Things You Should Know About A Small Business Network
Servers aren’t always necessary
If a company employs fewer than 10 employees and isn’t forecasting aggressive growth, it’s likely a peer-to-peer network of Windows XP Professional systems will meet the organization’s needs. Should the organization grow, the investment in XP Pro systems can still be leveraged. When exceeding 12 or so employees, though, organizations are typically better served with a server.
One easy but all-too-common mistake is easily avoided. Never deploy Windows XP Home systems in office or business workgroup environments. The consumer OS doesn’t offer the security controls Windows XP Professional boasts, nor can Windows XP Home join a Small Business Server-powered domain (should the organization grow to the point that it requires centralized administration).
Good topology is planned, not accidental
Poorly configured networks are everywhere. The number of three- and four-hop networks I encounter as an IT consultant is mind numbing. Adding four- and five-port routers/switches here and there isn’t the proper way to connect networks. Although it’s an easy approach, performance inevitably becomes a problem.
Thus, it comes as no surprise when a small business with nine systems and four switches approaches me complaining of poor network performance. Worse yet, many of these networks often possess multiple 192.168.x.y and 10.0.x.y subnets.
Replacing three four-port switches with a single 16-port switch typically introduces dramatic performance improvements. Even with only 10 or 12 employees, the additional ports often prove handy for providing a single interface for all client systems, a server if it’s present, and firewall and DSL or T1 connectivity.
It’s easy to fall into the trap of simply adding switches as a network expands, but before you add a second switch, plot the network on paper. Count the number of hops a connection must navigate before reaching the gateway. Often, you’ll find investing in a few extra cable drops (to avoid requiring an additional switch in a quickly expanding office) provides performance gains that more than justify the expense.
Whenever you prepare to add new systems or are prepping a new network, consider its topology carefully. Work to minimize the number of hops data must travel, even if investing in a switch with more ports or new cable drops is required.
Network equipment deserves investment
The average lifespan of a network switch or firewall is probably four to five years. Others may tell you three years is the average, but let’s be honest–most everyone tries to maximize their investments by running equipment longer.
If you try to save funds by purchasing cheaper network equipment, you’ll almost certainly pay the price down the road. Less expensive switches, firewalls, VPN appliances, and routers are available, sure. But they’re made with lesser quality materials. That means the power supplies are less robust. Ports are more likely to fail. Cheap fans are more likely to malfunction, thereby resulting in failure due to overheating.
When designing or re-architecting a small business network, budget funds appropriately for commercial-class network equipment. Buy the best the organization can afford. Although there are no moving parts, and the equipment is likely parked in a closet where no one will ever see it to appreciate it, most every aspect of an organization’s data and communications will run through the equipment. If there’s ever an element that justifies purchasing quality components, that’s it.
IP addressing deserves attention
Just as a network’s topology deserves attention and planning, so too does a network’s IP addressing scheme. The popularity of universal threat management (UTM) appliances and proprietary router and firewall operating systems, such as those found in Cisco, SonicWALL, and other companies’ devices, often introduces a variety of operating subnets.
As a result, troubleshooting connection failures, performance issues, and other problems is made exponentially more difficult. Instead of maintaining three different subnets, or worse, encountering multiple DHCP devices serving up the same IP addresses within the same ranges (don’t laugh, it happens), always plot network topologies and the corresponding IP subnets on paper. A world of mistakes (and hurt) can be easily avoided, as discrepancies are easily spotted when a network is properly documented on paper or within Visio.
Multiple subnets aren’t always bad, of course. Occasionally, a small business may require two subnets. When security is of particular concern, maintaining sensitive data on a secondary subnet available only to limited personnel (and typically removed from wireless connectivity) may prove best. Such secondary subnets also prove helpful when you want to limit VPN or remote traffic to specific network segments.
You should choose internal domain names carefully
The Microsoft community recommends rolling out servers using the .local domain. The problem is that Macintosh systems encounter trouble resolving addresses with Active Directory when the .local domain is used because Apple’s own Rendezvous technology was designed to use the .local namespace.
If an organization doesn’t need to include Macs on its network and never will, the problem’s likely not an issue. But if Macs are to be present at any point, selecting a different namespace will help avoid having to make other changes to enable the Apple systems to properly resolve DNS requests.
That said, you should also guard against using publicly routed domain names as an internal domain namespace. Several years ago, I made that mistake on a test system, and multiple issues arose due to trouble resolving DNS requests. User logons sometimes took 12 to 15 minutes to complete. Design networks to use top-level domains that aren’t publicly routed on the Internet.
Many administrators prefer the .local or .lan top-level domains. For testing purposes, the .test domain works well. The .example domain, meanwhile, is a safe, if unsavory, bet.
Data requires segregation
When designing a small business network, plan on separating the network’s data to maximize data protection, backups, and recovery.
How? Follow the best practice of installing an operating system’s files on a different partition (and preferably a different hard disk) than that housing user and application data. Better yet, ensure a Windows server’s Exchange database is parked on its own partition or disk, too.
Ultimately, that’s a lot of partitions and disks. Most small businesses are unlikely to maintain the three (or six, if disk mirroring is implemented) hard disks such planning requires, but at least give it some thought. Organizations unable to maintain (due to cost restrictions) separate hard disks for an operating system’s files, user data, and the Exchange database should place that much more emphasis on making sure that backup operations properly complete on a regular basis.