INTRANETS: CONNECTING LANs TO THE INTERNET
The internet isn’t the only computer network: private computer networks have existed for years. Most large organizations have local area networks (LANs), networks of computers connected by cables, usually in one building or campus, that allow their computers to share files, printers, e-mail and other resources. But the amazing growth of the internet has changed the way users look at LANs. A new kind of LAN has emerged – the intranet – that allows people to access information within the organization by suing web browsers and other internet programs. This tutorial defines intranets, explains what components make up an intranet, and lists the general steps for creating an intranet. This tutorial also describes programs that you can use to connect a small LAN (for example, a few networked computers at home or in a small office) to the internet.To place an order for the Complete Project Material, pay N5,000 to
GTBank (Guaranty Trust Bank)
Account Name – Chudi-Oji Chukwuka
Account No – 0044157183
Then text the name of the Project topic, email address and your names to 08060565721.
Note: because intranets are so new, some of the terminology (and all the technology) is changing fast. After getting the basic from this tutorial, be sure to visit some of the web sites listed at the end of the tutorial.
What is an intranet?
An intranet is a private network (usually a LAN, but may be larger) that uses TCP/IP and other internet standard protocols. Because it uses TCP/IP the standard internet communications protocol, an intranet can support TCP/IP based protocols, such as HTTP (the protocol that web browers use to talk to web servers), and SMTP and POP (the protocols that e-mail client programs use to send and receive mail). In other words, an intranet can run web servers, web clients, mail servers, and mail clients – it can work like a small, private internet.
As the web has become the most talked about internet service, intranets are also known as internal webs, because they allow an organization to have its own private web sites for use only by users on the intranet. However, like the internet, most intranets also carry lots of e-mail traffic. All those paper memos that used to float around large organizations have largely been replaced by e-mail messages.
Intranets vs LANs
An intranet starts with a LAN and adds internet protocols services. What’s the advantage of running internet protocols on your private network? Some LANs have their own transport protocols. NetBEUI (from Microsoft) and IPX/SPX (from Novell) are both commonly used LAN communications protocols. These protocols do a good job for file sharing and printer sharing on a LAN, but they aren’t internet-compatible and they don’t support web browsers and web servers. Luckily, you don’t have to choose between a LAN communication protocol and TCP/IP. In most cases, you can run both simultaneously – the computers on your network use a LAN protocol, such as NetBBEUI or IPX/SPX, to share files or send information to a shared printer, and use TCP/IP to request web pages. Most LANs of any size are converting to TCP/IP.
An internet can run on a network larger than a LAN, too, such as wide area networks (WANs), the networks that large organizations use to connect geographically separate locations. An intranet can be three networked computers, a LAN of two hundred computers in a building, or six large LANs interconnected as a WAN. You can also create an extranet, an intranet that allows people to connect into the network over the internet. For example, if your organization sends sales people out into the field, they could connect to the internet, and then use extranet features to connect to your organizations intranet.
On the other hand, if all you need is for everyone on your LAN to be able to view a private set of web pages, you don’t need an intranet nor a web server. By using the file / open command of almost any browser, you can view web page stored on any hard disk that is accessible over the network. Instead of using web server URLs that start with http://, you specify the hard disk and path name of the web page to display by using file URLs that start with file:// (yes, that’s three slashes). For example, you can make an internal home page for your small organization, store it on a hard disk that is accessible from all the computers on the LAN, and set it as the home page of your user’s browsers.
Advantages and disadvantages of an intranet
LANs and intranets both let you share hardware, software, and information by connecting computers together. You don’t need an intranet to share files and printers, or to send e-mail among the people on your network: a LAN can do those jobs. The following are some reasons to convert a LAN to an intranet, or to connect your computers together into an intranet:
· Intranets use standard protocols: internet protocols such as TCP/IP are used on a huge number of diverse computers. More development is happening for internet-based communication than other types of communication. For example, intranet users can choose from a wide variety of e-mail programs, because so many have been written for the internet.
· Intranets are scalable: TCP/IP works fine on the internet, which has millions of host computers. So you don’t have to worry about your network outgrowing its communications protocol.
