Anatomy of a Design: Building a robust server architecture

infrastructure designThis is the third post in a series about IT infrastructure design.

We laid out what our hypothetical law firm needs in our last post. Today, we’ll focus our attention on the server, where the work actually gets done.

Building the right server based on our needs

Before we begin, we need to make some more assumptions about the applications a law firm might use to properly specify the right server. Our first assumption will be the firm is using Office 365 for e-mail and Microsoft Office applications. We’ll also assume that Voice over IP (VoIP) services are provided by a carrier, and only an external network connection is required to make and receive calls. It’s possible to wirelessly connect the phones to the network, but if the firm uses regular VoIP phones, running additional cables to each desk and a primary power over Ethernet (POE) switch will do the trick.

Our final assumption is that most of the remaining functions can be provided by single applications sold in suites from various software companies. The only exception might be document management and storage applications, which could be two different applications. Part of our assumption is that certain specifications, such as CPU, memory, and storage capacity, will be met by the server.

What do we need? Let’s add it up

If we list our requirements (these will vary based on different vendors’ applications), and add in potential virtual desktops, here’s what we arrive at:


Based on these requirements, we’d suggest virtual infrastructure — a virtual host running multiple virtual guest operating systems to support the firm’s applications and users. While we could use physical servers, it represents too much extra management and a waste of resources. In our virtual infrastructure, the CPUs and, to some degree, the memory will be shared among the applications and desktops.

But a single server does represent a violation of the requirement of being highly available. To remedy this weakness, redundant connections for external storage and network, as well as redundant power and fans, will be employed. Our backups will protect against data loss and we’ll add some additional features to the server to prevent any single component from failing.

Finding the right solution through floor plans and server designs

Visuals will help us check our approach. Figure 1 is the floor plan of our hypothetical law office, complete with dedicated offices for the lawyers and cubicles for the administrative assistants and paralegals. There is also space for a kitchen and conference room.


Figure 1

Marked on the diagram are the locations of various wireless access points; while there may be better placements for these access points, the current setup should more than cover all of the cubicles and offices. Cable drops for the VoIP phones aren’t shown, but let’s assume wires can be run along the perimeter of the office space to each office, cubicle, and the conference room.

Next we’ll examine a diagram of the overall network that details connections for the wireless access points, desktops, and laptops (Figure 2). The network diagram shows the server with two connections to our POE switch and a dedicated storage array. The virtual machines or virtual guests that will run our applications are all contained within a single server. We also have enough capacity to run four or more virtual desktops.

Figure 2

Figure 2

Now for a breakdown of the server design, or specifications to support our law firm. We only need enough CPU cores to support about half of our needs; because all of the cores required by an application aren’t in use at the same time, some of these resources can be shared. But that’s not true for memory, which is locked to a virtual guest’s operating environment. If we’re forced to use a CPU with more cores, we can simply install more memory than needed –what application doesn’t do better when it has more than enough memory?

If we use the right memory DIMM size, we should have extra slots to add additional memory later. The same is true for the CPU. We’ll specify one CPU with at least 16 cores or more, and reserve the spare slot for future expansion as needed. Let’s examine a general diagram (Figure 3) of how this would look, including all of the redundant connections and components (fans, power supplies, cabling, controllers, disks, etc.).

Figure 3

Figure 3

Can you spot the glaring issue? The network switch represents a single point of failure. If it fails, all work ceases – bad news for a law firm dependent on the billable hour.

Network switches rarely fail, and the one we’d look for (from a reputable vendor) would have dual power supplies and sufficient ports, which should ensure a long life. But we could avoid that trouble by employing a second switch. This diagram shows another design, complete with enough redundant connections to satisfy almost anyone (Figure 4).

Figure 4

Figure 4

Since we have more than enough wireless access points by a safe margin, losing three of the access points wouldn’t prevent any work from getting done, but it would be slightly annoying. A single connection for the VoIP phones isn’t shown, but because we have spare ports, it shouldn’t present a problem.

Check your shopping list twice

At this point, we’ve addressed almost every aspect of the firm’s requirements, including the ability to support virtual desktops. Below is our shopping list and the necessary specifications required to build out our custom, 21st-century IT infrastructure for the law firm. The items on this list can be purchased through a third-party vendor for agnostic advice and favorable pricing.


We haven’t yet mentioned some of the software products listed in our shopping list: The VEEAM backup software provides protection for our virtual guests, backing up the data to the internal storage on the server. VEEAM also allows for almost instant recovery, running the backup directly from the backup storage.

Additionally, the wireless management software supports the access points. One option is the use of a network gateway or firewall to support the access points’ connections. This saves ports on the primary switch and should include the ability to manage the wireless network and secure user access.

Our next post will detail how to run this infrastructure in the cloud.

