Small Business Network Design & Security

Posted on 2011-04-18
Medium Priority
Last Modified: 2012-06-27
I'm setting up a network for a small business and would really appreciate any suggestions on how to do this in a secure and scalable way.

physical hardware:
(haven't bought any hardware yet, want to make sure they are good scalable choices)

Astaro Security Gateway 220 (firewall, proxy, ids/ips, remote access...)
Astaro AP10 Wireless AP (Add-on for ASG 220)
ESX Server1 (Main) Dell R710 -48GB RAM  -2 QuadCore Xeon Processors -6 HDDs Raid 5
ESX Server2 (Backup/Update Appliances) Dell T610 -20GB RAM  -2 QuadCore Xeon Processors -6 HDDs Raid 5
Rackable Cisco Router w/ACLs (need hardware recommendations)
Cisco Switch SR224G
Thin Clients (need hardware recommendations)
Dell Precision T3500 (x2)

Required Software:

SAS Statistical Software
MS Office
Revision Control/Digital Signature Software

Other Info:

Web Hosting/Email with Hosting Company (suggestions welcomed)
Secured Network Backup Hosting (to alleviate compliance requirements--suggestions welcomed)

I'm unsure about the best & most secure way to configure the pNICs, vSwitches, and VLANs
 Draft -Suggestions Greatly Appreciated
I would be very grateful for any suggestions/recommendations on how to do this in a secure scalable way. Thank you in advance for your help.

Question by:-DK
  • 4
  • 2
LVL 124
ID: 35419216
What quickly I notice, no SAN (shared storage), for resilience, availability and scalability!
LVL 124
ID: 35419229
email hosting - have a look at Microsoft BPOS

Thin Client hardware - Wyse.
LVL 17

Expert Comment

ID: 35419311
Web hosting - rackspace
Office 365 instead of office
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 35420040
RE: hanccocka
Good Catch, Thank You!
Would a separate partition/LUN on ESX Server1 be sufficient for Shared Storage ?
(e.g. LUN1-VMs, LUN2-SharedStorage --both 3disks each/raid 5)
Or do you recommend an actual physically separate SAN?

ESX Server2 will be doing VM Backups & Updates and will have a LUN for NAS

 I'm trying to keep cost down and don't think we need VMotion as we will be doing daily remote backups?

Microsoft BPOS looks great and having SharePoint would definitely be nice!

Thank you!

RE: sgsm81
Rackspace looks good since I won't need the extras provided by HostGator, Office 365 looks interesting, I need to check the system requirements for the SAS statistical software to make sure it's supported.

Thank you!

For the physical NIC connections on the ESX servers, does that look okay?
Is the ESX#1 vSwitch with pNIC3 okay? Is ESX#2 vSwitch with pNIC1 look okay?

Any recommendations for VLANs & security,  should I use them?
LVL 124

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 35420131
Well, do you get a SAN or don't you. A lot of your budget will end up being spent on VMware ESX licenses, do you intend to purchase vSphere vCenter to manage the two ESX servers?

If you don't want to do vMotion, DRS or HA - okay, but you need to think about DR, and all eggs in one basket secenerio, when the Dell 710 breaks! With shared storage this is easy, as you can quickly bring machines online, with shared storage otherwise think about how you would do it! (replication!)

A host ESX server for Backups - umm costly license.  Have you thought about what backup software? Where will you backup to Tape or Disk, do you need then to backup the VM backups to tape for Offsite storage? Veeam Backup and Replication can backup and rteplicate the VMs to another ESX host server. (Veeam is the world leader), or use VMware vDR (if you get the correct license). Are you going to purchase VMware licenses or use free VMware ESXi.

6 HDDs - RAID 5 - performance can be slow, RAID 10 is better, also remember that ESX/ESXi also has a VMFS 2TB-512byte limit, so a Dell H700/H800 card is better, so you can build a large array with your 6 disks, and then carve up into smaller VDs, 500-800GB, for ESX support, or you'll have to use extents.

Unless your organisation bans the use of VLANS, I would use them. There are secure!

I would team up at least 2 pNICs (more if more bandwidth required), trunk and etherchannel, and run VLANs, makes life similiar, however if you don't like the use of VLANs, and want to use physical make sure you team your pNICS.

I think I would also be inclined to purchase two indentical servers for ESX hosts, and use all the resouces of both for your environment, managed with vCenter, and Veeam Backup and Replication.

Iron Mountain or GigasoftDatabackup for Online Secure Storage.

anyway some thoughts for you to consider, and get the grey matter working.

Author Closing Comment

ID: 35420544
Thank you so much, It's been a while since my VMware class and your advice is very helpful.

I was originally planning on using ESXi (free edition) on both and backing up the data from ESX#1 to ESX#2 (using a free virtual appliance) and storing it in the NAS LUN and doing daily remote backups so that worst-case-scenario, we would only lose 1 day of data
....But after your suggestion, my original way could have been one of those 'when cheaper becomes more expensive' situations, so thank you...you may have saved me from a lot of costly problems in the future.

And thank you for the hardware & off-site backup recommendations.

I truly appreciate you taking the time to help me with this.

Thanks again,
LVL 124
ID: 35420679

No problems, always here to advise, as well as the other VMware Experts.

Further information for you, using the FREE versions of ESXi, you will have problems backing up the virtual machines using the VMware APIs, using third party backup utilities, because the APIs are not available to the utilities in the free version of ESXi. So you would be wise to investigate VMware Essentials Kits for ESXi, or at least get basic licenses for ESXi, so you can at least backup the VMs, using e.g. Veeam Backup and Replication, which is approx $500 per processor, per ESX host server.


Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question