Technology, Support, and News Forum

[c0ldfyr3 Profile]

okay for the tattoo shop i am working at, I have been asked to create on the website a seperate page, non accessable without correct login credentials, for remote administration.
here are the requirements.

1: should have its own db hosted on a seperate server from the site its self.
2: should be accessable from anywhere there is broadband internet or faster.
3: should be able to login to the webserver, each workstation, sql server, and any other PC on the tattoo shops network.
4: each login should belong to a group
5: each group should have its own level of authority ( EG. serveradmin, sysadmin, root, artist ) allowing only certian parts of the managment console to be accessed.
6: should be able to add new workstations to the network from the site with a verified user/group
7: should be able to issue server side commands from the site to each workstation and server without the client asking for permission.
8: each network share on each workstation should be accessable via the interface, and should be able to access/modify anything on the share.
9: the servers, and "Boss" workstation should require a second credential check via prompt of user name and password before login is allowed.

the reason for the accessability from the internet ios because they are opening another shop about 90 miles from this one, and want to be able to access each shops computers via the web. I suggested a WAN through VPN and that was shot down for the simple fact that they dont want to use passwords on each workstation, and they would have to hire another tech for the other shop just to set up the VPN. so this method to them is an easier long term solution, and allows them to add more shops while using only one Admin for the lot of shops. shortly after they expand to the new shop they plan on opening another one in another county.


does any one here have an idea of a program that could do this, or where to start coding at. maybe what i should use to code it, or possibly some help with the coding would be greatly appreciated. So far i have the login script setup, however i dont have the groups done yet, and the router i have set them up with can access CIFS and SAMBA shares, howeverr it can only access oner at a time. ands ATM there are 5 workstations on the network, 1 server for the sql, and then 3 laptops.


again any help with this insane project would be greatly appreciated.

[jbullard]

That is a pretty big project. The easiest solution is to use a cluster of Server OS's that connect to a parent server which is administered from a main location. Obviously, you could use MS Server 03 to do this and then use it's built-in remote administration tools. You would then need to make custom pages for different function because it doesn't come with all the stuff above built-in.

But that is as far as I could actually go as I really have no clue when it comes to networks. But I have been using them and somewhat configuring pre-built networks for a while. I just know that on most of the networks I have been on, all of them use MS products to manage it. Being able to add individuals, groups, machines, all from within a website.

For security, I would look into getting CAC cards which will enable have a more secure logon method. These are nothing more than a PKI Infrastructure.

Well, those are my ideas.

Hope it helps somewhat.

[poisonbl Profile WebsiteICQYIM]

Ok, first, you've got a lot of design work to start with, get an idea of all the different parts you'll need and how they'll have to interact ... I'm usually not much for going overboard on design, but what you've got is far from a project, it's a career , and as such it'll take a good plan ahead of time to keep it straight.

Now, while I'm not sure I'll be able to help much in the long run, here's some questions you'll have to have solid answers to:
1) What OS(s) are on the workstations and server(s)?
2) What capabilities are needed remotely for each workstation?
3) For each Server?
4) Will the "server side commands" run on the workstations need to be customizable on the fly, form driven (same command, different data, like adding a user, etc.), completely static (simple things like reboot, etc), or a mix of the three?
5) Will the Admins need true GUI access (like remote desktop or VNC) to the workstations or just things that can be managed from a command line (and can be much more easily integrated into a webpage or other custom interface)
6) How is the network set up internally for each store? DHCP or static IPs? VLAN(s)? Do individual machines have software firewalls? Are the server(s) firewalled from the outside? from the workstations? Is the external IP for each store static or dynamic?
7) How much control do you have over the workstations and servers in the implementation of this?
8) What software *has* to run on each system alongside the admin system?
9) How much $$ is available for pulling in parts of external solutions? Time for a completely custom internal solution or binding together the external parts?
10) I notice "artist" is included in your user groups, will the groups be per-shop, or one solid db across the entire system, or somehow mixed?
11) Is a separate interface acceptable or solely web based?

And those are just to get you started on clearing up questions in your specification ... it would really suck to spend a week working on part and then finding out it's based completely on the wrong assumptions about what is needed.

Once you have a clear concise spec for what you need, you can start figuring out what parts will need to be either created or found (like using Samba for the shares) and how you can put those together.

[c0ldfyr3 Profile]

1) each workstation uses XP ( minus mine which is Solaris ), the servers run a mixture of 2003 EE and linux, i have BSD on a web server that is not accessable via the internet, its on the intranet, and updates are done to this server then after they are set in stone ( after 24 hours ) they get updated to the wesite via SSH through a VPN tunnel, unless otherwise specified.
2) I asked today and they would like to access each PC as if they were sittin gin front of it. I did let them know about the lag time that would be involved for some operations they were okay with this.
3) Same for each server, how ever since i run the servers and know the command line, i think it would be appropriate for the "root" user ( me ) to not require a GUI unless absolutly needed for visuals if the Boss needs to see what i am doing ( and be able to understand it ).
4) YES, everything must be customizable. it would have to be a mix.
5) since i am the only admin, it reallty doesn't matter to me. GUI or command. and i must be able to create custom commands to do multiple operations with a single sommand.
6) combo of DHCP and static. servers are static and workstations are DHCP. each machine has a software firewall, and i brought in a WatchGuard WG56500 as the hardware firewall to ensure security.
7) the only server i dont have full controll over is the one rented for the domain. ( the website server ) its shared and i am working on getting that changed. i already built a Dual Xeon system for the site its just a matter of getting the nessisairy bandwidth to the shop.
8) each system is going to be used as a two way system... from the system itsself, and from the virtual interface via the site.
9) the only $$ available is what i have in the bank atm. i am getting paid for the job after its odne, and actually i came up with a waiver that states the software used for this belongs to me, and may not be copied or sold without my permission.
10) one solid db
11) actually i would like to include the ability to use a seperate application that connects using a set authentication system. something new, i will have to create an algorythm diffirent from other for this. however the application, in order to use it, you must be root. so it would be for me moslty. other then that everyone elts must use the web based application so that i can log commands from each user, after they have logged in.