33

I’ve started the process of setting up the new network at work. We got a 1Gbit fibre connection.

Plan was simple, move all cables from old switch to new switch. I wish it was that easy.

The imbecile of an IT Guy at work has setup everything so complex and unnecessary stupid that I’m baffled.
We got 5 older MacPros, all running MacOS Server, but they only have one service running on them.

Then we got 2x xserve raid where there’s mounted some external NAS enclosures and another mac. Both xserve raid has to be running and connected to the main macpro who’s combining all this to a few different volumes.

Everything got a static public IP (we got a /24 block), even the workstations. Only thing that doesn’t get one ip pr machine is the guest network.
The firewall is basically set to have all ports open, allowing for easy sniffing of what services we’re running.

The “dmz” is just a /29 of our ip range, no firewall rules so the servers in the dmz can access everything in our network.

Back to the xserve, it’s accessible from the outside so employees can work from home, even though no one does it. I asked our IT guy why he hadn’t setup a VPN, his explanation was first that he didn’t manage to set it up, then he said vpn is something hackers use to hide who they are.

I’m baffled by this imbecile of an IT guy, one problem is he only works there 25% of the time because of some health issues. So when one of the NAS enclosures didn’t mount after a power outage, he wasn’t at work, and took the whole day to reply to my messages about logins to the xserve.

I can’t wait till I get my order from fs.com with new patching equipment and tonnes of cables, and once I can merge all storage devices into one large SAN. It’ll be such a good work experience.

Comments
  • 6
    Also got the 10G switch for use as a backbone, and it’ll be used for our 3D guys plus SAN
  • 5
    Good, throw that sonicwall in the bin
  • 3
    And btw, althought I am not a apple Guy, I do think that it is a shame that they stopped their xserve lineup
  • 3
    While you're at it split some vlans, build a proper dmz, as @Linux said get rid of the Shitwall and replace with something sane.
    Bonus points for a new OPNSense firewall. You can setup an openvpn server with like 10 clicks, so you got that going too
  • 3
    @Linux yeah, I think the xserve lineup looks sexy, almost like the unifi.

    The IT guy wanted to buy a new sonicwall for around 2000$, while I proposed a unifi way, that included 2x gateways (redundancy), new switches, access points to create a unified wifi across the office and a 10G network solution for our 3D guys

    Where everything is easy to manage, easy to expand, and would work well with my proposed SAN solution
  • 2
    @Kimmax I’m splitting it into some VLANs, everything goes in it’s own VLAN (employees, guests, servers)
    A proper DMZ would imply a 2nd gateway, I’m just setting up a VLAN with very strict firewall rules. I’m gonna try to move most things into a VM if I can.

    The gateway is a Unifi Gateway Pro, where I have a 2nd one as a backup for redundancy.

    The USGs also do openvpn, not in the gui yet, but you can do it through cli
  • 2
    @Lahsen2016 it looks cool ofcurse!
    Nah, there’s a patch panel on the back of the rack, plus some old switches. I couldn’t connect stuff to the new network because of the clusterfuck that is the old network.

    I need to reconfigure the xserves and some of the other servers, but I only have access to one of them. And as it’s a business critical system, nothing is connected yet.
    Just waiting for the imbecile IT guy to give me access to it
Add Comment