Network Infrastructure Upgrade Strategy

Greetings,

I recently have taken over an aging network for a small private school.  The school has about 150 computers and a mix of managed (HP) and unmanaged switches.  I'm working on upgrading the network infrastructure and had a couple specific areas I'm looking for advice in.  We are on a VERY SMALL budget--so I'm looking for value.    Most of our managed switches are HP right now, so I'm looking to likely stay in the HP family.

We've got a pretty good core switch, an HP 4204vi.  There are no VLANs right now (ugh), but once we get the switch infrastructure upgraded the plan is to implement seperate VLANs for student, faculty/staff, and byod.

1)  What's the best way to connect my switches?  The school has about 6 major switches in various locations about the facility.  Right now the switches are just tied together with Cat5e on 100baseT.   I want to upgrade these connections to at least gigabit -- should I just use Copper (Cat6)?  What advantages/disadvantages would Fiber have? (I don't have much experience with Fiber).  If I go fiber, what type of cable/connectors should I use?  The switches are at most a few hundred feet apart.  

2)  Many of the schools switches are older HP 4000m switches.  I don't have much experience with these.  How big a priority should replacing these be?  Should I just put gigabit modules in them for the new backbone connections or should I try to replace the whole switch?  It looks like I can get gigabit modules cheap ($20) on eBay.  

3)  I'm also looking for recommendations on what to replace the unmanaged and older HP switches with.  I'm strongly considering the HP V1910 switches as they look like they provide a lot of bang for the buck.  Any drawbacks or other recommendations?

4)  School currently has a network of 8 Cisco/Linksys WAP2000 providing wireless throughout the school.  Connections are a little choppy especially when a lot of users get online.  Any recommendations for inexpensive/reliable replacements?

Thanks for your recommendations!
scotruAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mds-cosCommented:
OK.  This is kind of hard without seeing your location, but good descriptions so I think we can get good ansers ;-)

First, answers to your specific questions before I make some additional observations:

1)  The advantage to fiber is that it can go further and is not suseptible to interference.  Disadvantages are cost and fiber is more fragile.  Sounds like your network closets are fairly close together so go with CAT6.

2)  HP is not a leading switch / hub manufacturer.  That said, they do seem to make good units.  As long as your current switches are functioning well you should add the GigE modules for now.  Replace down the line when you have a real reason to.

3)  As I said, HP is fine.  But not my first recommendation.  Just because you currently have HP is not necessarily a reason to stay with HP.  For your network I would take a hard look at the lower end of the Cisco line (like the Cisco Express 500) as well.  You may find that long-term you wan  Tt to migrate from HP to Cisco.  They have some very affordable managed switches for small networks.  I do need to quickly say that I have a bias to Cisco, but a bias that they have earned.  Juniper also makes top-notch equipment, but I have only worked with their Enterprise stuff.

4)  Welcome to wireless!  :-)  Seriously, you are not going to get into solid wireless without spending a bit of money.  Cisco Aironet or 3Com Wireless LAN are a couple of good choices.  There are some fringe manufacturers making devices they claim will handle 100 users or more, but these are going to be hit and miss.  Since you are on a budget, might be worth the time to work out some demo units before you buy.


I did want to make a quick observation about implementing VLANs, since many people mistakenly belive that creating VLANs creates good security.  Here is a good read that will address this point fairly well  http://www.tofinosecurity.com/blog/why-vlan-security-isnt-scada-security-all.

Given the small size of your network, and the small size of your budget, you may want to forgo VLAN implementation.  You will achieve better security by physical traffic seperation and a good firewall / firewall policies.  Juniper has some great small business firewalls that would work perfectly for this.

0
ArneLoviusCommented:
I have several very large deployments of HP switches, I particularly like the HP Procurve lifetime warranty that Cisco has started to copy on some of its range.

The 4000 is a venerable switch, but if you don't need gigabit to the desktop, its still a perfectly good L2 access switch, I woudl certainly get a gigabit module for your "backhaul"

Use fibre if you're going between different buildings, if in the same building, use copper as backhaul.

Port based VLANS _do_ provide good security between networks, but as soon as you used tagged VLANS on ports going to desktops, then you do run the risk of a "malicious" user configuring their desktop to be on a different VLAN. Only use tagged VLANS on trunk ports between switches.

I would avoid the lower end Cisco products and steer well clear of Linksys.

As budget is a strong driver, I would suggest scouring eBay for more HP managed switches rather then purchasing new.

In order of priority I would probably enable VLANS first of all to separate into your three logical networks putting the unmanaged switches into either student or BYOD, then upgrade the backhaul links to gigabit, then replace the unmanaged switches with managed ones
0
TipTop2000Commented:
1.) Fiber is expensive (Interfaces and splicing) and fragile. If can live with the limitations of Cat based GBit Ethernet (Speed, Length) stay with it. It gives you a much better value. If possible, try to bundle 2 or more GBit links for speed and failover.
Fiber: Depending on the locations you would need multimode (cheaper; 10 GBit up to 400 meters, 100GBit up to 125 meters) or mono mode (expensive and longer ranges). Connectors: LC - nothing else.

