In my fifth installment in the continuing series on Doing IT at Home I would like to focus on enterprise networking. Many ways in which we can bring business class IT into our homes can really be done for free but networking is sadly, not one of those areas but it does not have to be as costly as you may, at first, think and having a good, solid, enterprise-class home network can bring many features that other IT at Home projects do not.
Implementing an real, working business class network at home lays the foundation for a lot of potential learning, experimenting, testing and growth; and compared to other, small and less ambitious projects this one will likely shine very brightly on a curriculum vitae.
Now we have to start by defining what we mean by “enterprise networking.” Clearly the needs and opportunity for networking at home are not the same as they are in a real business, especially not a large one – at least without resorting to a pure lab setup which is not our goal of bringing IT home. Having a lab at home is excellent and I highly recommend it, but I would not recommend building to “true lab” in your home until you have truly taken advantage of the far better opportunity to treat your home as a production “living lab” environment. Needing your “living lab” to be up and running, in use every day changes how you view it, how you treat it and what you will take away from the experience. A pure lab can be very abstract and it is easy to treat it in such a way that much of the educational opportunity is lost.
There are many aspects of enterprise networking that make sense to apply to our homes. Every home is different and I will only present some ideas and I would love to hear what others can come up with as interesting ways to take home networking to the next level.
Firewall or Unified Thread Management (UTM): This is the obvious starting point for upgrading any home network. Most homes use a free multi-purpose device that is provided by their ISP that lacks features and security. The firewall is the most featureful networking device that you will use in a home or in a small business and is the most important for providing basic security. Your firewall provides the foundation of your home or small business network so getting this in place first makes sense.
There are numerous firewall and UTM products on the market. Even for home or SMB use you will be flush with options. You can only practically use a single unit and you need one powerful enough to be able to handle the throughput of a consumer WAN connection which may be a challenge with some vendors as consumer Internet access is getting very fast and requires quite a bit of processing power, especially from a UTM solution.
Choosing a firewall will likely mostly come down to your career goals and and price. If you hope to pursue a career or certification in Cisco, Juniper or Palo Alto, for example, you will want to get devices from those vendors that allow you to do training at home. These will be very expensive options but if that career path is your chosen one, having that gear at home will be immensely valuable not only for your learning and testing but for interviewing as well.
If you don’t have specific security or networking career goals your options are more open. There are traditional small business firewall suppliers like Netgear ProSafe that are low cost and easy to manage. UTM devices are starting to enter this market like Netgear ProSecure, but these are almost universally more costly. There is the software-only approach where you provide your own hardware and build the firewall yourself. This is very popular and has many good options for software including pfSense, SmoothWall, Untangle and VyOS. These vary in features and complexity. For most cases, however, I would recommend a Ubiquiti EdgeMax router which runs Brocade Vyatta firmware. These are less costly than most UTMs and run enterprise routing and firewall firmware – outside of needing a specific vendor’s product for networking career goals, this is the best learning, security and feature value on the market and will allow learning nearly any firewall or router skills outside of those specific to proprietary vendors.
When starting down the path of enterprise networking at home, remember to consider if you should also begin acquiring rackmount gear rather than tabletop equipment. Having a racks, possibly just a half or even a quarter rack or cabinet, at home can make doing home enterprise projects much easier and can make the setup much more attractive, in many cases and is, like many of these projects, just that much more impressive. Consider this when buying gear because firewalls in this category, are the hardest to find in rackmount configurations, much to my chagrin.
Switch: It has become common in home networking to begin forgoing a physical switch in favor of pure wireless solutions and for many homes where networking is not core to function this may make perfect sense. But for us, it likely does not. Adding switching makes for more learning opportunities, a better showcase, far more flexibility, faster data transfers inside of the house, a great number of connections and better reliability. For a normal home user with few devices, most of which are mobile ones, this would be a waste, but for an IT pro at home, a real switch is practically a necessity.
