Though your company’s sensitive data is closely guarded, locked away behind firewalls and password-protected portals, there’s another threat that should keep you up at night. That gnawing feeling is one shared by 39 percent of IT professionals worldwide: They’re more concerned with their own employees leaking data than any hacker. (more…)
The company needed storage, and soon. The entire business — collecting, analyzing, and processing new medical records, health care, and insurance data — depended on it. A lack of storage space would halt the review and processing of insurance claims and billing, and there wasn’t much time to prevent it. (more…)
If you knew your network had been breached, what would you do differently? If the answer is anything short of re-examining your entire arsenal of defenses, another breach is in your future. (more…)
Such was the situation for a children’s hospital in one U.S. city. The hospital had no disaster recovery (DR), and it was stuck with an impractical plan from a consultant – backup hardware in a building across the street. (more…)
This is the third post in a series about IT infrastructure design.
We laid out what our hypothetical law firm needs in our last post. Today, we’ll focus our attention on the server, where the work actually gets done.
Building the right server based on our needs
Before we begin, we need to make some more assumptions about the applications a law firm might use to properly specify the right server. Our first assumption will be the firm is using Office 365 for e-mail and Microsoft Office applications. We’ll also assume that Voice over IP (VoIP) services are provided by a carrier, and only an external network connection is required to make and receive calls. It’s possible to wirelessly connect the phones to the network, but if the firm uses regular VoIP phones, running additional cables to each desk and a primary power over Ethernet (POE) switch will do the trick.
Our final assumption is that most of the remaining functions can be provided by single applications sold in suites from various software companies. The only exception might be document management and storage applications, which could be two different applications. Part of our assumption is that certain specifications, such as CPU, memory, and storage capacity, will be met by the server.
What do we need? Let’s add it up
If we list our requirements (these will vary based on different vendors’ applications), and add in potential virtual desktops, here’s what we arrive at:
Based on these requirements, we’d suggest virtual infrastructure — a virtual host running multiple virtual guest operating systems to support the firm’s applications and users. While we could use physical servers, it represents too much extra management and a waste of resources. In our virtual infrastructure, the CPUs and, to some degree, the memory will be shared among the applications and desktops.
But a single server does represent a violation of the requirement of being highly available. To remedy this weakness, redundant connections for external storage and network, as well as redundant power and fans, will be employed. Our backups will protect against data loss and we’ll add some additional features to the server to prevent any single component from failing.
Finding the right solution through floor plans and server designs
Visuals will help us check our approach. Figure 1 is the floor plan of our hypothetical law office, complete with dedicated offices for the lawyers and cubicles for the administrative assistants and paralegals. There is also space for a kitchen and conference room.
Marked on the diagram are the locations of various wireless access points; while there may be better placements for these access points, the current setup should more than cover all of the cubicles and offices. Cable drops for the VoIP phones aren’t shown, but let’s assume wires can be run along the perimeter of the office space to each office, cubicle, and the conference room.
Next we’ll examine a diagram of the overall network that details connections for the wireless access points, desktops, and laptops (Figure 2). The network diagram shows the server with two connections to our POE switch and a dedicated storage array. The virtual machines or virtual guests that will run our applications are all contained within a single server. We also have enough capacity to run four or more virtual desktops.
Now for a breakdown of the server design, or specifications to support our law firm. We only need enough CPU cores to support about half of our needs; because all of the cores required by an application aren’t in use at the same time, some of these resources can be shared. But that’s not true for memory, which is locked to a virtual guest’s operating environment. If we’re forced to use a CPU with more cores, we can simply install more memory than needed –what application doesn’t do better when it has more than enough memory?
If we use the right memory DIMM size, we should have extra slots to add additional memory later. The same is true for the CPU. We’ll specify one CPU with at least 16 cores or more, and reserve the spare slot for future expansion as needed. Let’s examine a general diagram (Figure 3) of how this would look, including all of the redundant connections and components (fans, power supplies, cabling, controllers, disks, etc.).
Can you spot the glaring issue? The network switch represents a single point of failure. If it fails, all work ceases – bad news for a law firm dependent on the billable hour.
Network switches rarely fail, and the one we’d look for (from a reputable vendor) would have dual power supplies and sufficient ports, which should ensure a long life. But we could avoid that trouble by employing a second switch. This diagram shows another design, complete with enough redundant connections to satisfy almost anyone (Figure 4).
Since we have more than enough wireless access points by a safe margin, losing three of the access points wouldn’t prevent any work from getting done, but it would be slightly annoying. A single connection for the VoIP phones isn’t shown, but because we have spare ports, it shouldn’t present a problem.
Check your shopping list twice
At this point, we’ve addressed almost every aspect of the firm’s requirements, including the ability to support virtual desktops. Below is our shopping list and the necessary specifications required to build out our custom, 21st-century IT infrastructure for the law firm. The items on this list can be purchased through a third-party vendor for agnostic advice and favorable pricing.
We haven’t yet mentioned some of the software products listed in our shopping list: The VEEAM backup software provides protection for our virtual guests, backing up the data to the internal storage on the server. VEEAM also allows for almost instant recovery, running the backup directly from the backup storage.
Additionally, the wireless management software supports the access points. One option is the use of a network gateway or firewall to support the access points’ connections. This saves ports on the primary switch and should include the ability to manage the wireless network and secure user access.
Our next post will detail how to run this infrastructure in the cloud.
An employee at an investment bank read documents left on a shared printer. They contained information about upcoming mergers and investment decisions, and the employee used that information for his own financial gain.
One network-connected printer at a large beverage manufacturer ran out of ink, and continued to send out messages to all connected network segments. Those repeated messages crashed a dozen programming logic controller devices, and rebooting them halted production for hours. (more…)
But what happens when an employee leaves the company? Oftentimes, not much. And the passwords we use for each different system often are changed on regular but inconsistent schedules. Because Single Sign-On (SSO) portals are still unknown to many IT directors, it’s rare to find a company where IT manages passwords and other credentials, and that can be a problem. In a worst case scenario it could lead to data breaches should a former employee retain credentialed access to important company information. (more…)
Lost laptops. Unused software licenses. Ghost assets. For too many organizations, these IT failures are really a failure of IT asset management (ITAM). In these companies, hardware and software tracking is too challenging a goal, or one that gets bumped down the pecking order every year.
Here’s the truth: It doesn’t have to be this way. Over the past 20 years, we’ve learned that ITAM must be implemented in every organization, no matter how large or small. And along the way, we’ve uncovered six truths about the most successful ITAM programs and how to get your own off the ground.
We hold these truths to be self-evident, that asset management is attainable by all. Let’s uncover the truth, and help your organization get on track for an ITAM plan. (more…)
It’s easy to get lost in big data. The terabytes of data compiled and crunched by machines and programs offer new insights about our world. But where’s the signal? The noise? What does big data actually mean for you and me?
Big data isn’t about finding the needle in the haystack, but rather understanding the haystack, needle and all. Big data’s value lies in its useful and actionable insights, which are only as powerful as the data you’ve collected and the questions you ask of it. Understanding what the data can provide and how to use it is already earning dividends for some industries. (more…)
As the school year progresses, so does student achievement. And so must your school network and its security. After all, security threats to your network and mission-critical data don’t leave for the summer. We’re again looking at our digital learning checklist to guide analysis of your school’s current IT environment, see where improvements can be made, and help you begin investing for the future.
Let’s continue, focusing on network infrastructure and security. (more…)