I spent more than 8½ hours yesterday reconfiguring the Inner Drive network. I think other guys might have taken no more than an hour to do this. I do software; routers and DNS and DHCP and DSL are all hardware problems. I really don't enjoy doing hardware stuff but I'm glad I did it. Because now I know how.
The changes vastly improve our network topology, and will help when we install our new web/app server later this week. In the past, we used a Windows Server 2003 machine to bridge between our public interface and our private network. The server ran BlackIce Defender as a firewall, which means, as astute readers will notice right away, evil packets got all the way to the server before the firewall could have at them. The same server also ran our Websites, Exchange, and was the Active Directory catalog master.
Having all of these services (did I mention DNS as well?) on the public box is asking for trouble, as I found out. I guess the really interesting part is that this configuration lasted for almost three years before collapsing entirely.
Before you slap your forehead and say I'm a dumb network administrator, consider the problems running a small business. Making a $3,000 equipment investment hurts. So we have grown our network one piece at a time. Take a look at our server "closet." My wife calls our servers "Server Wonder and Paul McServer." (We call them, for the time being, "doppelkuh" and "bulle," following our now-defunct "Cow" naming scheme.) And hey, it worked for almost three years.
Having the new router got firewalling and routing off the box. Last week I removed DNS and the AD responsibilities from it. As soon as I get the new server, I'm going to make the current Exchange server a database server, and make the current database server the Exchange server. I've already brought an old machine online as a backup DNS and AD server.
The result of all this will be a much more solid, secure, and reliable network. Database access should be significantly faster, and having a new web/application server that has no other responsibilities should improve app performance as well.
We're excited about the improvements. Check back and, if our connection's up, see how we did.