Using a cellphone for an office LAN
October 31, 2012 7:34 AM
In the aftermath of Sandy, my office in Stamford, CT, is still out of elecrical grid power and out of internet. Now, the building has diesel power and is letting workers back in today, so I'm trying to brainstorm a way to get them online.
Our main email server is 2k3 w/Exchange. We've got a file server on 2k8 as well. Our typical connection is via Cable Modem -> firewall -> patch panel -> LAN. Sitting on the LAN we've got a Wifi interface as well. Cable is currently out for the entire city, so I doubt we'll have any luck, there.
But, cell phones still work, with a variety of companies in the area offering 4G (no LTE) service. What are the chances of rigging up a tether and using Internet Connection Sharing on the primary domain controller (or something like that) to get a small but serviceable connection?
Issues I can see by thinking about this:
* I'd have to change the DNS for the mail server toward whatever random IP the phone gives me. God forbid it changes (which I'm sure it will), or I'll have to change the DNS all over again.
* There's no telling if the cell phone company in question will block inbound or outbound specific ports. It'll probably allow for SMTP, but I'm doubtful that it'll allow the more esoteric Windows-related network queries that go on.
* I'd have to shut off all cloud-based services (online backup, etc) or all the setup would be for naught, as those services would flood the connection.
* The first person in the office who innocently turns on music streaming gets shot.
Turns out AT&T still has running DSL over copper service in the area, and all the phones are functioning, so that would normally be an option. Asking if I could get an installer in there produced a rueful laugh from the sales rep, however, so that's out.
Any other concerns? Would this even work?
Our main email server is 2k3 w/Exchange. We've got a file server on 2k8 as well. Our typical connection is via Cable Modem -> firewall -> patch panel -> LAN. Sitting on the LAN we've got a Wifi interface as well. Cable is currently out for the entire city, so I doubt we'll have any luck, there.
But, cell phones still work, with a variety of companies in the area offering 4G (no LTE) service. What are the chances of rigging up a tether and using Internet Connection Sharing on the primary domain controller (or something like that) to get a small but serviceable connection?
Issues I can see by thinking about this:
* I'd have to change the DNS for the mail server toward whatever random IP the phone gives me. God forbid it changes (which I'm sure it will), or I'll have to change the DNS all over again.
* There's no telling if the cell phone company in question will block inbound or outbound specific ports. It'll probably allow for SMTP, but I'm doubtful that it'll allow the more esoteric Windows-related network queries that go on.
* I'd have to shut off all cloud-based services (online backup, etc) or all the setup would be for naught, as those services would flood the connection.
* The first person in the office who innocently turns on music streaming gets shot.
Turns out AT&T still has running DSL over copper service in the area, and all the phones are functioning, so that would normally be an option. Asking if I could get an installer in there produced a rueful laugh from the sales rep, however, so that's out.
Any other concerns? Would this even work?
Sorry, good points for clarification: 10 people at most. We're not fully staffed today by any stretch of the imagination, so we may only have 4-5 people in there at any given time.
Signal strength in the server room is pretty strong. At least 80% for the phone I'm considering using for this experiment.
posted by thanotopsis at 7:57 AM on October 31, 2012
Signal strength in the server room is pretty strong. At least 80% for the phone I'm considering using for this experiment.
posted by thanotopsis at 7:57 AM on October 31, 2012
The phone company won't do any new installations until after everyone who is out of service is back up, so yeah, using DSL is a no-go.
My thought is to get everyone an air-card, and do a remote VPN into the server. You can use an air-card for the server, then you won't suffer so much from congestion.
Costly, yes, but it should work.
You'd have to prevent people from random surfing, and limit traffic to company business only. (So no watching CNN or anything like that.)
posted by Ruthless Bunny at 8:02 AM on October 31, 2012
My thought is to get everyone an air-card, and do a remote VPN into the server. You can use an air-card for the server, then you won't suffer so much from congestion.
Costly, yes, but it should work.
