In their free time, they offered to try their hand at organizing the IT infrastructure of the enterprise from scratch. They worked on individual tasks in each area, but did not have the opportunity to work together. The main motivation is to improve skills in this area and find the most effective solutions.
I will share my vision, but I also want to consult with the community and get recommendations. I have specific questions about certain solutions, particularly regarding equipment choices.
UPD: While I briefly search for articles on this topic, I may make mistakes, but I will dive deeper as I progress through the stages. Right now, I'm just outlining a rough plan and figuring out what I will be working with.
There is a month to think about it, followed by a month for a detailed study of current affairs, drafting a plan, and starting the work. There's a lot to learn.
At the moment, they have a small building with four floors that have small offices for 2-3 people, as well as a small annex. The staff consists of 40-50 employees. They have an analog PBX with a dozen external numbers, all using twisted cables. There is an old rack server and an external drive for file storage. The network is unclear, resembling a home network. The cable goes from the provider to the server, then to a 5-port switch, and then to additional switches. None of these switches are managed, and there are conflicts due to DHCP support distributing addresses dynamically.
They also have a couple of 1C configurations for 5-10 users each. The user PCs are a mix of various models over a span of 15 years, leading to anarchy in access policies. Additionally, the condition of remote branches is unknown.
Looking at this situation, even if you're not familiar with this field, you probably realize that it can't continue like this.
The reference point is set for:
1. Ensuring stable operation with a fault-tolerant system.
2. Reducing the cost (time/effort/money) of support for troubleshooting and unforeseen situations after the main modernization.
3. Scalability and further development by introducing additional software services and implementing monitoring of IT resources.
4. Minimizing expenses for equipment by transitioning to free software.
5. Striving to achieve the best possible outcome in all aspects.
Here's what I have in mind (with accompanying questions):
When choosing equipment and technologies, I want to account for the company's potential growth of two times the current number of people and equipment. If I make any mistakes, please feel free to correct me.
1. Should I consider software RAID for virtual machines if their images are stored on an external RAID?
2. Where is the optimal server placement for the mail server? Should I set up another virtual machine?
I know that limited-volume boxes are cleared once a month.
3. Will the rack cooling systems be able to handle all this equipment?
4. I'm aware that Cisco has a network simulator where you can design and configure networks, and I believe the configurations can be exported to actual equipment. Is it possible to integrate these simulators with virtual machines? Or am I asking for too much? Are there any tools available for designing and deploying such a combat-ready IT infrastructure?
5. Have I overlooked anything important in this outline of the plan?
The question is complicated and can be simplified by breaking it down into smaller subqueries, which would make it easier to comprehend. When dealing with infrastructure, it is helpful to create a hand-drawn diagram to visualize the components.
Consider utilizing microtics as they have capabilities in both L3 and VLANs, offering a wide range of functions (taking their courses might prove beneficial). Monitoring the system is crucial for maintaining optimal performance. It is also essential to develop an addressing plan and create separate networks for voice, data, and device management. This approach should serve as a solid foundation to begin with..
A regular UTP without shielding can be used if the foil twisted pair is only between floors, as long as proper grounding is in place.
Switches should be installed on every floor, with 24-port or 48-port options depending on the need. This allows for the use of less capacious aggregation switches in the server room. Connecting each access switch to the aggregation switches using two links in an ether-channel ensures redundancy.
Citrix XenServer can be identified in the picture provided.
It is somewhat wasteful to assemble an SSD in RAID10. Instead, consider using smaller disks in larger quantities, such as RAID6 or RAID60. Spindle disks are better suited for RAID10 due to their slower speed. The choice of disk configuration depends on the specific tasks and budgets.
When considering a "RAID array in a rack", it is important to remember that it refers to the physical hardware and not the specific arrangement of disks. It is recommended to choose industrial storage systems, self-assembled storage, DAS baskets, or NAS, in order of preference and budget.
For UPS, it is advisable to have a margin of at least 100% to accommodate future server additions and increased load. Alternatively, consider a UPS that allows for the connection of external battery packs.
