Providing, clarifying and updating some information in this thread…
The original Q and subject line suggests whether to deploy AD or Peer to Peer (Workgroup) networking. The general rule of thumb is when your LAN is at least 3 machines, then you need to consider the benefits of centralized management of your network. When you’ve reached 5 machines, then you’re tipping solidly towards centralized Network Security using something like Active Directory. You can use P-P networking practically up to about 20 machines, but when you exceed 5 machines expect some networking anomalies from time to time, eg higher lookup latencies, extra ARP and other broadcast traffic,
Besides centralized management, you should understand <why> something like AD (there are others) benefit networking. Because all Authentication, Authorization and security are managed by Domain Controllers, through DNS and DHCP your hosts on the network <know> where to get network information. In a Peer to Peer network because there is no centralized authority there are elections to determine which machine(s) likely assume the role of holding the network’s information and provides authentication. Naturally, deploying Server based authentication requires those Servers to be on all the time, but unlike a Workgroup your Domain Controllers don’t have to be the biggest, baddest machines on the network, they can be sized to provide only what they need to do.
Don’t know what you mean by “Active Directory has been at our workplace.” If AD is implemented in your workplace, and you’re setting up AD at home, they <must> be different name spaces. Also, it’s highly advisable your networkID should be different so that you can VPN to work if you need to do so. I doubt that you’d be integrating AD with work but if that is a goal then you’ll want to read up on Domain Trusts. If you deploy something other than AD at home and want to integrate with work AD then you’ll need to read up on Federated Trusts, maybe something else depending on what you’re actually implementing.
Re: Linux vs Windows for File, Print services… YMMV. Especially if you are running AD, then adding a new host or managing network services is centralized, simple and automatically pushed to your machines (see my previous comment). SAMBA4 is a recent option still being reviewed as an addition to AD but I doubt would be easy to set up an AD from scratch instead of simply replicating from a Windows DC.
DHCP however is a different animal. If you’re implementing a Workgroup, then anything can be used. If you’re implementing LDAP or AD, then I’d <highly> recommend your DC, DNS and DHCP <all> be implemented on the same OS (platform) because of how those three services must be tightly integrated and exchange information with each other.
Regarding WINS and NetBIOS Name Servers, those aren’t necessary in modern LDAP (and Active Directory), they are required only for legacy NT4 style Domains. Since the first implementation of Active Directory, Host naming is used and NetBIOS naming is not required. BTW - for many Workgroup networks, NetBIOS nameing is still implemented. So, do <not> implement WINS or similar unless you have a reason to do so (eg NT4 Domains, NT4 OS).
Regarding your Internet Gateway router, and implementing sharing and/or transfers between the different zones, it’s done for a reason and is <good practice> to separate Guests from authorized hosts. Still today, most Network Security (like AD) is intended to be used mainly behind firewalls between trusted hosts. It’s possible to implement in front of a firewall but you need to understand security in depth or follow recommended practice like tunneling and/or additional encryption layers.
If you really wish to implement access from/to the public and private zones as defined by your gateway,
- you can modify the setup of the router (if you have access and know what you are doing)
- You can deploy an Application Gateway, eg a webserver. The Webserver requires the User to login and once logged in resources are available as Web shares (eg WebDAV) or whatever other way you want to implement
- You can deploy VPN tunnelling. Setup a VPN beachhead (MS calls this RRAS) to proivide gateway access and Network Security authentication to the protected network.
HTH,
TSU