Skip to main content


Infrastructure Done Right: Part I

Column: From the Trenches

From the Oct. 2007 Issue

Most tax and accounting firms and other businesses I visit have mechanical
issues that need attention and correction. Your firm, regardless of its size,
is probably no exception. Qualified internal IT personnel as well as outsourced
vendors frequently make incorrect recommendations based on their level of knowledge
or perception that the firm won’t spend the money to do things right.
This year is an excellent time to prepare your network infrastructure for the
future while giving you more flexibility and reliability in day-to-day operations.
When your infrastructure is right, you also have greater productivity, team
member satisfaction and easier disaster recovery.

My hope is that you can use the following as a checklist to see how your technology
infrastructure measures up to current and reasonable standards. If you are a
smaller business, you will still need most everything listed. The items underlined
are specifically for businesses of 50 or more people, but you will notice that
very few items are underlined. Additionally, my team maintains a list of specific
part number recommendations at Look for technology recommendations
on our site. Since many of you are now doing your final upgrades of the year,
I have tried to prepare a simple list of key technologies. This column specifically
builds from the outside communications towards servers. Next month’s column
will then work towards workstations. Here are our best suggestions for the properly
dressed infrastructure:


a. Surge protection — Every item that touches your
network should be plugged through a surge protector. Common items missed include
copiers, printers, scanners and monitors. Key vendor: APC
b. UPS — All servers should have UPS protection. You
may want to consider having UPS protection on desktops if you have frequent
power outages. Key vendor: Liebert
c. Backup — Traditionally associated with servers,
most backup now involves removable disks, network attached storage (NAS) and
off-site Internet backup. There are still applications where tape makes sense.
Key vendors: High-Rely and eFolderbackup
d. Continuous Data Protection (CDP) — This technology
can back up servers in real time, replicate the data to another site or your
home and, from there, can be duplicated to an Internet backup site. Sometimes
the CDP is part of your firewall, but most often today, it is purchased as
a separate appliance.
e. Generator — If you are in an area where you have
extended power outages, full building generators can provide enough power
for your entire network. Minimally consider extended power for your servers
and machine room’s air conditioning.


  • Two or more high-speed communication lines — Even
    small businesses can justify having two or more lines to the outside world;
    particularly with our dependence on Internet Web access, e-mail and remote
    access. Make sure if you spend money on multiple lines, that there are different
    upstream providers (for example, cable modem and DSL or MPLS and wireless,
    Frame Relay and cellular, etc.). Additionally, have technicians configure
    your firewall to use the extra bandwidth all of the time and have automatic
    failover installed.
  • Load balancing firewall — Frequently, we see residential
    grade firewalls (Linksys, Dlink, NetGear) instead of commercial grade firewalls
    (SonicWALL, WatchGuard, Cisco). You should be particularly concerned about
    this protection for your business.
  • SSL-VPN capability — Secure Socket Layer Virtual
    Private Networks allow connection to your network using the commonly open
    browser port 80, keeping your team from being cut off from your office by
    other people’s firewalls. If you want your team to securely access your
    network from home, clients’ offices or on the road, you should consider
    this technology. For some firewalls, it can be added as a software feature;
    for others, it is a separately purchased and maintained piece of hardware.
  • Commercial grade power over Ethernet (POE), segmenting, Virtual
    LAN (VLAN) switch
    — This sounds like a mouthful, but today’s
    switches need some features that you may not have purchased in the past.
    • POE — This feature supports Voice over IP (VoIP) phones and allows
      you to provide power to the phone handset, security cameras and wireless
      access points.
    • VLAN — Even for small networks, the ability to segment users
      of different departments or volumes of data can be easily accomplished
      with today’s VLAN switches.
    • Commercial grade — Like firewalls, we often see products that
      are sub-standard deployed in mission-critical positions. Many of the products
      are home grade, and even units that pretend to be business ready don’t
      have enough speed to handle the loads of busy networks. Suspect names
      include LinkSys, Dell and DLink. Switches without enough capacity are
      silent bottlenecks in your network.
  • Certified CAT 6a cable — The certification reports
    should be kept on file. We generally don’t recommend that you replace
    old network cables unless:
    • They are not certified, and a small test shows they won’t certify
    • You intend to stay in your office for at least two years.
    • You intend to run gigabit network speeds. CAT 6 cable is really the
      minimum cable that should be used for 1GB networks, and 1GB is our slowest
      recommendation for servers and workstations today. Watch for new standards
      such as CAT 6f or CAT7 that is intended to support 10GB networks. You
      can use CAT 5 and 5E cable that is certified, but you will again have
      a silent bottleneck on performance.
  • Wireless Access Points — Wireless access points
    need to have the following capabilities. They should:
    • Support the new N technology as soon as it is approved as a standard.
      We are discontinuing our prior recommendations for 802.11 b/a/g wireless
    • Be able to be configured for both private access inside the firewall
      and public access outside the firewall.
    • Be firmware upgradeable — security flaws are frequently found
      and need fixed.

As previously noted, this is only part of the checklist to evaluate to ensure
that your infrastructure is done right. Next month’s column will continue
with the following areas: Servers, Workstations, Input/Output, and other items
to consider to complete the picture.

Each of these items could easily take hours to explain, and I understand that
you may not have as much detail as you would like. However, my chief concerns
are as follows: 1) that you’re buying sub-standard products to achieve
false economy or because of lack of knowledge; 2) that you’re selecting
a solution in every category where you have a need; and 3) that you are preparing
your network infrastructure for the major overhaul to come if you are going
to transition to Windows Server 2008, Windows Vista and to a lesser degree Office
2007. Other applications are going to add additional requirements to your infrastructure.
Prepare your infrastructure now to be ready for the changes in 2008.