Network Design

By k0rhal ·

I need some advise really. I have been asked to look into ideal solution to a networking issue. I was hoping you might have some insight..

Currently there are 3 sites. Approx 300 staff at one and 150 at each of the other two. Each building is within 15 miles.

There is no traffic model however we host our own e-commerce site and would like to keep all secure information onsite.

Security and reliability are key points.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

What is your goal?

by netwrk_admn In reply to Network Design

Define what you are looking to do exactly. Just to link them up on a secure, dedicated link? Ask your telco providers for solutions and make sure they are private line technology such as T1 (but you'll need a bigger pipe than that.

There are other options such as site to site VPN with a few Microsoft ISA servers or equivalent technology if each location has their own hook up to the internet.

Other considerations such as data replication between sites to ensure data integrity (in case of disaster at one site).

Basically what I mean for you to consider is: what is your current set up, what do you want to move to within your budget, and what services should be responsible on each end of the link.

Collapse -

"Ideal" solution?

by oldbaritone In reply to Network Design

There isn't one, no matter what. Everything is a compromise.

T1/T3 point-to-point is more secure, but more expensive. VPN is cheap, but usually low-bandwidth and you're exposed to the internet. Wireless, like microwave, has licensing issues, high start-up cost, but low operating cost. Privately-owned or leased fiber between sites may be another option.

Do you want to layer or isolate the e-commerce from the internal network operations? It's not a bad idea to have compartmentalization for security.

Redundant, clustered servers at the outlying sites can improve reliability within each site, and reduce the amount of traffic between buildings.

But without some idea of the operating parameters, it's difficult to make any meaningful suggestion.

Collapse -


by k0rhal In reply to "Ideal" solution?

Its a senario, so it's fairly open in what can be done with it. I'd paste it here but the pdf doesn't seem to want to let me..

Basically the requirements are what i've listed and we're allowed to make assumptions on top of that..

I was thinking some sort of triangle, so if one link is lost traffic can reroute via the other site.

For the sake of security i would prefer to isolate the e-commerce web servers.
A central authentication and domain manager would be a requirement also i'd think, in order to sgare resources.

I was thinking along the lines of a virtulisation setup.

In short its a uni senario we've been dropped in the deep end with. Im tasked with researching options where money is not an object aslong as everything is justified.

I'd just like a point in the right direction..

Collapse -

I'll get you started,

by netwrk_admn In reply to senario

Usually members don't like doing people's homework for them, but I can tell you genuinely need a starting point and are motivated to learn.

For network topology, which you call a triangle set-up, since there are only three links, it could be a ring/mesh/star/any sort of topology because each are connected to each other somehow - even when one goes down the other two can talk no matter what.

Like oldbaritone said, choose the transmission technology (microwave, point-to-point, VPN across the internet) to link the sites. If you decide to go with one, detail why.

Virtualization: if you go this route, you'll really want to research the benefits - remember networks are full of services that should be running all the time, see what technology presents the best 'redundancy.'

Lastly, yes you will want to seperate your web servers from your internal authentication servers and file servers. Figure out the best way to do that without seperating an entire office link of 150 people from the other 'internal' servers (hint: firewall).

Collapse -

and add...

by oldbaritone In reply to I'll get you started,

I'd suggest secondary domain controllers at the secondary sites. A server at each site can help to reduce backbone traffic by compartmentalizing functions within a site. The term "Secondary" is interesting, because one of the smaller sites might be "Home Office" who wants to be the home for the central control - or not.

Triangle connection is great for redundancy and fall-back, and normally the routers will recognize the shorter route, listing the "long way" as second best. With that architecture, do you want internet access from each site? It depends on the bandwidth requirements of the employees, but multiple access routes improves reliability if designed properly: a single-point failure won't create a company-wide outage. With servers on each site, you could have proxy service in each server to the internet.

Think about putting your web servers, topologically, in their "own little world" - a DMZ. As netwrk_admn said, (hint: firewall. hint2: multiple IP addresses and service binding). It's a harsh, cruel world out there.

Oh, is the phone system going to be IP also? That's another thing to consider during the planning phase when considering system load and bandwidth requirements.

Gee, it's fun to spend somebody else's money...


Collapse -

Back in school i wouldnt have appreciated this project as much

by netwrk_admn In reply to and add...

but now that I'm working, with real world constraints, I like to hypothesize these scenarios.

Personal anecdote:
We thought we were expanding at my company two years ago (before a key client's demise into bankruptcy). We moved key personnel to another building to free up some room, installed a wireless microwave to the new building (across the street - there was a pesky tree in the way and when it was really windy they had connection problems).

Anyhow, it didn't end up working out, we had to get rid of the lease and bring them back to the main office. My boss already had all the equipment from an earlier project in early 1990 so there wasn't much 'research' on my end. It was fun though, having an IT geek go up a thirty foot ladder to bring down the lightning shielded microwave tower off the rooftop.

Collapse -


by k0rhal In reply to Back in school i wouldnt ...

Thank you all for the information and support you are giving. I have been reading up on the concepts you have been giving me and it seems somewhat open of a topic.

To answer one of the questions, voip services would be nice for the telephone system. Internet access for each of the sites would also be a requirement.

I think i will use the lease line option for security and speed issues. Now to work out the speed of the lines and how the domain controllers work.

Thanks for getting back to me, this thread has been very helpful.

Collapse -

Final questions

by k0rhal In reply to Network Design

Hi guys, would you mind if i asked a few more questions.

So i have 3 sites connected via leased lines in a triangle configuration.

Each site will have a windows domain controller with active directory updating via master/master replication between the different locations.

A few things have me confused.. Does there need to be more than 1 domain server at each location or will authentication automaitcally locate the other ones?

Router configuration and DNS has me also..
Should their be two routers at each site, each handling a different leased line?

I am guessing each router should be connected together via a fiber channel for speed and each router should be connected to a core switch?

What i dont understand is what controls DNS.. Does there need to be a DNS server at each site?

Further down the a standard wired network setup seem to change to a star topology. Does this not introduct single points of failure?

Final question (i know i know), each site required an internet connection. One site has to have a web server. Should each site then have an internet connection to reduce traffic between locations?

Related Discussions

Related Forums