Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Building Blocks

December 1, 2002
By Lori MacVittie, Steven Schuchart Jr. and James Hutchinson

>> continued from previous page

Network Infrastructure

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Electric Slide
	On Servers and Storage
	Network Infrastructure
	Lessons Learned

When we considered network requirements, the vendor choice was pretty clear. Cisco Systems, despite Wall Street instability, still holds a dominant market share lead in the network infrastructure space. There are plenty of strong, viable options, but we wanted to mirror what most companies have done--install Cisco gear in the network core.

So the question became, what would it take to support NWC Inc.'s server, storage and Internet requirements? Because we were starting with seven servers, a few of them monsters, and knew that number would grow over time, we decided nothing less than Gigabit Ethernet connections would do.

Next, we looked at potential single points of failure in the core of the network and decided two switches were also a Day 1 requirement. No business can make money while waiting for a fried power supply to be replaced. This led us to use two Cisco 4500-series switches with Layer 3 supervisor engines. We filled those chassis with 24-port 10/100/1000Base-T RJ-45 autosensing modules to accommodate anything that needed a connection. The two switches were then trunked together to form the network core running at 4 Gbps. We're keeping things running at Layer 2 to start but have the horses to apply QoS and other Layer 3 functions, such as OSPF routing, if necessary.

We'll use some VLAN (virtual LAN) functionality to keep separate the production and development traffic, but our initial requirements were pretty basic. Sure, we could have run down to Circuit City and bought a low-end switch, but with a network foundation like that, you're building a house of cards. The trick is to choose an affordable network architecture that serves you from Day 1 to Day 100 and beyond. We tried not to overengineer a solution that would be costly and never fully used.

On the network edge, we placed a pair of Cisco 7400-series routers just in front of the firewall. These will initially let us get on and off the Internet in a graceful fashion but could, in the future, support multiple ISP connections and secure links to business partners.

Things We're Keeping to Ourselves

Security is an increasingly high-profile concern for IT. With the majority of NWC Inc.'s revenue coming from online transactions, it one of our highest priorities as well. Not only must we secure purchases, we need to safeguard our customers' privacy. That's not only good business from a customer-relationship point of view, it's becoming increasingly apparent that companies that don't make a best-effort attempt to secure customer data will be held financially liable.

There was no discussion on whether to deploy a firewall--it was a given. But selecting the firewall was a challenge. While we initially favored Check Point Software Technologies' offerings, the additional hardware costs were prohibitive. Ultimately, we decided on a SonicWall solution, based on a lower TCO and staff familiarity with the product line.

Business Applications Labs Network

click to enlarge

We also designed our network with security in mind, leaving only the Web server in the DMZ and all other services routed to and managed by the firewall. But a firewall does not generally inspect packets at Layer 7, where most Web-based attacks are initiated. We wanted to avoid the Nimdas and Code Reds of the future, and while we can't stop them from attacking, we can stop them from propagating by employing an Apache Web server running on a Red Hat Linux server. We've locked down the server by removing nonessential services, allowing secure access only from specific servers for management purposes and applying security patches.

Associate technology editor Steven J. Schuchart Jr. covers storage and servers for Network Computing. Previously he worked as a network architect for a general retail firm, a PC and electronics technician, a computer retail store manager, and a freelance disc jockey. Technology editor Lori MacVittie has been a software developer, a network administrator and a member of the technical architecture team for a global transportation and logistics organization. James Hutchinson is Network Computing's director of editorial content. Write to them at sschuchart@nwc.com, lmacvittie@nwc.com and jhutchinson@nwc.com, respectively.