UNIDAD DIDÁCTICA 3 ONDAS PARTE I VIBRACIONES Y ONDAS
2. Movimiento ondulatorio
2.4. Energía e intensidad de las ondas
After selecting a network type and Internet connection method, create a net- work diagram to visually show what network devices are needed, and then select the necessary devices for the network, such as switches, wireless access points, firewalls, and network adapters.
Tip Choose a single brand of network hardware, if possible. This ensures greater hardware compatibility, simplifies administration, and makes obtain- ing vendor support easier.
More Info For reviews and information about specific network devices, go to PC Magazine Online (http://www.pcmag.com).
Diagramming the Network
Creating a diagram of the network can quickly show which devices you need and where they should be located, as shown in Figures 3-1 and 3-2.
F03KR01
Figure 3-1. A network with the Windows Small Business Server computer connected directly to the Internet.
Internet DSL router Windows Small Business Server Ethernet switch Wireless Access Point (WPA or 802.11i encryption) Internal network Network printer
F03KR02
Figure 3-2. A more secure network with a wireless access point placed outside the internal network.
Use the following list as a guide when creating the network diagram:
•
Internet connection The Internet connection usually comes in the form of a telephone or coaxial cable that connects to a DSL or cable router. It is traditionally represented by a cloud at the top of the draw- ing and a line that connects to the router or firewall.•
DSL router or cable modem The Internet usually enters the organiza- tion in the form of a telephone or cable line that plugs into a DSL router or cable modem.Internet DSL router Windows Small Business Server Router/ Firewall Switch
Wireless Access Point (Clients use VPN tunnel to
internal network) Switch Internal network Perimeter network
•
Firewall The DSL router or cable modem is then plugged into the firewall, which can either be the Windows Small Business Server com- puter, or a standalone firewall or router.•
Perimeter network This is an optional area of the network between the external firewall (if present) and the Windows Small Business Server computer where low-security devices such as wireless access points can be placed. You can also create a perimeter network (also known as DMZ or demilitarized zone) using Windows Small Business Server and three network cards.•
Internal network The Windows Small Business Server computer’s second network card connects to the internal network via an Ethernet switch. This is where all other computers and other network devices are located.Planning Networks with a small number of wireless clients (1–10) should place their access points on the internal network and use 802.11i or WPA encryption, or place the access points in the perimeter network and use 128-bit WEP keys in combination with VPN connections to the Windows Small Busi- ness Server. Access points should also be placed in the perimeter network when you want to provide Internet access to the general public (such as in a coffee shop or lobby).
Larger networks should place access points on the internal network and use 802.1x authentication, as described in Chapter 15.
Choosing a Network Switch
Ethernet networks use the star (also known as hub and spoke) network topol- ogy, which means that all network devices must be plugged into a central hub or switch. Choosing the right switch requires evaluating the following factors:
•
Switch or hub Don’t buy a hub—get a switch instead. Switches are inexpensive, provide additional performance, and facilitate mixing 10 Mbps, 100 Mbps, and 1 Gbps devices on the same network segment.•
Number of ports Make sure that the switch provides more than enough ports for all computers, access points, network printers, and Network Attached Storage (NAS) devices on the network.•
Speed Fast Ethernet (100/10 Mbps) switches offer plenty of perfor- mance for most small businesses, but Gigabit (1000/100/10 Mbps) switches are dropping in price and provide extra bandwidth for heavily used file servers and high-quality streaming video.•
Management Managed switches provide the ability to view the status of attached devices from a remote connection, which can be useful for off-site technicians. In general, save the cash and stick with an unmanagedswitch unless the cost difference is slight or the organization uses an off- site consultant who wants the ability to remotely administer switches.
Choosing Wireless Access Points
As you learned earlier in the chapter, wireless access points permit clients to wirelessly connect to a wired network. Access points are often integrated into routers, but they are also available as standalone devices that must be plugged into a switch like any other network device.
Tip Business-grade access points are more expensive than consumer- oriented access points and routers with integrated access points; however, they are usually more reliable and full-featured.
When choosing an access point, evaluate the following features:
•
Routers with built-in access points are often no more expensive than stand-alone access points and can provide an extra layer of security for a network by facilitating the creation of a perimeter network.•
Access points should support 802.11i or WPA encryption. 128 bit WEP is the minimum and appropriate only when used in conjunction with 802.1x authentication or when the access point is located in a perimeter network.•
Access points should support 802.1x (RADIUS) authentication if you want to provide the highest level of security and ease-of-use to a wire- less network. This is the best method of authenticating wireless clients, though it does require setting up a RADIUS server, as discussed in Chapter 15.Caution Don’t bother disabling SSID broadcasting and enabling Media Access Control (MAC) address filtering—they provide an added administrative burden and a hacker with a port scanner can easily defeat them anyway. Always use some type of encryption, and consider placing the access point outside the firewall and using VPN tunnels to gain access to the internal network.
