Looking for network design opinions!

I hope I can get some inputs from you on network design.
This electronics manufacturing company will be building a 2 storey, 100K square foot facility.
The mail floor - all the manufacturing machines, computers and servers running manufacturing software
The 2nd floor - the main server (Microsoft SBS), SharePoint Server, LOB software servers, and computers used by office staff and engineers.  

They have less than 200 employees, over 120 computers, 5 physical servers, some VoIP phones. They are all on the same network. Currently, there are only 28 IP free addresses available from the DHCP server (Microsoft SBS)

Here are my thoughts about the network in the new building
1. Install stackable switches in each floor's server room. Connect the two groups of switches via a long high speed trunk cable running thru the floor.
I think this will keep the network traffic on the main floor in the main floor network from the 2nd floor network, which optimize the bandwidth.
Currently, they are using D-Link DGS-1510-52 switches, which have been quite reliable, except that i had to power cycle one of them twice in the past years, and their firmware are a bit buggy.

Is it worth to deploy Cisco switches which are more expensive and cause a learning curve? Is there such a long high speed trunk cable at all?

2. Separate computer network, VoIP phone network and Security/Access Control network with 3 different networks.
This will release quite some IP addresses from the DHCP server, and ease the traffic on the computer network.
Does this make sense? How can I do this? Will this cause any inconvenience/issues if i separate the computer network and VoIP phone network?

3. They need a WiFi system covering the whole building for both internal and external users.
I will be looking into Ubiquiti's stuff. I have been happy with their UniFi wireless AP, but have not setup multiple units to cover such a big area yet. I will consult them for help.

That's not all my questions at all, if i miss something or if i should be aware of something, please do not hesitate to let me know. Any thoughts are greatly appreciated!
LVL 1
Y YconsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I actually like DLink switches, they held us in great shape for many years, I like your idea but use STP, confirm with DLink support.
Have a look for SFP Dlink official Fibre over E cables, they are really expensive but work very well.

Remember use all DLink equipment here, from switches to interconnects, you will need a syslog too so you can see STP recalcs in the event of issues.
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
And sorry what is the SBS all about? That stuff is crazy in this day and age. First thing I would do is bin that. Look at building a hybrid environment based on 3PAR, Exchange On Premise + 365.

I seen a great article on Google Cloud + VMWare with an NSX Dell San in both sites, I would seriously consider this kind of thing also.
Google Cloud + VMWare are going to be big. Hyper V really is a poor competitor in my opinion.
0
PerarduaadastraCommented:
I'd agree that any flavour of SBS isn't going to fit well in this scenario, particularly as the numbers of users and computers already exceed the maximum it supports.

This is a rare and golden opportunity to sit down and plan in great detail exactly how everything is going to be organised, both logically and physically. This way, you will be able to distribute network utilisation much more evenly across the network(s) and pay attention to the physical as well as network security of your installation; the times I've seen business-critical equipment secured by nothing more than a "Staff Only" sign...

I've found Ubiquiti to be very good for wireless provision, though Netgear also offers a range of wifi solutions based on hardware controllers which offer some additional features such as dynamic management of APs, self-healing, fast roaming support, and a limited lifetime hardware warranty on its kit. Which of these vendors (or indeed products from other vendors) is right for this scenario depends on how many bells and whistles you need in your wireless deployment.
Netgear also offers  a range of very capable and durable switches which are excellent value and don't have the other-world complexity of the undoubtedly excellent Cisco equivalents; there will be a learning curve for the former's products, but not nearly as long or steep as the one imposed by the latter.
I have no financial or other vested interest in Netgear products, but I have used them for upwards of twenty years and speak as I find.

Separating your networks by function is a good plan too, from both security and management perspectives.

Regarding the high-speed trunk, why not use fibre links for that? Switches having the capabilities you require will almost certainly have SFP/GBIC provision as standard so you'd just have to purchase the necessary modules and fibre cables.