· Intranet components are relatively cheap – and some are free: Because the internet started as an academic and military network (rather than a commercial one), there’s a long tradition of free, cheap and cooperative software development. Some of the best internet software is free, including Apache (the most widely used web server), Pegasus, and Eudora Lite (two excellent e-mail client programs).
· Intranets enable you to set up internet style information services: you can have your own private web, using web servers on your intranet to serve web pages to members of your organization only (see the next section). You can also support chat, usenet, telnet, FTP, or other internet services privately on your network. Push technology (web channels) can deliver assignments, job status, and group schedules to the user’s desktop via his or her browser.
· Intranets let people share their information: everyone in your organization can make their information available to other employees by creating web pages for the intranet. Because many word processing programs can now see documents as web pages, creating pages for an intranet doesn’t require a lot of training. Rather than printing and distributing reports, people can put them on the intranet and send e-mail to tell everyone where the report is stored.
Of course, intranets have some disadvantages, too including these:
· Intranets cost money: You may need to upgrade computers, buy new software, run new cabling, and teach people to use the new systems.
· People; in your organization may waste time: If you connect your intranet to the internet, people may spend hours a week watching sports results or checking their stock options. Even if you don’t connect to the internet, people can use the intranet to build sites about the company softball team and send e-mail about upcoming baby showers. You’ll need policies in place to determine how the intranet may be use.
What can you do with an intranet?
Many organizations, especially those with large existing computer systems, have lost of information that is hard to get at. The intranet can change all that, by using internet tools. Here are some ideas for ways that your organization – large or small can use an intranet.
· E-mail within the organization and to and from the internet: People can use one e-mail program to exchange mail both with other intranet users and with the internet.
· Private discussion groups: Using a mailing list manager or a news server accessible only to people in your organization, you can set up mailing lists or newsgroups to encourage people to share information within departments or across the organization.
· Private web sites: Each department in your organization can create a web site that is accessible only to people on the intranet. Instead of circulating memos and handbooks, information can go on these web sites. For example, the human resources department can post all employee policies, job postings, and upcoming training opportunities the marketing department can post information about products, including upcoming release dates, how products are targeted, and other information that isn’t appropriate for a public site on the internet-based web. Every department can post web pages to share its information with the other departments in the organization. By using the intranet instead of printing on paper, it’s economical to publish large documents and documents that change frequently.
· Access to legacy databases: If your organization has information that’s locked away in an inaccessible database, you can convert the information to web pages so that everyone on the intranet can see it (legacy systems are those considered outdated by whoever is describing the system). For example, a nonprofit organization might have a proprietary database containing all of its fundraising and membership information. By using a program that can display database information as web pages and enter information from web page forms into the database, all the people at the nonprofit organization can see, and even update, selected information from the database by using only a web browser. Naturally, the program would need to limit who could see and change particular information in the database.
· Teleconferencing; rather than spend big bucks on video teleconferencing systems, think about using your intranet (and the internet), instead. If your organization has offices in several locations, you can use the internet for online chats with text, voice, shared whiteboards, and even limited video.
Components of an intranet
This section presents the components that make up an intranet, including computers (workstations and servers), cabling, and software.
Workstations and client software
Most of the computers that are connected together by an intranet are wokstations computers that are used directly by people. Workstations are the PCs that users probably already have sitting on their desks. A workstation can be almost any computer – a PC running windows (98, 95, NT, or 3.1) a macintosh, or a computer running UNIX. One intranet can combine different types of workstations: windows, macs and UNIX computers. Each workstation’s operating system must be able to support networking: windows 98, windows 95, macs and UNIX have networking built in. you’ll probably find older computers (PCs running windows 3.1 or DOS, and older macs) need hardware and operating system upgrades ( you can install TCP/IP software on windows 3.1 and ODS computers, but it’s a lot of extra work).
