4: IP addressing deserves attention
Just as a network's topology deserves attention and
planning, so too does a network's IP addressing scheme. The popularity of
universal threat management (UTM) appliances and proprietary router and
firewall operating systems, such as those found in Cisco, SonicWALL,
and other companies' devices, often introduces a variety of operating subnets.
As a result, troubleshooting connection failures, performance issues, and other problems is made exponentially more difficult. Instead of maintaining three different subnets, or worse, encountering multiple DHCP devices serving up the same IP addresses within the same ranges (don't laugh, it happens), always plot network topologies and the corresponding IP subnets on paper. A world of mistakes (and hurt) can be easily avoided, as discrepancies are easily spotted when a network is properly documented on paper or within Visio.
Multiple subnets aren't always bad, of course. Occasionally, a small business may require two subnets. When security is of particular concern, maintaining sensitive data on a secondary subnet available only to limited personnel (and typically removed from wireless connectivity) may prove best. Such secondary subnets also prove helpful when you want to limit VPN or remote traffic to specific network segments.
5: You should choose internal domain names carefully
The Microsoft community recommends rolling out servers using
the .local domain. The problem is that Macintosh systems encounter trouble
resolving addresses with Active Directory when the .local domain is used
because Apple's own Rendezvous technology was designed to use the .local
namespace.
If an organisation doesn't need to include Macs on its network and never will, the problem isn't likely to be an issue. But if Macs are added in the future, selecting a different namespace will help avoid having to make other changes to enable the Apple systems to properly resolve DNS requests.
That said, you should also guard against using publicly routed domain names as an internal domain namespace. Several years ago, I made that mistake on a test system, and multiple issues arose due to trouble resolving DNS requests. User logons sometimes took 12 to 15 minutes to complete. Design networks to use top-level domains that aren't publicly routed on the Internet.
Many administrators prefer the .local or .lan top-level domains. For testing purposes, the .test domain works well. The .example domain, meanwhile, is a safe, if unsavoury, bet.
6: Data requires segregation
When designing a small business network, plan on separating
the network's data to maximise data protection, backups, and recovery.
How? Follow the best practice of installing an operating system's files on a different partition (and preferably a different hard disk) than that housing user and application data. Better yet, ensure a Windows server's Exchange database is parked on its own partition or disk, too.
Ultimately, that's a lot of partitions and disks. Most small businesses are unlikely to maintain the three (or six, if disk mirroring is implemented) hard disks such planning requires, but at least give it some thought. Organisations unable to maintain (due to cost restrictions) separate hard disks for an operating system's files, user data, and the Exchange database should place that much more emphasis on making sure that backup operations properly complete on a regular basis.
7: Wireless technologies are problematic
Although they're full of promise, wireless networks frequently
prove frustrating, introducing problems like security vulnerabilities and flaky
network connections. From relatively weak WPA keys to easily defeated MAC
filtering, wireless security (or the lack thereof) is infamous. Tack on reduced
throughput, the need to position antenna and access points carefully, and the
potential for introducing yet another routing device serving potentially
conflicting IP addresses, and you may be prompted to rethink whether wireless
access is really required on a network.
Certainly, occasions will arrive in which an organisation's users require the mobility wireless networking provides. Or a business may occupy a facility in which running required Ethernet cables simply isn't viable. When designing or planning such networks, be sure to seek routing equipment that also includes wireless service. By combining routing/firewall/VPN features and wireless connectivity in a single device, some of the routing issues that arise when adding multiple devices to a network can be eliminated (although you're still stuck with many of wireless' security headaches).
8: License planning is critical
Planning peer-to-peer workgroup licensing requirements is
simple. Purchase as many systems running Windows XP Professional as you require
and roll them out.
Planning Small Business Server licensing requirements is another matter. Windows SBS ships with just five client access licenses (CALs). Unlike other Windows server platforms, the user CALs associated with Windows Small Business Server cover all SBS' technologies, including Exchange and SQL.
Although that's relatively simple, there's still some confusion regarding the two types of SBS CALs available: User CALs and Device CALs. Choose User CALs if you wish to tie licensing to individual users; select device CALs if you wish to tie Microsoft licensing to servers and PCs (such as when you have multiple shifts of call centre or customer service personnel using the same PCs throughout a typical day).
SBS ships with five user CALs and you can buy additional CALs in sets of fives and tens. But once you hit 75 users, you're done. If you anticipate exceeding 75 users anytime in the foreseeable future, you should begin making plans to migrate to a standard version of the full-blown Windows server platform instead.
9: Terminal Services changed in SBS 2003
Terminal Services licensing changed with the introduction of
SBS 2003. Small Business Server 2000 supported Terminal Services running in
Application Mode, but SBS 2003 does not. What's that mean?
If users must access network applications powered by the server, organisations should design their small business network to use Windows Server 2003 instead. Only users possessing administrator rights can log on remotely to a Windows SBS 2003 desktop and even then, SBS 2003 supports a limit of two such concurrent sessions.
Microsoft claims Terminal Services in Application Mode was disabled in SBS 2003 as a security precaution. As mentioned previously, however, the feature is still available in Windows Server 2003.
Ultimately, your best bet when designing a small business network is to limit as many remote connections as possible. But should your organisation require such connectivity, be aware that SBS 2003 may not meet your requirements.
10: Review features-versus-needs before purchase and deployment
This most important step is often forgotten. Planning
discussions almost always begin with an energetic needs assessment. But
technology professionals servicing smaller organisations often leave such planning
meetings to begin ordering equipment and coordinating a resulting migration or
rollout.
Once discussions of IP addressing schemes, Active Directory configuration, Exchange administration, performance reporting, and the like begin, it's easy for technology professionals to lose focus and forget business requirements.
For example, business owners may be focused on adding the ability for travelling employees to securely access sensitive resources while on the road via VPN. Or they may be eagerly awaiting the opportunity to integrate user administration, file and print sharing, e-mail, and Web hosting on a single system in-house.
If the technology professional doesn't design the small business network to power the services the business demands, the table is set for disappointment. It's easy to forget to design the network to support secure VPN connections or to specify the proper IP address necessary for Exchange e-mail and Web hosting once you become wrapped up in the many other details that inevitably accompany such a project.
When designing a small business network, between discussing the organisation's needs and announcing the resulting solution, technology professionals would be wise to schedule an extra meeting. The purpose? To ensure the proposed solution and new network design not only possess the capacity and features required to meet the organisation's business requirements, but to confirm that the new network will be implemented in a manner that maximises its capabilities and enables users to meet the organisation's business requirements.
This article is also available as a PDF download.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
10%
8%
