Solved

Conceptual DC Design

Posted on 2014-01-09
4
226 Views
Last Modified: 2014-02-02
Attached is a conceptual 3 tier Dc design. From securiy perspective seems like everything has been taken care of in terms of provisioning of active equipments. Note that majority of employees are going to access the provisioned servcies off this Dc from WAN ( MPLS VPN) depicted as " Internal users".

Given the needs:
1. The DC will host variety of applications, both critical and non critical, holding cofidential data as well non confidential data with varying RPO / RTO needs.
2. Not all applications would be built around standard 3 tier architecture model.
3. Most applications will be maintained and supported by varying 3rd parties / vendors.
4. Service / apps hosted within will be accessed by users who are not trusted e.g. Customers, JV partners, Consultants etc.

What do you suggest in terms of design enhancements to cater for the above 4 needs given that we are starting as a green field?
Project1.jpg
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 300 total points
ID: 39770067
Starting at the bottom, I'm seeing single connections from blade enclosures to either Fabric-A or Fabric-B.  Why not connections to both?

Also either a single connection to Core from Blade 'n', but no network connections from Blade Enclosures 1 or 2.  Need 2 connections: one to Core1 & one to Core2.

Storage has connection to both Fabric-A and Fabric-B for block-based storage.  But where is the connection to Core for management and any file-based storage?  Same for your 'Disk Backup'.

Are the Core switches not connected to each other?
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 200 total points
ID: 39770145
Hard to tell on the drawing, but do all blade enclosures have redundant connections?  And do the two internal switches in the Intermediate section serve any purpose other then providing the connections for the WLAN controllers?  Perhaps you could simplify the design by moving the WLC's to an extra port on the intermediate firewalls.  And for the firewalls, do you have an IPS/IDS plans aside from the IPS/ Web filters?  Ideally, every interface on every firewall would be monitored, either by a built in module or extra security device.
0
 

Author Comment

by:fahim
ID: 39770315
Thanks eeRoot and eleghart.

Your replies are very valid but seems to look into the needs of my first point ( maintaining low RPO / RTO).
Would you let me know some design aspects that would cater to my listed needs of Point 2-4 too?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39770373
I don't know how you can plan around #2 as a "not".  My wife will tell me that restaurant is _not_ the right one, but that doesn't help pick a place for dinner.  Not understanding that, I passed on it.

#3 & 4 would involve some VLAN and ACL details.  But we don't even have basic connectivity drawn in.  So going into more detail first seems to be out of order.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question