Call Us: (888) 403-3833
NetAdminWorld - Finding network solutions, not excuses.

Hardware Considerations

Choosing The Correct Hardware For Your Network

Related Articles

Network Planning
The Network Administrator
Hardware Considerations
Data Racks and Cabinets
The Server Room

Computer hardware is vast in design and functionality. This will be an overview of the basic computer networking equipment that will be normally used in an average production network. The functionality of this equipment will be discussed in general. Specific information should be obtained by the manufacture of the device’s website.

The major players in a network consists of:

  • Workstations
  • Routers
  • Switches
  • Firewalls
  • Ethernet Network Cabling

Hardware configuration examples may be listed, but these listings are for reference only. Again, consult your manufacture’s documentation or website for complete details and instructions for device configuration and troubleshooting.

Workstations

Computers in the workforce are now standard equipment. Be it a large Enterprise or a SMB, (Small to Medium Business,) everyone working there will either be assigned a computer or have access to one. The workstations are mainly tower units but can also be laptops and there could be only a few in an office or thousands in a large company. Maintaining and servicing these machines can be a daunting task.

Servers

The following dialog will be referring to Windows Servers. Linux servers, though having the same basic functionality will not be discussed on this page.

A sever is a computer that provides programs or functions for other computers or devices. These devices are known as “clients”. This type of architecture is known as a client-server model where a single form of computation is distributed across many devices. Servers also provide other functions such as sharing data or resources.

How this functionality works is simple. A client requests either data, a program or function from the server. The server in turn sends back the acknowledgement with the requested service. This service could be in the form of a file or a function such as requesting a document to be printed.

Servers are more powerful than other computer workstations. They usually have more than one power supply, (redundant power), multiple processors and multiple hard drives. They are also considerably more expensive than a standard computer and usually generate more heat.

Servers can either be physical or virtual, (we are speaking of a Virtual Machine and not to be confused with a Cloud based Virtual Server or Virtual Private Server,) and there are pros and cons to each side. It all depends on what you are wanting to achieve with your server.

Of course a virtual server is going to require a physical device in which to operate. So there will be a cost involved for having a virtual server, but not double the cost should you have two physical servers.

Physical or Virtual: The Pros and Cons

A physical server is like any other computer but more robust. It has memory, network, processing and storage resources. A virtual server has the same resources but the operation system in a virtual server is replaced by a hypervisor. A hypervisor is software, firmware or hardware that can run a virtual machine. Such hypervisors are vSphere or Hyper-V.

There are some pros and cons on either side. We'll discuss these here.

Physical Servers - The Pros

  • Performance: This by far should be the #1 reason you should choose a physical server if performance is the primary factor.
  • Division of Services: Unlike a virtual server, a single point of failure will probably not take down a physical server, unless of course the point of failure is the hardware itself.
  • Price: Yes, the price of a physical server is more expensive that a virtual server, but if buying new is not a concern, you can pick up a physical server from various resources on the Internet for a very reasonable price.
  • Licensing: Of course you need to license the OS running on your physical server, but with this license you are granted with being allowed to run a number of virtual machines.
  • Security: Now this only applies if your virtual server is cloud based. If it is on your physical server your data will be as safe as the data on your physical server. If you are running your data on a virtual server that is cloud based, you should consider the security of your clould provider.

Physical Servers - The Cons

  • Price:We've discussed price before and we're doing it again. If you are more prone to buy new equipment then price will definately be a factor to consider. New physical servers can be costly.
  • Complexity of Hardware: Physical servers can be complex both in management and upkeep.
  • Licensing: For each physical server running an OS, you need to have a license for the OS. Virtualization cuts back on this cost.
  • Server Utilization: Let's say you have ten servers. If you don't utilize each server properly, it's costing money.
  • Growth: Face it. It is easier to add a virtual machine than it is to add a physical machine, and it's less expensive as well.

Virtual Servers - The Pros

  • Cost: This is the major pro here. Yes it takes a physical server to host a virtual machine, (even cloud based virtual machines.) But if you are hosting your own virtual server, you can run multiple virtual servers on a single physical machine. Here is where you will notice the cost savings.
  • Administration: The administration on a virtual server is not as intensive as the administration of a physical server.
  • Disaster Recovery: When properly used, most virtualization software comes with a number of features that may increase server up-time for your environment.
  • Growth: If you decide you need to add addtional servers, virtualization is the way to go. It is far easier to add a virtual server than it is to purchase, license, configure and manage a physical server.