Switching come in three key varieties. Unmanaged, or dumb switches, which is all that you would find in a home or most small businesses. Basic connectivity but nothing more. This might be all that you need if you do not intend to explore deeper learning opportunities in networking.
Smart switching is a step up from an unmanaged switch. A smart switch is often very low cost but adds additional features, normally through a web interface, that allow you to actively manage the switch, change configurations, troubleshoot, great VLANs and QoS, monitor, etc. For someone looking to step up their at home network and approach networking from a higher-end small business perspective this is a great option and a very practical one for a home.
Managed switches are the most enterprise and by far the most costly. These use SNMP and other standard protocols for remote management and monitoring and generally have the most features although often Smart switches have just as many. Managed switches are not practical in a home for any reason as their benefits are around scalability, not features, but, like with everything, if learning those features is a key goal then this is another place where spending more money not only for those features but also to get “name brand” switches, like Cisco, Juniper, Brocade or HP can be an important investment. But if the goal is only to learn the tools and standards of managed switches and not to go down the path of learning a specific implementation then lower cost options like Netgear Prosafe might make sense.
Once we decide on unmanaged, smart or managed switches then we have to decide on the “layer” of the switch. This also has three options: Layer 2, Layer 2+ and Layer 3. For home and small business use, L2 switches are the most common. I have never seen more than an L2 in a home and rarely in a small business. L2 are traditional switches that handle only Ethernet switching. You can create VLANs on L2 switches but you cannot route traffic between the VLANs, that would require a router. An L2+ switch adds some inter-VLAN traffic handling to allow VLANs to exist using static routes. L3 switches have full IP handling and can do dynamic routing protocols.
So if you need to study “large” scale routing, an L3 switch is good. This is not a common need and would be the most expensive route and would imply that you intend to purchase a lot more networking gear than just one switch. In a home lab, this might exist, for handling the home itself, it would not. If you want to implement VLANs in your home, perhaps one LAN, one Voice LAN, a DMZ and one Guest LAN then an L2+ switch is ideal. If you don’t plan to study VLANing, stick to L2.
Cabling: One aspect of home networking that is far too often overlooking is implementing a quality cabling plant inside the home. This requires far more effort than other home networking projects and falls more into the electrician space rather than the IT professional space but is also one of the most important pieces from the home owner perspective and end user perspective rather than the IT pro perspective. A good, well installed cabling plant will make a home more attractive to buyers and make the value a powerful home network even better.
If you live in an apartment, likely you do not have the option to alter the wiring in this way, unfortunately. But for home owners, cabling the house can be a great project with a lot of long term value. Setting up a well labeled and organized cabling plant, just like you would in a business, can be attractive, impressive and eminently useful. With good, well labeled cabling you can provide high speed, low latency connections without the need for wireless to every corner of your home. I have found that cabling bedrooms, entertainment spaces and even the kitchen are very valuable. This allows for higher throughput communications to all devices as wireless congestion is relieved and wired throughput is preferred when possible. Devices such as video game consoles, smart televisions, receivers, media appliances (a la AppleTV, Roku, Google), desktops, docking stations, stationary laptops, VoIP phones and more all can benefit from the addition of complete cabling.
Wireless Access Point: These days home networks are primarily wireless with many homes being exclusively wireless. Even if you follow my advice and have great wired networking you still need wireless whether for smart phones, tablets, laptops, guest access or whatever. A typical home network will already have some cheap, probably unreliable wireless from the onset. But I propose at least a moderate upgrade to this as a good practice in home networking.
Enterprise Access Points have come down in price dramatically today and a few vendors have even gotten then below one hundred dollars for high quality, centrally managed devices. Good devices have high quality radios and antennae that will improve range and reliability. Generally they will come with extra features like mapping, monitoring, centralized management console, VLAN support, hotspot login options, multiple SSID support, etc. Most of these features are not needed in a home network but are commonly used even in a small business and having them at home for such a low price point makes sense. If you own a large home, using good Access Points with centralized management can be additionally beneficial in providing whole home coverage.
