Using Lan and Internet Networkin

Using Lan and Internet Networking to grow God's kingdom, i.e. Networking a Church Office to improve service for the Lord.

by Chapman Gleason, chap@the-gleasons.com

Everybody uses phones, everybody uses computers to increase productivity and communicate; however many if not most church's do NOT have a high speed Internet Connection and a LAN to improve office productivity. The purpose of this document to write the steps down to move a small church with about 10-20 computers into a high speed LAN environment. This LAN will share a high speed Internet connection and provide connectivity to an external host for a church web site. The Church will have a DNS domain for the church and a email address for each user in the church office. This document provides a three year play to "take you from crayon's to perfume", or as King Solomon said in Proverbs: "Without a vision the people perish." This document assumes you know some basic LAN concepts. It documents the steps I followed taking PBC from a peer to peer network sharing a printer and a folder, to a very robust business critical LAN supporting the mission of the Church in communicating to the congregation.

Here are the steps:

1. Join Microsoft Partners as a "registered partner", http://www.microsoft.com/partners this gets you about $25K of software that you can legally run on your Home Lan. Cost is $300/year. NOT on the Church LAN, you must license software on the Church Lan via the Microsoft Charity License,   http://www.microsoft.com/licensing/programs/open/opencharity.mspx

2. Get a DNS Domain for your church. We use www.3shosts.com, for Web hosting. Purcellville Baptist Church switched from 3shosts to www.everyone.net for email. 3shost consider it spam if you send a lot of email to a lot of people in a mailing list. everyone.net supports mailing to large email lists, they do spam control also.   The cost is only about $10 per month. Configure the Church email user accounts, cgleason for example , as POP3 email. Name your LAN user accounts ChapG, firstNameLastInitial. This provides email redundancy, since if your Lan is down, but you need to read email you can dial out to the Internet with a modem and use Webmail on the external host. Also they are DS48 or higher to the Internet, and things are fast there.   Also email backs up there if your DSL line or Exchange Server is down and will not loose any email. This is the best way for a small church. We pull the down the POP3 email into Exchange on the LAN every 15 minutes, using the POP3 Connector for Exchange. Outbound email is automatic via DNS and your ISP, unless they think your spamming, then you send outbound to everyone.net.

3. Buy a wireless Router and install a DSL line from Verizon: http://www.verizon.com. We switched from Adelphia cable modem to Verizon because of more reliable service and lower cost, and it is about as fast. Cost is only $39/mo for a DSL line compared to Adelphia which is $69/mo. Test the line with a single PC, if that PC can get out to the Internet with a Verizon DHCP address, your good to go. Do not accept the install unless you get on the Web.   We use Netgear routers and switches. I use Linksys at home. Both work, both are low cost. Do the free registration of your dynamic IP to dyndns.org for your domain. Example my DNS domain URL is: http://the-gleasons.dyndns.org, which is my IP registered with my linksys router automatically by the router. Netgear does the same thing.

4. Develop a Hardware and Software plan for the LAN. A vision of where you want to be in 3 years and where you want to be in year 1, year 2 and year 3. To do an assessment of what you currently have. Download Belarc Advisor: at http://www.belarc.com/free_download.html, it is a free download. PCs slower that 733mz should be upgraded. A 733mz PC with 768M or 1G of RAM are fine for year 1 processing, but try to upgrade them with new MotherBoard, new processor (18 months behind hot) and 1G of RAM. Try to with a Motherboard that holds 4G of RAM. Target a CPU for PCs of 2.8 or 3.0Mz.

Listen to the following webcasts:
https://msevents.microsoft.com/cui/WebCastRegistrationConfirmation.aspx?culture=en-US&RegistrationID=5843386&CountryCode=US also buy this book and read it:

Buy Harry B's book, Small Business 2003 Best Practices, and follow it for the install. Read the whole book, plan your LAN using the guidance given by Harry.

