Infrastructure Done Right: Part I

From the Oct. 2007 Issue

Most tax and accounting firms and other businesses I visit have mechanical issues that need attention and correction. Your firm, regardless of its size, is probably no exception. Qualified internal IT personnel as well as outsourced vendors frequently make incorrect recommendations based on their level of knowledge or perception that the firm won’t spend the money to do things right. This year is an excellent time to prepare your network infrastructure for the future while giving you more flexibility and reliability in day-to-day operations. When your infrastructure is right, you also have greater productivity, team member satisfaction and easier disaster recovery.

My hope is that you can use the following as a checklist to see how your technology infrastructure measures up to current and reasonable standards. If you are a smaller business, you will still need most everything listed. The items underlined are specifically for businesses of 50 or more people, but you will notice that very few items are underlined. Additionally, my team maintains a list of specific part number recommendations at www.nmgi.com. Look for technology recommendations on our site. Since many of you are now doing your final upgrades of the year, I have tried to prepare a simple list of key technologies. This column specifically builds from the outside communications towards servers. Next month’s column will then work towards workstations. Here are our best suggestions for the properly dressed infrastructure:

Protection

a. Surge protection — Every item that touches your network should be plugged through a surge protector. Common items missed Click for full imageinclude copiers, printers, scanners and monitors. Key vendor: APC
b. UPS — All servers should have UPS protection. You may want to consider having UPS protection on desktops if you have frequent power outages. Key vendor: Liebert
c. Backup — Traditionally associated with servers, most backup now involves removable disks, network attached storage (NAS) and off-site Internet backup. There are still applications where tape makes sense. Key vendors: High-Rely and eFolderbackup
d. Continuous Data Protection (CDP) — This technology can back up servers in real time, replicate the data to another site or your home and, from there, can be duplicated to an Internet backup site. Sometimes the CDP is part of your firewall, but most often today, it is purchased as a separate appliance.
e. Generator — If you are in an area where you have extended power outages, full building generators can provide enough power for your entire network. Minimally consider extended power for your servers and machine room’s air conditioning.

Network

  • Two or more high-speed communication lines — Even small businesses can justify having two or more lines to the outside world; particularly with our dependence on Internet Web access, e-mail and remote access. Make sure if you spend money on multiple lines, that there are different upstream providers (for example, cable modem and DSL or MPLS and wireless, Frame Relay and cellular, etc.). Additionally, have technicians configure your firewall to use the extra bandwidth all of the time and have automatic failover installed.
  • Load balancing firewall — Frequently, we see residential grade firewalls (Linksys, Dlink, NetGear) instead of commercial grade firewalls (SonicWALL, WatchGuard, Cisco). You should be particularly concerned about this protection for your business.
  • SSL-VPN capability — Secure Socket Layer Virtual Private Networks allow connection to your network using the commonly open browser port 80, keeping your team from being cut off from your office by other people’s firewalls. If you want your team to securely access your network from home, clients’ offices or on the road, you should consider this technology. For some firewalls, it can be added as a software feature; for others, it is a separately purchased and maintained piece of hardware.
  • Commercial grade power over Ethernet (POE), segmenting, Virtual LAN (VLAN) switch — This sounds like a mouthful, but today’s switches need some features that you may not have purchased in the past.
    • POE — This feature supports Voice over IP (VoIP) phones and allows you to provide power to the phone handset, security cameras and wireless access points.
    • VLAN — Even for small networks, the ability to segment users of different departments or volumes of data can be easily accomplished with today’s VLAN switches.
    • Commercial grade — Like firewalls, we often see products that are sub-standard deployed in mission-critical positions. Many of the products are home grade, and even units that pretend to be business ready don’t have enough speed to handle the loads of busy networks. Suspect names include LinkSys, Dell and DLink. Switches without enough capacity are silent bottlenecks in your network.
  • Certified CAT 6a cable — The certification reports should be kept on file. We generally don’t recommend that you replace old network cables unless:
    • They are not certified, and a small test shows they won’t certify easily.
    • You intend to stay in your office for at least two years.
    • You intend to run gigabit network speeds. CAT 6 cable is really the minimum cable that should be used for 1GB networks, and 1GB is our slowest recommendation for servers and workstations today. Watch for new standards such as CAT 6f or CAT7 that is intended to support 10GB networks. You can use CAT 5 and 5E cable that is certified, but you will again have a silent bottleneck on performance.
  • Wireless Access Points — Wireless access points need to have the following capabilities. They should:
    • Support the new N technology as soon as it is approved as a standard. We are discontinuing our prior recommendations for 802.11 b/a/g wireless technologies.
    • Be able to be configured for both private access inside the firewall and public access outside the firewall.
    • Be firmware upgradeable — security flaws are frequently found and need fixed.

As previously noted, this is only part of the checklist to evaluate to ensure that your infrastructure is done right. Next month’s column will continue with the following areas: Servers, Workstations, Input/Output, and other items to consider to complete the picture.

Each of these items could easily take hours to explain, and I understand that you may not have as much detail as you would like. However, my chief concerns are as follows: 1) that you’re buying sub-standard products to achieve false economy or because of lack of knowledge; 2) that you’re selecting a solution in every category where you have a need; and 3) that you are preparing your network infrastructure for the major overhaul to come if you are going to transition to Windows Server 2008, Windows Vista and to a lesser degree Office 2007. Other applications are going to add additional requirements to your infrastructure. Prepare your infrastructure now to be ready for the changes in 2008.

Loading