What We Have So Far
Client/Server Functionality: We have implemented a FreeIPA server which is a Linux equivalent of Active Directory that uses Kerberos/LDAP for authentication.
Other Linux client machines can then be set up as clients of the Domain/Server, and use Domain accounts/credentials to log into accounts set up by the FreeIPA server.
Firewall/Router config: pfSense. Both CHCH and Nelson branches have their own LANs using pfSense to bridge the LAN to WAN.
DNS: Devices on the local machine will have their requests forwarded up through the router, the router checks against any rules in our network’s OpenDNS configuration (see DNS config below).
Mail functionality: We have a domain set up with the relevant records (MX, NS etc). Domain, Company Email, Webmail/Browser access.
-We will also set up Google Workspace under another domain name (as another option) closer to the date (14 day free trial).
-This offers a mail server and online/cloud storage through drives. Plus other features such as synced calendars, event planning, easy meetings.
Shared Drive: Google Workspace ^.
Cloud Storage: Google Workspace ^^.
Network Monitoring: We use OpenDNS to monitor any DNS/HTTP/HTTPS traffic.
We will have to implement a proper NMS too, pfSense has SNMP built in, I will be researching into that.
VPN: OpenVPN has been used and successfully connects the 2 branches allowing them to communicate and transfer data.
Antivirus: Client side, clamAV/clamTK.
Need to look into a type of failover / redundancy for the routers and domain controllers. Firewall rules staring to take shape.
