Solved

Conceptual DC Design

Posted on 2014-01-09
4
218 Views
Last Modified: 2014-02-02
Attached is a conceptual 3 tier Dc design. From securiy perspective seems like everything has been taken care of in terms of provisioning of active equipments. Note that majority of employees are going to access the provisioned servcies off this Dc from WAN ( MPLS VPN) depicted as " Internal users".

Given the needs:
1. The DC will host variety of applications, both critical and non critical, holding cofidential data as well non confidential data with varying RPO / RTO needs.
2. Not all applications would be built around standard 3 tier architecture model.
3. Most applications will be maintained and supported by varying 3rd parties / vendors.
4. Service / apps hosted within will be accessed by users who are not trusted e.g. Customers, JV partners, Consultants etc.

What do you suggest in terms of design enhancements to cater for the above 4 needs given that we are starting as a green field?
Project1.jpg
0
Comment
Question by:fahim
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 300 total points
ID: 39770067
Starting at the bottom, I'm seeing single connections from blade enclosures to either Fabric-A or Fabric-B.  Why not connections to both?

Also either a single connection to Core from Blade 'n', but no network connections from Blade Enclosures 1 or 2.  Need 2 connections: one to Core1 & one to Core2.

Storage has connection to both Fabric-A and Fabric-B for block-based storage.  But where is the connection to Core for management and any file-based storage?  Same for your 'Disk Backup'.

Are the Core switches not connected to each other?
0
 
LVL 21

Assisted Solution

by:eeRoot
eeRoot earned 200 total points
ID: 39770145
Hard to tell on the drawing, but do all blade enclosures have redundant connections?  And do the two internal switches in the Intermediate section serve any purpose other then providing the connections for the WLAN controllers?  Perhaps you could simplify the design by moving the WLC's to an extra port on the intermediate firewalls.  And for the firewalls, do you have an IPS/IDS plans aside from the IPS/ Web filters?  Ideally, every interface on every firewall would be monitored, either by a built in module or extra security device.
0
 

Author Comment

by:fahim
ID: 39770315
Thanks eeRoot and eleghart.

Your replies are very valid but seems to look into the needs of my first point ( maintaining low RPO / RTO).
Would you let me know some design aspects that would cater to my listed needs of Point 2-4 too?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39770373
I don't know how you can plan around #2 as a "not".  My wife will tell me that restaurant is _not_ the right one, but that doesn't help pick a place for dinner.  Not understanding that, I passed on it.

#3 & 4 would involve some VLAN and ACL details.  But we don't even have basic connectivity drawn in.  So going into more detail first seems to be out of order.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MPLS Network Question 2 33
NSD FAIL 2 21
100mbps vs. 100mbps on cat6e - Cable is 50m 6 24
cisco VIRL 2 11
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now