Start with your physical layout and your business model.
if you have high-secure users who require additional security, hopefully they're all located in the same general area (same floor or two) and you give them a dedicated subnet.
Servers should all be located in the same area and be on a dedicated subnet. Anything you will place in the DMZ gets its own separate segment too, possibly using public addresses or a separate address range all together from the internal clients.
Then take all the clients that are left and see how they are physically grouped. Anything at a remote location--- branch office, building across the street for overflow workers, or another building in a corporate campus--- gets its own segment and possibly multiple segments, depending on the number of clients.
Everything in the same building can be on the same segment but you probably want to divide segments by floors or groups of floors, so that you don't have 1000 clients all putting traffic on the same wires. Also multiple routers (which you'll need to segregate the segments) will mean less users sitting idle when the router goes down and takes the network with it.
Your three most important questions: where are the users, how many users do we have, and what's an acceptable number of users to be down at any one time. Once you have that number, you can simply look at a subnet masking table to determine which mask will support the right number of clients. Make sure to factor in growth and any "heavy" applications, like Oracle databases and some document imaging tools which can be very bandwidth intense; if you have a lot of these, smaller segments and more of them are better.
2006-06-08 15:54:46
·
answer #1
·
answered by dcgirl 7
·
0⤊
0⤋
using switches/ routers with CAT 5 UTP cabling with possibly a fiber backbone with a vpn set up for remote users and add firewalls
2006-06-08 22:44:54
·
answer #2
·
answered by Angel 3
·
0⤊
0⤋