[K12OSN] Need advice on network setup for school

[kyle at caliberis.com]

This is my first post to this list.  I posted the below message on the
FedoraForum.org message board and it was suggested that I pose the
question in this forum to reach people with similar needs and experiences.

I'm looking for opinions on the best way to set up new servers and the
network in general at a school that I do volunteer work for. Last year
following the untimely demise of the Windows 2000 Server computer that
served as the DC and file/print server, we successfully configured a
Fedora Core 4 box as a PDC to take its place.

This year we're looking to begin a shift that will eventually lead to a
network in which Windows clients are the exception. The reason we want
Windows clients to be the exception is primarily out of lack of funding
for software licenses. The reason for "eventually" is that it will take a
while to find suitable alternatives for all of the software currently
running on the Windows platform.

The things that I would like to be able to handle in whatever setup I end
up with are:
(must haves)
1) Centralized authentication and authorization - This was the main
benefit we received initially from moving away from computers that were
connected in a "workgroup" mode and implementing a Windows domain and
allows for much better control over the management of the workstations.

2) Controlled access to Internet resources. The organization is a school
and the potential exists to be held liable for situations where children
access inaproppriate content if it's determined that the school did not at
least attempt to put adequate controls in place.

3) Secured files - There is a subset of the documents in the organization
which must be protected.

4) Reasonably sensitive management - The administrator at the school is
not an IT professional and should be able to manage the day-to-day
operations of the network without advanced knowledge.

(would be nice)
5) Terminal services - The school has a lot of older machines that could
yield additional value to the school if they were able to be utilized as
thin clients. Also, I suspect that replacing machines with LTSP Terminals
(available on eBay for $50-$150) would have a lot less administrative
overhead than supporting a standard PC.

6) Virtualization - The move of clients to Linux could go much quicker if
an environment was available in which to run those Windows applications
for which no alternatives have been found if they could be run in a
virtual machine. I believe that I can achieve this using the free VMWare
server as a host for Windows 98 and that the licensing of the Windows
operating system allows for the machine code to execute on a single
machine with no restrictions of the number of instances of code that can
run on the single machine.


The things that I have at my disposal to implement a solution:
1) A cable Internet connection

2) A DLink broadband router - I use this because I've never been able to
successfully plug a Linux machine directly into a cable modem. This also
acts as a firewall and I've defined no virtual servers.

3) Three identically configured Compaq 6400R servers. These servers have
4GB RAM, three 18GB drives, and 4 500Mhz PIII Xeon processors.

4) Two network attached printers that support PostScript

5) Approximately 50 client computers at varying stages of decay ranging
from 450Mhz machines with 128MB RAM (more typical) to a 2.4Ghz machine
with 1GB RAM (the outlyer)

6) No money (although when all other options have been exhausted some can
be located at times)


I believe that my final solution will involve the following software
packages:
- LTSP
- VMWare Server
- Samba
- NIS
- Squid Proxy
- Dan's Guardian

Any thoughts, suggestions, horror stories, or reference implementations
would be much appreciated! I should also mention that while I "get by" as
a home user of Fedora I'm not extremely skilled or knowledgeable in Linux.