http://www.smbnation.com/

Follow the configuration examples he uses in the book. Practice on a server at home first. NAME YOUR DOMAIN domain.local (example domain is called the-gleason.local) do NOT name it the-gleasons.com, because that Domain already exists on the Internet, hosting your email and web site. Use the two NIC setup here with a Modem, you will not have an ISA Server (ISA Server is a FireWall, in Premium Edition of SBS 2003):

http://www.sbslinks.com/sbs2000router.htm

Vision where we want to be in 3 years: Our Church Office wants to be an all Windows 2003 Network, with all XP Desktops, with all Office 2003 on the Desktop, all using a 100m wire and with a 54mb Wireless LAN for guests. We want every worker to have email and a calendar, a church calendar to manage rooms in the church and a Web site that is up to date, and with excellent look and feel and content. We want to provide Remote Access to the XP Pro desktop for all workers and a Windows Terminal Server 2003 for part time workers with no desk in the Church Office (think outsource your membership list mgmt to a part time work at home mom here). We want a secure LAN with every PC and server protected with Symantec or TrendMicro Anti-Virus Enterprise Edition and Microsoft Anti-spyware client and Software Update Services, MS Software Update Services V2. We want fault tolerance as much as possible, and we will do nightly and weekly backups to 250G USB external drive, via the backup wizard.

Year 1: Buy Windows 2003 Small Business Server, Standard, Edition (about $250) not Premium Edition, for however many users you will have at one time logged in on the LAN. Buy a Server with at least 1G of RAM, 2G if you can afford it, ($250 extra) buy the 1G DIMMS if you can afford it, and 4G if you have 20 or more concurrent users. You can have 20 people work at a place, but only need a 10 user license, per user not per device. Get a Charity License for Microsoft started with CDW.Com, they have been excellent for me, only certain companies handle MS Charity license. Buy XP Pro desktop, $75/desktp for a Charity license. you have to fax your tax exempt certificate on church letterhead to CDW. All purchases must be made from church checking account via wire transfer. Meet with your finance officer at the church and set this up, inform them, get their buy in early. Buy Symantec from CDW, for every user/device on the Lan, they sell it per user and not per server. Buy Enterprise Symantec Anti-Virus, it has desktp, server and Exchange Anti-virus, install all 3. Run it centrally on the SBS 2003 Server. Upgrade whatever software that needs to be upgraded, get an inventory using Belarc, from www.belarc.com, run it and save it to a file for each PC in your network. Name your PCs by function or we use Books of the Bible. PC will move around so don't use room number or something like that. Find out upgrade costs BEFORE you do any buying. Plan PC hardware upgrades also, 1G of RAM should be your target, you can get to it in stages, 512M should be your minimum, on a 733mz PC. If your upgrading select a good Motherboard, 20G, 40G or 60G drive and build your own for about $400/PC, no monitor, just the MB, memory and CPU. Select a sweet point CPU, about 18 months behind bleeding edge, for example a good CPU right now is 2.8-3.2mz, do NOT buy the latest greatest, you pay dearly for that.   You may have to do some upgrades of desktops to XP in year 2 depending on funds and applications that run, things like QuickBooks or Shepherd Staff or Adobe PhotoShop will have to be planned for. Buy Office 2003 Pro, not standard, it comes with Publisher and PowerPoint, which are needed for making presentations, cost for the Pro version Charity license $65/PC. Don't buy Software Assurance. You can buy the software under Charity License in 4 years. Plan on 4 years of running with this software.

A nice entry level Server for Windows 2003 SBS Standard Edition is a Dell 400SC. I bought ours on ebay, for about $400, with 1 year warranty, if you can get 3 years get it, for the $150 extra.   I had to buy more memory and another exact IDE drive to mirror the drives in the server, use SW mirror in Windows not HW mirrors or Arrays, they cost big bucks. Buy the exact same manufacturer of the drive, get an extra one if you can afford it. I target drives for $100, you can get a 160G now for $100. This is a fine size drive for a 10 user Lan. Go with a 250G or larger if you have 20 users. The 400SC holds 4G of RAM, the maximum memory for Windows. Go with the Serial ATA they run at 10,000 rpm and are about the same cost as IDE. I like the ATA because they are cheap and good, I like IBM, now Hitachi. Partition the drive as: one 30G for C:, one 40G for H: and the S: of 80G for shared storage Place Exchange on another partition call it E, make it 40G if you can. Have a CD or DVD burner on the server for making CD of your config with Ghost. You need at least 1G of memory for 10 users----DO NOT skimp on memory, it makes things fly. We are running 15 users right now with 1G, and it is slowing down, but we need to go to 2G of RAM. 512M RAM is cheap about $50-60. Don't buy SCSI and don't buy RAID, as they cost too much, the mirrors on IDE or serial ATA work just fine. Buy a 250G USB 2.0 external. Buy Ghost in SystemWorks 2003 Professional for $5 on ebay and make Ghost images of your Server configuration.   Buy a $100 UPS that does automatic shutdown. Buy it locally, it costs too much to ship. You can run your SBS Server on a workstation if you have a small LAN of say 5 users. I did that for 2 years, starting on a workstation with Windows 2000, Office 2000 and 2000 Pro on the desktop, email never worked since we just had a single dialup on the Server.   We had a web site and POP3 email with a modem on each desktop.   Then I upgraded to SBS 2000, with Exchange on the LAN, I bought a used Dell 1300, two 18G SCSI in it, tape backup too. It holds 1G of RAM and a high speed Internet Connection from Adelphia. Oh, don't use tape for backups, nobody will baby sit them, nobody will label them burn a CD of your config with Ghost so you can get an OS back on a Partition of an IDE drive and restore from your latest full back and incremental. That is the backup strategy. Cost of tapes are $30/tape, high for a Church. I then upgraded to SBS2003 and a Dell 400SC new server. I used the Dell 1300 as a 2003 Terminal Server. Charity License price for SBS 2003 Standard edition is about $270 I believe. Retail cost of this is $599, ebay price is around $400. You may find a server on ebay that has SBS 2003 already on it because someone is selling the server from a failed business, you can transfer the license legally. Buy it if they agree to transfer the license, get the ebay buyer protection on this purchase, remember it is God's money and we must use it wisely.