•
Some access points have two antennas that can be adjusted for better coverage; others have external antennas that can be mounted on a wall for better placement.•
Typical of many access points is 30 watts, though some offer up to 100 watts for more range. The best access points allow you to adjust the wattage, and by extension, the range. This is useful either to reduce wireless coverage outside the premises, or to permit a higher number of access points to be placed in the same area, increasing the number of wireless clients that can operate in the same area.•
Standalone wireless bridges (often referred to as wireless Ethernet bridges) and some access points provide the ability to wirelessly bridge (connect) two wired networks that can’t be connected via cables. There are a number of different types of bridging modes, including Point-to-Point, which uses two wireless bridges to link two wired net- works; and AP Client, which uses an AP on the main network (to which wireless clients can connect) and a wireless bridge in AP Client mode on the remote network segment, acting as a wireless client. Clients on the other side of a wireless bridge will experience slower performance to the main network segment because of the shared wire- less link, so use wireless bridges with discretion, and always use bridges and APs made by the same manufacturer.•
Don’t include “turbo” or other high-speed modes offered by some manufacturers in your buying criteria. They provide little performance gain, if any, in the real world.Placing Access Points for the Best Coverage
Wireless access points have a limited range, especially in the environment of a typical office. The indoor range of 802.11b, 802.11g, and tri-mode 802.11a access points is usually around 60–100 feet at the highest connec- tion speed, and 25–75 feet for first generation single-mode 802.11a access points. With that said, 2.4 GHz cordless phones, microwave ovens, and Bluetooth devices can cause serious interference with 802.11b and 802.11g networks (but not with 802.11a networks) when they are turned on. Fluorescent lights, metal walls, computer equipment, furniture, and standing too close to the access point can also reduce the range of wireless networks. Unfortunately, there is no reliable way to quantify these variables, leaving trial and error as the best way to position access points. However, you can follow some guidelines when selecting access point locations:
•
Place the access point and wireless network card antennas as high as possible to get them above objects that might attenuate the signal.•
If you place access points in the plenum (the space between a drop ceiling or raised floor), make sure you obtain access points or enclosures certified for plenum installation.•
Place the access point in the center of the desired coverage area to provide the best coverage while also reducing the publicly(continued)
•
Use multiple access points as necessary to cover multiple floors or large offices, or to service a large number of clients simultaneously. Twenty clients per 802.11b or 802.11g AP is a reasonable maxi- mum, with an average of no more than 2–4 simultaneously active users per AP yielding the best network performance.•
Wireless bridges can be used to place another Ethernet network segment (or another wireless access point) in a location unreach- able by cables. Wired clients on this segment communicate with other wired devices on this segment at the speed of the wired net- work (1000/100/10 Mbps); however, communication with the main network segment takes place at the speed of the wireless network (4–20 Mbps real-world bandwidth).•
When selecting channels for access points, sniff for (use a wire- less client to look for) the presence of other networks and then choose an unused channel, preferably one that is four channels or more separated from other channels in use. For example, channels 1, 6, and 11 can all be used without interference.Choosing a Firewall Device or Router
Windows Small Business Server 2003 is designed to connect directly to the Internet and act as a router and firewall for internal clients. However, many companies don’t want to expose such a critical server directly to Internet-based attacks and prefer to place the Windows Small Business Server behind its own firewall. This location provides an extra layer of security and can also create a perimeter network in which wireless access points can be placed.
Note The firewall included in Windows Small Business Server contains the same basic features as small office/home office (SOHO) firewall devices or routers, and provides a roughly equivalent level of security to clients (although data stored on the Windows Small Business Server computer is exposed to greater risk). However, Internet Security and Acceleration (ISA) Server, included in Windows Small Business Server, Premium Edition, pro- vides industrial-strength, ICSA-certified firewall capabilities rivaled only by enterprise-level dedicated firewall devices.
If you decide to use an external firewall device (or a router serving this function) as a first layer of protection, evaluate the following features:
•
Packet filtering Firewalls should support inbound packet filtering and Stateful Packet Inspection (SPI).•
Protection from specific attacks Firewalls should support protection from the denial-of-service (DoS) attack and other common attacks such as Ping of Death, SYN Flood, LAND Attack, and IP Spoofing.•
Network Address Translation (NAT) NAT is the backbone of most firewall devices, providing basic security and Internet connectivity to internal clients.•
VPN pass-through To permit properly authenticated Internet users to establish Virtual Private Network (VPN) connections with a Win- dows Small Business Server computer behind a firewall, the firewall must support VPN pass-through of the desired VPN protocol (PPTP, L2TP, and/or IPSec).•
VPN tunnels Some firewall devices themselves support establishing VPN connections. Although there are many fans of this approach, it doesn’t work well when the Windows Small Business Server computer is acting as a second-layer firewall, because clients still need to tunnel through the Windows Small Business Server computer. If you do choose to use a firewall device to establish VPN connections with cli- ents and servers in remote offices, make sure the firewall supports the necessary number of simultaneous VPN tunnels.•
UPnP support Windows Small Business Server can automatically con- figure firewalls that support UPnP to work with Windows Small Busi- ness Server services such as Exchange Server and remote access (by opening the necessary ports on the firewall). UPnP support can be found in most consumer firewall devices as well as in some business firewalls.Note Enabling UPnP on a dedicated firewall device makes configuring the device to work with Windows Small Business Server easy and doesn’t signif- icantly increase the security risk to the Windows Small Business Server com- puter or clients behind it. Although pre-SP1 Windows XP clients do have a significant UPnP vulnerability, placing them behind a firewall device (including a Windows Small Business Server computer) eliminates this vulnerability, as does installing Windows XP Service Pack 1 or later. For more information on this vulnerability, see Microsoft Security Bulletin MS01-059, available at http://www.microsoft.com/technet/security/bulletin/MS01-059.asp.
