Network Infrastructure: Basic Information, Objects, and Design

Basically, the network infrastructure consists of various software applications and hardware components. Routing and switching are key features of any network. Each involved device and servers are connected via its network cable to the switch so that at the end of each device you can directly connect to any other. The main components of a network are network cables that all servers, computers, printers, switches, routers, access points, etc. are connected to.

Software Applications and Services

Network infrastructure requires appropriate software applications or services that must be installed on computers and regulate data traffic. In most cases, Domain Name System (DNS) services are also a Dynamic Host Configuration Protocol (DHCP) and Windows Services (WINS) protocol, which are part of the basic service package. These applications must be configured appropriately and constantly accessible.

To connect computers to the Internet, additional devices are required, preferably in the form of security gateways (firewalls). If wireless communication devices are needed, then wireless access points are required as appropriate interfaces. If the user wants to get a quick overview of all the devices on the network, he can do this with special IP scanners.

Users can also get a comprehensive overview of all objects on their own network using the Active Directory directory service. Everything is stored here in network-related objects, such as printers, modems, users or groups.

Spatial extent of networks

Often networks vary in spatial extent. So usually called LAN (Local Area Network) - a local area network that includes many computers and peripheral devices inside the building. However, in practice it happens that such a network can receive a fairly large number of users. Regardless of its size, the network will always be called a local network, even if it is public and private. On the other hand, if a network covers a relatively large geographic area, it is called a wide area network (WAN).

To ensure continued availability of network infrastructure, an uninterruptible power supply (UPS) can be used to provide critical electrical loads during a power failure. From a technical point of view, a local network can be built in completely different ways. In the classic context, cables are currently structured cables.

The most widely used standard Ethernet solution. At the same time, the transmission is preferably carried out electrically through appropriate twisted pair cables (CAT cable 5 or higher), but it can also be performed optically through a fiber optic cable and a fiber cable (polymer optical fibers, POF).

Currently, Ethernet reaches a data transfer rate of 100 Gbit / s, which corresponds to a total data throughput of no more than 12.5 GB / s, standards for 200 Gbit / s and 400 Gbit / s. Depending on the distance to the bridge and the required speed, Ethernet connections can be established using copper cables (category 3 twisted pair cable with category 8 twisted pair cable) or using optical trunks.

The process of building IT infrastructure

The network infrastructure deployment process consists of the following general steps, called the solution life cycle:

1. Analysis of business and technical requirements.
2. Logical architecture design.
3. Deployment architecture design.
4. Deployment Deployment.
5. Deployment Management

Deployment steps are not rigid, and the deployment process is iterative. At the technical requirements stage, the user starts with the business requirements defined at the analysis stage and translates them into technical specifications that can be used for design.

Specifications measure the quality of service functions such as performance, availability, security, and others. When analyzing technical requirements, you can also specify the requirements for the level of service, which is a condition according to which customer support should be provided in order to eliminate the malfunction of the deployed system that meets the requirements of the system. At the stage of logical design, the customer determines the services necessary for the implementation of the project.

Once services are identified, it maps the various components, providing these services as part of a logical architecture. The list of sections, the design of network infrastructure:

1. Deployment Architecture
2. Implementation specification.
3. Detailed design specification.
4. Installation plan.
5. Additional plans.

Network deployment process

To plan your deployment, you must first analyze the business requirements and customer specifications. They should contain the following sections:

1. Defining deployment goals.
2. Defining project goals.

The result of the requirements analysis should be a clear, concise and comparable set of goals with which to evaluate the success of the project.

By completing a project without clear objectives that have been adopted by the parties concerned, the customer will receive an incompetent system or, at best, an unstable one. Some of the requirements that need to be studied at the design stage of the network infrastructure include:

1. Business requirements.
2. Technical requirements.
3. Financial requirements.
4. Service Level Agreements (SLAs).

Service Components and Service Levels

When planning for multiple component products or services, you need to understand the composition of each. To do this, divide each service into components that can be deployed on different hosts and at a specific level of each component. Although you can deploy all the components on one host, it is better to switch to a multi-level architecture.

Multilevel architecture, whether single-level or two-level, provides several advantages. Its components are located on end-user client computers. The access level components consist of front-end services from the Messaging Server (MMP and MTA):

1. Calendar server
2. Instant Messaging Proxy
3. Portal Server (SRA and Core).
4. Access Manager for authentication and the corporate directory that provides the address book.
5. Cloud Storage Area Network (SAN) is a physical data warehouse.

Determining the resource intensity of the project

Network infrastructure management is the foundation of the system. It forms the services that create the working composition of the network. Deploying a network for project purposes ensures that the customer has an architecture that can scale and grow. To do this, a complete map of the existing network is created, covering these areas:

1. Physical communication lines such as cable length, class, etc.
2. Communication lines such as analog, ISDN, VPN, T3, etc., as well as the available bandwidth and latency between sites.
3. Server information, including host names, IP addresses, domain name server (DNS) for domain membership.
4. The location of devices on the network, including hubs, switches, modems, routers, bridges, proxies.
5. The number of users on each site, including mobile users.

After completing the entire inventory, you must review this information in conjunction with the project objectives to determine what changes are necessary for a successful deployment.

Network Infrastructure Components

Routers connect infrastructure networks, allowing systems to communicate. You need to be sure that routers have backup capacity after deployment to cope with predicted growth and utilization. Similarly, switches connect systems within a network. Bandwidth routers or switches typically cause escalation of bottlenecks, which leads to a significant increase in the time during which clients can send messages to servers on different networks.