Having secure guest access via the access point can be very nice in a home allowing guests to be isolated from the data and activities on the home network. No need to share private passwords and provide access to data that is not necessary while still allowing guests to connect their mobile phones and tablets. An ever more important feature.
If your home includes outdoor space, adding wireless projects to provide outdoor coverage could also make fora great learning project. Outdoor access points and specialized antenna can make for a fun and very useful project. Make yourself able to stay connected even while roaming outdoors.
Good, enterprise access points are often quite attractive as well, being designed to be wall or ceiling mounted, making it easier to put them in good placement locations to better cover your available space.
Power over Ethernet: Now that you are looking at deploying enterprise access points and if you followed by earlier article on doing a PBX at home and you have desktop or wall mount VoIP phones you may want to consider adding additional PoE switching to reduce the need for electrical cables or power injectors. A small PoE switch is not expensive and, while never really necessary, can make your home network that much more interesting and “polished.” Many security devices take advantage of PoE as well as do some project board computers that are increasingly popular today. The value to adding PoE is ever increasing.
Network Software: Once your home is upgraded to this level, it is only natural to then bring in network management and monitoring software to leverage it even further. This could be as simple as setting up Wireshark to look at your LAN traffic or it could mean SNMP Monitors, Netflow tools and the like. What is available to you is highly dependent on the vendors and products that you choose but the options are there and this is really where much of the benefit comes in regards to the ongoing educational aspects of network. Building the network and performing the occasional maintenance will, of course, be very good experience but having the tools to now watch the living network at work and learn from it will be key to the continuing value beyond the impressive end user experience that your household will enjoy.
An interesting article, I have started a while back on the task of setting up a home Network. It takes time and patience but it is rewarding. To date , I have CAT 6 cable with 24 Ports throughout the house. A 19″ rack (good to have for all the reasons you mention in the article). And I just purchased a TP-Link – TL-SG2424 smart switch. So the goal is firstly to have some fun! Then (when I save more money) – in order – 1. Finish installing the Switch – and patching it in – it also fits in the 19″ rack.. 2. Play with the switch / get to know VLAN, Agregate Port ,etc, etc 3/ Buy a NAS – Drobo (expensive but nice!) or something a little less expensive. 4/ Set up A guest Network / VLAN, etc. 5/ Archive the Home movies, etc.. then ..
Creating an enterprise level network in my home had never occurred to me. One question though. Does implementing Spiceworks affect ones choice of equipment? Are there certain switches the program can’t scan and inventory? Or should that not be a factor in ones decision making.
Yes certainly. Any tool, Spiceworks or otherwise, will need access to the networking gear to get maximum usage out of it. Generally what this means is getting managed switches (that is those that use SNMP.) Pretty much any enterprise class, managed switch will do. Lots of choices there. It is the smart switches and unmanaged switches which will pose problems for scanning.
Thanks for the great article on home networking. I’d also add that log management becomes important when building a network, to maintain the security and stability of it. With NXLog you can do it for free, since it is a centralized log management tool that is open source, hence available for free of charge ( check here: https://nxlog.co/products/nxlog-community-edition ). NXLog is really powerful when it comes to log management, since it provides high-performance, and does it even when scaling to thousands of servers. And it can collect logs from many OS, like Windows, Linux, Android, etc. It really worth to take a look at, when building your own home or company network.
Also, what style of learning suits you best? Do you learn better in-person with guidance from a teacher? Someone you can ask questions and get customized responses from? Or are you more of a self-starter who can seek out the answers you need online? Can you motivate yourself, or do you need some external push to get you to learn?
True, everyone has their own style of learning. Although needing to learn from a teacher creates a major barrier to IT learners as IT is a continuous learning profession. So needing a teacher, needing to be able to ask questions of someone in person are a major risk to someone in the field or an employer. Most employers need employees who are specifically of the “self motivated & can teach themselves” types. It’s rare for someone to be able to be successful in IT and lack that aptitude. IT specifically, more than nearly any other field, expects or even demands that professionals teach themselves continuously throughout their entire careers.