Hi everyone, I am a network admin and an all around “IT guy” at work but I am am still learning. The church I attend has three buildings each with their own LAN but they are not connected, all of the graphics and such for events and services are kept locally on laptops. I want to build a WAN, set up a file server and get the LAN at each site up to date and optimized. Technically I know how to do all of this but have never actually built a network from scratch, only in theory during school. does anybody have any tips on what equipment I should get for a medium but growing church or any programs that maybe help with the cost of such things? We will be adding two more buildings soon and I want to make sure we are prepared. I have only started this venture and dont have as much time as I would like to get it done as I have a regular 9 to 5 but my main thought right now is to set up a WAN through VPN since it seems to be the easiest and cheapest option.
Hi Aaron,
Welcome to CITRT! There are a few extra tidbits that might be helpful as people ponder your question. For example:
- How many users will there be at each building?
- Are the buildings on the same campus, or separate areas entirely? I’ll assume different areas or cities.
- If separate, are they all on the same ISP? And if so, which?
- What equipment/network hardware/etc do you currently have in place, and how is it being used?
- How large are the assets you want to share between the facilities, and are cloud services an option?
- Are there any plans to stream your services between the facilities?
VPN is not the easiest or cheapest these days per se. There are now SDWAN type of things too that are very cost effective and basically stretch out the LAN to cover multiple sites or devices on the go. Checkout ZeroTier and others like it, especially since ZeroTier has a community edition for up to 100 devices. SDWAN types of stuff is pretty cool and can easily connect all your servers, workstations, vms, cloud instances, etc. Otherwise, the Ubiquiti Unifi line is great for SMB sized offices, which few churches would actually exceed in day to day use. The nice thing about Unfi is that if you place your controller in the cloud on Digital Ocean, Vultr, etc., then you can basically manage all the devices at each site and you can very easily bridge the sites between each other.
Alternatively, you can sync media to some small NAS devices like single/dual bay synology devices or shift to the cloud if that’s all you’re really trying to solve. This is simple and works pretty easily even for non-technical types.
A slightly more exotic approach would be to use a service like Paperspace to build out the desktops themselves in the cloud and everyone basically connects to their virtual desktop that’s part of a single network. Given the church doesn’t have full time IT support in the form of staff or an MSP, I’d probably lean away from that unless you have a particular security concern that needs to keep all data off the local machine.
Hi Jonathan,
The buildings are in separate cities and for each building there is approximately 20 users that asside from those that will be running through the wireless network. I am not sure about the ISP or their current equipment yet as I have just recently seen the need and wanted to try to help so I am still finding out some of the setup. I will be doing a walk through next week to see how they are currently set up. The files to transfer right now is primarily graphics, slides etc. but I want to make that I set them up for bigger and better things in the future as not to limit the vision of the house. Also Cloud services are an option as far as I know. I may have jumped the gun a little on this question but I will keep you updated with what I find out.
Thank you for the ideas, they look like they would work. I will do some research on the options and I feel that one of these may fit what I am looking for. I have had plenty experience working in and fixing already existing networks and environments so I am excited at the the thought of getting to start with a clean slate and build a professional network but then I realized I have only ever done that theoretically back when I went to school and there is a lot of new technologies that I dont know as much about as I should.
Hi Aaron, since you have a 9-5 I think the best place to start is to make sure they have a fast, reliable internet connection, good wifi, and cloud storage (I prefer Office 365 for the non-profit discount value). Once you start adding servers and site to site VPN there will be much more maintenance involved, and the last thing you want is to start getting support calls while you’re at your other job 
Cloud will also enable users to work offsite without worrying about VPN. I’m not sure how much value they would perceive based on the cost of installing a server and site-to-site connections, compared to just utilizing Office 365.
Once you start asking the users some questions you’ll quickly realize what their pain points are.
If there is money available, I’d begin by ensuring there is some enterprise network equipment in there and consider a backup internet connection. Consider Meraki for easy to configure hardware and excellent support. Good luck!
What kind of VPN are you looking to implement?
Who will be hosting the VPN?
What’s your budget?
Simplest solutions is to get a bunch of cisco ASA’s,(you can go with the ASA 5505) connect them to all the different sites, create site to site vpn and be done with it.
You will have to host the File server in one of the local LAN and make the correct ACL are in place to allow remote LAN’s to access that file server.
Thank you everyone for the tips, I will keep you updated on how it goes. If nothing else it should be fun!
Twenty person facilities at remote locations is definitely Unifi territory, I can’t even begin to express how useful it is to manage all your sites’ networking from a single management interface. I’d still also look at implementing ZeroTier or the like on top of that just to cover the whole “I decided to work from Starbucks today” thing that pastors… and even more so the creatives/worship leaders… have a tendency to do. I suspect you might run into a few “cowboy,” “pizza tech,” or “my nephew plays video games” setups, if you do, be firm about replacing it all and they’ll thank you later. Since they don’t have 24/7 support, just be sure not to over-engineer things, keep it simple where you can.
Here’s what we have and this may or may not work for you. We use Meraki hardware (Licensing is a bit pricey, but I’m sure you could create the same setup with other hardware).
- We have an AT&T circuits feeds into our border firewall (MX400)
- The MX400 connects to a Meraki MS425 Distribution Switch
- Fiber is run from the MS425 over to each building closet from there and ported throughout the buildings. We have several vLAN’s in place to segment staff/guess/production ports and access points.
Regarding the Production event media, we use Dropbox for Business. We have a media Dropbox account that is logged into all of the Production workstations. There is a Dropbox folder per room. Smartsync allows only the Dropbox folder for each room to sync so that the Dropbox account doesn’t fill up the hard drive. When events are completed, they are moved to the Dropbox folder called Archive that is not synced locally. Moving over to this option has had tremendous benefits including avoiding hardware maintenance and ease of use for the staff. It also bypassed any network topology issues.
I’m a specialist consultant in designing wide-area networks like you appear to want. First thing you need to consider is what content you need to use and why? E.g. are you using video links, PowerPoint or other large data capacity applications between sites? If so, your LAN-WAN strategy will have to adjust to what you can install in bandwidth between your 3 sites.
If you can afford high-bandwidth connectivity (e.g. 1Gbit/s connectivity) then go for Cloud.
If the bandwidth cost is too high and restricts your bandwidth (<100Mbit/s), especially if on any kind of ADSL connection, you will have latency delays when you upload content to the Cloud, especially for high res PowerPoint content and the like and video. If that is the case, you may want to implement a local server system on each site with near-real-time sync between them (e.g. automated rsync). You can then operate each with an independent fast LAN server (but shared AD for sign on), keeping local services slick.
As an initial strategy, get each local LAN to as high a standard as you can (1Gbit per user), if possible performance test every LAN cable (Cat5e can run 1Gbit) and repair/replace anything that is below that spec.bInstall a flexible managed network switch with upgrade options to take external optical ports.
Buy connectivity from the local telco, but that is likely to be expensive, so will limit your bandwidth between sites - ask for ethernet L2WAN rather than standard routed connections (which need complex multi-site VPN configuration to get a useable solution). It the telco is worth their salt, they should be able to offer you a managed central office firewall-router solution as your integrated Internet access point for all three locations.
In terms of servers, you will probably manage with a simple NAS for now. Synology do some really good equipment that will cope well with your number of users. It also has built-in rsync functions, so replicating data across your 3 sites will be fairly painless. There are also lots of standard Open Source applications built in that can be put to use quickly and easily.
For WiFi, Ubiquity is good, but also consider Ruckus.