In addition to other application programs, workstations run client programs, software that provides the user with access to network servers. On an intranet, workstations might run e-mail clients ( such as Eudora, Outlook Express, or Netscape messenger), web browsers (such as Netscape navigator or internet explorer), newsreaders (such as Outlook Express, Netscape Collabra, or Free Agent) or chat programs (such as mIRC or Ircle) in fact, intranet workstations can run any standard internet client programs. These internet client programs can give users access to both intranet and internet services, if your intranet is connect to the internet.
Servers and network operating systems
Most intranets all except the smallest networks include computers that are not used, directly by people. Instead, these servers provide services to the intranet. For example, a file server stores files to be shared by users on the network, a print server controls a printer that network users can print on, a web server provides web pages, and a mail server controls incoming and/or outgoing mail messages.
Like a workstation, a server can be almost any computer. Except on the tiniest intranets, server computers run a network operating system (NOS). windows 98 and 95 come with some networking capabilities built in, but for larger networks, servers usually run windows NT or a NOS such as Novel netware, banyan VINES, Apple Open Transport (for macs only), or UNIX (or Linux, a freeware version of UNIX).
Servers also run server software, such as web server software, mail server software, or a mailing list manager. Many intranet server programs run on UNIX, some on windows 98 and NT, and a few on macs. If you have a UNIX server, you can run lots of freeware and shareware server programs that are used on internet host computers (for example, the Apache web server, and standard UNIX mail programs, such as sendmail). Windows NT servers come with a web server (Microsoft internet information server).
For lists of server software that runs on Unix, Windows NT, and other platforms, visit the server watch web site at http://serverwatch.internet.com. This site includes listings of web servers, e-mail servers, chat servers, mailing list servers, and other types of servers.
An intranet can have one or many servers, and they can either all run the same OS or run different ones. For example, a medium sized intranet might have two Novell netware servers one to handle file and printer sharing and one to handle routing e-mail within the intranet and a UNIX server to route e-mail to and from the internet and run web server and mailing list server software. On large networks, each server computer runs only one server program which occupies it full time.
Your intranet may also run middleware, software that translates between application programs and the intranet. Middleware can provide access to a database from a web browser, for example, by using calls to the database program to read and write records, and by creating web pages on the fly as the user requests database information.
Network cards, cabling, and hubs
A critical component of any intranet is the cabling and other hardware that connect the computers together. (wireless LANs exist, but they require boxes to allow the computers to communicate without cabling). The most widely used method for connecting computers to a LAN is called Ethernet. (its main competitor, token ring, is declining in popularity).
Several different Ethernet cabling schemes (or topologies) exist, and the two most popular are the star and bus topologies, shown in figure 4-1. There are two commonly used types of cable, too: most bus networks use thin coaxial cable, while most star networks use unshielded twisted pair (UTP) cable. (Star networks can also use coax).
To connect the cable to the computers, each workstation and server needs an Ethernet network adapter, which is either an adapter card that installs inside a desktop computer or laptop base station, or a PCC card that installs in a laptop. Star topology networks also need a hub a box to which cables from all the workstations connect to serve as the center of the star.
For information on choosing and designing the cabling system for an intranet, see intranet resource kit, edited by Prakash ambegaonkar (Berkeley, CA; Osborne/ McGraw-Hill, 1997). If you are setting up a small windows 98-based intranet, see windows 98: the complete reference part V, networking with windows 98 (Berkeley, CA; Osborne, McGraw-Hill, 1998).
The internet connection
You can set up an intranet that has no connection to the internet: the intranet can provide e-mail, a private web, and other internet-like services to your users, with no access to the internet itself. However, many intranets connect to the internet, so that users can send and receive e-mail from the internet, browse pages on the web, and use other public internet services. If you connect your intranet to the internet, you need to control what internet services your intranet users can access, as well as what intranet resources the public internet can access.
To connect your intranet to the internet, you need an internet service provider (ISP). Contact ISPs in your area to discuss what kind of connection you need, depending on the size of your intranet, the type of services that you plan to provide to the intranet and the internet, and the amount of data that you expect to transfer between the intranet and internet. Your options include;
· A dial-up line with a 56K modem, for occasional connections to the internet and small amounts of data transfer.
· An ISDN line, ADSL line, or cable modem service with a modem or adapter, for a faster connection to the internet that still is not full time.
