Building Small Office Network

Hi All,

I am in the process of building new small office (50 users) and need some advice.

Initially I wanted to implement this -

2 r610's DELL servers with 32 GB RAM combined and Dual Q-core processor.
1 Power Vault MD3000i 4.5TB
APC Smart-UPS 3000VA XL
VMWare Vsphere 4.0
EBS 2008 STD - Server, Exchange, Security.
HP Procurve Switch 24 Port OR PowerConnect 6224, 24  Ports
Juniper Networks SSG 5 (SB-M)

As you can see with the above components are set to accommodate 50+ users with CRM - SalesForce ( Web based ) and daily tasks with Exchange. I believe that is all I need to get them up and running. However, the cost is about $50000 with licenses included, due to an extra server for exchange and a box for primary server roles.

So I guess my questions are:

1. Should I rely on the built in security from EBS and the Gateway to filter and protect or should I get a dedicated equipment ( if so what is Ideal for us? )

2. Is there an alternative option for me to go with instead of VMware and what would that be? ( 3 - 4 physical servers and what should i go with? )

3. Our current equipment is OUTDATED ( P4 servers ) - So I need a solid solution yet ''cheap'' at the same time - Margin is from $30000 - $40000

I would like some help on making the right choices here to help setup a solid network as well be able to accommodate the growth of the company.

Your help, thoughts and suggestions is MUCH appreciated.
Who is Participating?

Well my first impression after reading your needs is that the hardware you listed will be more than enought.
Let me first tell you my experience with a really similar project i started about a year ago,
We needed a scalable infrastructure for 40+ users in a diferent office locations, we are not providing exchange services but we are serving windows domain related services, ERP applications and huge shared storage to all users.
What we planned and implemented was a vmware 3 infrastructure with 1 vCenter and 2 ESXi Hosts attached to the same disk array you mentioned, the Dell's MD300i.
After a year running that infrastructure i can say that has been a real success, we had a really low amount of performance problems and almos there's no maintenance.

Now let me answer your questions,

>1. Should I rely on the built in security from EBS and the Gateway to filter and protect or should I get a >dedicated equipment ( if so what is Ideal for us? )

I guess you mean rely on EBS for intrusions on your network, well i think, the answer is if you can i will install a real firewall for your whole network, assuming that you will virtualize all the infrastructure, you can easily get a prebuilt Firewall virtual machine appliance and then customize to fill your needs,
I will recommend a Linux one, either for security and performance, distribution and way to configure it will depend on your iptables strenghts ;)  but if you want to get a ready to deploy firewall system you can look at ipCop : 
There's a lot more like it, but that is really simple to use (has a nice web interface)

>2. Is there an alternative option for me to go with instead of VMware and what would that be? ( 3 - 4 >physical servers and what should i go with? )

Yes, getting Vmware can seem expensive at the beggining, i took the same considerations but after calculating the TCO we finally went for vmware, it has a lot of advantages that for shure you already know, for me the most importants are the possibility to dinamically grow in terms of disk space and CPU without almost 0downtime and really fast (using thin disks), also, in terms of backups and disaster recovery plans you will see everything seems simpler.
What i mean is, if you calculate the real expense over the years (we took 3 for our study) you will see a solution with vmware its cheaper at the end.

You can for sure go with any other virtualization platform (xen,citrix..) we went for vmware because, first is used for about 70% of the business infrastructures, and most of the hardware are tested and verified for vmware, and that means less problems on the setup process and a lot of support on it.

>3. Our current equipment is OUTDATED ( P4 servers ) - So I need a solid solution yet ''cheap'' at the >same time - Margin is from $30000 - $40000

Where maybe you can save some $$ is on the servers, i really think you don't need all that horsepower to start, which Vmware license are you thinking to choose?  in my case whe took the 6cpu's one and we are running about 12 VM's using 2 servers, each with: 1cpu(4core) 12G Ram. And in our office's at one day of full activity hosts are at about 60% of capacity ;)
The good thing using vmware is that you can start with a simpler HW infrastructure and keep growing as your need, buying more ram and more servers when you start to need it paying less for the same hw. And there's no reconfiguration on the VM's!

btw, if you go for vmware dont forget the vCenter setup, you can either virtualize it or use a separate server.  If you choose to virtualize it, be sure to get a vmware license with v-motion

Hope it helps

>1. Should I rely on the built in security from EBS and the Gateway to filter and protect or should I get a >dedicated equipment ( if so what is Ideal for us? )

I would not use EBS itself as a "firewall" or security device.

Going with Microsoft's TMG (Forefront) [formerly ISA Server] has no hidden on-going subscription cost.  Once you pay for it,'s yours,...your done,...updates are free.  Pretty much all other Firewall products out there have never-ending ongoing year after year subscription costs that may be several thousand dollars a year.

