Announcement

Collapse
No announcement yet.

Network Design

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Design

    Hi Friends,

    I have been asked to redesign our network consisting of 5 Servers i.e. Dc , Exchange, SQL, File and ISA

    with about 25 desktops and laptops

    I am slightly confused about how to make it work , thing is boss wants to have all the server in different subnets and desktops and laptops on different subnets.

    Do i need to put extras NIC in all servers and keep it on different subnet ? or something else.

  • #2
    Re: Network Design

    Why does he want it on different subnets?

    I would think the easiest way is to have a switch capable of supporting a VLAN so:

    SERVERS<-->VLAN1(Physical Switch)VLAN2<-->Workstations

    The switch would obviously need to be programmed to route between the two VLANS

    if you have spare server licenses, you could set up a dual NIC server as an RRAS box so:
    SERVERS<-->Switch1<-->NIC1(RRAS Server)NIC2<-->Switch2<-->Workstations


    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Network Design

      With such a small amount of nodes is useless to create vlans or different subnets.
      Unless there are plans to grow explosively in the next few years.

      Even then the subnets/vlans are as ease to be created.
      So tell no to you're boss that he is creating useless switchpower for nothing

      Even when the boss want to forces you, you probably needs to investigate into a router or a layer 3 switch. Personally i wouldn't use RRAS cause a switch/router is much more faster en powerfull.

      You should come with more details before i can help you further.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Network Design

        I'm assuming you have a firewall and that it has an Internal interface and a DMZ interface. You could hang your servers on the DMZ interface and your clients on the Internal interface. The firewall will then do all the "routing" for you. The only concern is that the firewall may become a bottleneck. You will also have to set the DMZ to Internal traffic and Internal to DMZ traffic to be wide open. This won't be a concern as long as you don't let any external traffic to the DMZ or Internal interfaces.

        Comment


        • #5
          Re: Network Design

          You create only more overhead, Single point of failures and bottlenecks with a firewall. Just think about Packet inspection for example.

          I would leave it as it is.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Network Design

            Originally posted by bantyg View Post
            Hi Friends,

            I have been asked to redesign our network consisting of 5 Servers i.e. Dc , Exchange, SQL, File and ISA

            with about 25 desktops and laptops

            I am slightly confused about how to make it work , thing is boss wants to have all the server in different subnets and desktops and laptops on different subnets.

            Do i need to put extras NIC in all servers and keep it on different subnet ? or something else.
            You are creating an admin nightmare by doing that.

            Keep all you machines on the same subnet.

            Put your 5 servers within the same block of 10 IP's, i.e. 10-20.

            Setup DHCP to issue addresses for your desktops and notebooks.

            Ohh and tell the boss that this is the way its done. The whole point of a domain is for ease of administration.

            Comment


            • #7
              Re: Network Design

              Thanks everybody for help.

              Few reason which I can think of is Duplicate IP address , people (Engineers) at times give static IP address to laptops if they visit client sites and forget to change over ion office and that creates havoc on servers if one of the servers IP gets duplicated. So in some way having another subnet just for Desktops-Laptops will be good , but I am not sure how SQL Authentication etc will work that way.

              Regards

              Comment


              • #8
                Re: Network Design

                I think that that is the responsibility if the engineer.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Network Design

                  Originally posted by bantyg View Post
                  Thanks everybody for help.

                  Few reason which I can think of is Duplicate IP address , people (Engineers) at times give static IP address to laptops if they visit client sites and forget to change over ion office and that creates havoc on servers if one of the servers IP gets duplicated. So in some way having another subnet just for Desktops-Laptops will be good , but I am not sure how SQL Authentication etc will work that way.

                  Regards
                  we had this issue, so we just made our lan 192.168.67.0/24 and in a thousand years I bet a client hasn't got that .67 so if an engineer fixes his at 192.168.0.2 (or whatever) it'll never clash when he comes back. Everyone who is advising you is right - to create this admin nightmare because of problems like those engineer laptops is letting the tail wag the dog. Keep one subnet.
                  Best wishes,
                  PaulH.
                  MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                  Comment

                  Working...
                  X