www. lsntap .org Legal Services National Technology Assistance Project
Mar 27, 2015
www.lsntap.org
Legal ServicesNational Technology Assistance Project
Networking Roundtable
A Look at Operating Systems
How to Make Best Decisions
Presenters
Steve Gray, Legal Services of South Central Michigan
Ken Montenegro, Asian Pacific American Legal Center
Michael Bowen, Community Legal Services, Philadelphia
Overview of Session
Components & Definitions Choosing a Network Operating System
Linux, Microsoft, Netware What goes into the decision
Connecting and Providing Remote Access Trainer’s Plugs -- Resources
How Many of You…
(Using the QuickPoll (green or red X):) Administer your own network? Pay outside consultants to administer your
network? Have other paid staff to administer your
network? Other scenario? (write in chat)
Part I:Components & Definitions
Desktop and Laptops (This can be a stand alone computer or thin client.)
Server Gateway Firewall Remote Access Network Connections Network Operating System
Definitions: Server
A computer system in a network that is shared by multiple users.
Local LAN servers (file servers) Servers can also host: 1. email 2. web sites and intranets 3. case management 4. email lists 5. back-ups 6. other databases
Definitions: Gateway
A device that acts as a go-between two or more networks that use the same protocols. In this case, the gateway functions as an entry/exit point to the network. Transport protocol conversion may not be required, but some form of processing is typically performed.
Definitions: Firewall
Firewall - allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a program's public web server from its internal network.
Definitions: Remote Access
Using a computer to access resources that are in a different location or office. Generally refers to users located outside the office, accessing resources either via a private line (modem or a T-1) or a public connection such as the Internet.
Definitions: Network Connections
LAN: 1. Ethernet (10/100) 2. Wireless (A/B/G) Internet: 1. Broadband (cable or DSL) 2. Frame Relay 3. T1 and Fractional Between LANs:
1. WAN - two or more LANs connected.
Definitions: Network Operating Systems
An operating system that is designed for network use. A network ready OS manages concurrent requests from clients and provides the security necessary in a multi-user environment. A file sharing component is installed in each client machine that interacts with the server to share files and applications as well as network devices such as printers, faxes and modems.
Part II: Choosing a NetworkOperating System
QuickPoll & Annotations: What Operating System do you use?
(annotate document) Are you certified in any operating system?
(Y/N) Which ones (Novell, Microsoft, Linux --
annotate document)
A Network Tale: Two Legal Aid Programs
What they run in their programs? Why they run them in their programs? What they wish were different?
Community Legal Services, Philadelphia Michael Bowen (Microsoft)
Asian Pacific American Legal Center Ken Montenegro (Linux)
Making an OS Decision
Hardware compatibility Old hardware runs
Technical compatibility (skillz) Staff Consultants (Consultant costs & Finding a consultant)
Application support Legal Applications Management Tools Lacking
Existing infrastructure Often not a problem
Connecting LANs and Providing Remote Access
What are you connecting?
Remote users for application/documents/etc?
Remote offices into one network? (WAN)
VPNs
OpenVPN (http://openvpn.net): A open source SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.
At LSSCM we are experimenting with open VPN as a replacement for WebDrive remote access.
VPNs: Ken’s
PPTP for mobile users What we use, Poptop (http://www.poptop.org/)
On Legal Center issued notebooks Users must sign a special VPN policy Users never know their VPN password
Ideallly, something like token based authentication... IPSec
Good for static IP locations
VPNs: Why They are Evil
Quick Poll How many folks use VPNs currently for remote
users? How many folks use VPNs currently for remote
users located in an office within your program (as a WAN)?
How many folks use SSL-VPNs currently? How many folks have a Terminal Server?
Do you serve TS Apps to Inside Users? Do you serve TS Apps to External Users?
IP Sec v. SSL v. Remote Control
1. IPSec Remote Node Apps run local
Need to be Installed Need to be Licensed Need to be Updated...regularly
Is the Remote Node Secure? Is the A-V Up-to-Date?
SSL-VPN
Hardware Requirements (Very low) Screen shots, kybd, mouse clicks Dial-up might be pushing it, but is not unheard of...
Applications Remote Machine: Only a browser (...ok, maybe a small plug-in) All Applications run locally on the backend
On better hardware Closer to the data Controlled/Maintained at a single source, not dispersed
Terminal Server on the backend
SSL-VPN
Security Configuration DMZ or Parallel to Firewall
Costs
SSL VPN Appliance Vendors
* Aventail
* Netilla
* Neoteris
* Cisco
* Juniper
* Array
WANs
By Ken Montenegro
Other Remote Access
LSSCM Remote Access Solution: WebDrive (http://www.webdrive.com/products/webdrive/index.html)
SSH access - Secure file transfer and document collaboration software using WebDAV, FTP or SFTP. At LSSCM this allows remote staff (home of community center laptop) to map their office document directory as a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step.
Trainers’ Plugs
BackupPC (http://backuppc.sourceforge.net): BackupPC is an enterprise-grade system for backing up Linux and WinXX PCs and laptops to a server's disk. Very nice web-based admin interface. We use it at LSSCM to backup servers over HTTPS in 6 offices to remote location.
HostMonitor: Monitor your servers to make sure they're running, check to make sure a particular service is running, check for specific Events in the Event Log, check for low disk space, file changes (size/time), monitor your WAN or your internet connection. Amazing tool, reasonable cost, great support. (http://www.ks-soft.net/hostmon.eng/index.htm/)
Trainers’ Plugs
KiwiSyslog: Not free, but very reasonable syslog server. (http://www.kiwisyslog.com/syslog-info.php/)
Gillware Data Recovery: Very reasonably priced. Great service. (http://http://www.gillware.com/)