•
Dual-WAN support Some firewalls come with support for two WAN connections to increase speed and reliability, which is a great solution for networks looking for a reliable Internet connection. Other fire- walls provide a serial port so that an external dial-up modem can be used as a backup connection, but this connection is much slower.•
Content filtering Most firewalls make blocking certain Web sites or Web sites containing specified keywords possible. Many businesses use this feature to reduce the employees’ ability to visit objectionable Web sites, although most content filters are largely ineffective.•
ICSA certification ICSA Labs (http://www.icsalabs.com), a division of the private security corporation TruSecure, certifies computer secu- rity products that meet its stringent security standards. Firewalls with ICSA certification are known to be secure; others might or might not be. ISA Server 2000, included in Windows Small Business Server 2003, is ICSA certified.•
Built-in wireless access point Firewalls with built-in access points save money and make administration easier but might result in non-optimal placement of the access point. Also, built-in access points are stuck in the perimeter network, which won’t work if you want wireless clients to have direct access to the internal network (they’ll instead need to use a VPN connection).•
Built-in Ethernet switch This feature makes it easy to add wireless access points or other network devices to the perimeter network in between the external firewall device and the Windows Small Business Server computer (which acts as a second-layer firewall in this configu- ration). Otherwise, add an Ethernet switch when the need arises.Choosing Server Hardware
If you have a server that can meet the capacity needs of the network or can be upgraded to do so while allowing for future growth, by all means use this server, particularly if it happens to be your existing Small Business Server 2000 computer.
More Info See Chapter 5, “Upgrading or Migrating to Windows Small Busi- ness Server 2003,” for more information about upgrading and migrating to Windows Small Business Server 2003.
Tip For the highest level of compatibility with Windows Small Business Server 2003, make sure that the server and all devices are listed in the Win- dows Server Catalog (formerly known as the Hardware Compatibility List), which you can access at http://www.microsoft.com/windows/catalog/server.
When evaluating server hardware, refer to Table 3-4, which lists the minimum configurations necessary for adequate performance at different load levels.
More Info The sidebar titled “Determining Server Load,” appearing later in this chapter, provides more information about configuration and performance.
More Info See Chapter 8, “Storage Management,” for more information about choosing the appropriate storage solution and Chapter 13, “Backing Up and Restoring Data,” for more information about creating a backup strat- egy and choosing backup devices.
Note Although Windows Small Business Server 2003 runs on servers using the 64-bit AMD Opteron and AMD Athlon 64 processors, Windows Small Busi- ness Server 2003 is a 32-bit operating system and can’t take advantage of any 64-bit features such as large memory support. However, fence sitters can run Windows Small Business Server 2003 on an Opteron-based server and upgrade to the AMD64 version of Windows Server 2003, Enterprise Edition.
Determining Server Load
The appropriate hardware for a Windows Small Business Server 2003 server depends on the load under which it will be placed. Load can be thought of as equal to the number of requests per unit of time multiplied by the difficulty of fulfilling each request.
The easiest way to determine load is to sample the performance of the existing server over a range of conditions. Of course, this is tricky when you’re constructing a new network or restructuring an existing network. In these cases, evaluate the extent to which the following factors will play a role on the network:
•
The usage pattern over time (number of requests per unit of time) A server that handles an average load can easily become swamped at key times, such as at the beginning and end of a work day when many users simultaneously log on or log off; during lunch when users might browse the Internet for personal use; or around deadlines when(continued)
many users are making heavy use of file, e-mail, or database services.
Table 3-4. Minimum server configurations for different load levels
Component Light Load Medium Load Heavy Load
CPU Pentium III 500 MHz or dual Pentium II 300 MHz Pentium III 600 MHz or dual Pentium II 400 MHz Xeon 2 GHz or dual Xeon 1.4 GHz Memory 512 MB 1 GB 1.5 GB
Storage 2 or more hard drives with 8 GB available for Windows Small Business Server 2003
3 drive hardware- based RAID using SATA or SCSI drives
5 or more drive hardware-based SCSI RAID WAN Network Adapter
(for Internet access)
100/10 Mbps PCI card 100/10 Mbps PCI card 100/10 Mbps PCI card LAN Network Adapter 100/10 Mbps card 100/10 Mbps card Gigabit LAN or