2.) HP is absolutely adequate. If you don't need more than 100 MBit for the desktops, there is no need to replace the HP Procurve 4000. They are good L2 switches. The only disadvantage I'm aware of is space and power consumption (probably more relevant in a data center).

3.) HP V1910: as far as I remember, they only have a web interface for management. If it’s ok for you, go for it.

4.) Maybe http://ubnt.com/unifi is interesting for you. Pro: price (~ 80 USD per AP), nice looking, management server 4 free;  Con: not standard POE (adapter available ~ 20 USD), max 4 SSIDs mapped to VLANs

VLANs as you plan it, are a big step ahead from where you are now. Full acknowledge to ArneLovius. Just take special take care of the points where the VLANs come together  (Firewall with correct rule set).

Best Regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

mds-cosCommented:
Arne -- Out of curiosity, why would you avoid the small business offerings Cisco is putting out (like the 500 Express)?  I do agree with not going the Linksys route for anything but the smallest networks.  But I'll go Linksys any day over most Netgear stuff.

For clarification, given the large wireless contingent I am assuming VLAN tagging vs. port based.  But remember that even port-based VLAN can be hacked more easily than a properly configured firewall.  Liberal arts college -- no problem.  Engineering school and you'll have kids doing it just because they can.

Lifetime warranty is a big plus that HP has going for it.  3Com used to do that, but I noticed they have departed from that path.
0
scotruAuthor Commented:
Very helpful comments everyone!  I'm particularly excited by the UniFi--I'd never heard of this and these sound perfect for my installation.  Have you used them or know of anyone who has?  Did they work well?  

It sounds like I'll keep the 4000Ms for now and go with mostly copper gigabit links.  100 to the desktop is enough for now, but I'd like to make future switch purchases gigabit so that I can gradually transition.  I do have one out building that I may consider fiber for.  I've read that the V1910s I'm looking at are actually originally 3com switches (didn't HP acquire 3com?).    They are going for $330 on Amazon right now which seems like a steal for 24 Gigabit ports with their features.  Aren't the Cisco 500 express family 10/100 with just a couple gigabit ports?   The cheapest 24-port Gigabit Cisco switches I could find were around $1000 -- is there a cheaper model I should be looking at?  The V1910 doesn't appear to include HPs lifetime warranty (just 3 year).   But I think I'm going to order one and try it out.  I will watch eBay for bargain's as well.  

Also thanks for the very helpful information about VLANs and security--I'll definitely keep this in mind and look at implementing some good firewalls between the networks.  We're just a highschool -- but we do serve an engineering college nearby and some of our students are pretty technical.  

I appreciate all the advice and will leave the question open for a little longer in case there is more.

Thanks!
0
TipTop2000Commented:
UniFi: I installed my first system with 6 AP last week.
I’m very pleased of this nice system.
Installation of controller software on a virtual Ubuntu Server took about 5 minutes (editing /etc/apt/sources, apt-get update; apt-get install unifi; DONE). They have a Windows and a Mac Version, but I don’t know more about it. The server is implemented in Java with a mongodb backend – so there should be no problems.
The user interface is a web based flash app. It’s quite lean – only basic functions (but all I need till now)
Some speedtests with iperf showed good performance.


V1910s: True the old 3com switches. So: great feature set for a very small price. The question is: how compatible are they and how long will they be available. They don’t fit in HPs network portfolio. They have the same feature set as the HP 2510 which are more expensive. Don’t underestimate the management of a heterogeneous network.


Best Regards
0
mds-cosCommented:
I have a couple of the 500 express for some small offices.  Yes, two GigE ports.  $1000 is about right for these.  To get into cheaper for the Cisco side you would have to look at the Linksys line, targeted to home and small business segment.  Last time I checked, the HP lines were running comparitive price.  If you go the unmanaged route instead (so no VLAN), you can get into much lower cost equipment.

If you start pusing Gig to the desktop, costs are going to go up quite a bit.  Think about your overall infrastructure, data that will be pushed, and where data is flowing.  You might find that 100 to the desktop with gig backbone and server will be more than adequate.
0
scotruAuthor Commented:
Thanks to everyone for the good information.  I plan to investigate the UniFi system--sounds perfect for us.  I think I'll stick with the HP 4000Ms (I just dug through a store room and discovered I have even more of them than I thought so I should be able to get rid of most of the unmanaged switches :-) for now with gigabit backbone and investigate gradually replacing them with gigabit switches.  

0
scotruAuthor Commented:
Just following up for completeness, I've noticed now the Cisco SG200 and SG300 series of "Smart" switches.  The SG200's are actually available on Amazon right now for even less than the HP V1910's and the feature sets look comparable.  Someone reading this thread and preferring Cisco might be interested in these.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.