Please enable JavaScript.
Coggle requires JavaScript to display documents.
Networking considerations, Physical/Facilities, created by
Franklin…
-
Physical/Facilities
Core Services
Active Directory
Group Policy Management
-
Role Base Integrity
For best security practices, you want to divide and rotate high level admin rolls. For further security further divide responsibilities into tiers
Tier 1: High level of trust and skill required. Rotate Active Directory, Exchange, CA Servers ect.
-
Tier 2: Apprentice level "employee" with proven trust. Rotate between Member Services like Application Servers, Databases ect.
-
Tier 3: Incumbent IT skills, new to community or team in general. Run help desk, fix workstations and end devices, run basic security scans and minor corrections.
-
DNS
In a single forest multi-domain model (one site), typically the root domain should act as the Resource Domain, which hosts critical infrastructure like CA servers, Exchange, Lync, ADFS etc.
For large enterprises which are spread globally, the domains should ideally be based on regions.
-
Your AD Sites and Subnets should represent the actual datacenter locations, offices, and network topology, as closely as possible.
-
DHCP
To avoid a single point of failure, you can configure two or more DHCP servers to serve the same subnet. If one server fails, the others can continue to serve the subnet
Best Security practices is to have designated DHCP server working in tandem with a logical one, is it worth the $ for the extra security?
SSH
SSH will provide you administrators with access your network. This is both a powerful tool and and additional point of weakness in an overall security perspective.
There are many ways to use SSH, I recommend having dedicated laptops that DO NOT contain wireless NIC's that can be plugged into any sever port with admin authentication.
Dose the cost benefit of having external connection for network administration out weigh the added security risk? "Frank says yes'"
Another recommended method of SSH is having a designated secure rooms acting as either cable based or wireless access points
What kinds of physical security measures do you want to integrate into your network? I.E. Biometrics, security guards, locked doors, radio frequency range limitations ect.
Applications
What kinds of software's, Services, applications, and or equipment's will be ran on this network?
How much data will the software's, services, applications and/or equipment's peing provided take up in GB or TB's?
-
Exchange
On you privet network, you will most likely want to have an internal, as well as an external email account for each user. The internal email account would exist with in security confines of the network and would allow for document exchange where as the external email would be for PR and collaborative efforts. and would not allow for documents to be pulled from the network for sharing.
Each email account will come with it's own dedicated storage limitations. How much data do you wish each user to have in the form or dedicated mail space?
Second in consideration because without the understanding of core services, there is no way to assemble realistic expectations for network demand. That understanding translates to hardware requirements, that translates into cost analysis.
Hardware
Router
Routers come in many shapes and sizes. and can do many of the jobs required for a secure network. You can save money here by consolidation of any wireless functionality, and/ or your firewall.
Is it worth the reduction in cost to consolidate any firewall or wireless functionality here? Note: the less hardware in use, typically the less points of failure a network has.
Switch
With numbers like 8 million end users being tossed around, I recommend prioritizing growth when concentering hardware. Key terms I would look for, Multi-Stacking capable, probably want 48 ports.
-
Firewall
Do you want a designated piece of hardware as your firewall? Increases security, increases cost.
-
Wireless?
Wireless Access points are a missive security risk if not properly contained with in a specified range that is only accessible by those we wish to access it.
Is the convenience worth the security risk? Unless you are properly insulating a room, or the router is on privet property and the range has been adjusted to all signals are within the property, Frank votes no on this one.
Data Base
You will need a blade server and hard drives to store any/all applications, web hosting, software ect... We will need a fairly accurate data analysis to ensure we have enough storage to maintain and expand.
You can almost always get bigger hard drives if need be, however you will always be limited to the number of slots on your blade server. So I recommend spending the money upfront on a nice blade server with lots of slots, and save by buying hard drives as needed.
Disaster Prevention
Disaster Prevention on a network comes in the form of UPS, Uninterrupted Power Supply, and regular security training.
I recommend an ups with at least 30 mins run time so any power loss to the network will still allow time for a proper shutdown. Network user training would protein to email hacking, physical security and security protocols via email and occasionally a classroom.
Workstations
When choosing end devices like computers, you will need to concenter the minimum performance requirements for your most demanding applications. Once you know that, select a device that will meet your requirements and try to contract with their provider.
What other share resources will be implemented via this network? Printers, Engravers, ect.
Disaster Recovery
Disaster recovery for a network means scheduled data backups. To retain 100% data integrity at a minimum double the storage you are actively using. However in a bare minimum backup environment if your backups fail, so dose the recovery.
In a larger enterprise environment I recommend dedicated backup servers with multiple copies of all data available on a weekly backup schedule. Daily for high priority data.
Third in consideration because this will comprise the bulk of your startup cost, minus labor. By this point you should already have a good idea of the kind and amount of data you will be moving on your network.
Assembly
When building the budget, leave 5-10% avalible for your hardware for brackets, mounts
How will the servers be assembled? Wall mounted, Standing cabinets, dedicated room ect.
Logical Network
-
What kinds of security enforcement will your network run? IE forced password rules and changes, encryption ect.
What kind of growth schema will you be using? How will you disseminate responsibility between sites and servers? What dose your "forest" look like?
Just like your data should have a backup, so should your important role servers. What kind of redundancy do you want to run for your servers?
If you will be hosting large data usage platforms like video calling, what kind of bandwidth requirements need to be considered?
-
Forth in consideration because these although important, do not directly impart the ability to create a network.
Legal Considerations
How will you hold users accountable for their actions on your network, so that you are not?
-
Will you be holding credit card info, and if so, how are you going to ensure that data?
With the intention to integrate digital currency, what kind of legal obligations must be met?
Where does the IT gear go (server room, closet, etc)? Rack(s) for all the gear. Power (UPS? Generator?). HVAC to keep it all cool.
-
-
-
First in concertation because these things are the "living" requirements for your network, its life support, as well as the nerve system for data flow.
-