What is best practice for SERVERS VLAN

Dear Experts,

I need your suggestion for my Servers installations. what are the best practice and why ?
1)-  Should I have separate VLAN for each server?
2)- Firewall between Servers should be or not?
3)- Firewall between Users and Servers  should be or not?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Leroy LuffHead of IT & DIgitalCommented:
Hi there,

Here is my opinions :

1. This depends on your server & networking structure. If you have 2 or 3 standalone servers VLANS are not necessary. Once you start looking at ISCSI connections to a SAN device VLANS are very handy to have. As it splits ISCSI traffic from normal network traffic. Also your servers would need 2 or more NIC's to have VLANS work. If you have no ISCSI but have 2 or more NIC's you can create VLANS so that just the servers access this VLAN to communicate faster with each other for example : between app and sql server.
2 & 3 - Firewall always on.
1)-  Should I have separate VLAN for each server?

that depends on your network/ system architecture/ organizational requirement. if you want restrict access from server wise on vlan basis, then you can go for it.

2)- Firewall between Servers should be or not?
generally in network scenario---

1. users---- >connected to edge/access switches----- >edge/ access switches connected to distribution switches-----> connected to core switches----core switch connected to Firewall.
2. servers are also connected to switches.
3. in servers you can implement DC/ ADC can implement policy policy to restrict users.
4. firewall you can allow/block ports to give access permissions for group or users or you can integrate AD authentication ( LDAP/TACACS/NTLM/ RADIUS).

so, you can use firewall as gateway level security device ...no issue.

3)- Firewall between Users and Servers  should be or not?

i think it is not required. users can be managed by firewall easily.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The reason why you should have VLAN or LAN segments is to limit the broadcasts within the broadcast domain.
There is no thumb rule for having VLAN depending upon number of servers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.