TMG comes in both a Hardware Appliance and a PC (Server) based format.  Celestix is probably the leading producer of hardware versions of TMG, although there are others.
SEHCAuthor Commented:
- Nergik, thanks for your detailed response. I would like to go with the VM solution, however the budget is not allowing me to. I will need to go with 3-4 physical servers now. I'm looking at the DL160 from HP.

- Exchange
- DC
- Shares

Can you suggest what be an ideal setup - I can setup one of the old servers to be the back DC but would the DL160 be good enough for 50+ users?

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

SEHCAuthor Commented:

EBS comes with the ForeFront security Management Gateway - its part of the bundle.
Yes, but the question is do you want to run that or have the Firewall separated onto its own device?  If a different device, then TMG on a separate device may be more economical than other Firewall products with the ongoing subscription costs.  Your choice,...just giving you options to check into.
Actually, now that I think about it,...does the TMG run on its own device with the EBS "model"?  With SBS it was all on one box,..but EBS?  That may be the answer there,...if it runs on a separate device then all you need is the hardware, other additonal cost.
SEHCAuthor Commented:
I believe you can install it as a separate role yes.
Then that is what I would do.  Get a separate box for that,.., will be the only duel-homed box,...load the OS,..make it a domain member,...install TMG on it.

Before ISA goes on the box, configure the machine according to these guidlines.  This is in the context of ISA2006 and Server2003, you may have to translate a little of it into Server2008 with TMG. Below that is a couple other links of interest.

Recommended Network Card Configuration for ISA Firewall Servers

Best Practices for Configuring ISA Server Networks

Debunking the Myth that the ISA Firewall Should Not be a Domain Member
can you post the DL160 configuration you are evaluating? i mean, amount of nic's,ram,cpu's..

i dont know if you can post your budget also here, but i will be happy to help you finding the best hw/sw configuration that fits in...  also, which is the expected user growht over the time?

best regards
SEHCAuthor Commented:
So far this is what I have for the DL160,

Processor speed: 2.00 GHz
Number of processors: 1 processor
Processor front side bus : 800 MHz Front Side Bus
Internal Cache: 4 MB Level 3 cache
Standard memory: 8 GB
Network interface: HP NC362i Integrated Dual Port Gigabit Server Adapter
Internal hard disk drive: 500 GB

That;s the basic configuration, exchange will have 16 GB memory and Data server will have 1TB HD space.

My budget range is from $25000 - $30000 including the licesning and the software. Growth isn't a concern now, but needs to be considered. I'm also getting quotes on the r410's from DELL for comparison.

for the network I have,

HP ProCurve 24 Port Switch
Juniper Networks SSG 5 (SB-M

SEHCAuthor Commented:
Sorry forgot to add Raid 1 configuration
Hello,  i think those configurations will be enought for the user needs, maybe the 16G ram for the exchange server is far more than you need, but its ok...

But looking at your budget im not sure that you cant afford a virtualitzation solution,
let me tell you what i get less than a year ago and how much did it cost us,
We bought everything to Dell in Spain,

* DELL MD3000i  with 6 disks S.A.S. at 10.000rpm of 600GB each
" Dell Switch Gigabit  - 8 ports manageable
" vmware® Foundation with virtualCenter License (for up to 6 CPU)

Price was about 11000 euro -> 15.000 $

You will need to add two servers to run ESXi (we already had them) and some more network hardware,  plus exchange licenses, but with 15000$ more probably you will have enought...

Which was the quote that your provider send you for the initial hardware configuration idea?  

SEHCAuthor Commented:
It was over budget - I'm looking into 3 physical servers now.

This is what I have from DELL website.

1.       Server - DC  - Price  $4,992.00 - 2 processor - 8 GB RAM- 2 * 146 GB 15K HD - Raid 1 Configuration
2.       Server - Exchange - Price  $5,672.00 - 2 processor - 8 GB RAM- 2 * 300 GB 15K HD - Raid 1 Configuration
3.       Server - Forefront - Price $4,203.00 - 1 Processor - 4 GB  2 * 146 GB 15K HD  Raid 1 Configuration

All Server come with 3 Year ProSupport for IT 4HR 7x24 Onsite: Non Mission Critical [Included in Price]


I will be running one of our old servers to be our back up server, so the total with all software and network equipment and licensing comes to approx $31000.

The Difference between HP and DELL servers, is that DELL have the servers pre-configured hardware wise. HP everything is sold separately.

I really like the Dell stuff myself.
im sorry for being late answering,
well i see, so i think the hw you are evaluating now its ok for your short/mid term needs
you always can reuse the same hw in a future for vmware virtualitzation, you will 'only' need to get a disk array,some more ram and the vmware/other licenses... (is what we did,converting phisical machines to vm its a really easy and automated process)
So i'll feel confortable with it.

Is there something else i can help you with?
SEHCAuthor Commented:
I may have other question, but for now I have all that I need - thanks for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.