at the side and 'watch over' the data being passed between the switch at the router?

Warbie · 8 Jun 2007 at 16:39

rick827 said:
Are you wondering why the server can't just sit at the side and 'watch over' the data being passed between the switch at the router?

Pretty much.

I'm also a little concerned about configuring the server - i'm used to plugging things into a router and forgetting about them. With this info has to pass back and forth through the server - which is all new.

Si. · 8 Jun 2007 at 17:01

rick827 said:
The server wont add much overhead, its just acting like a transparent proxy, speeding up browsing with cache and preventing kids looking at porno.

URL filtering will require additional software..but is highly recocmended. AFAIK the owner of the internet connection is responsible for it's use. So if anyone does anything illegal while at the cafe then they will be liable.

It all depends upon the budget realy. in an ideal world you would want a 2003 Server running ISA 2004/2006 to provide protection to the network, then the addition of URL filtering (Websence/Chaperon/SurfControl there are several to choose), this can all be installed on the same server (not usually reccomended, but in a small setup it will be fine)

Also, if you set the 2003 server up as a proper domain controller and add the clients into the domain to can controll what they can and can't do on the clients via a global policy. This would stop them doing just about anything you want to..

I know this sounds like a lot, but if it is a proper business venture then it needs to be done correctly.

Si. · 8 Jun 2007 at 17:05

rick827 said:
The VLANs prevent the PCs being able to contact the router in any form, without it they can bypass your whole proxy/logging by communicating directly with the router/WAN.

I disagree.. I think VLans are overkill in this situation.. a simple global policy will be enough to protect the environment without the complexity of multiple VLans all over the place. Or even better, the ISA server above would do an even better job.