Network Design

Curious on best practice for network design of a relatively small network of
60 users, 5 printers, 3 servers, one storage arrray, one firewall to the
internet...

I'm wondering if I split up into 2 subnets just to break it up a bit.

I'm thinking two switches for the SAN that connects to servers on the backend.

Then two switches (1 for each subnet) that would connect to all servers
Then 2 user switches that would connect users in each sub net..

Is it over kill?? Or am I on the right track.. It's building a network
from scratch..

What is best practice for private internal IP address scheme..

Thanks.

60 users?

It is very likely that the below setup is overkill, assuming the 60
users are not streaming video all the time, but are regular office users.

I would not split up the network in subnets if at all avoidable, there's
no reason I can think of that is worth the extra hassle in this situation.

Without spending too much money I would do the following, keeping some
level of scalability in mind.

1. two decent brand managable 48 port 100 Mbit switches for the users,
you might want to consider vlanning depending on user activity.

2. A decent brand (juniper, cisco) router to the internet

3. Gigabit switch for the SAN backbone, assuming you are using iSCSI.
Otherwise FC.

4. Internal IP scheme, something less obvious in the 172 or 10 range
(for example 10.46.8.x) this will give you 254 ip addresses. (not
10.0.0.0 please... if you ever try to connect other LAN's you'll find
that they will have done this; forcing you to renumber) You may want to
consider using a B class to allow for scalability.

For a small setup like this the KISS principle applies.... Keep It
Simple. The admins will thank you for it.

/ ) Regards,
/ /_________
_|__|__) Paul Weterings
/ (O_) http://www.servercare.nl
__/ (O_)
____(O_)


buf1 wrote:
> Curious on best practice for network design of a relatively small network of
> 60 users, 5 printers, 3 servers, one storage arrray, one firewall to the
> internet...
>
> I'm wondering if I split up into 2 subnets just to break it up a bit.
>
> I'm thinking two switches for the SAN that connects to servers on the backend.
>
> Then two switches (1 for each subnet) that would connect to all servers
> Then 2 user switches that would connect users in each sub net..
>
> Is it over kill?? Or am I on the right track.. It's building a network
> from scratch..
>
> What is best practice for private internal IP address scheme..
>
> Thanks.
>
>

Thanks.. I thought that was all overkill I wanted to keep it a single
subnet but was curious on best practice for that... Users are mostly
office users (word, excel) We have a drafting department that does CAD but
there are only 3 users there and they aren't doing intensive CAD or 3D
stuff.. It's mostly file and print.. I'm moving to a SAN because we are
doing a lot of scanning documents and image type things and will get more
involved with that later.. I'm currently running out of space..

It is currently set up in the 172.22 range... It is a Win2k domain.. I'm
moving to a Win2008 domain..

In a VLAN case how do users authenticate if the DC is in Say VLAN1 and you
have users in VLAN2 or VLAN3..

I have a watchguard x550e in place that acts as the firewall.. From that
goes into a dell powerconnect 5212 which the servers are connected to then
to two other dell switches which the users are connected to..

I am pretty much re-doing the entire network so I'm wondering best practice
for optimal performance.. I'll probably be playing with the NEW network for
a while in the a test environment for learning purposes and then migrate
everyone over. Being it isn't that big of a network I kind of have that
luxury..

I am getting :

1- Dell PowerEdge 1950 this will be a Windows 2008 64 bit. This will be the
DC (AD, DHCP, DNS, printer server)

1 - Dell PowerEdge 2950 (Backup DC, SQL server)

1 - Dell Equalogic PS5000E - ISCSI SAN.

2 - Dell PowerConnect 5424 GB switches to connect the SAN to the servers..


2 older servers from old network that I'll use to do things like (Anti-Virus
server, fax server, web server, etc.)


Thanks for your input!





"Paul Weterings" <Paul-nospam-@syncpuls-dot-com> wrote in message
news:4901e6d7$0$15820$(E-Mail Removed)4a ll.nl...
> 60 users?
>
> It is very likely that the below setup is overkill, assuming the 60 users
> are not streaming video all the time, but are regular office users.
>
> I would not split up the network in subnets if at all avoidable, there's
> no reason I can think of that is worth the extra hassle in this situation.
>
> Without spending too much money I would do the following, keeping some
> level of scalability in mind.
>
> 1. two decent brand managable 48 port 100 Mbit switches for the users, you
> might want to consider vlanning depending on user activity.
>
> 2. A decent brand (juniper, cisco) router to the internet
>
> 3. Gigabit switch for the SAN backbone, assuming you are using iSCSI.
> Otherwise FC.
>
> 4. Internal IP scheme, something less obvious in the 172 or 10 range (for
> example 10.46.8.x) this will give you 254 ip addresses. (not 10.0.0.0
> please... if you ever try to connect other LAN's you'll find that they
> will have done this; forcing you to renumber) You may want to consider
> using a B class to allow for scalability.
>
> For a small setup like this the KISS principle applies.... Keep It Simple.
> The admins will thank you for it.
>
> / ) Regards,
> / /_________
> _|__|__) Paul Weterings
> / (O_) http://www.servercare.nl
> __/ (O_)
> ____(O_)
>
>
> buf1 wrote:
>> Curious on best practice for network design of a relatively small network
>> of 60 users, 5 printers, 3 servers, one storage arrray, one firewall to
>> the internet...
>>
>> I'm wondering if I split up into 2 subnets just to break it up a bit.
>> I'm thinking two switches for the SAN that connects to servers on the
>> backend.
>>
>> Then two switches (1 for each subnet) that would connect to all servers
>> Then 2 user switches that would connect users in each sub net..
>>
>> Is it over kill?? Or am I on the right track.. It's building a network
>> from scratch..
>>
>> What is best practice for private internal IP address scheme..
>>
>> Thanks.
>>

A 2nd DC or GC is good to have if you have a spare machine to use for
that.... so that users can still login if the DC has problems.



"buf" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks.. I thought that was all overkill I wanted to keep it a single
> subnet but was curious on best practice for that... Users are mostly
> office users (word, excel) We have a drafting department that does CAD
> but there are only 3 users there and they aren't doing intensive CAD or 3D
> stuff.. It's mostly file and print.. I'm moving to a SAN because we
> are doing a lot of scanning documents and image type things and will get
> more involved with that later.. I'm currently running out of space..
>
> It is currently set up in the 172.22 range... It is a Win2k domain..
> I'm moving to a Win2008 domain..
>
> In a VLAN case how do users authenticate if the DC is in Say VLAN1 and
> you have users in VLAN2 or VLAN3..
>
> I have a watchguard x550e in place that acts as the firewall.. From that
> goes into a dell powerconnect 5212 which the servers are connected to
> then to two other dell switches which the users are connected to..
>
> I am pretty much re-doing the entire network so I'm wondering best
> practice for optimal performance.. I'll probably be playing with the NEW
> network for a while in the a test environment for learning purposes and
> then migrate everyone over. Being it isn't that big of a network I kind
> of have that luxury..
>
> I am getting :
>
> 1- Dell PowerEdge 1950 this will be a Windows 2008 64 bit. This will be
> the DC (AD, DHCP, DNS, printer server)
>
> 1 - Dell PowerEdge 2950 (Backup DC, SQL server)
>
> 1 - Dell Equalogic PS5000E - ISCSI SAN.
>
> 2 - Dell PowerConnect 5424 GB switches to connect the SAN to the
> servers..
>
>
> 2 older servers from old network that I'll use to do things like
> (Anti-Virus server, fax server, web server, etc.)
>
>
> Thanks for your input!
>
>
>
>
>
> "Paul Weterings" <Paul-nospam-@syncpuls-dot-com> wrote in message
> news:4901e6d7$0$15820$(E-Mail Removed)4a ll.nl...
>> 60 users?
>>
>> It is very likely that the below setup is overkill, assuming the 60 users
>> are not streaming video all the time, but are regular office users.
>>
>> I would not split up the network in subnets if at all avoidable, there's
>> no reason I can think of that is worth the extra hassle in this
>> situation.
>>
>> Without spending too much money I would do the following, keeping some
>> level of scalability in mind.
>>
>> 1. two decent brand managable 48 port 100 Mbit switches for the users,
>> you might want to consider vlanning depending on user activity.
>>
>> 2. A decent brand (juniper, cisco) router to the internet
>>
>> 3. Gigabit switch for the SAN backbone, assuming you are using iSCSI.
>> Otherwise FC.
>>
>> 4. Internal IP scheme, something less obvious in the 172 or 10 range (for
>> example 10.46.8.x) this will give you 254 ip addresses. (not 10.0.0.0
>> please... if you ever try to connect other LAN's you'll find that they
>> will have done this; forcing you to renumber) You may want to consider
>> using a B class to allow for scalability.
>>
>> For a small setup like this the KISS principle applies.... Keep It
>> Simple. The admins will thank you for it.
>>
>> / ) Regards,
>> / /_________
>> _|__|__) Paul Weterings
>> / (O_) http://www.servercare.nl
>> __/ (O_)
>> ____(O_)
>>
>>
>> buf1 wrote:
>>> Curious on best practice for network design of a relatively small
>>> network of 60 users, 5 printers, 3 servers, one storage arrray, one
>>> firewall to the internet...
>>>
>>> I'm wondering if I split up into 2 subnets just to break it up a bit.
>>> I'm thinking two switches for the SAN that connects to servers on the
>>> backend.
>>>
>>> Then two switches (1 for each subnet) that would connect to all servers
>>> Then 2 user switches that would connect users in each sub net..
>>>
>>> Is it over kill?? Or am I on the right track.. It's building a
>>> network from scratch..
>>>
>>> What is best practice for private internal IP address scheme..
>>>
>>> Thanks.
>>>
>

