The past 30 years have seen remarkable growth in the size and reach of computer networks in the workplace; and more recently in the home. Technical innovation has driven this growth: improved standards have allowed faster speeds to pass along both copper and fibre cables, wireless networks have become ubiquitous, new devices with their own embedded network capabilities (the internet of things, IOT).
In tandem with this technical innovation, the demand for network capacity has increased as ever more data is created – content is richer (much of it to be consumed in real time), software applications can now generate enormous data flows, massive database store more and more relating to every aspect of our businesses and our lives.
All this data needs to be moved around the organisation, reliably and effortlessly in a way that maintains its integrity while keeping it safe and secure.
There is nothing to indicate that this trend of growing data ‘throughput’ will abate; if anything, it seems more likely to accelerate further as demand for new and faster services grows and we enter the era of the IOT (Internet of Things).
It’s therefore quite important to get the design of your computer network right if these important benefits are to be realised, and reliability assured.
This article provides some general advice on planning a network.
Designing for Growth
The demands on a network will inevitably increase over time, so it is important to plan for how the network will grow both in terms of the number of devices and the demands that each will make. It would be reasonable to design your network to last for at least five years ahead.
If even more importance is the structured cabling upon which your network will run. Although the choice of network equipment (switches, routers and wireless access points etc) has a major impact on the maximum throughput of your network, adding extra capacity here is much easier than changes to the physical network layer. The physical cabling, which is much more difficult to upgrade or replace, should be designed to for at least 10-15 years ahead, acting as the plumbing for the next two to three generations of network equipment. Measures such as redundant fibre backbone links, spare network outlets, cabling for future WAP installation, leading edge technology cables, all cost relatively little upfront but will quickly pay for themselves if needed down the line.
Most modern networks carry a range of network traffic. As this will be mainly IP based, each device will be broadcasting on that network – and as the network grows with more devices added a significant amount of resources would be spent listening to the broadcast traffic.
Just as a crowded room with many conversations makes it harder to hear and be heard, so with a network. Each device would be interrupted – albeit momentarily – by conversations it needs no part of. The solution is to segment with VLANs (Virtual LANs)- making one type of network traffic visible only to devices on the same VLAN.
Network security is a broad topic, but there are a few basic considerations at the design stage that can make a difference.
A Firewall device
One that is sized correctly for the network is an essential element of any network design. As well as defending against attacks from outside (Denial of Service) a firewall can provide Antivirus protection – stopping malicious infections from being carried within email attachments – and detecting the presence of malware installed on site.
Prices vary enormously, largely depending on the anticipated level of traffic and the degree of protection required; thorough the vetting of traffic the more power will be needed.
The physical security of network equipment is easy to overlook yet it is a vital first step. The room housing the core equipment, firewall and patch panels should be secured with a swipe card or similar, cabinets should be lockable and of good quality.
Physical security is important also at the network edge; for example, riser cabinets used to house edge switches should be secured, again with a quality lockable cabinet.
Wireless networks present their own unique security challenges; most modern commercial wireless access points are very secure, however are intrinsically more vulnerable to attack. A wireless network that are open to the public, or to visitors, should be segregated in its own ‘DMZ’.
An unreliable network will disrupt a wide variety of services; therefore, its design should try to minimise as many potential failures as possible by: