Networking considerations

Disaster Prevention on a network comes in the form of UPS, Uninterrupted Power Supply, and regular security training.

Physical/Facilities

Where does the IT gear go (server room, closet, etc)? Rack(s) for all the gear. Power (UPS? Generator?). HVAC to keep it all cool.

Connections from the main room to any satellite network locations (if you have a large facility).

Network cables to the workstations. Phone lines. Cable management.

All Server Equipment will need to stay between 59-89.6 degrees Fahrenheit.

I.E. any pipes that need to be installed underground for cabling.

Where is the locations of your end devices, IE, computers, phones, printers. Where will they be and how much cable will you need to run?

Core Services

First in concertation because these things are the "living" requirements for your network, its life support, as well as the nerve system for data flow.

Active Directory

DNS

DHCP

SSH

How many exactly starting end devices will there be and how much cable will it take to connect them all?

Group Policy Management

Will there be permission levels and to who and for what?

Who will Administer the permissions?

Role Base Integrity

For best security practices, you want to divide and rotate high level admin rolls. For further security further divide responsibilities into tiers

Tier 1: High level of trust and skill required. Rotate Active Directory, Exchange, CA Servers ect.

Tier 2: Apprentice level "employee" with proven trust. Rotate between Member Services like Application Servers, Databases ect.

Tier 3: Incumbent IT skills, new to community or team in general. Run help desk, fix workstations and end devices, run basic security scans and minor corrections.

Who will do this in the future?

Who on site will do this in the future?

In a single forest multi-domain model (one site), typically the root domain should act as the Resource Domain, which hosts critical infrastructure like CA servers, Exchange, Lync, ADFS etc.

For large enterprises which are spread globally, the domains should ideally be based on regions.

Your AD Sites and Subnets should represent the actual datacenter locations, offices, and network topology, as closely as possible.

each site must have at least one Global Catalog (GC).

How Much cable will we need to connect all the buildings on the site?

What equipment will be used to ensure hardware integrity?

What kind of critical infrastructure will this network support?

To avoid a single point of failure, you can configure two or more DHCP servers to serve the same subnet. If one server fails, the others can continue to serve the subnet

Best Security practices is to have designated DHCP server working in tandem with a logical one, is it worth the $ for the extra security?

SSH will provide you administrators with access your network. This is both a powerful tool and and additional point of weakness in an overall security perspective.

There are many ways to use SSH, I recommend having dedicated laptops that DO NOT contain wireless NIC's that can be plugged into any sever port with admin authentication.

Another recommended method of SSH is having a designated secure rooms acting as either cable based or wireless access points

What kinds of physical security measures do you want to integrate into your network? I.E. Biometrics, security guards, locked doors, radio frequency range limitations ect.

Dose the cost benefit of having external connection for network administration out weigh the added security risk? "Frank says yes'"

Applications

What kinds of software's, Services, applications, and or equipment's will be ran on this network?

How much data will the software's, services, applications and/or equipment's peing provided take up in GB or TB's?

Exchange

On you privet network, you will most likely want to have an internal, as well as an external email account for each user. The internal email account would exist with in security confines of the network and would allow for document exchange where as the external email would be for PR and collaborative efforts. and would not allow for documents to be pulled from the network for sharing.

Each email account will come with it's own dedicated storage limitations. How much data do you wish each user to have in the form or dedicated mail space?

Second in consideration because without the understanding of core services, there is no way to assemble realistic expectations for network demand. That understanding translates to hardware requirements, that translates into cost analysis.

Hardware

Router

Switch

Firewall

Wireless?

Data Base

Disaster Prevention

Workstations

Disaster Recovery

Wireless Access points are a missive security risk if not properly contained with in a specified range that is only accessible by those we wish to access it.

Is the convenience worth the security risk? Unless you are properly insulating a room, or the router is on privet property and the range has been adjusted to all signals are within the property, Frank votes no on this one.

Routers come in many shapes and sizes. and can do many of the jobs required for a secure network. You can save money here by consolidation of any wireless functionality, and/ or your firewall.

Is it worth the reduction in cost to consolidate any firewall or wireless functionality here? Note: the less hardware in use, typically the less points of failure a network has.

With numbers like 8 million end users being tossed around, I recommend prioritizing growth when concentering hardware. Key terms I would look for, Multi-Stacking capable, probably want 48 ports.

How many workstations and end devices will be on the network at launch?

You will need a blade server and hard drives to store any/all applications, web hosting, software ect... We will need a fairly accurate data analysis to ensure we have enough storage to maintain and expand.

You can almost always get bigger hard drives if need be, however you will always be limited to the number of slots on your blade server. So I recommend spending the money upfront on a nice blade server with lots of slots, and save by buying hard drives as needed.

Disaster recovery for a network means scheduled data backups. To retain 100% data integrity at a minimum double the storage you are actively using. However in a bare minimum backup environment if your backups fail, so dose the recovery.

In a larger enterprise environment I recommend dedicated backup servers with multiple copies of all data available on a weekly backup schedule. Daily for high priority data.

Disaster Prevention on a network comes in the form of UPS, Uninterrupted Power Supply, and regular security training.

I recommend an ups with at least 30 mins run time so any power loss to the network will still allow time for a proper shutdown. Network user training would protein to email hacking, physical security and security protocols via email and occasionally a classroom.

When choosing end devices like computers, you will need to concenter the minimum performance requirements for your most demanding applications. Once you know that, select a device that will meet your requirements and try to contract with their provider.

What other share resources will be implemented via this network? Printers, Engravers, ect.

Third in consideration because this will comprise the bulk of your startup cost, minus labor. By this point you should already have a good idea of the kind and amount of data you will be moving on your network.

What are the core applications/software that will ne utilized on the network?

Do you want a designated piece of hardware as your firewall? Increases security, increases cost.

Who will be your security service provider? I recommend McAfee or Norton.

Assembly

When building the budget, leave 5-10% avalible for your hardware for brackets, mounts

How will the servers be assembled? Wall mounted, Standing cabinets, dedicated room ect.

Logical Network

How will you prioritize data flow? What packets will get pathing priority if any.

Will there be "classifications" for data? IE levels of accessibility, permissions for modification of documents, permissions to add/delete data ect.

What kinds of security enforcement will your network run? IE forced password rules and changes, encryption ect.

What kind of growth schema will you be using? How will you disseminate responsibility between sites and servers? What dose your "forest" look like?

Just like your data should have a backup, so should your important role servers. What kind of redundancy do you want to run for your servers?

If you will be hosting large data usage platforms like video calling, what kind of bandwidth requirements need to be considered?

Will you require towers for things like broadcasting or direct satellite communication?

Forth in consideration because these although important, do not directly impart the ability to create a network.

Legal Considerations

How will you hold users accountable for their actions on your network, so that you are not?

Will you be holding credit card info, and if so, how are you going to ensure that data?

With the intention to integrate digital currency, what kind of legal obligations must be met?

What contracts will users be signing upon acquiring a user account?

created by
Franklin Tyler Sheffield