On Oct 24, 2:16*pm, "JohnB" <jbri...@yahoo.com> wrote:
> A 2nd DC or GC is good to have if you have a spare machine to use for
> that.... so that users can still login if the DC has problems.
>
> "buf" <rober...@marranohomes.com> wrote in message
>
> news:%(E-Mail Removed)...
>
>
>
> > Thanks.. I thought that was all overkill *I wanted to keep it a single
> > subnet but was curious on best practice for that... * Users are mostly
> > office users (word, excel) *We have a drafting department that does CAD
> > but there are only 3 users there and they aren't doing intensive CAD or3D
> > stuff.. *It's mostly file and print.. * *I'm moving to a SAN because we
> > are doing a lot of scanning documents and image type things and will get
> > more involved with that later.. *I'm currently running out of space..
>
> > It is currently set up in the 172.22 range... * It is a Win2k domain...
> > I'm moving to a Win2008 domain..
>
> > In a VLAN case how do users authenticate if the DC is in Say VLAN1 *and
> > you have users in VLAN2 or VLAN3..
>
> > I have a watchguard x550e in place that acts as the firewall.. *From that
> > goes into a dell powerconnect 5212 which the servers are connected to
> > then to two other dell switches which the users are connected to..
>
> > I am pretty much re-doing the entire network so I'm wondering best
> > practice for optimal performance.. *I'll probably be playing with theNEW
> > network for a while in the a test environment for learning purposes and
> > then migrate everyone over. *Being it isn't that big of a network I kind
> > of have that luxury..
>
> > I am getting :
>
> > 1- Dell PowerEdge 1950 this will be a Windows 2008 64 bit. *This willbe
> > the DC (AD, DHCP, DNS, printer server)
>
> > 1 - Dell PowerEdge 2950 (Backup DC, SQL server)
>
> > 1 - *Dell Equalogic PS5000E - ISCSI SAN.
>
> > 2 - *Dell PowerConnect 5424 GB switches to connect the SAN to the
> > servers..
>
> > 2 older servers from old network that I'll use to do things like
> > (Anti-Virus server, fax server, web server, etc.)
>
> > Thanks for your input!
>
> > "Paul Weterings" <Paul-nospam-@syncpuls-dot-com> wrote in message
> >news:4901e6d7$0$15820$(E-Mail Removed)4 all.nl...
> >> 60 users?
>
> >> It is very likely that the below setup is overkill, assuming the 60 users
> >> are not streaming video all the time, but are regular office users.
>
> >> I would not split up the network in subnets if at all avoidable, there's
> >> no reason I can think of that is worth the extra hassle in this
> >> situation.
>
> >> Without spending too much money I would do the following, keeping some
> >> level of scalability in mind.
>
> >> 1. two decent brand managable 48 port 100 Mbit switches for the users,
> >> you might want to consider vlanning depending on user activity.
>
> >> 2. A decent brand (juniper, cisco) router to the internet
>
> >> 3. Gigabit switch for the SAN backbone, assuming you are using iSCSI.
> >> Otherwise FC.
>
> >> 4. Internal IP scheme, something less obvious in the 172 or 10 range (for
> >> example 10.46.8.x) this will give you 254 ip addresses. (not 10.0.0.0
> >> please... if you ever try to connect other LAN's you'll find that they
> >> will have done this; forcing you to renumber) You may want to consider
> >> using a B class to allow for scalability.
>
> >> For a small setup like this the KISS principle applies.... Keep It
> >> Simple. The admins will thank you for it.
>
> >> */ ) *Regards,
> >> / /_________
> >> * * *_|__|__) Paul Weterings
> >> * */ (O_) * *http://www.servercare.nl
> >> __/ *(O_)
> >> ____(O_)
>
> >> buf1 wrote:
> >>> Curious on best practice for network design of a relatively small
> >>> network of 60 users, 5 printers, *3 servers, one storage arrray, one
> >>> firewall to the internet...
>
> >>> I'm wondering if I split up into 2 subnets just to break it up a bit.
> >>> I'm thinking two switches for the SAN that connects to servers on the
> >>> backend.
>
> >>> Then two switches (1 for each subnet) that would connect to all servers
> >>> Then 2 user switches that would connect users in each sub net..
>
> >>> Is it over kill?? *Or am I on the right track.. * It's building a
> >>> network from scratch..
>
> >>> What is best practice for private internal IP address scheme..
>
> >>> Thanks.- Hide quoted text -
>
> - Show quoted text -

I agree with the redundant DC and GCS. I would recommend Cisco
switches if at all possible. I've deployed Dell switches and have had
problems in the past as soon as you start trying to add trunking and
VLANS. Stick with Cisco and you'll have a quality product and access
to lots of support.

As far as communicating between the VLANs you will need a router to
perform that trick. A multilayer switch such as the Catalyst 3750
will give you tons of flexibility in the future.

Hello buf,

As Paul mentioned, the configuration can be set simpler and easier to manage
with one subnet.

For your hardware setup, installing SQL on a DC is not the best option. Application's
like SQL and exchange should allways run on member servers not on DC's.

Ofcourse you should have a second DC which is also Global catalog and DNS
server(AD integrated zones) and you can also configure DHCP on both servers
in a 50/50 split, so if one DHCP is down, your clients are still able to
renew the address, if it takes longer then the half lease time to bring up
the server. http://technet.microsoft.com/en-us/l.../cc780311.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks.. I thought that was all overkill I wanted to keep it a
> single subnet but was curious on best practice for that... Users are
> mostly office users (word, excel) We have a drafting department that
> does CAD but there are only 3 users there and they aren't doing
> intensive CAD or 3D stuff.. It's mostly file and print.. I'm
> moving to a SAN because we are doing a lot of scanning documents and
> image type things and will get more involved with that later.. I'm
> currently running out of space..
>
> It is currently set up in the 172.22 range... It is a Win2k domain..
> I'm moving to a Win2008 domain..
>
> In a VLAN case how do users authenticate if the DC is in Say VLAN1
> and you have users in VLAN2 or VLAN3..
>
> I have a watchguard x550e in place that acts as the firewall.. From
> that goes into a dell powerconnect 5212 which the servers are
> connected to then to two other dell switches which the users are
> connected to..
>
> I am pretty much re-doing the entire network so I'm wondering best
> practice for optimal performance.. I'll probably be playing with the
> NEW network for a while in the a test environment for learning
> purposes and then migrate everyone over. Being it isn't that big of a
> network I kind of have that luxury..
>
> I am getting :
>
> 1- Dell PowerEdge 1950 this will be a Windows 2008 64 bit. This will
> be the DC (AD, DHCP, DNS, printer server)
>
> 1 - Dell PowerEdge 2950 (Backup DC, SQL server)
>
> 1 - Dell Equalogic PS5000E - ISCSI SAN.
>
> 2 - Dell PowerConnect 5424 GB switches to connect the SAN to the
> servers..
>
> 2 older servers from old network that I'll use to do things like
> (Anti-Virus server, fax server, web server, etc.)
>
> Thanks for your input!
>
> "Paul Weterings" <Paul-nospam-@syncpuls-dot-com> wrote in message
> news:4901e6d7$0$15820$(E-Mail Removed)4a ll.nl...
>
>> 60 users?
>>
>> It is very likely that the below setup is overkill, assuming the 60
>> users are not streaming video all the time, but are regular office
>> users.
>>
>> I would not split up the network in subnets if at all avoidable,
>> there's no reason I can think of that is worth the extra hassle in
>> this situation.
>>
>> Without spending too much money I would do the following, keeping
>> some level of scalability in mind.
>>
>> 1. two decent brand managable 48 port 100 Mbit switches for the
>> users, you might want to consider vlanning depending on user
>> activity.
>>
>> 2. A decent brand (juniper, cisco) router to the internet
>>
>> 3. Gigabit switch for the SAN backbone, assuming you are using iSCSI.
>> Otherwise FC.
>>
>> 4. Internal IP scheme, something less obvious in the 172 or 10 range
>> (for example 10.46.8.x) this will give you 254 ip addresses. (not
>> 10.0.0.0 please... if you ever try to connect other LAN's you'll find
>> that they will have done this; forcing you to renumber) You may want
>> to consider using a B class to allow for scalability.
>>
>> For a small setup like this the KISS principle applies.... Keep It
>> Simple. The admins will thank you for it.
>>
>> / ) Regards,
>> / /_________
>> _|__|__) Paul Weterings
>> / (O_) http://www.servercare.nl
>> __/ (O_)
>> ____(O_)
>> buf1 wrote:
>>
>>> Curious on best practice for network design of a relatively small
>>> network of 60 users, 5 printers, 3 servers, one storage arrray, one
>>> firewall to the internet...
>>>
>>> I'm wondering if I split up into 2 subnets just to break it up a
>>> bit. I'm thinking two switches for the SAN that connects to servers
>>> on the backend.
>>>
>>> Then two switches (1 for each subnet) that would connect to all
>>> servers Then 2 user switches that would connect users in each sub
>>> net..
>>>
>>> Is it over kill?? Or am I on the right track.. It's building a
>>> network from scratch..
>>>
>>> What is best practice for private internal IP address scheme..
>>>
>>> Thanks.
>>>

buf wrote:
> Thanks.. I thought that was all overkill I wanted to keep it a single
> subnet but was curious on best practice for that... Users are mostly
> office users (word, excel) We have a drafting department that does CAD but
> there are only 3 users there and they aren't doing intensive CAD or 3D
> stuff.. It's mostly file and print.. I'm moving to a SAN because we are
> doing a lot of scanning documents and image type things and will get more
> involved with that later.. I'm currently running out of space..
>
> It is currently set up in the 172.22 range... It is a Win2k domain.. I'm
> moving to a Win2008 domain..
>
> In a VLAN case how do users authenticate if the DC is in Say VLAN1 and you
> have users in VLAN2 or VLAN3..
>
> I have a watchguard x550e in place that acts as the firewall.. From that
> goes into a dell powerconnect 5212 which the servers are connected to then
> to two other dell switches which the users are connected to..
>
> I am pretty much re-doing the entire network so I'm wondering best practice
> for optimal performance.. I'll probably be playing with the NEW network for
> a while in the a test environment for learning purposes and then migrate
> everyone over. Being it isn't that big of a network I kind of have that
> luxury..
>
> I am getting :
>
> 1- Dell PowerEdge 1950 this will be a Windows 2008 64 bit. This will be the
> DC (AD, DHCP, DNS, printer server)
>
> 1 - Dell PowerEdge 2950 (Backup DC, SQL server)
>
> 1 - Dell Equalogic PS5000E - ISCSI SAN.
>
> 2 - Dell PowerConnect 5424 GB switches to connect the SAN to the servers..
>
>
> 2 older servers from old network that I'll use to do things like (Anti-Virus
> server, fax server, web server, etc.)
>
>
> Thanks for your input!
>

Hi buf, please follow Meinolf's advise: don't mix dc's and exchange/sql
servers.

Also: read up on your RAID levels for these servers, as you might want
to consider a mix of raid 1 and 5 for example. (on your NAS?)
I'll stop there; this is m.p.w.s.networking after all.

The Dell switches seem to have been designed with iSCSI in mind, I guess
that means they support jumbo-frames; this will increase you iSCSI
throughput. Make sure your (dedicated) nics support it too.

Since you're on the W2K and iSCSI tour: consider the future; Hyper-V
failover clustering requires iSCSI targets (the NAS) to support SCSI-3
persistent reservation. If this might be in your future; check for the
NAS to support this.

Have fun!

--

/ ) Regards,
/ /_________
_|__|__) Paul Weterings
/ (O_) http://www.servercare.nl
__/ (O_)
____(O_)