My two pence worth...
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Microsoft SBS is not even supported anymore(at least not from a dev point of view). I started working in place last year and left over this. They had several SBS 2008 servers with no backups and refuse to upgrade.
0
ajohnson30Network ManagerCommented:
Ideally you want separate networks for your servers, users, wi-fi, and voice traffic.  If you want to further separate them by floor to make them easily identifiable, that's up to you, but I wouldn't do that on the wi-fi side.  I'm fairly vendor agnostic - if the D-link is working you can probably still use it, but for this to work you have to be able to turn on layer 3 routing.  Each network would have it's own subnet and vlan.
You should interconnect your switches with fiber - probably multimode unless they are more than 300 meters apart.

Something like
Vlan 100 - servers
ip range 192.168.100.1 thru 254
gateway 192.168.100.1 (this ip is on one of the switches)

Vlan 200 - users
ip range 192.168.200.1 thru 254
gateway 192.168.200.1 (this ip is on one of the switches)

vlan 300 - wifi
ip range 192.168.300.1 thru 254
gateway 192.168.300.1 (this ip is on one of the switches)

vlan 400 - voice
ip range - 192.168.400.1 thru 254
gateway 192.168.400.1 (this ip is on one of the switches)

Your dhcp server will have to hand out ip addresses for all 4 networks, probably starting at 50 to 254 or something like that, although your servers should have static addresses.

The switches should also have a dhcp forwarding/forwarder setting in their vlan setup where you would direct dhcp broadcasts from each vlan at your dhcp server if necessary.  Usually in the form of 192.168.400.1 -> 192.168.100.123 (if your dhcp server was on ip 192.168.100.123)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
ajohnson30 put the type of comment that I was going to issue myself.

You should break up things into multiple VLANs, so you can have multiple subnets (and therefore a larger pool of IP addresses available)

Here are the things I'd have VLANs for:
1) Corporate
2) Manufacturing
3) Telecom (assuming you have IP phones)
4) Corporate wireless
5) Guest wireless
6) Security (assuming that you have IP-based security cameras)

Currently, they are using D-Link DGS-1510-52 switches, which have been quite reliable, except that i had to power cycle one of them twice in the past years, and their firmware are a bit buggy.

Is it worth to deploy Cisco switches which are more expensive and cause a learning curve? Is there such a long high speed trunk cable at all?
What do you mean the firmware is quite buggy, especially given you're talking the switches are pretty reliable? If things are working pretty well, then stick with the D-Link switches. Otherwise, check out some other brands (I'd avoid TP-Link due to their reputation for buggy switch firmware. Cisco's Small Business line might work for you for some period of time, depending on what your future growth is like.

SBS is completely outdated, and you should honestly work to modernize that portion of your infrastructure.
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Obviously we should have Vlans lol, in a 50K or more switch network. That goes without saying. Keep it Dlink.
0
masnrockCommented:
@Mark Bill - Haha. And to be fair, I forgot to reread the last sections before I posted my initial response. However, I still would've kept my response the same because I would've had more separate in networks than proposed. IMO it's best to keep manufacturing and corporate separate (ironically enough I work for a manufacturer that's in the process of sorting out their architecture).

3. They need a WiFi system covering the whole building for both internal and external users.
I will be looking into Ubiquiti's stuff. I have been happy with their UniFi wireless AP, but have not setup multiple units to cover such a big area yet. I will consult them for help.
I have mixed feelings on Ubiquiti. While they certainly work well in a number of environments (including multi unit deployments), I have also dealt with some environments where they didn't work so well. I ended going the route of Ruckus in those cases (and I am not going to lie and tell you that their stuff is the cheapest). Xirrus I remembered tended to work well also, and would probably have better pricing than Ruckus. Fortinet is okay in this arena, but nothing stands out about them. I'd just say do a proper site survey and work from there.

2. Separate computer network, VoIP phone network and Security/Access Control network with 3 different networks.
This will release quite some IP addresses from the DHCP server, and ease the traffic on the computer network.
Does this make sense? How can I do this? Will this cause any inconvenience/issues if i separate the computer network and VoIP phone network?
The discussion of defining VLANs has already come up. If you're going to keep using the Windows Server for DHCP, then you need to have one scope for each VLAN, and make sure that server's switch port has access to all of those VLANs. As far as potential issues, it's about careful planning and identifying where things tie together. What phone system do you have now, and are you into universal messaging and the like? Separating manufacturing and corporate networks would of course raise concerns over where data flows from a manufacturing system to a corporate one, and vice versa.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.