?
Solved

Conceptual DC Design

Posted on 2014-01-09
4
Medium Priority
?
229 Views
Last Modified: 2014-02-02
Attached is a conceptual 3 tier Dc design. From securiy perspective seems like everything has been taken care of in terms of provisioning of active equipments. Note that majority of employees are going to access the provisioned servcies off this Dc from WAN ( MPLS VPN) depicted as " Internal users".

Given the needs:
1. The DC will host variety of applications, both critical and non critical, holding cofidential data as well non confidential data with varying RPO / RTO needs.
2. Not all applications would be built around standard 3 tier architecture model.
3. Most applications will be maintained and supported by varying 3rd parties / vendors.
4. Service / apps hosted within will be accessed by users who are not trusted e.g. Customers, JV partners, Consultants etc.

What do you suggest in terms of design enhancements to cater for the above 4 needs given that we are starting as a green field?
Project1.jpg
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 1200 total points
ID: 39770067
Starting at the bottom, I'm seeing single connections from blade enclosures to either Fabric-A or Fabric-B.  Why not connections to both?

Also either a single connection to Core from Blade 'n', but no network connections from Blade Enclosures 1 or 2.  Need 2 connections: one to Core1 & one to Core2.

Storage has connection to both Fabric-A and Fabric-B for block-based storage.  But where is the connection to Core for management and any file-based storage?  Same for your 'Disk Backup'.

Are the Core switches not connected to each other?
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 800 total points
ID: 39770145
Hard to tell on the drawing, but do all blade enclosures have redundant connections?  And do the two internal switches in the Intermediate section serve any purpose other then providing the connections for the WLAN controllers?  Perhaps you could simplify the design by moving the WLC's to an extra port on the intermediate firewalls.  And for the firewalls, do you have an IPS/IDS plans aside from the IPS/ Web filters?  Ideally, every interface on every firewall would be monitored, either by a built in module or extra security device.
0
 

Author Comment

by:fahim
ID: 39770315
Thanks eeRoot and eleghart.

Your replies are very valid but seems to look into the needs of my first point ( maintaining low RPO / RTO).
Would you let me know some design aspects that would cater to my listed needs of Point 2-4 too?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39770373
I don't know how you can plan around #2 as a "not".  My wife will tell me that restaurant is _not_ the right one, but that doesn't help pick a place for dinner.  Not understanding that, I passed on it.

#3 & 4 would involve some VLAN and ACL details.  But we don't even have basic connectivity drawn in.  So going into more detail first seems to be out of order.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question