Year 2: Buy Office 2003 Pro for all the desktops. Cost is $65/desktop with charity pricing. Upgrade all the all non-Microsoft software to version that runs on XP. Upgrade memory to 1G as a target, buy 256M/yr per PC if money is real tight. I did it in steps of 256M. It was $40 for a SIMM. You can get 4 or 5 years out of a PC now with no problem.

Year 3: Buy an additional server (can be an old server, with 1G of RAM) and a 5 user Windows 2003 Terminal Server License. Use this for a backup Domain Controller. You may have to do this buy YEAR 1, because of part time workers or because of remote access needs. Year 1 remote access can be Outlook Web Access and MS VPN and Terminal Services to the XP Pro Destop via Remote Web Workplace or RDP Client, that is why you need to be at XP Pro. DO NOT use XP Home Edition on your network, use Pro. Outlook Web Access gets you web email, MS VPN gets you on your network from a home PC. If your on another FWed network (like where your real job is) and want to get on, your work FW must let MS VPN (L2TP) thru the FW, most do not. Most enterprises also do NOT let 3389, which is RDP protocol for MS Terminal Services outbound. . From your home LAN to the Church Lan should work fine however, since VPN and TS is not blocked outbound on your home network. Port 3389, 443, 4125 must be open on the Church router inbound. 3389 is Terminal Services via RDP client. 4125 is need for RWW and 443 is used by Outlook Web Access.

You will have to juggle with things between year, remember the goal, and shoot for it as quickly as you can. You many have to buy Office 2003 in year 1, but if they are using WP, fine, use that with Windows XP in year 1. If there is going to be resistance switching to Office, do it in year 1 along with the XP Pro upgrade as part of the new LAN and Internet connectivity. If you can get off Windows 98 in year 1 that should be done. If you can't buy a server and XP at the same time, go for a Windows 2003 SBS server first, with minimal disk drives and memory and try to do the XP Pro buy. Target budget is $4,000 per year for 3 years. If your careful, God will bless with the INCREASE of productivity and you can get good used gear on ebay. Also consider using a workstation in year 1 as your SBS Server, if it can run a G of RAM and you don't have the money to buy one in year 1. The mirrored drives are a requirement. You do NOT need the high dollar Premium edition of SBS, in my opinion, use your church management software not SQL server. SQL Server requires someone in the office to be able to write queries, most business workers do not know how to do this. However they do know how to run queries in canned things like Shepherd Staff or other user friendly Church membership list software. A standalone version is fine, put it on the S: share drive and launch it via ShortCut, one worker doing the update of membership, the rest reading the List only, extracting it to CSV for spreadsheet. Keep custom queries on the S:. Manage the S: directories. The Church Office Manager should do this.

Folders: Every piece of software installed on a given PC gets placed in a folder (the accordion kind) with the name of the PC on the outside of the folder. Insist on this. Keep the software locked up, so people don't buy one copy of FrontPage and install it on 3 machines. License and manage everything. It is the Lord's LAN and should reflect what the scripture says "a workman is worthy of his wages", so Bill Gates and Microsoft, must get paid. They are giving Churches a tremendous break on software. Office 2003 Pro is $500 retail., it is $65 for the Charity license SBS 2003 Standard Edition is $599 for 5 users retail, it is $271 for the Charity license.

