System Administration: Managing Remote Location

As a system administrator which administrating many branches, I need to support the end-user environment as well. Doing this from single location is quite hard and I need to create the best environment to manage all of these stuffs efficiently.

I am listing out some tips or what we can do to improve communication and collaboration between branches:

VPN between branches

  • VPN has ability to bring all of the computers in different branches connected to each other via a secured network. This will make sure that data communication between colleagues is protected and user can feel like they are in one single place.
  • The recommended way to do this is to setup a VPN (PPTP) server at one location (lets say head quarter). Create VPN account and assign to everyone in the company with dedicated internal IP (for better tracking).
  • All sensitive information should be located in one place and can only been accessed via VPN connectivity. This will prevenet data leakage and you have logs to every access to the internal system via VPN server.

Internal instant messaging system (chat)

  • Instant messaging is important to improve communication and collaboration. You can use any messaging service available online like GTalk, MSN Messenger, Yahoo Messenger and Skype. It depends on you, but it is highly recommended to use internal instant messenger system like Microsoft Lync 2010, BigAnt Office Messenger, Outlook Messenger and many more.
  • Using internal messenger will give some advantages like:
    • Prevent employee to chat with gossip friends (if you are using public messenger like GTalk and MSN)
    • Simple file transfer and sharing
    • Can back trace the chat history, if the boss suspected something is not right with employee (Good for the boss!)
    • Prevent outsider from sniffing your conversation

DMZ zone

  • Depending on how your network infrastructure being setup, you may need to have DMZ zone available to secure the internal network. DMZ zone is something that we called ‘another network zone that exposed to the public network’. Basically, it help you to isolate your internal network and in the same time able can connect to the web server that exposed to the public network.
  • Example of simple DMZ setup:
  • This is example if you not setup a DMZ with same peripherals as above:
     You can notice how unsecured it can be if you include the servers in one internal network.
  • To setup DMZ, what you need to do is just:
    • Create another network in your router with another subnet and IP range
    • Make sure the incoming connection from public network to web and email service to DMZ only via router
    • Make sure your internal LAN can be connected to DMZ via router
    • Make sure your external firewall blocks all incoming connection unless for web, email and NAT

Network drive and file sharing

  • File sharing and network drive is needed whenever users need to send big files, usually more than 10MB which usually not recommended to be sent via instant messenger or email.
  • The most popular and easy to setup file sharing is SAMBA, where you can map directly in each PC to the public sharing directory. SAMBA server/client comes by default for Windows, Mac and Linux.
  • Using VPN which connect all employees in one secure network will make SAMBA easier to setup and implement.
  • Other file sharing protocol like FTP might be time consuming to setup and slow due to binary data transfer. NFS in other hand is not come by default in Windows and you need to install the client to connect.

Collaboration portal

  • This is really important if you rely on the teamwork. Collaboration portal is something that most of companies think that is is a waste and should not be implement. This is wrong. I am suggesting you to try any collaboration portal and install it in your private server. Play around with that and you will see the importance of it.
  • Collaboration portal can help you to achieve:
    • Create, manage and monitor project, task and  report and assign it to users
    • One central point to store and share confidential document
    • Applying leave and check leave balance
    • Synchronize and connect the account to mail, calendar, instant messaging, active directory, CRM and other services
    • Edit the any document online, without need to download and resend it back
  • There are a lot of collaborative software available in the market and some of it is open-source. You can browse the list at

This is what I manage to setup the network office on company that I am working for. Do share with us if you have more point to highlight!