When we considered network requirements, the vendor choice was pretty clear. Cisco Systems, despite Wall Street instability, still holds a dominant market share lead in the network infrastructure space. There are plenty of strong, viable options, but we wanted to mirror what most companies have done--install Cisco gear in the network core.
So the question became, what would it take to support NWC Inc.'s server, storage and Internet requirements? Because we were starting with seven servers, a few of them monsters, and knew that number would grow over time, we decided nothing less than Gigabit Ethernet connections would do.
Next, we looked at potential single points of failure in the core of the network and decided two switches were also a Day 1 requirement. No business can make money while waiting for a fried power supply to be replaced. This led us to use two Cisco 4500-series switches with Layer 3 supervisor engines. We filled those chassis with 24-port 10/100/1000Base-T RJ-45 autosensing modules to accommodate anything that needed a connection. The two switches were then trunked together to form the network core running at 4 Gbps. We're keeping things running at Layer 2 to start but have the horses to apply QoS and other Layer 3 functions, such as OSPF routing, if necessary.
We'll use some VLAN (virtual LAN) functionality to keep separate the production and development traffic, but our initial requirements were pretty basic. Sure, we could have run down to Circuit City and bought a low-end switch, but with a network foundation like that, you're building a house of cards. The trick is to choose an affordable network architecture that serves you from Day 1 to Day 100 and beyond. We tried not to overengineer a solution that would be costly and never fully used.
On the network edge, we placed a pair of Cisco 7400-series routers just in front of the firewall. These will initially let us get on and off the Internet in a graceful fashion but could, in the future, support multiple ISP connections and secure links to business partners.
Things We're Keeping to Ourselves
Security is an increasingly high-profile concern for IT. With the majority of NWC Inc.'s revenue coming from online transactions, it one of our highest priorities as well. Not only must we secure purchases, we need to safeguard our customers' privacy. That's not only good business from a customer-relationship point of view, it's becoming increasingly apparent that companies that don't make a best-effort attempt to secure customer data will be held financially liable.
There was no discussion on whether to deploy a firewall--it was a given. But selecting the firewall was a challenge. While we initially favored Check Point Software Technologies' offerings, the additional hardware costs were prohibitive. Ultimately, we decided on a SonicWall solution, based on a lower TCO and staff familiarity with the product line.
We also designed our network with security in mind, leaving only the Web server in the DMZ and all other services routed to and managed by the firewall. But a firewall does not generally inspect packets at Layer 7, where most Web-based attacks are initiated. We wanted to avoid the Nimdas and Code Reds of the future, and while we can't stop them from attacking, we can stop them from propagating by employing an Apache Web server running on a Red Hat Linux server. We've locked down the server by removing nonessential services, allowing secure access only from specific servers for management purposes and applying security patches.
Associate technology editor Steven J. Schuchart Jr. covers storage and servers for Network Computing. Previously he worked as a network architect for a general retail firm, a PC and electronics technician, a computer retail store manager, and a freelance disc jockey. Technology editor Lori MacVittie has been a software developer, a network administrator and a member of the technical architecture team for a global transportation and logistics organization. James Hutchinson is Network Computing's director of editorial content. Write to them at sschuchart@nwc.com, lmacvittie@nwc.com and jhutchinson@nwc.com, respectively.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
REPORTS
ANALYTICS
Follow 
