I recently moved from one area of Toronto to another one - from the house to apartment (by family matter). 3 years ago you wouldn't be able to install business line in residential area. Nowadays it is possible with pretty all internet service providers.
Install Business Internet Line
Old business internet service provider - Acanac:
I had business line with Acanac for about 3 years. They service was pretty good and cheap at that time, but today they are not even replying to my messages.
May be they are too busy today - I saw many ads in subway about their magic services.
The problem with small companies is that they usually use lines of big companies. In case of Acanac it is Bell Canada.
In case of problem with connection they are able to monitor it remotely, but if it is physical problem with line they send request to Bell to fix it up and it can takes weeks.
For the whole history of having business line with Acanac I had only major 2 issues:
1) I didn't have stability with internet connection once, so I called to customer service.
They were able to monitor modem remotely and found that it loses network packets.
New modem was sent to me by mail and I received it in 4 business days. I didn't have second line and didn't have internet connectivity for those days.
2) (April 2011) I sent request to move service to another place and waited for 4 days. I called to customer service and they asked me to send one more message.
Ok - finally they made appointment with Bell technician to move dry loop to new address.
The technician came, said that everything is ok, but nothing worked as expected inside the house. I asked to check it inside - he said "we do not do any work inside a house" and I better hire somebody else and he left. I was shocked by such service. Called one more time to Acanac - they said that it is my problem.
3) (June 2011) I tried move service to apartment, send them message and was funny to receive mail reply with subject that your mail is marked as spam. I called them one more time and got standard answer - send mail. I gave up and not going renew service with them anymore in July of 2011.
New Internet Service Provider:
Thursday: Select new business internet service provider - Rogers:
I was investigating market for good business internet plan, by following rules:
a) Minimum 1 static IP address
b) 7Mbps minimum download speed
c) 1Mbps minimum upload speed
d) No blocked ports
e) Price less than 150CAD/month
f) Minimum 60Gb network bandwidth/month
I checked 2 providers - Rogers and Bell. It was pretty good to work with customer service and get quotes during couple hours. I even got callback from both companies and was able to discuss details.
I selected Rogers by following reasons:
a) Network bandwidth
- Rogers offered unlimited bandtwith
- Bell only 15Gb, and pay extra money for overlimit (15Gb is a joke for business line)
b) Price
-Rogers sent me quote with 67CAD/month - no extra fees. Here is print screen:
-Bell offered 99CAD/month + The installation costs are 250$ for contracts of 1& 2 years, 3 yrs is 125$ and on 5 years the installation cost will be waived, the dry loop it is 109$ one time fee.
I came to conclusion that Rogers is better for me. I called back and agreed on conditions. Lady said that I will get a call during next day.
Friday: Rogers Installed service
I received a call as promised; master came to apartment in 1 hour. He said that doesn't have such kind of modem and he had already sent message to send another technician.
I thought that I wasted my day, but was surprised to see another technician in an hour with new modem.
He installed everything in 5 minutes, gave me static IP address and even helped configure my VPN router.
How I configured VPN Router
I have Cisco RV82 router. It is not the best router in the world but it supports 2 internet lines with balance between them, so if one is down it redirects traffic to another one.
Also it has settings for the VPN connection, which is very important to me, so I can work remotely. It also contains firewall and logging.
It helped me a lot to prevent attacks to my mail server and web sites.
My internal network infrastructure:
<box1 - windows 2008>
IIS
Mail Server
DNS
<box2 - windows 2008>
TFS:8080
IIS with demo applications for the clients
Hosting web sites with Many Static IP Addresses
When I hosted my web sites by using Acanac internet business line, I had 5 static IP addresses and used NAT table for reroute traffic to different physical local boxes.
Here is my old configuration:
<Router NAT configuration>
([public ip1]->[box1 ip address])
([public ip2]->[box2 ip address])
box 1
<DNS configuration>
(all dns records pointed to different IP addresses)
[dns record1] ->[public ip1]
[dns record2] ->[public ip2]
<IIS>
web app1: port 80 (HOSTHEADER1->[dns record1])
box2
<IIS>
web app2: port 80 (hostheader2->[dns record2])
Hosting web sites with 1 Static IP Addresses
With Rogers I have only one static IP address, so I have to use port forwarding:
([public ip1]->box1:port 80)
([public ip1]->box2:port 81)
To reroute traffic for TFS, which is using 8080 port I created new service and added mapping for it:
box2
<DNS configuration>
(all dns records pointed to the same ip address)
[dns record1] ->[public ip1]
[dns record2] ->[public ip1]
<IIS>
web app1: port 81 (hostheader2->[dns record1])
box2
<IIS>
web app2: port 82 (hostheader2->[dns record2])
In the result I have local network with 1 static ip address and ability to host different solutions, such as web sites.
VPN Configuration
Router VPN Configuration
My router supports different options for VPN connection. The simplest one is Point-To-Point connection. I wouldn't recommend to use it for business purposes, because of security. My vpn router has it's own VPN tunneling with encryption certificate. It requires install special software at client machines and install certificate for encryption.
In this article I described PPTP method:
Client computer VPN configuration
I use laptop with Windows 7, installed on it, so here are steps how I configured it:
1) Open network properties and select new connection to office by VPN:
2) Select create new connection by using my current connection and set up internet connection later:
3) Enter static IP or DNS name, mapped to static IP address
4) Enter VPN user name and password, which you created in pptp vpn router configuration
5) Try your VPN connection:
Configure firewall
To prevent attacks on my network I decided to use hardware level rather than software. It mean that I decided do not use Windows Firewall but use my router functionality.
Router configuration was pretty simple as showed on next screen:
When you enable firewall, you still have to enable traffic to internal network, especially if you have mail, dns or web servers inside.
Any router requires logging to understand behavior of any attack. I turned it on at router as well. Believe me - If you have internet faced IP address, it will be scanned for finding open ports and you will probably have attack on it.
No comments:
Post a Comment