Printer security is no joke, so why are you forgetting about it?

security lockAn employee at an investment bank read documents left on a shared printer. They contained information about upcoming mergers and investment decisions, and the employee used that information for his own financial gain.

One network-connected printer at a large beverage manufacturer ran out of ink, and continued to send out messages to all connected network segments. Those repeated messages crashed a dozen programming logic controller devices, and rebooting them halted production for hours. (more…)

Remember these 3 things about Single Sign-On portals

sign onPasswords are our keys to nearly every digital door. No matter where we go, there’s a prompt for a password from websites, software, and company programs.

But what happens when an employee leaves the company? Oftentimes, not much. And the passwords we use for each different system often are changed on regular but inconsistent schedules. Because Single Sign-On (SSO) portals are still unknown to many IT directors, it’s rare to find a company where IT manages passwords and other credentials, and that can be a problem. In a worst case scenario it could lead to data breaches should a former employee retain credentialed access to important company information. (more…)

Follow these 6 truths to unleash your ITAM program

chainLost laptops. Unused software licenses. Ghost assets. For too many organizations, these IT failures are really a failure of IT asset management (ITAM). In these companies, hardware and software tracking is too challenging a goal, or one that gets bumped down the pecking order every year.

Here’s the truth: It doesn’t have to be this way. Over the past 20 years, we’ve learned that ITAM must be implemented in every organization, no matter how large or small. And along the way, we’ve uncovered six truths about the most successful ITAM programs and how to get your own off the ground.

We hold these truths to be self-evident, that asset management is attainable by all. Let’s uncover the truth, and help your organization get on track for an ITAM plan. (more…)

Diagnosing cancer and stopping crime: How big data is leaving its mark

big dataIt’s easy to get lost in big data. The terabytes of data compiled and crunched by machines and programs offer new insights about our world. But where’s the signal? The noise? What does big data actually mean for you and me?

Big data isn’t about finding the needle in the haystack, but rather understanding the haystack, needle and all. Big data’s value lies in its useful and actionable insights, which are only as powerful as the data you’ve collected and the questions you ask of it. Understanding what the data can provide and how to use it is already earning dividends for some industries. (more…)

Technology in the classroom, part 2: Improving infrastructure and security

digtal learningAs the school year progresses, so does student achievement. And so must your school network and its security. After all, security threats to your network and mission-critical data don’t leave for the summer. We’re again looking at our digital learning checklist to guide analysis of your school’s current IT environment, see where improvements can be made, and help you begin investing for the future.

Let’s continue, focusing on network infrastructure and security. (more…)

Think hackers aren’t targeting your small business? Think again.

cyber criminalThe fallout from the massive data breach of controversial website Ashley Madison probably still hasn’t hit rock bottom.

The names and email addresses, as well as more sensitive information, of about 37 million Ashley Madison customers were exposed after malicious hackers published the information on a dark web forum. The consequences of the Ashley Madison breach are potentially devastating for Ashley Madison’s clientele, and the company is facing serious fallout as well, including class-action lawsuits and incalculable damage to its brand.

Leaders at many small and mid-sized businesses (SMBs) might be thinking, “I don’t need to worry about a data breach — no one is interested in attacking my business.” (more…)

The deadline for E-Rate is approaching — are you on schedule to get funding?

classroomWant to lose a classroom’s attention in less than 15 seconds? Open a video on a poor wireless connection.

It doesn’t have to be this way, but for many schools it happens daily. E-Rate funding, which comes from the biggest grant program for K-12 school districts and public libraries, provides Internet access and infrastructure for schools and libraries throughout the country. Run by the Federal Communications Commission (FCC), E-Rate helps schools and libraries improve their Internet access and wireless connectivity by providing money for technology upgrades and improved access. The pot of E-Rate funding is now above $2 billion. (more…)

Incident management isn’t enough — here’s what IT really needs

incident managementIn all of the latest IT security threat reports, one theme is clear: Breaches and compromises are on the rise, both in quantity and sophistication, and there’s no sign of them slowing down. Organizations of all sizes are at risk. Businesses need to be ahead of the game, maintain a strong security posture, and be prepared for anything.

But is it possible to be prepared for the unexpected? Yes it is, but only if you focus on developing and implementing sound incident management practices.

This includes everything from initial detection of an intrusion in the IT environment to response and recovery services. But here’s the rub: Incident management programs are useless if they can’t detect an incident or attack in real time. This is the key component to the IT security universe. (more…)

Anatomy of a Design: Determine the right network requirements

infrastructure designThis is the second post in a series about IT infrastructure design.

In our last post on IT infrastructure, we examined the general requirements of a hypothetical law firm in need of a new infrastructure. Now, we’ll research network requirements, because without the network, business as usual grinds to a halt.

In this example you can see how an organization’s employees, business, and other requirements influence the best solution for its needs. Think about the factors that go into determining this solution and how they might apply to your own organization. (more…)