Small Business Network Design & Security

Posted on 2011-04-18
Last Modified: 2012-06-27
I'm setting up a network for a small business and would really appreciate any suggestions on how to do this in a secure and scalable way.

physical hardware:
(haven't bought any hardware yet, want to make sure they are good scalable choices)

Astaro Security Gateway 220 (firewall, proxy, ids/ips, remote access...)
Astaro AP10 Wireless AP (Add-on for ASG 220)
ESX Server1 (Main) Dell R710 -48GB RAM  -2 QuadCore Xeon Processors -6 HDDs Raid 5
ESX Server2 (Backup/Update Appliances) Dell T610 -20GB RAM  -2 QuadCore Xeon Processors -6 HDDs Raid 5
Rackable Cisco Router w/ACLs (need hardware recommendations)
Cisco Switch SR224G
Thin Clients (need hardware recommendations)
Dell Precision T3500 (x2)

Required Software:

SAS Statistical Software
MS Office
Revision Control/Digital Signature Software

Other Info:

Web Hosting/Email with Hosting Company (suggestions welcomed)
Secured Network Backup Hosting (to alleviate compliance requirements--suggestions welcomed)

I'm unsure about the best & most secure way to configure the pNICs, vSwitches, and VLANs
 Draft -Suggestions Greatly Appreciated
I would be very grateful for any suggestions/recommendations on how to do this in a secure scalable way. Thank you in advance for your help.

Question by:-DK
    LVL 116

    Expert Comment

    by:Andrew Hancock (VMware vExpert / EE MVE)
    What quickly I notice, no SAN (shared storage), for resilience, availability and scalability!
    LVL 116

    Expert Comment

    by:Andrew Hancock (VMware vExpert / EE MVE)
    email hosting - have a look at Microsoft BPOS

    Thin Client hardware - Wyse.
    LVL 17

    Expert Comment

    Web hosting - rackspace
    Office 365 instead of office

    Author Comment

    RE: hanccocka
    Good Catch, Thank You!
    Would a separate partition/LUN on ESX Server1 be sufficient for Shared Storage ?
    (e.g. LUN1-VMs, LUN2-SharedStorage --both 3disks each/raid 5)
    Or do you recommend an actual physically separate SAN?

    ESX Server2 will be doing VM Backups & Updates and will have a LUN for NAS

     I'm trying to keep cost down and don't think we need VMotion as we will be doing daily remote backups?

    Microsoft BPOS looks great and having SharePoint would definitely be nice!

    Thank you!

    RE: sgsm81
    Rackspace looks good since I won't need the extras provided by HostGator, Office 365 looks interesting, I need to check the system requirements for the SAS statistical software to make sure it's supported.

    Thank you!

    For the physical NIC connections on the ESX servers, does that look okay?
    Is the ESX#1 vSwitch with pNIC3 okay? Is ESX#2 vSwitch with pNIC1 look okay?

    Any recommendations for VLANs & security,  should I use them?
    LVL 116

    Accepted Solution

    Well, do you get a SAN or don't you. A lot of your budget will end up being spent on VMware ESX licenses, do you intend to purchase vSphere vCenter to manage the two ESX servers?

    If you don't want to do vMotion, DRS or HA - okay, but you need to think about DR, and all eggs in one basket secenerio, when the Dell 710 breaks! With shared storage this is easy, as you can quickly bring machines online, with shared storage otherwise think about how you would do it! (replication!)

    A host ESX server for Backups - umm costly license.  Have you thought about what backup software? Where will you backup to Tape or Disk, do you need then to backup the VM backups to tape for Offsite storage? Veeam Backup and Replication can backup and rteplicate the VMs to another ESX host server. (Veeam is the world leader), or use VMware vDR (if you get the correct license). Are you going to purchase VMware licenses or use free VMware ESXi.

    6 HDDs - RAID 5 - performance can be slow, RAID 10 is better, also remember that ESX/ESXi also has a VMFS 2TB-512byte limit, so a Dell H700/H800 card is better, so you can build a large array with your 6 disks, and then carve up into smaller VDs, 500-800GB, for ESX support, or you'll have to use extents.

    Unless your organisation bans the use of VLANS, I would use them. There are secure!

    I would team up at least 2 pNICs (more if more bandwidth required), trunk and etherchannel, and run VLANs, makes life similiar, however if you don't like the use of VLANs, and want to use physical make sure you team your pNICS.

    I think I would also be inclined to purchase two indentical servers for ESX hosts, and use all the resouces of both for your environment, managed with vCenter, and Veeam Backup and Replication.

    Iron Mountain or GigasoftDatabackup for Online Secure Storage.

    anyway some thoughts for you to consider, and get the grey matter working.

    Author Closing Comment

    Thank you so much, It's been a while since my VMware class and your advice is very helpful.

    I was originally planning on using ESXi (free edition) on both and backing up the data from ESX#1 to ESX#2 (using a free virtual appliance) and storing it in the NAS LUN and doing daily remote backups so that worst-case-scenario, we would only lose 1 day of data
    ....But after your suggestion, my original way could have been one of those 'when cheaper becomes more expensive' situations, so thank may have saved me from a lot of costly problems in the future.

    And thank you for the hardware & off-site backup recommendations.

    I truly appreciate you taking the time to help me with this.

    Thanks again,
    LVL 116

    Expert Comment

    by:Andrew Hancock (VMware vExpert / EE MVE)

    No problems, always here to advise, as well as the other VMware Experts.

    Further information for you, using the FREE versions of ESXi, you will have problems backing up the virtual machines using the VMware APIs, using third party backup utilities, because the APIs are not available to the utilities in the free version of ESXi. So you would be wise to investigate VMware Essentials Kits for ESXi, or at least get basic licenses for ESXi, so you can at least backup the VMs, using e.g. Veeam Backup and Replication, which is approx $500 per processor, per ESX host server.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
    If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
    Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
    Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now