Solved

Conceptual DC Design

Posted on 2014-01-09
4
222 Views
Last Modified: 2014-02-02
Attached is a conceptual 3 tier Dc design. From securiy perspective seems like everything has been taken care of in terms of provisioning of active equipments. Note that majority of employees are going to access the provisioned servcies off this Dc from WAN ( MPLS VPN) depicted as " Internal users".

Given the needs:
1. The DC will host variety of applications, both critical and non critical, holding cofidential data as well non confidential data with varying RPO / RTO needs.
2. Not all applications would be built around standard 3 tier architecture model.
3. Most applications will be maintained and supported by varying 3rd parties / vendors.
4. Service / apps hosted within will be accessed by users who are not trusted e.g. Customers, JV partners, Consultants etc.

What do you suggest in terms of design enhancements to cater for the above 4 needs given that we are starting as a green field?
Project1.jpg
0
Comment
Question by:fahim
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 300 total points
ID: 39770067
Starting at the bottom, I'm seeing single connections from blade enclosures to either Fabric-A or Fabric-B.  Why not connections to both?

Also either a single connection to Core from Blade 'n', but no network connections from Blade Enclosures 1 or 2.  Need 2 connections: one to Core1 & one to Core2.

Storage has connection to both Fabric-A and Fabric-B for block-based storage.  But where is the connection to Core for management and any file-based storage?  Same for your 'Disk Backup'.

Are the Core switches not connected to each other?
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 200 total points
ID: 39770145
Hard to tell on the drawing, but do all blade enclosures have redundant connections?  And do the two internal switches in the Intermediate section serve any purpose other then providing the connections for the WLAN controllers?  Perhaps you could simplify the design by moving the WLC's to an extra port on the intermediate firewalls.  And for the firewalls, do you have an IPS/IDS plans aside from the IPS/ Web filters?  Ideally, every interface on every firewall would be monitored, either by a built in module or extra security device.
0
 

Author Comment

by:fahim
ID: 39770315
Thanks eeRoot and eleghart.

Your replies are very valid but seems to look into the needs of my first point ( maintaining low RPO / RTO).
Would you let me know some design aspects that would cater to my listed needs of Point 2-4 too?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39770373
I don't know how you can plan around #2 as a "not".  My wife will tell me that restaurant is _not_ the right one, but that doesn't help pick a place for dinner.  Not understanding that, I passed on it.

#3 & 4 would involve some VLAN and ACL details.  But we don't even have basic connectivity drawn in.  So going into more detail first seems to be out of order.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
OnPage: Incident management and secure messaging on your smartphone
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question