You'd have to prevent people from random surfing, and limit traffic to company business only. (So no watching CNN or anything like that.)
posted by Ruthless Bunny at 8:02 AM on October 31, 2012
An Aircard, as far as I can tell, would provide the same functionality as a tethered phone. The kicker is that the aircard would require its own contract. Our office provider, T-Mobile, has one for a minimum 2-year contract -- which seems a bit much of an expense for what might turn out to be a 2 or 3 day solution.
posted by thanotopsis at 8:10 AM on October 31, 2012
posted by thanotopsis at 8:10 AM on October 31, 2012
I set my 5-person office up using a 3G wireless card for about a week before we could get proper internet installed. I had it plugged into a Linux box that acted as the gateway for our network, but I guess a Windows box with ICS would work too. However, the absolute easiest way would be to get a 3G/4G router like a Cradlepoint, which you can plug an aircard or compatible phone into. I've used one at trade shows for our booth and it's worked like a champ.
posted by zsazsa at 9:40 AM on October 31, 2012
posted by zsazsa at 9:40 AM on October 31, 2012
Our typical connection is via Cable Modem -> firewall -> patch panel -> LAN.
The less things you have to change in your infrastructure the better, so don't mess around with your DC. Instead, let's just swap out the commodities: replace "cable modem" above with "Cell Phone -> Tethered Laptop". You may have to tell your firewall about a new WAN IP, but otherwise your internal network shouldn't need to change.
Said laptop could run Windows ICS, or a Linux equivalent if you have the know how. If the phone really doesn't like it, buy VPN service from somewhere or roll your own with AWS and run everything through that via the laptop. If you have LTE and keep internet surfing to a minimum (no HD YouTube, pause backups like you said, etc), you should be in decent shape.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:18 PM on October 31, 2012
The less things you have to change in your infrastructure the better, so don't mess around with your DC. Instead, let's just swap out the commodities: replace "cable modem" above with "Cell Phone -> Tethered Laptop". You may have to tell your firewall about a new WAN IP, but otherwise your internal network shouldn't need to change.
Said laptop could run Windows ICS, or a Linux equivalent if you have the know how. If the phone really doesn't like it, buy VPN service from somewhere or roll your own with AWS and run everything through that via the laptop. If you have LTE and keep internet surfing to a minimum (no HD YouTube, pause backups like you said, etc), you should be in decent shape.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:18 PM on October 31, 2012
I should clarify that I said "laptop" because I'm thinking that most phones can manage WiFi tethering, but if you have a WiFi card for a desktop, or can tether over USB, go nuts.
Also,
*I'd have to change the DNS for the mail server toward whatever random IP the phone gives me. God forbid it changes (which I'm sure it will), or I'll have to change the DNS all over again.
A VPN will fix this, though AWS at least may have issues sending mail due to IP blacklists. There are ways to mitigate that (Google says Amazon might be able to add reverse DNS), but I've never dealt with that.
* There's no telling if the cell phone company in question will block inbound or outbound specific ports. It'll probably allow for SMTP, but I'm doubtful that it'll allow the more esoteric Windows-related network queries that go on.
This is another great reason for hooking up the phone outside your firewall. Things like that are usually restricted to the subnet, but this way you don't have to think about it.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:26 PM on October 31, 2012
Also,
*I'd have to change the DNS for the mail server toward whatever random IP the phone gives me. God forbid it changes (which I'm sure it will), or I'll have to change the DNS all over again.
A VPN will fix this, though AWS at least may have issues sending mail due to IP blacklists. There are ways to mitigate that (Google says Amazon might be able to add reverse DNS), but I've never dealt with that.
* There's no telling if the cell phone company in question will block inbound or outbound specific ports. It'll probably allow for SMTP, but I'm doubtful that it'll allow the more esoteric Windows-related network queries that go on.
This is another great reason for hooking up the phone outside your firewall. Things like that are usually restricted to the subnet, but this way you don't have to think about it.
posted by Nonsteroidal Anti-Inflammatory Drug at 12:26 PM on October 31, 2012
This thread is closed to new comments.
My two immediate thoughts were:
How many people are at this company? If you've got, like, four people, then yeah it might pan out okay. If it's a medium-sized office, I'd think that sharing that connection would be unworkably slow.
But more importantly: Do you even get reception in the server room? If so, how good is it?
posted by FAMOUS MONSTER at 7:40 AM on October 31, 2012