Printers: For printing your church bulletins, I bought two HP 5SI MX printers on eBay, they are industrial strength, and never break down. They are about $50 to ship. Bid in the last minute of the auction on ebay, or you will just keep inching the price up.   Get a PayPal account so you can pay by credit card. Get the insurance so you don't get a lemon.

Fax: SBS 2003 has fax integrated into the Share Point Portal Server, so faxes come into the "Company Web" to be distributed every day. Plan to buy an external fax for $100. Harry's book recommends one, ] MultiTech Fax modwl MT3334ZDX, external only. You can fax outbound from your desktop.

Shares: We use H: for he home drive, with My Documents redirected to H:\cgleason in my case.   NO documents are stored on C: all go to the server which is backed up nightly. We use S: for a "Church Share", stuff that everybody uses. Do not junk it up, do not put things in the root of S:. Clean house every 6 months.

Other Software: Adobe Acrobat, WS_FTP_Le, WinZip are musts for most users. Adobe Acrobat Publisher (Distiller I think is the name) is needed to for publishing Acrobat files to the Web.. You need someone with training in FrontPage or DreamWeaver to maintain the Web. You need someone familiar with Web forms, html etc to get maximum leverage of your environment. You can record your pastor's sermons and publish them as downloadable MP3 with Gold Wave, www.goldwave.com. You will need somebody overseeing the environment, we have a 20 hour per week part time student doing this. He is excellent at HW, SW and Web and has learned a lot about LAN networking. The person must know HW, and ideally builds his/her own computer. Anyone with the will, can do it. If in a mission critical situation, we have never needed this, you can call Geeks on Call, they are a USA wide company, and will do an on site visit for $150 for the first 15 minutes. Your MS Partners subscription offers mission critical support as part of being a partner, only $300, pretty cheap insurance. I have had to call MS when doing the SBS 2003 install, they send me a paper that was less than 2 weeks old on migration of a 2000 SBS to a 2003 SBS. If you buy "bleeding edge" (just after release) expect to bleed.

5. Lurk around in the group, SBS2K on Yahoo Groups, http://groups.yahoo.com/. This group is a collection of current SBS MVP, who answer each other's very tough questions. Examples: Can I use SBS 2003 to host several different companies/domain names? Can I use it to host public web sites? I have a company with a Branch office, do I use a W2K3 server at the branch office or a router to router VPN? You will learn a lot by being a fly on the wall.

6. If you build a test LAN at your home. DO NOT place your wife's computer and email into the domain. Do Outlook via POP3 from your domain. Place her computer in the workgroup so she can print. Do NOT place your children and their computers in the domain. Reason, this is an R&D server, you will be messing around and testing things, when something breaks they still want to compute, and they will bug you to death until you fix it. If you have a real job, you will NOT be able to get to it quickly enough for them, i.e. like right now. So just put 1 or 2 computers in the domain, that you use (if you can do 1 you can do 1,000,000). You can have login accounts for them in Terminal Services, but don't have them in your little test environment. Especially while your learning.

7. Don't leave your wireless Access Point unsecured. Secure it. Have a SSID, have a very strong password, have encryption on, do NOT broadcast the SSID, use your MAC addresses in the router. If you have people bring their own laptops in and out a lot, we have several, then drop the MAC addresses in the router and use a RADIUS server to AD. Buy a router that supports RADIUS. See SANS for how to secure a Wireless Windows Network: http://www.sans.org/rr/papers/download.php?id=1619&c=b1c2431d8d3ea6790fa16559694de0f2 or the military STIG: http://csrc.nist.gov/pcig/cig.html It is best to put your Wireless Router between your DSL and your internal router, what is called the DMZ, I don't because I place Mac Addresses in the router so only PCs that are authorzied can us the WLAN. Here is how to secure the WLAN: http://www.sans.org/rr/whitepapers/wireless/1619.php this is over kill for a small WLAN, my wife has 1 Laptop on the WLAN, and in my mind for this site, change the SSID, use WPA encryption with pre-shared key, change the PW, don't broadcast the SSID, run AV, PFW, Anti-spyware and automatic patches from Microsoft and you will be fine. If you entire network is wireless, then I would do what the SANS configuration document does, which is RADIUS authentication and Certificates for each PC with an Enterprise Certificate Server built into MS Windows 2003.

