The Grand Project - Suggestions, please!

[MDLarson]

Hhaha, crazy..I live in Blaine and I recall seeing a sign for that somewhere...is it on Radisson Road?

Heh, that's awesome! Yep, it's right on Radisson Road there by the airport. You probably saw this sign, right? I made that sign too, although in retrospect, there's too many words for people zipping by at 40 MPH to really notice and read anything other than "COMING SOON!"

It warms my heart that a fellow MacOSX.com'er knows about us!

 

[Aeronyth]

That's the sign! And that's also about..1.5 miles from my house. All I remembered seeing on the sign was something about Pet Lodge, heh.

 

[scruffy]

Either one would likely work well.

Separating the VPN function from the firewall can be nice from a performance point of view - If one is getting bogged down, it needn't affect the other. That said, for a small company like this, if you get a $800 - 1000 firewall appliance, you will have more than enough horsepower to last you a long time, even if it's doing VPN duty as well as firewall. Your remote sites could possibly get by with much less powerful devices, perhaps under $300.

An advantage of some of the appliance boxes is that they either have, or can be expanded later to have, VPN accelerator cards - the encryption work is pushed from the firewall's processor onto some dedicated hardware. That way, having lots of VPN traffic leaves the firewall's CPU largely free. You might want to look at firewall boxes that offer that capacity, and consider the eventual expense of the card, should you decide you need one later.

Using the VPN on the firewall lets you apply firewall rules to the decrypted traffic. If you have a VPN server inside the firewall, you can't really inspect the traffic as it passes the firewall (that being the point of a VPN, that the encrypted traffic can't be examined). If you want to do some filtering of that traffic, you have to apply those rules with the VPN server's software firewall - this amounts to having two firewalls to look after, rather than just one. Most likely that would mean learning to configure two different types of firewalls, as well.

Tying together a few LANs into one is the easier thing to accomplish - user authentication is basically a separate operation. So, that's pretty simple to do with the VPN software on the firewall. Laptops are a bit more of an issue - you have to authenticate both the computer on the other end, and the user, at once. That can get a bit more complicated, and by that point it might become easier to use a dedicated server.

I've never really looked into doing this sort of thing on the cheap, and based on appliance firewalls, so it might actually not really be that hard...

 

[dmacguru]

Still looking for a cheap PoE-enabled network IP camera for SecuritySpy!

For a single camera we have used a D-Link DWL-P200 POE injector/splitter [$40 at NewEgg] and a TRENDnet TV-IP100 [<$100] with great success with SecuritySpy. In your case, you can get a POE switch that will provide 48volts intelligently[per the 802.af standard] out to the cameras and just use splitters then [DWL-P50..$45]. A good switch to consider is the D-Link DES-1526 WebSmart 24 port POE .. http://www.dlink.com/products/?sec=2&pid=403 [I have no connection with D-Link] NetGear has a similar switch.. FSM7326P. Take a look at the PowerDsine product line too.
I suggest you get the single D-Link P200 and the Trendnet camera and try them out first to make sure they meet your needs. You can always use it for security of the office.
Most POE IP Cameras that I've seen are over $500 [Toshiba IK-WB02 for example]. Using a POE splitter and a regular compatible camera will be cheaper.
AXIS 2100's are another good camera to consider.

 

[MDLarson]

Sweet, somebody responded to my signature plea!

I have a similar setup spec'd out (D-Link's cheapo IP camera + D-Link's stand-alone splitter + a 3com PoE enabled 24 port switch). It's good to see what other equipment works too... this video stuff is one of the more exciting mini-projects of the 'grand' project.

I'll have to check out the D-Link switches... I'm not too fond of 3com's web interface... does anybody have any experience with D-Link switches in this respect?

On a side-note, a sales rep is dropping off that Pebble card printer tomorrow! I'll probably post a review in that new Reviews forum soon.

 

[MDLarson]

I just placed an order for the Xserve G5 2.0 GHz single processor + video card!

The catalyst for this was the VPN server in Mac OS X Server. This will give me the opportunity to get our WAN going as well as play with the other features we would probably be using.

I guess right now I view an additional hardware firewall / VPN server as an optional piece of equipment. I am expecting the Xserve to accomodate our VPN needs at the moment, so we'll see.

The only question I have now is, would I be eligible to get the 10.4 Tiger server at a discount? Is the server version of Tiger coming out at the same time as the regular version?