Virtual Servers - The Cons

  • Performance: Yes, this is an issue. As you increase your workload, your virtual server performance will decrease.
  • Licensing: Most licensed server Operation Systems will come with at least two virtual machine licenses. If you wish to add more than two virtual machines, (servers,) you will need to purchase the appropriate licensing agreements.
  • Single Point of Failure: Unlike a physical server, if a virtual server crashes, all services associated with that physical server will fail as well.
  • Security: As said previously, if you are running a virtual server on an in-house physical server, the security of your data will be based upon your own, manageable security. If you are using a cloud based virtual server, check with your cloud provider's security measures to ensure your data is in fact secure.

Server Roles

A server role is a set of software programs that lets a computer perform a specific function for multiple users or other computers within a network.

I will not even attempt to go into the number of roles a Windows Server has, let alone the number of features, but here are a few of the most common roles and their functions that a Windows Server can have.

  • Active Directory Certificate Services: This role provides the services for creating and managing public key certificates used in most aspects of security today, including HTTP Security (HTTPS), which is vital to many Windows Roles, wireless network security, VPNs, IPsec, Encrypting File System (EFS) and other software security systems that require encryption or digital signatures.
  • Active Directory Domain Services: This role was previously known as Active Directory. AD Domain Services stores information about users, computers and other devices on the network in a security boundary known as a domain. With resources and users being members of a domain or trusted hierarchy of domains known as a forest, access to company wide information is secure and no burden on the user.
  • Active Directory Federation Services (ADFS): This role provides Web single-sign-on (SSO) capabilities across separate organizations. It also allows authentication across multiple Web applications in various companies using a single user account. ADFS accomplishes this by securely federating, or sharing, user identities and access rights in the form of digital claims, between partner organizations once a federation trust has been established.
  • Active Directory Lightweight Directory Services: This role was previously known as Active Directory Application Mode (ADAM). Active Directory Lightweight Directory Services provides a directory service that organizations can use to store information specific to an application that is separate from the organization's main AD. Active Directory Lightweight Directory Services runs as a non-OS service and doesn't require deployment on a DC with multiple Active Directory Lightweight Directory Services instances supported on a single server.
  • Active Directory Rights Management Services: This role provides very granular protection on supported documents via AD RMS-enabled applications to not only protect documents and other digital information but also to control the actions that authorized consumers of the information can do.
  • Application Server: This role comprises several components that are responsible for the deployment and managing of .NET Framework 3.0 applications. These components include the .NET Framework, Web Server (IIS) Support, Message Queuing, COM+ Network Access, TCP Port Sharing, Distributed Transactions and Windows Process Activation Service Support.
  • Dynamic Host Configuration Protocol (DHCP) Server: This role allows servers to assign or lease IP addresses to computers and other devices that are enabled as DHCP clients on the network.
  • DNS Server: This role enables DNS to resolve host names to IP addresses in both IPv4 and IPv6.
  • Fax Server: This role allows the server to sends and receives faxes and allows you to manage fax resources such as jobs, settings, reports, and fax devices on this computer or on the network.
  • File Services: This role provides technologies for storage management which includes control of the types of files stored on a server via file screens. Also provided are powerful quotas, file replication, distributed namespace management, NFS, and support for UNIX clients.
  • Hyper-V: This role provides the services that you can use to create and manage virtual machines (VMs) and their resources.
  • Network Policy and Access Services: This role delivers a variety of methods to provide users with local and remote network connectivity, to connect network segments and to allow network administrators to centrally manage network access and client health policies. With Network Access Services, you can deploy VPN servers, dial-up servers, routers, and 802.11 protected wireless access. You can also deploy RADIUS servers and proxies and use Connection Manager Administration Kit to create remote access profiles that allow client computers to connect to your network.
  • Print Services: This role enables the management of print servers and printers. A print server reduces administrative and management workload by centralizing printer management tasks. Also, part of Print Services is the Print Management Console which streamlines the management of all aspects of printer server management including the ability to remotely scan a subnet for printers and automatically create the necessary print queues and shares.
  • Terminal Services: This role enables users to access Windows-based programs that are installed on a terminal server or to access the Windows desktop from almost any computing device that supports the RDP protocol. Users can connect to a terminal server to run programs and to use network resources on that server. Windows Server has technologies that allow the RDP traffic necessary for communication with a terminal server from a client to be encapsulated in HTTPS packets, which means all communication is via port 443 so no special holes are required in the firewall for access to terminal servers within an organization from the Internet.
  • Universal Description, Discovery, and Integration (UDDI) Services: The UDDI Services role provides description, discovery, and integration capabilities for sharing information about Web services within an organization's intranet, between business partners on an extranet, or on the Internet.
  • Web Server (IIS): This role enables sharing of information on the Internet, intranets, or extranets. It's a unified Web platform that integrates IIS 7.0, ASP.NET, and Windows Communication Foundation. IIS 7.0 also features enhanced security, simplified diagnostics, and delegated administration.
  • Windows Deployment Services (WDS): This role is used to install and configure Windows OSs that are stored in the Windows Imagine format remotely on computers via Pre-boot Execution Environment (PXE) boot ROMs.