In such cases, the lack of forethought or the cost of upgrading the router or switch can lead to a significant reduction in staff productivity. The following common components of an organization’s network infrastructure affect the success of a project:

1. Routers and switches.
2. Firewalls.
3. Load balancers.
4. Storage Area Network (SAN) DNS.

Network Specifications

For reliable network operation, it is necessary to centralize the servers, which will create a more reliable and higher throughput. In addition, you need to answer a number of questions that will help you understand network requirements:

1. Can a DNS server handle the extra workload?
2. What is the work schedule for support staff? 24-hour, seven-day (24 x 7) support may be available only on certain sites. A simpler architecture with fewer servers will be easier to maintain.
3. Is there sufficient capacity in operations and technical support groups to facilitate the operation of network infrastructure?
4. Can operations and technical support teams handle the increased workload during the deployment phase?
5. Is network service redundancy needed?
6. Do I need to limit the availability of data on access level hosts?
7. Is simplification of end-user configuration needed?
8. Are you planning to reduce network HTTP traffic?

The answers to these questions are provided by a two-level architecture. In order to ensure it at the project level, the customer must take part in the design of the network infrastructure.

Equipment selection

The customer is always faced with a choice - large or small hardware systems. Smaller hardware systems typically cost less. Moreover, smaller hardware systems can be deployed in many places to support a distributed business environment and can mean less downtime for system maintenance, upgrades, and migrations, as traffic can be redirected to other servers that are still on the network and others are supported.

Smaller hardware systems have more limited capacity, so more are needed. The costs of management, administration and maintenance increase as the number of devices in the system increases. Moreover, small hardware systems require more system maintenance because there are more to maintain and less fixed management costs on the server.

If management costs are monthly, whether internal or from an Internet service provider, the costs will be lower where there are fewer hardware management systems. A smaller number of them can also mean easier maintenance, updating, and system migration, since fewer systems are needed to maintain the system. Depending on your deployment, you need to plan the following components:

1. LDAP directory information tree.
2. Directory Server (Access Manager).
3. Messaging server

Firewall Access Control

Firewalls are placed between routers and application servers to provide access control. Firewalls were originally used to protect a trusted network (private) from an untrusted network (Internet). Router configurations should potentially block unwanted services (such as NFS, NIS, etc.) and use packet-level filtering to block traffic from untrusted hosts or networks.

In addition, when installing the server in an environment exposed to the Internet or any untrusted network, they reduce the installation of software s to the minimum number of packages required to support hosted applications.

Minimizing services, libraries, and applications helps increase security by reducing the number of subsystems that need to be supported by using a flexible and extensible mechanism to minimize, harden, and protect systems.

Internal network

This list includes development, laboratory, and testing segments. It uses a firewall between each segment of the internal network to filter traffic to provide additional security between departments. You might consider installing an internal firewall, having previously determined the type of internal network traffic and services used in each of these segments to determine if it will be useful.

Machines on internal networks should not directly communicate with machines on the Internet. Preferably, these machines avoid direct communication in the DMZ. As a result, the required services must be located on the nodes in the intranet. An intranet host can in turn communicate with a host in the DMZ to terminate a service (for example, outgoing email or DNS).

A machine that requires Internet access can send its request to a proxy server, which, in turn, makes a request on behalf of the machine. This Internet relay helps protect your computer from any potential dangers that it may face. Since the proxy server communicates directly with computers on the Internet, it must be in the DMZ.

However, this contradicts the desire to prevent the interconnection of internal machines with DMZ machines. To indirectly solve this problem, use a dual proxy system. The second proxy server located on the intranet transmits connection requests from internal machines to the proxy server in the DMZ.

Security Systems

Creating network infrastructure security is one of the most important steps in construction. It should meet the needs of the customer and provide a secure messaging environment, while not having power over users. In addition, the security strategy should be simple enough to administer.

A complex security strategy can lead to errors that prevent users from accessing their mail, or they can allow users and unauthorized attackers to modify or obtain information that you do not want access to.

Five steps to develop a security strategy include:

1. Defining what needs to be protected. For example, this list may include hardware, software, data, people, documentation, network infrastructure, or an organization’s reputation.
2. Determining who you need to protect yourself from. For example, from unauthorized users, spammers, or denial of service attacks.
3. Assessment of possible threats to the system.
4. The implementation of measures that will effectively protect assets.
5. Additional overhead when setting up an SSL connection, which can reduce the burden on message deployment.

Small Business Network Modernization

Enterprises are increasingly relying on a reliable and flexible network and hardware infrastructure to ensure success, and modernization of the network infrastructure is required. With limited financial resources, a rapidly changing technological framework, and growing security threats, experienced organizations must rely on trusted partner contractors to support the life cycles of an enterprise’s IT environment.

Regardless of whether the organization needs a new infrastructure or just needs to take the existing platform to a new level, they begin modernization by developing a physical level, an efficient enterprise architecture and creating a work plan that meets business goals and solves the security problems that everyone faces, defining a service strategy, design, transition, and work in an organized environment.

Measures to manage the network infrastructure of the enterprise include:

1. Cloud Assessment Services.
2. Capacity and performance planning.
3. Consolidation and virtualization of data centers.
4. Integrated Hyper Converged Solutions.
5. Server and network management. IT service management, support and software.

- , , - .

, , .