Conceptual DC Design

Attached is a conceptual 3 tier Dc design. From securiy perspective seems like everything has been taken care of in terms of provisioning of active equipments. Note that majority of employees are going to access the provisioned servcies off this Dc from WAN ( MPLS VPN) depicted as " Internal users".

Given the needs:
1. The DC will host variety of applications, both critical and non critical, holding cofidential data as well non confidential data with varying RPO / RTO needs.
2. Not all applications would be built around standard 3 tier architecture model.
3. Most applications will be maintained and supported by varying 3rd parties / vendors.
4. Service / apps hosted within will be accessed by users who are not trusted e.g. Customers, JV partners, Consultants etc.

What do you suggest in terms of design enhancements to cater for the above 4 needs given that we are starting as a green field?
Project1.jpg
SwiftAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aleghartCommented:
Starting at the bottom, I'm seeing single connections from blade enclosures to either Fabric-A or Fabric-B.  Why not connections to both?

Also either a single connection to Core from Blade 'n', but no network connections from Blade Enclosures 1 or 2.  Need 2 connections: one to Core1 & one to Core2.

Storage has connection to both Fabric-A and Fabric-B for block-based storage.  But where is the connection to Core for management and any file-based storage?  Same for your 'Disk Backup'.

Are the Core switches not connected to each other?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eeRootCommented:
Hard to tell on the drawing, but do all blade enclosures have redundant connections?  And do the two internal switches in the Intermediate section serve any purpose other then providing the connections for the WLAN controllers?  Perhaps you could simplify the design by moving the WLC's to an extra port on the intermediate firewalls.  And for the firewalls, do you have an IPS/IDS plans aside from the IPS/ Web filters?  Ideally, every interface on every firewall would be monitored, either by a built in module or extra security device.
SwiftAuthor Commented:
Thanks eeRoot and eleghart.

Your replies are very valid but seems to look into the needs of my first point ( maintaining low RPO / RTO).
Would you let me know some design aspects that would cater to my listed needs of Point 2-4 too?
aleghartCommented:
I don't know how you can plan around #2 as a "not".  My wife will tell me that restaurant is _not_ the right one, but that doesn't help pick a place for dinner.  Not understanding that, I passed on it.

#3 & 4 would involve some VLAN and ACL details.  But we don't even have basic connectivity drawn in.  So going into more detail first seems to be out of order.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.