Server Maintenance

To ensure that your server is optimized and in proper working order, it is essential to provide routine server maintenance. Server maintenance may vary from business to business, however the primary concept is to keep your business running as smoothly as possible.

This can be obtained through regular data backups, patch installations that prevent or fix bugs, running diagnostics and tests that will keep your server running in peak performance and thus minimizing risks due to errors and prevent system failures.Your company’s plan may differ from others but the same goal is the primary objective here, keeping your system up, reliable and secure.

Here are some tips that can help you maintain your server.

  1. Check your OS: Make sure it is up to date and has all of the patches applied.
  2. Check your applications: Make sure all of your applications are up to date.
  3. Check your control panel: If you are using hosting or a control panel make sure the updates are current.
  4. Check your backups: It is not only important to back up your data, but also make sure your backups are working.
  5. Check your disk usage: Don't use your server as an archive machine. Make sure you have adaquate disk space
  6. Check your RAID: Make sure to keep an eye on your RAID for any issues that could cause a system failure.
  7. Check your remote management tools: This should be done if your server is co-located or with a dedicated service provider.
  8. Check your hardware for errors: Review your event logs for any signs of hardware issues.
  9. Check your user's accounts: Remove users that are no longer with your company.
  10. Check your password policy: Make sure your password policy enforces a complex password and that passwords should be changed on regular intervals.
  11. Check your system security: A regular check of your system's security will help prevent any security flaws, known or unexpected.
  12. Check your server utilization: Monitoring RAM, CPU and network utilization will show signs that you may need to plan adding additional resources.

Routers

A router is a device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP's network. Routers are located at gateways, the places where two or more networks connect.

Your choice of routers should be carefully considered. Though the price of an upper-level consumer class grade router may be attractive, you may be forfeiting security and configurability. You should seriously look beyond any consumer grade router for your business and it’s needs.

You will get additional features for your dollar with your business grade router, but what will you get? You will get is stronger security features, more flexibility in giving you access to your network from remote locations, and the ability to scale as your business grows.

Business class routers support WPA, WPA2, and RADIUS (also known as WPA-Enterprise) security protocols, but you should use only the latter two to secure your business’s network. RADIUS is the most secure option, but it is complicated to set up because it requires a dedicated server independent of the router. When a user logs on to a wireless network secured via RADIUS, a RADIUS client running on the router sends the user’s login ID and encrypted password to a central authentication server.

Higher-end business routers, meanwhile, deliver scalability, redundancy, and even stronger security features. Scalability defines the router’s ability to expand as your business grows.

Here are some features you should look for when considering a business class router.

  • Robust VPN: A business-class router can provide virtual private networks that can handle many more users, mainly from 5 to 100+ while offering much stronger security than consumer models do. A VPN will provide an environment in which a remote user’s experience is no different than if they were working in the office and hardwired to the network.
  • SSL portal and SSL tunnel VPNs: These types of virtual private networks rely on Secure Sockets Layer encryption, so that users can access the network using their Web browser. Through an SSL portal VPN, users access a gateway to the secure network and present their credentials. Once authenticated, they see a Web page that acts as a portal to other services on the network. An SSL tunnel operates in a similar fashion but adds active content--Java, JavaScript, ActiveX, Flash applications, and the like--that are not accessible with an SSL portal VPN.
  • Virtual networks (VLANs): VLANs can perform the same function as a guest network on a consumer-class router, but on a business-class scale. You can also set up other VLANs to segregate traffic on your network, so that sensitive data from one department stays contained within that department’s own network. An entry-level business-class router can support several virtual networks, while a high-end model can support a dozen or more.
  • IPv6 support: IPv6 is replacing IPv4 as the protocol for directing Internet traffic. IPv4 uses 32 bits to define an IP address, which limits the number of addresses that can be created--and that limit has almost been reached. Since IPv6 uses 128 bits to define an IP address, it can create a much larger pool of addresses. This support of IPv6 is a crucial requirement for a business-class router.
  • DMZ port: If you have a computer that needs direct access to the Internet such as an email or Web server, a DMZ is crucial for security. Look for a DMZ Port on the router. With this feature, you can isolate that computer from the rest of your network on a dedicated subnetwork, so that if the system becomes compromised, the intruder won’t be able to gain access to the computers on your primary network.
  • Content filtering: This is a feature that is the equivalent of the parental controls in a consumer router. You can block access to certain Internet content by using keywords or blacklists (prohibited URLs), or by allowing clients to access only permitted sites through a whitelist.
  • Wireless Distribution System (WDS): This protocol allows a wireless signal to be repeated by up to four repeaters to extend the network’s range. It’s increasingly common on consumer routers, too.

