Really bad network scheme, but can't get boss to change it RRS feed

  • Question

  • I was hired to assist a small company build its IT department. However, my boss has a really bad, really bad, network scheme he wants to create. He wants a network with 3 domains, but no master domain (all three will be separate). However, all three domains will reside behind a single switch, behind a DMZ which will belong to no domain. He has planned only one ingress route, and one egress route, to/from the network as a hole. He plans to put an IPS as the external facing device, behind that a router, behind that a firewall, then behind that the core switch which will then branch out into three separate domains. the plan is for upwards of 15 or more VLANs to be divided up amongst the three domains - all connecting into the one switch. As a part of each VLAN there will be a unmanaged switch as a go between, between the core switch and the VLAN. Half of the VLAns will contain upwards of 30 hosts. Please give me some resources I can use to dissuade my boss from his current plans.
    Wednesday, July 20, 2011 12:58 AM


  • That is quite a tall order, to my knowledge there is no "make bad choices" KB articles to reference for you.  You are obviously in a tough situation, If I started with a list of A, B, C, D of what to really do, it would take more space than is in this forum.  You probably should hook up to with your local computer users group to your area.  You will need to develop a detailed plan of attack that will take some time to develop.

    Bing! - Networking 101, Implementing Microsoft AD, Networking Security, etc...

    Hopefully you can get more information to provide him a solid framework of a solution, Utimatley the real world will step in, he may blow off your input and roll forward with his plan. 

    Tough road you are on. Sounds like a bit of overkill for such a small installation.

    • Marked as answer by Kevin Remde Monday, November 14, 2011 11:37 AM
    Wednesday, July 20, 2011 2:44 AM