[K12OSN] Re: K12OSN] Switch Issues

[William Fragakis]

My advice after spending a year in your shoes:

1) As has been alluded to earlier, put all the Win boxes in the lab
downstream of the ltsp server. Only the server will be handing them
addresses. Make sure that the ltsp server has whatever ports open that
the Win boxes might need when they are alive as Win boxes if they need
anything other than port 80. Also, remind everyone that these boxes are
no longer secure no matter what the district does since M'soft is
dropping security update support. You are doing everyone a huge favor in
getting them off the network.

2) Make your dhcp server bullet-proof. Hardcode the MAC addresses and
make your dhcp static. You never want to get accused of interfering with
the regular dhcp service. It simply is not worth it. Tell them this is a
separate deal and there is no way what you are doing will interfere with
their network. If it ever does, they'll use it as an excuse to kill your
project.

3) With the etherboot floppy in, you get ltsp. Eject it and you get
Windows (assuming the BIOS is set to floppy boot first which is almost
always is in something that old). If your Win boxes netboot, then it
would be easier - set them to netboot first in the BIOS. Then, if you
need Windows, just turn off dhcp on the server, they won't get an
address and will roll over to the hard disk. If you are already
etherbooting, sounds like the disk in/disk out method is easiest.

4) At the risk of being supremely redundant: remind everyone in your
district that you are very afraid with all the Win malware and that Win
95 is an unsupported platform, you have serious concerns that the kids
not be exposed to inappropriate content, their privacy compromised by
spyware keyloggers, etc. They may like the quaint white picket fence in
front of the school but it is absolutely insecure and putting the kids
inside at risk - and that's why you need a guard penguin (if anyone
reads "Pearls Before Swine", it conjures up images of Pig's guard duck).

Best of luck,
William Fragakis
morrisbrandon.com



On Fri, 2006-07-28 at 12:00 -0400, k12osn-request at redhat.com wrote:
> 
> Message: 4
> Date: Thu, 27 Jul 2006 12:32:17 -0700
> From: "Eliot, Dan" <deliot at pylusd.org>
> Subject: [K12OSN] Switch Issues
> To: <k12osn at redhat.com>
> Message-ID:
>         <C298655F39E9834AA632930459B359BA49A24D at EMAIL.district.pylusd.k12.ca.us>
>         
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Here's the deal...
> 
> The technology folks in my district are less than excited that I want
> to set up a LTSP Linux Lab.  We are currently a Window only shop, and
> the already stretched Tech staff is not interested in adding another
> OS they would be responsible for (fair enough).
> 
> They are particularly NOT excited to set it up so that the switch in
> my building allows another IP range.  Currently, our building allows
> 10.11.150.xxx IP addresses.  I would like them to add another IP range
> so that the DHCP servers ("regular" and LTSP) don't conflict.  So
> ideally, they would add 10.11.155.xxx as the IP range for LTSP
> clients.
> 
> OK, a couple of questions for the experts on this list?
> 
> (1)  Is there any way to allow two DHCP servers to "coexist" in the
> same IP range WITHOUT regular clients getting IPs from the LSTP
> server?  In other words, can I just stick with 10.11.150.xxx and not
> have the two machine groups mess with each other.
> 
> (2)  On a related note, the machines that I will be "LTSPing"
> currently have Win95.  I will be using floppy disks to bootstrap to
> the LTSP server.  Ideally, it'd be nice for the machines to go to the
> normal Windows DHCP server when they are running Windows 95, but go to
> the LTSP DHCP server when I start a LTSP floppy boot.  Any suggestions
> for making this work seamlessly (or with as few seams as possible)?
> 
> Thanks in advance for any input.
> Dan
>