Once you have determined the needs of the network you intend to build and have selected the hardware components you will use to build it, it's time to begin assembling the information you'll need during the installation and documenting the administration policies for the network. Many network administrators create a great deal of additional work for themselves by letting the configuration of the network evolve on its own. To facilitate the support process throughout the life of the network, the best course of action is to set policies and create workstation configurations now, before everyone gets used to doing things in certain ways. This lesson examines some of the information you'll need to gather to perform the network installation and some of the standard policies you should establish and document.
Allowing individual users to install and configure their own software might make them happy at first, but when something goes wrong later on, it is you, the network administrator, who is responsible for fixing it. If you don't know anything about the configuration of the user's workstation, your job is that much harder. That's why it is a good idea to create a standard workstation configuration for your users, so that all of their computers are functionally the same. A workstation configuration can include any or all of the following elements:
The ideal situation when deploying new network workstations is to make them completely identical, except for obvious parameters such as computer names and Internet Protocol (IP) addresses, which must be unique. Many administrators use a disk imaging program to build new workstations, which creates bit-for-bit copies of a drive's contents, making it possible to create identically configured computers with minimum effort. Of course, you might have users with different requirements, meaning that you might need to create several different workstation configurations. The point is that you need to know exactly how a computer should be configured, so that when a problem arises as a result of a hardware failure or user error, you can easily correct it and, in the worst case scenario, completely restore the computer to its base configuration.
Configuring TCP/IP clients is one of the most problematic aspects of building a new network because you can't create the exact same configuration for every workstation. Every computer on the network must have its own unique IP address, and other parameters, such as the default gateway, can vary depending on the computer's location.
The first part of developing a TCP/IP configuration for your network is to determine what IP addresses you intend to use. The IP addresses you assign to your computers depend on many factors, including the following:
In most cases, it's a good idea to use private, unregistered network addresses for your computers, such as those listed in Lesson 2: IP Addressing, in Chapter 8, "TCP/IP Fundamentals." This is especially true when you will connect the network to the Internet because using these addresses protects the computers from unauthorized access. To use private addresses on an Internet-connected network, you must have some mechanism that enables the users to access Internet services, such as network address translation (NAT) or a proxy server. If, on the other hand, you want to use registered IP addresses (thus making your computers visible from the Internet), you must obtain a range of addresses from your ISP.
In addition to deciding which IP addresses should be assigned, you must also decide what routers your workstations should use as their default gateways, which Domain Name System (DNS) servers they should use, and whether you should run Windows Internet Naming Service (WINS). After you have determined what parameters you will be assigning to each workstation, you must create individual address assignments for each computer and devise a means to keep track of them. You will probably be adding more computers to the network someday, and you will need to know then which addresses are available.
The most convenient method for assigning and tracking TCP/IP configuration parameters is to use the Dynamic Host Configuration Protocol (DHCP). Even if you want to assign a specific address to each computer permanently, DHCP is an excellent tool for keeping track of the assignments and determining which computer is using which address.
For more information about configuring TCP/IP clients, see Chapter 11, "TCP/IP Configuration." For more information about securing your network using NAT and proxy servers, see Lesson 3: Firewalls, in Chapter 13, "Network Security."
Other important elements of network configuration that you should plan in advance are the computer names, user account names, and passwords you intend to use. The best way to assign computer names and account names is to develop a formula and stick to it. For example, you can create computer names using codes to represent the subnet on which the computer is located or the physical location of the computer in the building. For example, 3FLRNW9 might represent computer number nine in the northwest corner of the building's third floor. It's usually not a good idea to assign computer names based on the names of their users because people come and go, and you don't want to have to change the name of the computer whenever someone new uses it.
For user account names, some combination of the user's initials and several letters of the first and last name is appropriate. For example, using the first initial and the first five letters of the surname makes David Jaffe's user name DJAFFE. In smaller companies, you might want to use the first name and last initial, as in DAVIDJ, but that can cause conflicts when, for example, you have David Jaffe and David Johnson working in the same department.
You also need to set a policy regarding the administrative accounts for your network and their passwords. Depending on the network operating system you intend to use and the network configuration, you might need to create individual administrative accounts on many different computers (or possibly all of them). It's a good idea to use the same password for these accounts so that you don't find yourself locked out while you look up one of a hundred passwords.
In addition to creating individual user accounts, you must also decide what groups or organizational units you want to create to administer the accounts most efficiently. If you will be using a hierarchical directory service, such as the Microsoft Active Directory service or Novell Directory Services (NDS), planning the directory tree is a complex undertaking (see Lesson 3: Directory Services, in Chapter 4, "Networking Software," for more information).
Passwords are another issue to consider at this stage of the planning process. If you intend to allow users to select their own passwords, you might want to set policies to enforce suitable selections. For more information about password protection, see Lesson 1: Password Protection, in Chapter 13, "Network Security."