I'm after some advice on the best network design approach for my new network.
I have 5 Servers about 30 client PCs. Two of the servers are domain controllers running DHCP and DNS, two are data file servers, and the other one will be WSUS/whatever else is needed.
Of the 30 PCs 22 are Production machines split into two groups. The first 11 all point to server 1 to get their data, the second lot point to server 2 to get their data. The remaining are non-production machines used for internet access, email etc.
I have 2 3com 2900 (2928) Switches each with 24 ports, and a Draytek router providing internet access.
Here’s what I’d like to achieve;
I don’t want any of the production machines, the DCs, or the data servers to have internet access (inbound or outbound). I would like the 5th server, the WSUS server to have internet access and be available to the other machines to get their updates.
I would like to have some way of providing internet only access to some machines (i.e. can’t see the rest of the network)
I would like another group of PCs, I.e my own PC, that I can use to administer the other devices on the network but also have Internet access.
Ideally, if possible, I would like to use these switches in some sort of failover configuration, but I’m not sure of the right acronym to look up???
I’m under the impression I might be able to do this with VLANs, but I’m not sure how best to approach this. I.e. should my group 1 PCs go into a VLAN with Server 1, and the same for server 2?
OR are my requirements too much for what I have? I.e. Do I need to introduce some sort of DMZ or network access product?
Looking forward to your ideas, Thanks in advance.