Switches

A network switch is a computer networking device that connects devices together on a computer network by using packet switching to receive, process and forward data to the destination device. Please don't confuse the functions of a switch and a hub as these are two devices that function totally different. (See the topic about HUBS located later on this page.)

Types Of Switches

There are two types of switches. These are known as Layer 2 and Layer 3 types. The primary function of these two types remain the same, however each switch type offer different features.

Layer 2 Switches

A Layer 2 switch operates at the Layer 2, (Data Link) layer of the OSI model. They are used in Enterprise and consumer grade networks. They serve as a bridge technology which is a segmentation of local area networks at the Data Link, (Layer 2) level. This works by means of learning about the Media Access Control (MAC) addresses on each of its ports and transparently passes MAC frames destined to those ports. Importantly, these bridges ensure that frames destined for MAC addresses that lie on the same port as the originating station are not forwarded to the other ports.

A Layer 2 Switch acts as an IP end nodes for Simple Network Management Protocol (SNMP) management, Telnet, and Web based management. An IP stack on the router along with User Datagram Protocol (UDP), Transmission Control Protocol (TCP), Telnet, and SNMP functions provide management functionality. A Layer 2 Switch itself have a MAC address so that they can be addressed as a Layer 2 end node while also providing transparent switch functions. Bridging technology also involves the Spanning-Tree Protocol. This is required in a multibridge network to avoid loops. Additionally, Spanning Tree Protocol, (STP) is supported on a Layer 2 Switch.

Layer 3 Switches

A Layer 3 Switch offers the same functionality as a Layer 2 Switch but it also can provide routing functionality. This routing with fast forwarding is done via hardware. IP forwarding typically involves a route lookup, decrementing the Time-To-Live (TTL) count and recalculating the checksum, and forwarding the frame with the appropriate MAC header to the correct output port. Lookups are done on the hardware side as can the decrementing of the TTL and the recalculation of the checksum. Routing protocols such as Open Shortest Path First (OSPF) or Routing Information Protocol (RIP) are used to communicate with other Layer 3 switches or routers and build their routing tables. These routing tables are looked up to determine the route for an incoming packet.

When a Layer 3 switches also perform Layer 2 switching, they learn the MAC addresses on the ports. The only configuration required is the VLAN configuration. For Layer 3 switching, the switches can be configured with the ports corresponding to each of the subnets or they can perform IP address learning.

SNMP is used for management of the Layer 3 Switch. Layer 3 switches also have MAC addresses for their ports. This setup can be one per port or all ports can use the same MAC address. The Layer 3 switches typically use this MAC address for SNMP, Telnet and Web management communication.

Hubs

Now largely obsolete, a hub, also known as an Ethernet, active or network hub is a device used for connecting multiple Ethernet devices together on a single network segment. Hubs work at the Physical layer of the OSI, (Layer 1) and send out broadcast traffic thorough all ports thus making this device less effective than a switch which decides which port traffic should be routed.

Hubs are not recommended for SMB or Enterprise networks but can mainly be seen in use by home consumers where network traffic management is not a major concern.

Firewalls

Using a predetermined set of rules, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic. This device establishes a barrier between a trusted internal network and other networks outside of the local network.

There are two types of firewalls, a hardware and a software based firewall. In either case a firewall is highly recommended to aid in the security of your network.

  • Hardware Based Firewalls

    A hardware firewall is designed to serve as a level of protection for the entire network. Using packet filtering, a hardware firewall examines the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.

    A hardware firewall will work simply by plugging it into the network and adjusting a few settings, but to ensure that your firewall is configured for optimal security and protection, a user will need to learn the specific features of their hardware firewall, how to enable them, and how to test it. It is important to read the manual and documentation that comes with your product. Only by doing so can you make sure that the firewall has been utilized for its maximum efficiency.

    Lastly, firewall testing is an important part of maintenance to ensure your system is always configured for optimal protection.

  • Software Based Firewalls

    A software firewall only will protect the computer, not the entire network. On a consumer level, a software firewall works fine and is a popular choice. The software firewall is installed on the user’s computer and the user can configure and customize the settings. A software firewall can protect the computer against outside attempts to control or gain access to it. Depending on your software firewall of choice, it can protect the user’s computer against Trojan programs and email worms. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system.

    There are many brands of software firewalls available on the market. It is advised to do a little research before purchasing your software based firewall. Because your software firewall will always be running on your computer, you should make note of the for a system resources it will require to run and any incompatibilities with your operating system. A good feature for your software firewall of choice is its ability to run in the background using only a small amount of system resources. Like hardware based firewalls, it is important to monitor your firewall logs and keep the software updated.