· A dedicated line, to connect you intranet to the internet full time, with a router (a box that connects the dedicated line to a computer). Dedicated lines come in various speeds, including T1 (1.5Mbps) or fractional T1s (one-half or one-quarter of a T1). A router can be a dedicated box (the moost popular ones are from cisco systems) or a UNIX, windows NT, or windows 2000 server system (Linux comes with software to do internet routing).
The ISP can tell you what kind of hardware you need to connect the line that you choose to your intranet. If you use a modem or ISDN ‘modem’, you make the connection to one computer on the intranet. If you use a router, it connects directly to the intranet. All the computers on the intranet connect to the internet via this connection, so that each computer doesn’t need its own modem, phone line and account.
For large intranets, you usually can’t get enough IP addresses for each computer on your network. Instead you use network address translation (NAT) which translates addresses inside of your network to the network addresses that your ISP assigns to you. Your router handles network address translation for your intranet.
For the smallest intranet, you can use a program such as WinGate or WinProxy, described in the section “connecting a small LAN to the internet” at the end of this tutorial, to let all the users on the intranet share one fast modem and internet connection. WinGate and WinProxy handle network address translation, too.
If your intranet connects to the internet, you need to control the kinds of information that can pass between the internet and your intranet. The hardware, software and procedures that provide access control make up a firewall (named after the barrier that tops a fire from spreading from a car engine into the passenger compartment). A firewall can serve the following functions:
· Limit internet access to e-mail only, so that no other types of information can pass between the intranet and the intenet.
· Control who can telnet into your intranet (a method of logging in remotely).
· Limit what other kinds of traffic can pass between your intranet and the internet.
A firewall can be simple or complex, depending on how specifically you want to control your internet traffic. A simple firewall might require only that you configure the software in the router that connects your intranet to your ISP. A more complex firewall might be a computer running UNIX and specialized software. Firewall systems fall into two categories, network level and application level.
Network level firewalls
These firewalls examine only the headers of each packet of information passing to or from the internet. The firewall accepts or rejects packets based on the packets sender, receiver, and port. (Each internet service, such as e-mail or the web, has a different port number). For example, the firewall might allow e-mail and web packets to and from any computer on the intranet, but allow telnet (remote login) packets to and from only selected computers.
Application level firewalls
These firewalls handle packets for each internet service separately, usually by running a program called a proxy server, which accepts e-mail, web, chat, newsgroup and other packets from computers on the intranet, strips off the information that identifies the source of the packet, and passes it along the internet (or vice versa). When the replies return, the proxy server passes the replies back to the computer that sent the original message. To the rest of the internet, all packets appear to be from the proxy server, so no information leaks out about the individual computers on your intranet. You can configure your proxy server to limit access to internet services for example; you can permit outbound telnet packets, so that your users can use telnet to log in to other computers, but refuse inbound telnet packets, so that no one on the internet can log in to your intranets computes. A proxy server can also log all the packets that pass by, so that you have a record of who has access to your intranet from the internet, and vice versa.
In addition to a firewall, you need to take steps to make sure that the intranet is used appropriately in your organization.
· Establish acceptable-use policies: post rules for using the intranet, including the use of e-mail, the web, and discussion groups both within the intranet and on the internet.
· Monitor usage: we don’t mean to suggest that you look over everyone’s shoulders while they use the intranet, but make sure that someone monitors the content of the intranet’s web sites and discussion groups. Look for copyright infringements, personnel issues, and security lapses.
· Close the door behind departing employees: when someone leaves the organization, make sure that a system is devised to close the person’s accounts, change passwords, and deny other access to the intranet.
· Be vigilant about data in general, not just about the intranet: the intranet’s connection to the internet can certainly be a security hazard, but important data can also walk out your organizations door on a diskette in someone’s pocket, in a fax, or many other ways
Caution: firewalls don’t protect your intranet against viruses: you need intranet-wide virus-protection software, too.
For more information about firewalls, see the section “Finding out more” at the end of this tutorial.
