Buying a router for a business isn't as simple as picking a consumer product with the best ratings from an online merchant or the best price on the shelf at a local electronics superstore. Your company has serious needs, such as supporting scores of users (including guests) on the network, and locking down company data to guard against snoops.
Before shopping for networking gear, you need to understand the types of equipment available, as well as their typical uses and features. Read on for an introduction to router equipment, along with an explanation of the features to watch for.
Types of Routers
If you need to support only a dozen computers and Wi-Fi devices at the most, a simple consumer or small-business wireless router should suffice. These routers typically provide enough Wi-Fi coverage for a 1500- to 2000-square-foot, two-story office space. They'll provide four ethernet ports for hard-wiring computers into the network or for adding other components, such as network-capable printers, network storage, or additional wireless access points for more Wi-Fi coverage.
If you need to support more than a dozen computers and devices, or if security is crucial to your operations, you need something more than a simple wireless router. You have two main types to consider.
VPN router/firewall: These products, a step up from a basic wireless router, can be wireless or ethernet-only; the latter type requires that you add access points for Wi-Fi coverage. These routers have an integrated virtual private network server, and sometimes offer advanced features (more on those later) such as VLAN support and multiple SSIDs (if wireless).
UTM (unified threat management) gateway or firewall: These routers include advanced features and usually are ethernet-only with four to eight ports, thus requiring separate access points for Wi-Fi connectivity. In addition to serving as your router and Internet gateway, as well as providing a VPN server and firewall, these units typically also include virus and malware protection, content filtering, antispam functions, and intrusion detection and prevention.
The additional security features usually require monthly or yearly subscription fees. You’ll still want virus and malware protection on each user computer due to the limitations of network-based products, though, since they can’t monitor local behavior on PCs or inspect SSL-encrypted traffic.
As you shop, you'll probably encounter other buzzwords referring to devices that are similar to UTM products, including unified security gateways and Internet security appliances.
Expanding Ethernet Ports or Wi-Fi Coverage
If you require more ethernet ports than what a router, gateway, or firewall provides (regardless of the type), you'll need to purchase an ethernet switch. This device is basically a smart hub that expands the amount of ethernet ports you have, similar in concept to a USB hub or even an electrical power strip. You’ll find a few different types.
An unmanaged switch is the simplest; it doesn’t require any configuration, but lacks advanced features and is best for small and uncomplicated networks. Asmart or web-managed switch allows configuration of the switch ports--supporting popular advanced features such as VLAN, bandwidth control, 802.1X authentication, and SNMP--and is suitable for most small to midsize businesses.
If you need more Wi-Fi coverage than a wireless router can give, or if you choose an ethernet-only router/gateway/firewall, you can add wireless access points to your network. Access points are, in essence, wireless routers that lack the routing capability. You connect an access point by running ethernet cabling from its single ethernet port to a port on your router/gateway/firewall or switch. The most basic access points broadcast a single SSID (network name), whereas most business-class access points support VLANs and allow you to broadcast multiple SSIDs.
Standards and Features for Wi-Fi
When shopping for a wireless router or access points, note that the different wireless standards each have varying maximum speeds. At the least, you’ll want to go with 802.11n (which some vendors call Wireless-N). If you have close neighbors, consider a dual-band router or access point that also works in the 5GHz frequency band, which provides more channels and is less congested than the common 2.4GHz band.
Starting in late 2012, keep your eyes open for routers and access points supporting the newer 802.11ac standard, which will offer even higher speeds. However, the earliest 802.11ac products likely will be based on the draft specification, and may not be upgradable to the full, completely finalized standard.
Remember, your Wi-Fi-equipped computers and devices will achieve the highest possible speeds with newer 802.11n and 802.11ac routers or access points only when they too support the same standard. All of the wireless standards are backward-compatible with one another; but computers or devices using an older wireless standard won’t perform as well, and they can even negatively affect the performance of your entire wireless network.
If you have laptops, netbooks, or desktops that support a wireless standard that's older than that of your wireless router or access points, you can upgrade them with a PCI card, PCIe card, PCMCIA card, or USB wireless adapter. Wi-Fi smartphones and tablets, however, aren’t usually upgradable.
Ethernet Considerations
When buying any networking gear that has ethernet ports, consider the following related features and specs.
Ethernet speed: For routers, gateways, firewalls, and switches, focus on those models that support gigabit ethernet (1000 mbps) for higher speeds on your hard-wired computers. Keep in mind the speed that each of your computers supports, which you can upgrade with a PCI or PCIe ethernet card.
Switching capacity: If you do require a network switch, assess competing models' switching capacity to compare the total maximum simultaneous bandwidth supported.
Dual or backup WAN: If Internet access is crucial to your operations, consider routers, gateways, or firewalls that have a second WAN port or that support a 3G/4G card for failover or load balancing in case your main Internet connection goes down.
PoE support: If you plan on running wireless access points throughout, consider routers, gateways, firewalls, switches, and access points that support Power over Ethernet so that the power can run through the ethernet cabling with the data. This feature can save time and money, in contrast to the effort it might take for you to place access points near electrical outlets or to run new electrical lines.
DMZ port: If you have a server or another device that needs direct access to the Internet, consider a router, gateway, or firewall that has a dedicated DMZ port. Remember, though, that most models allow you to assign certain computers to the DMZ via the settings, without a dedicated port.
VPN Server for Secure Remote Connections
A router, gateway, or firewall with a VPN server supports remote connections so that users out of the office can securely access the network, or so that multiple offices can link together in a site-to-site arrangement. A few different VPN types are available.
PPTP: Nearly all operating systems and mobile devices support Point-to-Point Tunneling Protocol with a built-in VPN client, but it doesn’t have the best security. Connectivity issues can arise when users remotely connect from networks that don’t allow VPN pass-through.
L2TP/IPsec: Also widely supported among operating systems and popular mobile devices, Layer 2 Tunneling Protocol has better security than PPTP. However, it's usually more complicated to configure, and it too can produce connectivity issues when users remotely connect from networks that don’t allow VPN pass-through.
SSL: The Secure Sockets Layer protocol allows remote users to connect via a Web browser--eliminating the VPN pass-through issue--and doesn’t require full client software. You can install a small plug-in via the browser to facilitate tunneling of a user’s Web browsing and email traffic. Additionally, some SSL VPN methods offer a Web portal in which users can access applications and email without any VPN client; such a setup would be convenient when they need to connect from home or on another noncorporate computer rather than on a work laptop.via[pcworld]
OpenVPN: This protocol is usually included only on routers preloaded with the open-source DD-WRT firmware, and most built-in clients on computers or mobile devices don't support it. As a result, you’ll have to install third-party VPN client software on the computers or devices for remote user connections. But OpenVPN offers greater security and more reliable connectionsfrom networks that don’t allow VPN pass-through.
Continue the session 2 on simplenetworktips
No comments:
Post a Comment