After designing the physical layout of your office network, it’s time to start making some decisions about its logical design. The logical design is basically the network’s intangible structure and function. In this month’s article, I’ll provide some guidelines on creating an efficient, flexible and smoothly functioning logical network.
Strive for Flexibility
A good rule of thumb to use when designing is to organize and group by function, and then by geography. This design provides greater flexibility for function and management of your network. For example, if your organization has three locations, it’s desirable to create a logical unit named “Front Desk.” Within “Front Desk”, you might then create a logical unit for each location and then place each user account in its respective unit. The benefit of this approach is twofold:
First, you can apply specific network policies to each of the logical units. If you want all Front Desk user accounts to lock the screen after 10 minutes of inactivity, simply apply the policy to the Front Desk unit on the network. If you want Front Desk accounts only at location X to lock up after 5 minutes, you simply apply policy to that location’s logical unit.
Secondly, grouping by function, then geography, will allow you to delegate the necessary administrative functions of the network. If we go back to the Front Desk example, each location could be delegated to an onsite supervisor for the purpose of resetting passwords. Also, the entire Front Desk unit could be delegated to a clinical administrator. This way, you won’t wrestle with the problem of an employee not being able to perform the functions of her job because she can’t sign on and IT support isn’t readily available.
Basic Network Services
Once you’ve got a good working sketch of how you’re going to organize your network, it’s time to decide which network services you’re going to have. The three most necessary to ensure a smoothly functioning office are file storage, e-mail, and Internet access.
Network file storage is a powerful tool for your organization. Mapping network drives for each user at log-on, and requiring users to save their data to the network instead of local machines protects the data. Storing your data on a server allows you to control access to it and have centralized nightly backups. In addition, it will enable your users to access the data they need from any machine on your network, even from home if desired. It removes geographic boundaries. It’s usually preferable to set up each user account with multiple network drives, but with a narrowing scope of access.
For example, at our practice, each user account has access to a public drive to which all accounts have access. This plan allows users from different departments to easily share documents, such as the employee manual, vacation schedules, or new practice policies. Each user account also has a department drive which can be shared only with other members of that specific department. This allows for fluid collaboration within departments, such as optical, business office, or medical assistants. Finally, each user account has its own personal drive, or home directory, which only that user can access. This provides a safe and backed-up area for confidential documents that should not be shared with others.
E-mail and Internet
This is a great service to add to your network. When setting up e-mail, make sure you are running a solid anti-virus product on your mail server that scans all incoming and outgoing messages. E-mail is the leading method of viral spread, and an e-mail server properly configured with anti-virus software is the best way to reduce your virus risks.
An e-mail server solution such as Microsoft Exchange is a great way to introduce not only electronic messaging, but shared electronic calendaring, and can be extended to paperless faxing, and even integrate with phone systems for unified messaging. We use calendars for such things as the doctors’ call schedule, vacation schedules, or a calendar for reserving resources such as a meeting room or LCD projector. We view a solid e-mail system as a must.
As we touched on in the previous installment, Internet access is needed to connect multiple office locations. In addition, most software vendors require that you maintain a broadband Internet connection, as it’s the tool they‘ll use to connect to you for support and upgrades.
Many options exist for broadband Internet connectivity (fiber, T1, DSL, or cable), and pricing and speed varies from area to area. However, what doesn’t change is the basic need for security. Whichever type of connection you have, make sure your network assets are behind a firewall (a security device that sits between your network and the outside world which controls access). It’s a good idea to periodically have a third party who wasn’t involved in the setup of your firewall to perform an outside scan and look for vulnerabilities.
Finally, don’t forget a solid anti-virus solution for the entire network. Many vendors make corporate versions of their products that differ from the consumer retail versions. These corporate versions are built for deployment and management on a network, and have tools to allow you to monitor and manage your anti-virus products centrally.