Steps for creating an intranet
This section provides the general steps to create an intranet. Your exact steps depend on whether you are converting an existing LAN to an intranet or creating a new network, on the size of your intranet, and on whether you plan to connect your intranet to the internet.
1. Decide on the key applications for your intranet and look at software to perform the application. If you are looking for e-mail, web pages, and other general internet services, almost any intranet system will do, but if you need specialized services, your choice of software may dictate the hardware and network operating system for at least one of the servers on your intranet. For example, if an important application for your intranet is to give users access to information in your corporate directory, which runs on a UNIX- based database, your intranet might need at least ones UNIX server.
2. Decide whether and how the intranet will connect to the internet. Shop for an ISP, choose the speed of your internet connection (56Kbps dial-up ISDN, ADSL, cable modem service, or dedicated line), and determine what hardware you need. While you are talking to your ISP, get a block of IP addresses for the computers on your intranet and register your domain name (if you don’t already have one).
3. Configure the servers for your intranet. Choose the server programs (such as web servers and e-mail servers), NOS, and hardware (CPU, RAM, disk drivers, modem, and printer). Be sure to include some form of backup media, such as a tape driver.
4. Choose the client software, operating system, and hardware for the workstations on your intranet. You probably already own most of the computers that you want to connect to the intranet. If the computers are old (DOS Windows .1 or older Mac computers), you need to upgrade or replace them. Client software usually includes an e-mail program (such as Pegasus or Eudora) and a browser, as well as other standard internet programs.
5. Determine your cabling topology, if you are creating a new network. Draw a layout of the network, by working off building blueprints.
6. Configure your internet connection and firewall, including the router, proxy server software, and other components.
7. If you are adapting a LAN as an intranet, you should already have a security system that is based on the capabilities of your NOSs. If you are creating a new network, you need to learn about your NOSs security system, assign users to groups, make an access profile for each group, and make an access profile for each user.
8. Consider adding an uninterruptible power supply (UPS) for all of your servers. Also, design a procedure for making regular backups of all servers and workstations on the intranet. Choose a virus protection system.
9. Purchase the hardware, software, cabling and other items.
10. Back up everything
11. For each new or upgraded server and workstation, install the new hardware (including network adapters) and operating system, and test that the system runs correctly.
12. If you are running new cable, run the cable and connect each computer according to the layout that you drew. If you are running cable within or through walls, consult an electrician about building codes.
13. If you are creating a new network, configure the servers to communicate over the network. Configure the workstations to communicate over the network install and test file and printer sharing services. You now have a working LAN – but it’s not an intranet until it runs internet-like services, too.
14. If you plan an internet connection, install the router, cabling, or other equipment to connect to the internet with help from your ISP. Test communications between the intranet and the internet.
15. Install and test your mail server, the SMTP gateway for your existing e-mail system, or whatever system will route mail within the intranet and/or to and from the internet. Install and test e-mail client programs on the workstations.
16. If you plan to have a web server, install and test the web server, then install web browsers onn the workstations and test that they can access web pages stored in the web server. Now its an intranet!
17. If you plan to provide other intranet services, such as Usenet newsgroups, mailing lists, or intranet chat, install and test the server software on the servers, and then install and test the client software on the workstations.
18. Configure and test the firewall.
19. Make backups of all the servers and workstations, so that you have a copy of a “clean install” of all the software necessary for the intranet. Institute procedures for regular backups.
20. Teach the users how to use the new facilities of the intranet.
Tip: make a log book for each server, workstation router, and other component of your intranet, and log each change that you make. Your logs will make troubleshooting much easier later!
After your intranet is up and running, it requires ongoing work to keep it running, including the following tasks:
· Maintain logs for all the intranet servers. If you can maintain logs for all the workstations, too, do so, although users may install their own software.
· Keep up with news about new versions of the software that you use, and decide when to upgrade. You usually don’t need to install each new versions of every program, but if you get too many versions behind, you’ll have trouble getting support if you have a problem.
· Teach the users of the intranet how to use e-mail, web browsers, and other intranet facilities. Also, teach the acceptable use policy for your organization, as well as other standard procedures. Teach users to create web pages, manage mailing lists, and create and maintain other intranet resources.
