Network infrastructure: basic information, facilities and design

Table of contents:

Network infrastructure: basic information, facilities and design
Network infrastructure: basic information, facilities and design
Anonim

Basically, the network infrastructure consists of various software applications and hardware components. Routing and switching are key functions of any network. Each participating device and servers are connected via its own network cable to the switch so that at the end of each device you can directly connect to any other. The main components of a network are network cables that connect all servers, computers, printers, switches, routers, access points, etc.

Software applications and services

Software applications and services
Software applications and services

Network infrastructure requires appropriate software applications or services to be installed on computers and regulate data traffic. In most cases, Domain Name System (DNS) services alsoare Dynamic Host Configuration Exchange Protocol (DHCP) and Windows Services (WINS) that are part of the basic service package. These applications must be configured accordingly and be available at all times.

To connect computers to the Internet, additional devices are needed, preferably in the form of security gateways (firewalls). If wireless communication devices are needed, then wireless access points are required as appropriate interfaces. If the user wants to get a quick overview of all devices on the network, he can do this with special IP scanners.

Users can also get a comprehensive overview of all objects on their own network using the Active Directory directory service. This is where everything is stored in network related objects such as printers, modems, users or groups.

Spatial extent of networks

Networks often differ in spatial extent. This is commonly referred to as LAN (Local Area Network) - this is a local area network that includes many computers and peripherals inside a building. However, in practice it happens that such a network can receive a fairly large number of users. Regardless of its size, a network will always be referred to as a local network, even if it is both public and private. On the other hand, if the network covers a relatively large geographic area, it is called a wide area network (WAN).

Wide Area Network (WAN)
Wide Area Network (WAN)

To ensure that the network is always availableinfrastructure, an uninterruptible power supply (UPS) can be used to provide critical electrical loads during a power failure. From a technical point of view, a local network can be built in completely different ways. In a classic context, cables are currently structured cables.

The most widely used standard Ethernet solution. At the same time, the transmission is preferably carried out electrically via appropriate twisted-pair cables (CAT 5 cable or higher), but it can also be performed optically via optical fiber cable and fiber cable (Polymer Optical Fibers, POF).

Currently, Ethernet achieves a data rate of 100Gbps, which corresponds to a total data throughput of no more than 12.5Gbps, standards for 200Gbps and 400Gbps. Depending on the distance to the bridge and the speed required, Ethernet connections can be established using copper cables (Category 3 twisted pair to Category 8 twisted pair) or optical trunks.

The process of building IT infrastructure

IT infrastructure construction process
IT infrastructure construction process

The process of deploying a network infrastructure consists of the following general stages, called the solution life cycle:

  1. Analysis of business and technical requirements.
  2. Logical architecture design.
  3. Design the deployment architecture.
  4. Deployment injection.
  5. Deployment management.

Deployment steps are notare rigid and the deployment process is iterative. In the requirements phase, the user starts with the business requirements identified in the analysis phase and translates them into technical specifications that can be used for design.

Specifications measure the quality of service features such as performance, availability, security, and others. When analyzing technical requirements, you can also specify service level requirements, which is the condition under which customer support must be provided in order to troubleshoot a deployed system that meets the requirements of the system. During the logical design phase, the customer determines the services required to implement the project.

Once the services are identified, it maps the various components, providing those services within a logical architecture. Section List, Network Infrastructure Design:

  1. Deployment architecture.
  2. Implementation specification.
  3. Detailed design specification.
  4. Installation plan.
  5. Additional plans.

Network Deployment Process

Network Deployment Process
Network Deployment Process

To plan a deployment, you must first analyze the business and technical requirements of the customer. They should contain the following sections:

  1. Define deployment targets.
  2. Define project goals.

Requirements analysis should result in a clear, concise and comparable set ofgoals against which to measure the success of the project.

Fulfilling a project without clear goals that have been accepted by the stakeholders, the customer will end up with an incapacitated system or, at best, unstable. Some of the requirements to consider during the network infrastructure design phase include:

  1. Business requirements.
  2. Technical requirements.
  3. Financial requirements.
  4. Service Level Agreements (SLAs).

Service components and service levels

When planning for multiple component products or services, you need to understand the composition of each. To do this, divide each service into components that can be deployed on different hosts and at a specific level of each component. Although it is possible to deploy all components on one host, it is better to move to a multi-tier architecture.

A layered architecture, whether single-tier or two-tier, provides a number of benefits. Its components reside on end user client computers. The component access layer consist of front-end services from the Messaging Server (MMP and MTA):

  1. Calendar server.
  2. Instant Messaging Proxy.
  3. Portal server (SRA and Core).
  4. Access Manager for authentication and a corporate directory that provides an address book.
  5. Storage Area Network (SAN)The "cloud" is the physical storage of data.

Determining the resource intensity of the project

Network infrastructure managementis the basis of the system. It forms the services that create the working composition of the network. Deploying the network from the design goals ensures that the customer will have an architecture that can scale and grow. To do this, a complete map of the existing network is created, covering these areas:

  1. Physical links such as cable length, class, etc.
  2. Communication lines such as analog, ISDN, VPN, T3, etc. and available bandwidth and latency between sites.
  3. Server information including hostnames, IP addresses, Domain Name Server (DNS) for domain membership.
  4. Location of devices on the network, including hubs, switches, modems, routers, bridges, proxy servers.
  5. Number of users per site, including mobile users.

After the entire inventory is complete, this information should be reviewed in conjunction with the project objectives to determine what changes are needed for a successful deployment.

Network infrastructure components

Network Infrastructure Components
Network Infrastructure Components

Routers connect infrastructure networks, allowing systems to communicate. You need to be sure that routers have spare capacity after deployment to handle predicted growth and usage. Similarly, switches connect systems within a network. Routers or switches with bandwidth tend to escalate bottlenecks, resulting in a significant increase in time duringwhich clients can send messages to servers on different networks.

In such cases, lack of forethought or expense to upgrade the router or switch can result in a significant reduction in staff productivity. The following common components of an organization's network infrastructure contribute to the success of a project:

  1. Routers and switches.
  2. Firewalls.
  3. Load balancers.
  4. Storage Area Network (SAN) DNS.

Network specifications

For the reliable functioning of the network, it is necessary to ensure the centralization of servers, which will create more reliable and higher bandwidth. In addition, you need to answer a series of questions that will help you understand the network requirements:

  1. Can the DNS server handle the extra load?
  2. What is the schedule for support staff? 24-hour, seven-day (24 x 7) support may only be available on certain sites. A simpler architecture with fewer servers will be easier to maintain.
  3. Is there sufficient capacity in operations and technical support teams to facilitate the operation of the network infrastructure?
  4. Can operations and technical support teams handle the increased workload during the deployment phase?
  5. Should network services be redundant?
  6. Do I need to limit the availability of data on access level hosts?
  7. Is it necessary to simplify end-user configuration?
  8. Is it plannedreducing HTTP network traffic?
Two-tier architecture
Two-tier architecture

The answers to these questions are given by a two-tier architecture. In order to ensure it at the design level, the customer must take part in the design of the network infrastructure.

Choice of equipment

The customer always has a choice - large or small hardware systems. Smaller hardware systems usually cost less. Moreover, smaller hardware systems can be deployed in many locations to support a distributed business environment and can mean less downtime for system maintenance, upgrades and migrations as traffic can be redirected to other servers that are still online while others supported.

Smaller hardware systems have more limited capacity, so more are needed. Management, administration and maintenance costs increase as the number of devices in the system increases. Moreover, smaller hardware systems require more system maintenance because there are more to maintain and means less fixed management costs on the server.

If management costs are monthly, whether internal or from an ISP, costs will be lower where there are fewer hardware systems to manage. Fewer can also mean easier system maintenance, upgrades, and migrations, since fewer systems are required to maintain a system. Depending on your deployment, you need to plan for the following:

  1. TreeLDAP directory information.
  2. Directory server (Access Manager).
  3. Messaging server.

Firewall access control

Firewall access control
Firewall access control

Firewalls are placed between routers and application servers to provide access control. Firewalls were originally used to protect a trusted network (one's own) from an untrusted network (the internet). Router configurations should potentially block unwanted services (such as NFS, NIS, etc.) and use packet-level filtering to block traffic from untrusted hosts or networks.

In addition, when installing the server in an environment exposed to the Internet or any unreliable network, reduce software installation s to the minimum number of packages needed to support hosted applications.

Achieving minification across services, libraries, and applications helps improve security by reducing the number of subsystems that need to be maintained, using a flexible and extensible mechanism to minify, harden, and protect systems.

Internal network

This list includes development, lab, and testing segments. This uses a firewall between each segment of the internal network to filter traffic to provide additional security between departments. You might consider installing an internal firewall, having previously determined the type of internal network traffic and services used on each of these segments, in order todetermine if it will be useful.

Machines on internal networks should not communicate directly with machines on the Internet. It is preferable that these machines avoid direct DMZ communications. As a result, the required services must reside on hosts on the intranet. The host on the intranet can in turn communicate with the host on the DMZ to complete a service (such as outgoing email or DNS).

A machine requiring Internet access can pass its request to a proxy server, which in turn makes the request on behalf of the machine. This internet relay helps protect your computer from any potential danger it may encounter. Since the proxy server communicates directly with computers on the Internet, it must be in the DMZ.

However, this goes against the desire to prevent internal machines from interfacing with DMZ machines. To solve this problem indirectly, a dual proxy system is used. The second proxy server, located on the intranet, forwards connection requests from internal machines to the proxy server in the DMZ.

Building security systems

Securing the network infrastructure is one of the most important steps in building. It must meet the needs of the customer and provide a secure messaging environment, while not having power over users. In addition, the security strategy should be fairly simple to administer.

A sophisticated security strategy can lead to bugs that prevent users from accessing their mail, or they can allow users andunauthorized attackers to change or obtain information that you do not want access to.

The five steps to develop a security strategy include:

  1. Determining what needs to be protected. For example, this list might include hardware, software, data, people, documentation, network infrastructure, or an organization's reputation.
  2. Determining who to protect against. For example, from unauthorized users, spammers or denial of service attacks.
  3. Assessment of possible threats to the system.
  4. Implement measures that will effectively protect assets.
  5. Additional overhead when setting up an SSL connection, which can reduce the load on message deployment.

Small Business Network Modernization

Businesses are increasingly relying on reliable and flexible network and hardware infrastructure to ensure business success, so network infrastructure needs to be upgraded. With limited financial resources, a rapidly changing technological landscape, and growing security threats, savvy organizations must rely on trusted contract partners to support the lifecycles of their enterprise IT environment.

Whether an organization needs a new infrastructure or simply needs to take an existing platform to the next level, the modernization begins with the development of the physical layer, an effective enterprise architecture and the creation of a work plan that meets business goals and solves emerging security problems, withthat everyone faces in defining service strategy, design, transition and operation in an organized environment.

Enterprise network infrastructure management activities include:

  1. Cloud Estimation Services.
  2. Capacity and performance planning.
  3. Consolidation and virtualization of data centers.
  4. Hyper Converged Integrated Solutions.
  5. Server and network management. IT service management, support and software.

The demand to make business-critical processes safer and more stable, while financial and human resources become increasingly limited, is forcing many IT departments to address new challenges in network infrastructure operations.

Timely and effective solutions must be found at both the human and infrastructural levels and relieve the burden on the owner's own organizational and human resources while improving service quality and customer satisfaction.

Recommended: