Www.lsntap.org Legal Services National Technology Assistance Project.

www.lsntap.org

Legal ServicesNational Technology Assistance Project

Networking Roundtable

A Look at Operating Systems

How to Make Best Decisions

Presenters

Steve Gray, Legal Services of South Central Michigan

Ken Montenegro, Asian Pacific American Legal Center

Michael Bowen, Community Legal Services, Philadelphia

Overview of Session

Components & Definitions Choosing a Network Operating System

Linux, Microsoft, Netware What goes into the decision

Connecting and Providing Remote Access Trainer’s Plugs -- Resources

How Many of You…

(Using the QuickPoll (green or red X):) Administer your own network? Pay outside consultants to administer your

network? Have other paid staff to administer your

network? Other scenario? (write in chat)

Part I:Components & Definitions

Desktop and Laptops (This can be a stand alone computer or thin client.)

Server Gateway Firewall Remote Access Network Connections Network Operating System

Definitions: Server

A computer system in a network that is shared by multiple users.

Local LAN servers (file servers) Servers can also host: 1. email 2. web sites and intranets 3. case management 4. email lists 5. back-ups 6. other databases

Definitions: Gateway

A device that acts as a go-between two or more networks that use the same protocols. In this case, the gateway functions as an entry/exit point to the network. Transport protocol conversion may not be required, but some form of processing is typically performed.

Definitions: Firewall

Firewall - allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a program's public web server from its internal network.

Definitions: Remote Access

Using a computer to access resources that are in a different location or office. Generally refers to users located outside the office, accessing resources either via a private line (modem or a T-1) or a public connection such as the Internet.

Definitions: Network Connections

LAN: 1. Ethernet (10/100) 2. Wireless (A/B/G) Internet: 1. Broadband (cable or DSL) 2. Frame Relay 3. T1 and Fractional Between LANs:

1. WAN - two or more LANs connected.

Definitions: Network Operating Systems

An operating system that is designed for network use. A network ready OS manages concurrent requests from clients and provides the security necessary in a multi-user environment. A file sharing component is installed in each client machine that interacts with the server to share files and applications as well as network devices such as printers, faxes and modems.

Part II: Choosing a NetworkOperating System

QuickPoll & Annotations: What Operating System do you use?

(annotate document) Are you certified in any operating system?

(Y/N) Which ones (Novell, Microsoft, Linux --

annotate document)

A Network Tale: Two Legal Aid Programs

What they run in their programs? Why they run them in their programs? What they wish were different?

Community Legal Services, Philadelphia Michael Bowen (Microsoft)

Asian Pacific American Legal Center Ken Montenegro (Linux)

Making an OS Decision

Hardware compatibility Old hardware runs

Technical compatibility (skillz) Staff Consultants (Consultant costs & Finding a consultant)

Application support Legal Applications Management Tools Lacking

Existing infrastructure Often not a problem

Connecting LANs and Providing Remote Access

What are you connecting?

Remote users for application/documents/etc?

Remote offices into one network? (WAN)

VPNs

OpenVPN (http://openvpn.net): A open source SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

At LSSCM we are experimenting with open VPN as a replacement for WebDrive remote access.

VPNs: Ken’s

PPTP for mobile users What we use, Poptop (http://www.poptop.org/)

On Legal Center issued notebooks Users must sign a special VPN policy Users never know their VPN password

Ideallly, something like token based authentication... IPSec

Good for static IP locations

VPNs: Why They are Evil

Quick Poll How many folks use VPNs currently for remote

users? How many folks use VPNs currently for remote

users located in an office within your program (as a WAN)?

How many folks use SSL-VPNs currently? How many folks have a Terminal Server?

Do you serve TS Apps to Inside Users? Do you serve TS Apps to External Users?

IP Sec v. SSL v. Remote Control

1. IPSec Remote Node Apps run local

Need to be Installed Need to be Licensed Need to be Updated...regularly

Is the Remote Node Secure? Is the A-V Up-to-Date?

SSL-VPN

Hardware Requirements (Very low) Screen shots, kybd, mouse clicks Dial-up might be pushing it, but is not unheard of...

Applications Remote Machine: Only a browser (...ok, maybe a small plug-in) All Applications run locally on the backend

On better hardware Closer to the data Controlled/Maintained at a single source, not dispersed

Terminal Server on the backend

SSL-VPN

Security Configuration DMZ or Parallel to Firewall

Costs

SSL VPN Appliance Vendors

* Aventail

* Netilla

* Neoteris

* Cisco

* Juniper

* Array

WANs

By Ken Montenegro

Other Remote Access

LSSCM Remote Access Solution: WebDrive (http://www.webdrive.com/products/webdrive/index.html)

SSH access - Secure file transfer and document collaboration software using WebDAV, FTP or SFTP. At LSSCM this allows remote staff (home of community center laptop) to map their office document directory as a virtual drive, files are transferred by simply saving them to a drive letter. There's no need to run a separate FTP client interface. Unlike typical FTP clients, WebDrive lets you open and edit server-based files without the additional download step.

Trainers’ Plugs

BackupPC (http://backuppc.sourceforge.net): BackupPC is an enterprise-grade system for backing up Linux and WinXX PCs and laptops to a server's disk. Very nice web-based admin interface. We use it at LSSCM to backup servers over HTTPS in 6 offices to remote location.

HostMonitor: Monitor your servers to make sure they're running, check to make sure a particular service is running, check for specific Events in the Event Log, check for low disk space, file changes (size/time), monitor your WAN or your internet connection. Amazing tool, reasonable cost, great support. (http://www.ks-soft.net/hostmon.eng/index.htm/)

Trainers’ Plugs

KiwiSyslog: Not free, but very reasonable syslog server. (http://www.kiwisyslog.com/syslog-info.php/)

Gillware Data Recovery: Very reasonably priced. Great service. (http://http://www.gillware.com/)