I'm not tech savvy, but I sent a link to this to our tech company-- We use Nexudus and love it. However we do not use the Wifi Access that links to it.
For public PC i would just set up an admin and then a guest log in that way it keeps people from changing things. Best wishes, Jana On Sunday, October 15, 2017 at 10:07:16 AM UTC-4, Chris Adams wrote: > > Hello, my name is Chris Adams. My business partners and I recently opened > a coworking space in Baton Rouge, Louisiana, and I'm looking for some > advice on network setup. Any suggested companies or people that have an > understanding of coworking and/or are recommended by space owners are > welcome as well. A little bio: We've been open since July 2017, and I have > tried multiple solutions found online without finding the solution that I > believe is right for me. I'm hoping to get advice or information from other > owners and space managers to help determine our space's precise needs, and > we are looking to hire for services and/or professional advice. However, we > are a young company, and I'm trying to waste as little money as possible > and avoid paying for things I do not need. > > *Our Current Setup:* > > - Nexudus Software to manage users, billing, etc. > - Mikrotik router with hotspot for Nexudus wifi checkin > - 1 Managed Ubiquiti Unifi 24-port Switch > - 1 Managed Ubiquiti Unifi PoE Switch > - 4 SIP VoIP Polycom Desktop Phones > - 1 SIP VoIP Polycom Soundstation 5000 Phone > - Xerox WorkCentre 6515 DN MFP connected via LAN > - One on-site Ubuntu server > - Ezeep for printer management w/ Nexudus integration > - Five VLANs (all w/ dedicated subnet & DHCP): > - Our admin VLAN w/ dedicated SSID > - Hotspot VLAN w/ dedicated SSID > - Client1 Admin VLAN w/ dedicated SSID > - Client1 Staff VLAN w/ dedicated SSID > - Client 2 VLAN w/ wired ethernet access only > > *Current Setup Notes:* > > - I hired an IT engineering firm based in Austin to help remotely > because I was having problems with the MikroTik/Ubiquiti combo (i.e. Unifi > software completely stopped working after a couple of weeks, MikroTik > hotspot was buggy) and they fixed those issues at a pretty hefty price. > They hinted that they though my network setup was unusual, but I wanted to > be sure of exactly what needs to change before hiring them (or someone > else) to assist with the process. > - I have a Unifi Security Gateway which was replaced by the MikroTik. > USG was purchased before I chose Nexudus as my management system. > - All users are running either Windows 10 (desktop & mobile), Mac OSX, > and have various mobile devices. > - I chose VLAN setup because my clients brought their own > printers/copiers and wanted to be able to share the printers and files > with > each other without the risk of unauthorized access. > - The MikroTik/Nexudus Hotspot is set up to block traffic between > clients connected to that subnet. I could program everything EXCEPT the > Polycom SoundStation to bypass hotspot authentication and connect to the > internet on the hotspot network. I did this to prevent users from > connecting their devices directly to outgoing ethernet ports in the phones > to bypass hotspot authentication. > - I have no ability to track and charge for copies or received faxes > on the WorkCentre. I mistakenly thought the model I purchased supported > document codes and accounting features. It does have user management with > very limited permission options, a very disorganized event log, and > support > for common authentication protocols such as LDAP. > > *Plans and Goals:* > > - We're switching from Nexudus to Proximity Space soon, which will > eliminate the eZeep integration and various other features built into > Nexudus. I have two old Microsoft Server boxes with decent storage, ram, > and processors that I would like to use for file and print servers (with > central user authentication, group policies (shared folder size limits, > print limits and policies, etc.), and a CRM. > - I think the server should be Linux based due to the required > compatibility with Windows, Mac OSX, Linux, and mobile device clients. I > don't want anyone to lose their current local user accounts on their > systems. I'm hoping there's a possibility for my server user to match > their > local user and work together. > - I tested JumpCloud's Directory as a Service on my machine, and it > took over my local user account which worked out great except for the fact > I can no longer manage the local user account from my PC. I'm not sure > members would like that. JC also offers Radius as a Service, which I > thought may be beneficial to me in some way. > - Is there an option other than VLANs and/or separate subnets to > segregate network sharing? Do VLANs require a dedicated subnet? My server > will not ping a client in another VLAN/subnet, but the client can ping my > server from VLANS outside of the hotspot. I haven't tried to ping my > server > from clients in the hotspot. > - I would like to have a dedicated VoIP network that only allows > either voice only traffic or mac address authentication. > - Security is a major concern for me. I do not understand linux's > command line firewall configuration or MikroTik firewall configuration. > QoS > setup is a priority for me in the future as well. > - It's not a must, but I would like to be able to control the public > PC in our conference room. I do not want users to have access to any > settings or be able to install programs, etc. on the machine. Automatic > deletion of downloaded files would be nice, too. > > *Short version - *I would like to control which clients can access > certain directories and printers, have a central user management system for > file/printer access control policies, have users use the same login on the > printer as they would on the network and wifi, account for all pages > printed, copied, and received via fax based on color or black and white ink > usage, VoIP network that blocks everything but the phone/voice traffic, > central control of the public PC in our conference room, and user-friendly > QoS & internal and external security configuration. > > Please let me know if I am misunderstanding something or left out > something. We're growing faster than I thought we would, and I want to > ensure my members are happy and my network runs smoothly. I can't begin > to tell you how much I would appreciate any type of feedback, advice, or > help. Thank you so much. > > Sorry if I used any incorrect terminology and my lack of expertise on this > subject. Also, sorry for the long post. > > My email address is [email protected] <javascript:> if anyone would > like to reach out. > -- You received this message because you are subscribed to the Google Groups "Coworking" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
