Results 1 to 9 of 9
  1. #1

    * Network Topology/Design Questions

    Good Day. I would like to ask a few loaded questions.

    I have been tasked to assist in setting up/upgrading the infrastructure for a small ISP/Hosting Company. (About 200 Clients)

    I want to keep the good things we have, upgrade the things I can, install new things as needed and dump the rest.

    Good Things (IMHO)
    Vyatta Firewall
    Microsoft VM on blade chassis
    1-GB Fiber connection w/BGP
    /21 IP's through ARIN
    Clean Server Room with Power Backup and Rack Installed EQ

    Bad Things (IMHO)
    Most sites hosted on IIS
    Fragile BIND DNS Environment
    Microsoft VM on blade chassis
    No Control Panel (Everything is manual)
    Antiquated Billing System
    Awful Windows Based Email System
    VERY limited offerings.

    Basically I want to know if there are any Best practices when it comes to laying everything down. (Hardware/Infrastructure/Topology/Network Design)

    Where Should WEB servers live (NAT? or Static)

    Where should my SQL Servers Live? (same as IIS Servers? NAT, STATIC, DMZ or something else?)

    I think we will be using cPanel (Where should that live/be installed?)

    Can i run Windows IIS Servers along side Apache servers and still "Automate and control" things with cpanel?

    I think I want to use PowerDNS (Should I? BIND is not my friend.)

    Have I left anything out I should be considering?

    Sorry if this is all too much or too little information, i am kind of new at this sort of thing and want to have a firm foundation on which to build.

    I also know that there are a lot of different ways of doing things, I just want to setup things as securely and solid as possible.

    Any information would be greatly appreciated.

    Thanks!

    -clanhenry

  2. #2
    Join Date
    Oct 2007
    Location
    Milwaukee, WI
    Posts
    142
    You mention cPanel, Windows VM and Windows Based Email system. cPanel only runs on linux. If you are running Windows you should consider Plesk for a control panel. If you need an email server for Windows you should look at SmarterMail. If you need a billing system you should look at WHMCS.

    What is your budget?

    You might want to consider renting a few windows and linux dedicated servers to run everything before you try to build your own server room and worry about power backup along with a /21 and Internet service.
    Adam Hobach - CyberLynk Network, Inc. ahobach @ cyberlynk.net
    CyberLynk.net - Colocation, Managed/Dedicated Servers, VPS's, Windows/Linux Hosting, Spam/Virus Filtering, VOIP, Offsite Backup
    CyberLynkAcquisitions.com - Are you looking to sell your hosting business? Contact me today!

  3. #3
    Join Date
    Dec 2012
    Location
    New York
    Posts
    382
    Even I would suggest you the same. I think first you decide that whether you want windows or linux? After that I feel why not rent it. Your lot of efforts and money would be saved. I am just suggesting, there are many good hosting companies who have already created the entire setup, why not use that? I hope you rethink about it. Good day.
    Hostpaedia - Affordable, Reliable & Secure Web Hosting
    Web Hosting : Host Unlimited Websites, cPanel, Softaculous, Servers in USA and Germany
    Reseller Hosting : cPanel, Softaculous
    VPS Hosting : KVM VPS powered by Virtualizor

  4. #4
    Thanks for the info in Plesk. We already own the hardware and have the equipment racked and ready to go. Everything is running "the way that it is". I am wanting to change things up a little bit and was concerned about what pieces should be where in my deployment.

    I was really looking for a best practices for where everything should live for the best security. (DMZ, NAT'ed IP's or STATIC).

    90% of the sites we currently serve up would work great on a Linux environment and i feel that they would be best served there. The other 10% at least at this time, require IIS.

    -clanhenry

  5. #5
    No Takers on this one eh? Can i provide any additional info?



    -clanhenry

  6. #6
    Join Date
    Oct 2007
    Location
    Milwaukee, WI
    Posts
    142
    As for best practices, every company has developed their own and I doubt any will publish their 'secrets' along with networking topologies. If you environment is working and you have secured all the necessary ports required for each server then start selling. You will quickly find out where your network bottle necks are or if you missed a security concern.
    Adam Hobach - CyberLynk Network, Inc. ahobach @ cyberlynk.net
    CyberLynk.net - Colocation, Managed/Dedicated Servers, VPS's, Windows/Linux Hosting, Spam/Virus Filtering, VOIP, Offsite Backup
    CyberLynkAcquisitions.com - Are you looking to sell your hosting business? Contact me today!

  7. #7
    Join Date
    Dec 2011
    Location
    Tulsa, OK
    Posts
    353
    If you search a bit on the Internet there are a few whitepapers that discuss things.

    Networks:

    Research RFC 2827, BCP 38. Make sure your BGP session is secure. Turn off services not needed on your routers/switches if you can. Look into iACLs.

    How you design your network is up to you. You can have your web servers and etc in DMZ. Since you have directly allocated space IPs should not be an issue for a while. So, you could do one to one NAT or simply use a transparent firewall and assign your servers public IPs so you don't have to account for multiple IPs for internal and external. We have a mixture of both 1-to-1 NAT and transparent with additional IDS/IPS devices around.

    Are you planning for IPv6?

    Hosting / Servers:

    Since you are running Windows you could look at Plesk, WebSitePanel and zPanel. We have tested WebsitePanel and works great no issues. Figure out if you want to keep Windows hosting and to be quite clear if you are hosting services on windows you should have Microsoft SPLA agreement the way I understand it. Since you are running IIS make sure you research Microsoft's best practices for security on that and search a bit.

    We run Linux and use DirectAdmin / Plesk.

    You definitely want to not have all your eggs in one basket. But keep everything as redundant as you can.

    Billing:

    There are a couple options WHMCS, HostBill, Blesta, Ubersmith. Just to name a few.

    For these you can separate the database from the web server and have separate servers. You could also add an additional firewall device (hardware) in front of your billing system for an added protection. The key to anything is not running services you don't need.
    OCOSA Communications | Since 2003
    http://www.ocosa.com
    Hosting, Connectivity, Professional Services

  8. #8
    Thank you very much for the detailed explanation and things to look through. This is exactly what i am looking for.

    -clanhenry

  9. #9
    Join Date
    Dec 2011
    Location
    Tulsa, OK
    Posts
    353
    Quote Originally Posted by clanhenry View Post
    Thank you very much for the detailed explanation and things to look through. This is exactly what i am looking for.

    -clanhenry
    You are welcome!
    OCOSA Communications | Since 2003
    http://www.ocosa.com
    Hosting, Connectivity, Professional Services

Similar Threads

  1. Scalable Topology
    By mikeanthonywild in forum Hosting Security and Technology
    Replies: 0
    Last Post: 11-07-2011, 04:55 PM
  2. WebHosting network Topology
    By dotme in forum Running a Web Hosting Business
    Replies: 1
    Last Post: 12-31-2010, 08:30 AM
  3. Bridging to server (Network Topology)
    By redsolution in forum Computers and Peripherals
    Replies: 1
    Last Post: 10-06-2010, 07:20 PM
  4. Hosting Company Network Diagram & Topology W/ DMZ and Control Panel
    By AWD_ENVY in forum Running a Web Hosting Business
    Replies: 1
    Last Post: 10-28-2004, 09:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •