1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Corp Network Best Practices

Discussion in 'Networking' started by Lantastic, Nov 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    I'm tasked with rebuilding a corporate network. The current network is a swill of discount PC servers, PC, Macs, Unix machine etc etc. I get to build from scratch. We use a Sonic Wall firewall. I will install a web server, fileserver (maybe a NAS), FileMaker database Mac Xserver, FTP upload server and mail server.

    Question: Is it better to place the web, mail and FTP server behind the Sonic or on the WAN? I'm thinking that LAN traffic will be reduced if I manage those servers outside the LAN using their own built in firewalls.

    Thanks.

    I've attached a diagram of what I am thinking.
     

    Attached Files:

  2. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    If you don't care about the potential of these servers to get smacked by all the internet nasties, then sure.

    Depending on the size of your network, you shouldn't worry about LAN/layer 2 traffic performance. If you're talking about hundreds of host devices and/or lots of broadcast type traffic, then sure plan on optimizing your LAN set up. I would place the servers on another LAN segment which would be a different VLAN for best practices and security.
     
  3. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    Thanks for your help. I've become the accidental Network Admin, a good position but I'm out of my comfort zone a bit. I need to educate myself. Is it sufficient to simply segment the LAN via switches? or do I need to optimize software somehow as well.
     
  4. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    Segmenting your LAN with additional switches only extends the number of ports you have to expand out your collision domains. It does nothing to segment broadcast domains. This is assuming you are ONLY using unmanaged switches or managed switches with ONLY one VLAN configured.

    First, you need to give more information about your network. You need to state how many host devices you have as a starter. Then talk about the type of application traffic you are dealing with. Don't create a problem from nothing. As it seems you are going after performance optimization when there might not be any performance issues to begin with.
     
  5. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    OK, thanks again. I'll gladly provide details about the network, switches, servers, etc, but I don't want to press upon your time nor take advantage of your hard earned expertise. You've been very kind thus far.... but, if you like this kind of challenge, I'll post more info for you to look at.
     
  6. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    Go ahead and post up the details of your network.
     
  7. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    Here you go, with 2 attachments. 98 devices, 5 unmanaged switches. The map is generated by Intermapper.
     

    Attached Files:

  8. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    Looking at your PDF diagram, I don't understand what some of the various icons represent. I assume workstations.

    Do you have dual links to the backbone switch from each of the access switches?
     
  9. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    Yes, most of the nodes are PCs but there are quite a few output devices as well. The cluster in the top left is a stand-aone network for some proprietary output devices. There is a second Nic back to the primary LAN from one workstation though.

    I'll have to ask the facilities person tomorrow about the dual links. He installed and configured them but he is out today. Some of the hardware is in the ceiling. Thanks again for your time, I'll post again tomorrow with more info.
     
  10. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    You can look at the switch and see if there are dual connections from the uplink ports to your backbone switch.

    As far as the output devices, I assume these are printers.
     
  11. Lantastic

    Lantastic Thread Starter

    Joined:
    Nov 26, 2010
    Messages:
    6
    Yes, the switches are multiplexed. Output devices are office printers, plotters, large format printers. We move some very large files around the network... gigabit size.

    Correction: Just spoke to the facilities guy. They are not multiplexed. The switch pairs are daisy chained back to the main connect. the net diagram is a little confusing. The main "burst" in the center represents the entire 10.19.78.xx network. The main connection switch is titled "Main Connect".
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/964846