Devices like UniPing server v3/SMS are better suited for implementing humidity and temperature sensors without registration and SMS capabilities. These devices offer a wide range of sensor options, including infrared controllers for air conditioners in the server room.
RAID in virtual machines is not necessary. Instead, focus on providing fault-tolerant disk storage solutions, such as HPE MSA or Dell MF industrial storage systems.
For distributing services across virtual machines, the rule is simple: one service per machine. For example, dedicate one virtual machine to the mail server, another for DNS, and at least two for domain controllers. DHCP can also have its own dedicated virtual machine.
If the customer wants reliable performance, it is advisable to hire professionals. Experimenting without enough expertise can lead to long-term complications.
Finally, backup is crucial. It is important to determine what needs to be backed up and where to store the backups. Avoid storing backups on the same storage used for virtual machines to prevent potential issues.
When referring to a "server," it is important to specify what type of server and its intended function.
Creating a cluster becomes necessary when the cost of a single server exceeds the expense of building one from a backup. Additionally, restoring a virtual machine from a backup is a remarkably swift process.
Regarding server considerations, it is worth contemplating the implementation of a cluster consisting of two new servers, assuming the budget permits. Although I have yet to delve deeply into this matter, my initial understanding suggests that synchronization can be achieved, load distribution can be configured, and in the event of one server's failure, seamless transition to the second server can be facilitated.
In the case of domain controller, DHCP, and ldap, the workload is typically so minimal that creating a cluster for these services seems impractical. A standard virtual machine on VirtualBox can easily handle several hundred office tasks. Furthermore, since new users and machines are infrequently added to the domain, a backup from a week ago may still be relevant. Therefore, instead of employing a cluster, a nightly backup of the entire virtual machine to another physical computer suffices. In the event of an issue, the virtual machine with the domain controller can be quickly launched on another server within minutes, eliminating the complexities associated with clusters.
RAID technology is only meaningful at the primary level. If your disks are virtualized, RAID becomes unnecessary.
RAID serves a purpose solely for data that requires continuous and immediate access. If a company can tolerate waiting an hour, then the necessity for RAID diminishes. Moreover, many services can be restored from a virtual backup within five minutes.
1. Software RAID can be a viable option for virtual machines if the images are stored on an external RAID. However, hardware RAID controllers typically provide better performance and reliability. Consider the specific needs of your virtual machines and their workload before making a decision.
2. The optimal placement for a mail server depends on factors such as network topology and security requirements. Setting up another virtual machine for the mail server is a reasonable approach. Ensure that the virtual machine has sufficient resources and consider implementing backup and redundancy measures for data integrity.
3. The cooling systems in the rack should be able to handle the equipment if they are properly designed and maintained. Consider factors such as heat dissipation of the equipment, airflow management, and the ambient temperature of the server room. Regular monitoring and maintenance of cooling systems are essential to ensure efficient operation.
4. Cisco's network simulator, Cisco Packet Tracer, is primarily designed for designing and configuring networks using Cisco equipment. While it may not directly integrate with virtual machines, you can use it to simulate network scenarios and test configurations before deploying them in an actual environment. There are also other network simulation tools available, such as GNS3, which offer more flexibility and support for various vendors' equipment.
5. It's important to consider the following aspects in your plan:
- Network infrastructure: Define a clear network design, including VLANs, routing, and switching to ensure scalability, security, and efficient traffic flow.
- Security measures: Implement firewalls, intrusion detection systems, and regular security assessments to protect the network and data.
- Backup and disaster recovery: Establish a robust backup strategy and implement redundancy measures to ensure business continuity in case of failures or disasters.
- Remote branches: Assess the state of remote branches and evaluate their connectivity and infrastructure requirements to ensure consistent and secure operations across all locations.
- User access policies: Develop a comprehensive access control policy that includes standardizing hardware, updating software to the latest versions, and enforcing proper user access management.
- dоcumentation: Maintain thorough dоcumentation of the IT infrastructure, including network diagrams, equipment configurations, and procedures to aid troubleshooting and future expansion.