Ask Slashdot: Becoming a Network Administrator?

J. L. Tympanum writes "After many years as a star programmer, I have taken a position which involves maintaining and rebuilding the in-house network of a small company. There are maybe 100 machines, a mix of blade servers running Linux and desktop PCs running Windows of all flavors. Basically, I have to learn networking from scratch. I have been given an 'unlimited' budget to buy routers, switches, etc., to set up my own little test network as part of the learning process. So the question is: what's the right strategy here? What routers or switches or other equipment should I acquire? What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?"

Re:Step 1

[nuintari]

And then, in all seriousness.

Deploy Juniper products where you can. Commit confirmed alone will help keep you sane.

As for learning how this stuff all glues together and works, that really depends on how you learn. I learn by trying things, and reading the manual, not from a classroom. YMMV, but I have never seen a class that did anything short of an awful job of explaining how networking works. I rely heavily on my peers and Google for ironing out issues that I cannot solve in my lab. Consider attending talks on subjects relevant to your needs, and anything that sounds even remotely interesting. Find someone more skilled than you who can explain shit in your native tongue and attempt to osmosis some talent bit by bit. Oh, and get yourself an O'Reilly Safari subscription, a nook/kindle/whatever, and start, as my friend Jeff says, consuming massive quantities of text.

And seriously, consider running, you are in for a long, dark road of evil.

Did you hear that?

[DomNF15]

It's the can of worms popping open... You don't necessarily have to "buy" physical routers, switches, etc. These days, you can simulate pretty much any network setup you want via software and see how things work out: http://www.gns3.net/ [gns3.net] Also, asking "us" what hardware you should buy is like asking someone what kind of computer you should buy, the question is too general and the answer will depend largely on the business/security needs of the company. Tannenbaum wrote a very good book about TCP/IP networking which you may want to read: http://www.amazon.com/Computer-Networks-Andrew-S-Tannenbaum/dp/0131651838 [amazon.com] Aside from that, you should look into the basic requirements for network administration/security and make sure you understand and know how to apply them, the topics listed here could be a good starting point: http://en.wikipedia.org/wiki/CISSP [wikipedia.org]

Run...

[dakkon1024]

I am a 12 year veteran of the field. My official title is Sr. Technical Engineer. I work for a small (15 person) consulting firm. I’m being completely straight w/ you. Start looking for a programming job. This is the end of my advice.
If you need to fake it for a while, setup w/ a well-respected school in your area for your CCNA. If you have no budget concerns schools w/ equipment stacks and solid instruction will beat out any other option.
But seriously, you’re making a bad career move, this isn’t meant to be funny.

Views from a New Entrant

[imlepid]

what's the right strategy here?

Proceed with caution. Make sure you enjoy networking and that its challenges interest you. Networking is very different from programming and also different from desktop support.

What routers or switches or other equipment should I acquire?

I have extensive experience with HP Procurve equipment and I have been satisfied with their stuff. (In the network I manage we have about 120 HP switches.) They are pretty reasonable in price and have a lifetime warranty on their switches and routers (I just got a replacement for a part for something that was manufactured 10 years ago, no hassle). Cisco is good if you like features, have a large network, and enjoy spending money. I would avoid Netgear switches (unless you need a small desktop switch (e.g. GS108) to provide more ports) as I have heard bad things but I have no first-hand experience. Expect to pay around $1000-1800 for a good 48-port Gigabit switch.

What books should I read? Should I take classes from Cisco, Global Knowledge, my local community college, or somewhere else?

I would look to achieve a "CCNA level" knowledge. For a network of about 100 devices you won't need much more. You can do that by simply reading a book (e.g. the CCNA prep by Lammle or Cisco Press), self-study (e.g. books alone or with video) then trying to pass the test, or taking a classroom course with Cisco or GlobalKnowledge. The material covered in CCNA is useful even if you use Procurve devices (although vocab will be different, such as "vlan trunking" (Cisco) vs. "vlan tagging" (Procurve, IEEE 802.1Q))

Background: I managed a network at a scientific research center (1000+ end user devices and a couple hundred servers). Its a mix of Cisco (core) and Procurve (edge). I have been working in networking full time for 2 years (I was in the poster's shoes not long ago) and with computers for about 5 years in a professional setting.

Basics

[g00head]

Assuming you didn't leave out VoIP or Video Conf equipment:

1. As above, take a CCNA course or find the materials. That will give you a good basis.

2. Read everything you can in regards to VLANs and how they work/best practices/management by hardware OS

3. Read everything you can about switch port management (i.e., access port vs. trunk port, again relies heavily on the chosen hardware OS)

4. Choose your hardware: If money is no object, Cisco is reliable but more upfront and much more for yearly support. HP ProCurve is a very good economical option.

a. Either way, use two stacked Layer 3 switches for core routing with Layer 2 switches for access layer.

b. For Cisco products, I'd recommend a pair of stacked 3750X's, with 2960 for access layer switches.

c. Save yourself pain later - have each access switch trunk to the core stack with an aggregated trunk, one port to each half of the core stack. (if half your core stack goes down, most of your network stays up. If one line/port of the trunk goes down, whole network stays up but speed may be affected depending upon bandwidth used)

5. Use one VLAN for infrastructure (i.e., switches, servers, printers, appliances), use one VLAN for workstations, use one VLAN for wireless if necessary.

a. Avoid using VTP, even if it seems like a good idea to you

b. Do all routing between VLANs on the core stack, access switch trunks should carry all VLANs however

c. Test the hell out of your config in a lab if you have time, lot less pressure telling them that the project is delayed by testing than telling them all work is delayed because you can't find the problem on the prod network

d. Thank god you get a test network

4. Once everything's built, configured, and running well - BACK ALL OF THE CONFIGS UP, and repeat whenever a config change is made.

Good luck, and you'd really better love troubleshooting problems with very little info to go on...

Re:Step 1

[poetmatt]

Underpaid, underappreciated and overworked? Get back to work!

Network admins, unless they are basically amazing, are in for a typically rough ride through trying to get things to work, as things perceived as small changes can have enormous impact on network stability. Then you get to things like bad password policies, bad hardware policies, bad security policies, bad corporate policy and a good portion of the time network administration is just not worth the time.

If it were $75-90k a year maybe, but otherwise definitely not worth more stress than pretty much any job that exists today including hard sales.

Things to do: buy enterprise grade hardware, do not ever compromise on best buy/off the shelf hardware, restrict access as much as possible (and lock down ports as much as possible), make sure all devices go through a firewall (outbound) and all inbound connections go through their own separate firewall (inbound). Make sure that all requests inbound have to be requested from internal. Make sure that as much of inbound connections as possible are over a vpn if external.

Basics: make use of forwarding, proxies, reverse forwarding, nat. Make sure that all of your DNS addresses which are assigned to computers point to internal DNS only, and that the same applies to the servers. No server should have any DHCP or DNS assignments from the local ISP.

Redundancy: You must have it. At all levels. Check for cable backups, keep spare parts for everything - power supplies, cables, extra routers, extra server ISO's and images, extra copies of VM's, etc. Make sure you have redundant UPS's. Do not daisy chain UPS's (or maybe you can, someone else will comment- I'm no UPS genius).. Make sure things are not physically linked in a way that when one thing fails, so cascades the rest. This means UPS's with hot swappable batteries. Make sure you have multiple switches and all servers have at least 2 NICs for both load balancing and additional fallover.

Check for shit people don't think of - check where the servers are located, what cables are running overhead, dust situation, etc. Make sure that the cooling for the server rooms is appropriate and is set up such that if the leak plate (forgot the proper term) floods it won't drip directly on the servers. Check for maintenance schedules, physical and software, check for licensing being followed, check for PCI compliance. Check security requirements for the server room, for the pcs.

Additional redundancy: virtualize wherever possible, hardware permitting. Offsite backups, offsite hardware backups.

Additional: prepare for hilariously large amounts of fucker trying to deal with authentication between linux and windows. Linux is well documented and complicated. Windows is well documented and complicated.

Lastly:
Keep at least 3-6 full bottles of hard alcohol on hand, a 2 week resignation notice, and a mini-fridge full of beer in addition, and depending on the state you're working in, maybe keep a gun on hand if you're licensed and it's legal.

Oh and don't forget, being a network administrator has basically NOTHING to do with being a network administrator. It's more like managing a circus of crying babies who have no idea what the fuck they're doing.