<

Design, configure and operate the IT infrastructure for a SMB (or a startup group) - Part 1

Published on
3,254 Points
254 Views
Last Modified:
Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).

I will try to minimize the cost as much as possible by using Linux distributions in all main servers; so we don't have to buy the licenses for Windows servers, and only need to purchase licenses for Desktop/Laptop of users. Or you can train them to use Ubuntu (it's free, fancy and fun to hand on :-)


This article will be described in several parts. Part 1 is network design and BoM (Bill of Material); firstly we will start with a network diagram. Here is my ideal, created by MS Visio:



For the BoM, here we are:


Descriptions Physical   devices Features Estimated   Price ($)
Core switch Cisco WS-C2960L-16TS-LL
- 16 x 10/100/1000 Ethernet ports + 2 SFP Gigabit ports.
ARMv7   800 MHz/512 MB/256 MB
- Forwarding/Switching   bandwidth = 18/36 Gb/s
- Security with 802.1X support for connected devices, Switched Port   Analyzer (SPAN), and Bridge Protocol Data Unit (BPDU) Guard, SSH, ACL
- Basic Layer 3 features with Static routing and Routing Information   Protocol (RIP)
- Management: VLAN, DHCP, QoS, DTP, PAgP, LACP, VTP, NTP


650
Server switch CISCO Catalyst 2960 WS-C2960S-24TS-S
- 24 x network, Ethernet 10Base-T/100Base-TX/1000Base-T, RJ-45 , 1 x   USB, 4 pin USB Type A , 1 x USB, mini-USB Type B , 1 x management, console,   RJ-45
- Layer 2 switching, DHCP support, auto-negotiation, BOOTP support, ARP   support, load balancing, VLAN support, auto-uplink (auto MDI/MDI-X), IGMP   snooping, Syslog support, DiffServ support, Broadcast St


1000
User/LAN switch CISCO Catalyst 2960 WS-C2960-48TC-S
- 48 Ethernet 10/100 ports and 2 dual-purpose uplinks (each   dual-purpose uplink port has 1 10/100/1000 Ethernet port and 1 SFP-based   Gigabit Ethernet port, 1 port active)
- SPAN, CiscoView, Cisco Discover Protocol (CDP), Virtual Trunking Protocol   (VTP), Telnet Client, BOOTP, TFTP, CiscoWorks, CWSI, RMON, SNMP, Clustering,   Web-Based Management

650
Firewall (Sophos XG Home edition (free)   installed)
Server Lenovo x3100 M5 (5457B3A) + 2 x IBM   500GB 7.2K SATA 3.5in Simple-Swap HDD

- Processor: Intel Xeon 4Core E3-1220v3 (8M Cache 3.1GHz)
- Memory: 4GB DDR3-1600MHz (PC3-12800) ECC UDIMMs
- Hard Drives: Option ( up to 04 HDD SATA 3.5” simple-swap )
- RAID Controller: ServeRAID C100 RAID (0,1)
- Network Controller: Dual Gigabit Ethernet
- Optical Drive: DVD ROM
- Power Supply: 1 x 350Watts fixed
- Form Factor: Tower 4U
850 + 2x135 = 1120
Mail server (iRedMail) Server Lenovo x3100 M5 (5457B3A) + 4 x IBM   1TB 7.2K SATA 3.5in Simple-Swap HDD 850 + 4x175 = 1550
Monitoring server (Zabbix)
Server Lenovo x3100 M5 (5457B3A) + 2 x IBM   500GB 7.2K SATA 3.5in Simple-Swap HDD

850 + 2x135 = 1120
Shared File server (FreeNAS)
Server Lenovo x3100 M5 (5457B3A) + 4 x IBM   1TB 7.2K SATA 3.5in Simple-Swap HDD

850 + 4x175 = 1550
IP PBX server (Asterisk)
Server Lenovo x3100 M5 (5457B3A) + 2 x IBM   500GB 7.2K SATA 3.5in Simple-Swap HDD

850 + 2x135 = 1120
NAS Storage (XPenology)
Server Lenovo x3100 M5 (5457B3A) + 4 x IBM   1TB 7.2K SATA 3.5in Simple-Swap HDD

850 + 4x175 = 1550


So the total cost is $ 9,190. It is not cheap but I think it is reasonable for a scalable and secured system.


That is the end of part 1, in the next post we will configure the network devices (Firewall Sophos and Cisco switches). The simulation will be done on Vmware Workstation and Packet tracer/GNS3. See you then!


You can find other resources here:


Configure Monitoring server (Zabbix)


I hope you found this article helpful.


This article will be updated with a link to Part 2 of the series once it has been written and published.


I invite you to ask any questions and leave any comments you may have below.



0
Comment
Author:Tjno
0 Comments

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Next Article:

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month