8. Excellent source of information and software for non-profits http://www.techsoup.org/howto/index.cfm

9. For bulk emailing use the free www.lowrieweb.com look for a download call LAemail. It will sends an email to a set of email addresses 1 email per line in the input file as an attachment or an HTML file, this makes it very nice for web content, since your links out can be on the Web. The email batch file will NOT be viewed a spam, because it is 1 email per address. If your ISP doesn't allow this switch your email hosting company. Oh all your POP3 email accounts have the same email PW. Do show people how to change it unless there is a SERVER outage, make them go to the SBS Server for OWA or Terminal Services.

10. Your Server should have a DVD RW drive, it holds 4.7G. Ghost the OS on C: over to it. Your mission critical membership list should be backed up to the DVD-RW weekly, monthly (whatever is appropiate) and stored off site. So now you have two mirrored drives. 1 USB drive with nightly backups, and a DVD-RW of your critical data done monthly, or weekly or on some other schedule. My Documents, H:, S: and the DBMS data should be nightly backed up to the USB. Every Friday night you backup a complete backup to the entire system to the USB.

11. Defrag your client PCs weekly or monthly with a script.

12. Support. You are going to have to have someone oversee the network to make sure things are working well, weekly they can Terminal Services in. You should not have that many issues on the server if your not making configuration changes to your NICs and therefore your network. DHCP is a problem, because it doesn't like sharing that with a DHCP upstream on the Wireless router, so go fixed IP and turn off dhcp on that interface. I use google, and microsoft search to resolve things typing the exact string of the error message, because people quote what happened to them. If I can't resolve things by reading the KB articles and time is of the essence, I call Microsoft for $245 for a single support call and charge it to my credit card. I have only had to do that once and it was on the initial install of the 2003 SBS Server. Most things run pretty smoothly, especially with SUS and automated Virus management. Don't leave your network unsupported to just "office staff" that are clueless. Backups must be done and run. Patches must be applied via SUS etc. Automate everything. You will find that your time will be spent on Web content, not on Lan management.

13. For Patch Management see SUS from Microsoft for free: http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/default.mspx

14. For anti-virus management see Trend Micro C/S Messaging Suite and how to install it on SBS 2003 Server: http://www.sbsfaq.com/Visual Guides/Trend CSM on SBS2003.pdf Microsoft has just come out with a package which has AV, PFW, Backup, Defragging, and Anti-spyware it is called Microsoft CareOne for $49 for 3 PCs.

15. Here is the Dell Server I bought for my Wife's Ministry, http://www.breakthrough.com.

16. http://www.cutepdf.com has a free version of a PDF writer with Ghostscript, you must download and install both. Use this so folks don't steal your intellectual property.

17. The cheapest way to do Disaster Recovery is to buy a NEW version of Ghost 2003 on the Norton Systems Works Professional 2003 for $5 off eBay and then install Ghost on the Server, do not install the entire Systems Works install Ghost from the Ghost Subdirectory, it will install from the Subdirectory, not the Install that comes with SystemsWorks. Make a Ghost Boot diskette. And backup the entire HARD drive to the USB Drive, also burn a CD of the Ghost and take off site. If a drive fails or your computer fails, you reghost the machine from the boot diskette and the CD and then take the latest back-up, which SBS stores on the USB drive and you over write your configuration with the back-up and reboot. If you don't trust that, then do a ghost weekly to a DVD. Here is how you backup a PC over the Network to a Share on the server.

18. Remote Access. SBS 2003 comes with great Bult-in Remote Access using what is called Remote Desktop Protocol, you must open port 3389 and 4125 on your router and forward them to your SBS Server. You can get to the Server via either a browser or via RDP Client, which is Start | Programs | Accessories | Communications | Remote Desktop Connection. It is best to rerun the Internet Connection Wizard in SBS 2003 to get this working correctly. Excellent PP presentation on Remote Desktop Protocol build into XP: If your going to be on somebody else's PC and it is NOT and XP desktop, then you need to download the RDP Client to your Thumb drive: http://www.microsoft.com/downloads/ThankYou.aspx?familyId=80111f21-d48d-426e-96c2-08aa2bd23a49&displayLang=en. This Webcat, PP presentation and transcript is excellent for RWW.

You now have a pretty maintenance free Lan, you can focus on Web Content and keeping that up to date and pretty.

That is the general plan, with a lot of hints. Follow Harry's book on the install. God will bless, trust me, he has for PBC. Email me if you have a question.
Chap mailto:chap@the-gleasons.com

Back to the-gleasons.com home.