· Make regular backups of all the servers and workstations on the intranet.
Connecting a small LAN to the internet
If you have a tiny windows based LAN – two or three computers in a home office or small business – you can turn it into an intranet by using a product such as WinGate (or WinProxy – which works similarly to WinGate). WinGate allows all the users on a LAN to share a modem on one computer, and on one internet account. When any user on the intranet tries to communicate with the internet – for example, by running a web browser or clicking the check mail button in an e-mail program – the request is routed to WinGate. WinGate connects to the internet (if it is not already connected) and sends the request out to the internet. When information comes from the internet, WinGate routes the information to the computer that requested it. WinGate also serves as a proxy server, providing a firewall between your intranet and the internet (refer to the section “Security Systems” earlier in this tutorial).
WinGate requires you to assign an IP address to each of the computers on your intranet. If your ISP gives you an IP address for each of your computers, go ahead and use them, but this situation is highly unlikely. (most ISPs don’t assign permanent IP addresses; instead). Luckily, you don’t need to get IP addresses from your ISP. You can see a set of special addresses that are never used on the internet: the IP addresses in the range from 192.1680.0.255 (or one of several other unused ranges). These “private” IP addresses are never visible to the rest of the internet, because WinGate translates all IP addresses before releasing them to the internet. These IP addresses are used only for communication within your intranet.
WinGate (http://www.wingate.com) and WinProxy (http://www.winproxy.com) both run on windows 98, windows 95, windows NT, and both are available for download and purchase at their respective web sites. To use WinGate or WinProxy, follow these general steps (see the instructions that come with the program for details).
1. Get the program from its web site. The cost of the license depends on the number of computes on your intranet.
2. Install the program on one computer (the one with the faster modem).
3. Configure the program to connect to the internet by using an existing Dial-up networking connection.
4. Configure the various internet services – e-mail, web browsing, and any other services that you intend to use.
5. Assign a private IP address to each of the computers on your intranet, starting with 192.168.0.1 for the computer on which WinGate on WinProxy runs.
6. Configure each of the computers on the intranet to use WinGate or WinProxy for communication with the internet, by configuring each e-mail program, web browser, or other client program to communicate through the proxy server at IP address 192.168.0.1.
Once your mini-intranet is up and running, you can run a mail server, a web server, or other servers just as you would on a larger intranet. For example, windows 98 comes with personal web server, which can serve as a web server for a small intranet.
Finding out more
Here are other places that you can learn about intranets
· Read the intranet FAQ at http://www.innergy.com/ifaq.html.
· For information about firewalls, see the internet Firewalls Frequently Asked Questions Web site, at http://www.interhack.net/pubs/fwfaq, or the Rotherwick Firewall Resource, at http://www.zeuros.co.uk/firewall.
· The usenet newsgroup comp.infosystems.intranet discusses general intranet issues. You might also want to read the newsgroups in the comp.infosysytems.www.servers hierarchy for information about web servers, and the comp.security.misc newsgroup for intranet security. You can also read your intranet to the internet through a firewall.
· One mailing list discusses intranets, at firstname.lastname@example.org. To subscribe, go to the eGroups web site at http://www.egroups.com or send a blank message to email@example.com. There is also a mailing list about firewalls, firstname.lastname@example.org. Send the command subscribe firewalls to email@example.com.
· The following books all provide good information about intranets:
The intranet Bible, by Ed Tittel (Foster City, CA: IDG Books Worldwide, 1997)
Introducing intranets, by Gordon Benett (Indianapolis, IN: Que Education & Training, 1996).
Intranet Web Development, by John Desborough (Indianapolis, IN: New Riders, 1996).
· Here is a good book to read to learn about firewalls:
Building internet firewalls by D. Brent Chapman and Elizabeth D. Zwicky
(Sebastopol, CA: O’Reilly & Associates, 1995).To place an order for the Complete Project Material, pay N5,000 to
GTBank (Guaranty Trust Bank)
Account Name – Chudi-Oji Chukwuka
Account No – 0044157183
Then text the name of the Project topic, email address and your names to 08060565721.