Free Trial
Products Products
MSP360 Backup Backup and Recovery
MSP360 Backup Backup and Recovery
Overview
back up DATA FROM
Windows VMware/Hyper-V MacOS Microsoft 365 Linux Google Workspace
BACK UP DATA TO
AWS Google Wasabi Azure B2 Local
MSP360 RMM IT Management MSP360 Connect included
MSP360 RMM IT Management
Overview
MONITOR AND MANAGE
Windows macOS Linux
Prevent cyber threats
Endpoint threat prevention and protection (powered by Deep Instinct)
MSP360 Connect Remote Access
MSP360 Connect Remote Access
Overview
Connect FROM
Windows Android MacOS iOS
Connect TO
Windows MacOS
Pricing
Pricing Pricing
MSPs Internal IT
Solutions Solutions
Business type
Industries
MSP IT Departments Small Busness
Healthcare Education
Business type
MSP IT Departments Small Busness
INDUSTRIES
Healthcare Education
use cases
ENDPOINT PROTECTION
Ransomware Protection Endpoint Threatbr
Prevention and Protection
powered by Deep Instinct
Remote Access
Web-Based Remote Access Remote Support Remote Access Remote Work Remote Collaboration
IT Management
Patch Management Monitoring and Alerting Remote Device Management SNMP Monitoring
Backup and Recovery
Server Backup Backup for Windows Backup to AWS Desktop Backup Backup for MacOS Backup to Wasabi File Backup Backup for Linux Backup to B2 Image-Based Backup Backup for VMware/Hyper-V Backup to Azure SQL Server Backup Backup for Google Workspace (GSuite) Backup to Google Cloud Synology NAS Backup Backup for Microsoft 365 (O365) Back Up Locally Recovery
Not sure if MSP360 is for you?
Request a Call
Resources Resources
MSP University Blog Whitepapers and Assets Videos Webinars Events Customer Stories Forum
Support Support
US-Based Support My Cases Open a Case Knowledge Base Online Help
Partners Partners
technology partners
AWS Wasabi Backblaze Google Cloud Microsoft Azure Deep Instinct
Partners
Resellers Distributors Become a Partner
ALLIANCE PARTNERS
Leet Cyber Security
Company Company
About Legal Information Events Careers Leadership Team Contact Us Trust Center
Other Guides

MSP Business

HIDE BAR SHOW BAR
LESSON 1
Guide to Network Design
LESSON 2
Network Security Best Practices
LESSON 3
Sysadmin's Guide to Network Services
LESSON 4
Guide to Subnets and IP Addressing
LESSON 5
Sysadmin's Guide to Network Mapping
LESSON 6
Local, Cloud and Hybrid Network: Which One Should You Opt to?
LESSON 7
Guide to Network Hardware Selection
ON-DEMAND CONTENT
Downloadable Assets

Guide to Network Design

If one part of the corporate network isn't fully functional, a bottleneck will be created and the entire network will be negatively affected. This article provides an overview of how to design an efficient and effective network. This network design guide offers tips on network hardware selection, setup, security and more.

Hardware

A network, in its most basic form, is hardware connected by wires. This hardware can include PCs, servers, routers, and switches. Most of the wires on a modern network are Ethernet cables. Other types, such a coaxial and fiber, can be found as well.

When designing a network, the biggest considerations to weigh in regards to hardware are your routers and switches.

Routers

Routers are available in various classes, from a small home router to an enterprise-class solution. The size and needs of your business should help you decide which router you need. Many router providers offer an informational breakdown to help you choose the right one.

There are several common specifications for routers, including:

  • Wireless capability. Does the router need to have wireless functionality built-in? Or will separate access points or another solution be used instead?
  • VPN configuration. Will VPN capability be needed? If so, which VPN protocols and security settings will it need to support?
  • VLAN setups. Is a router that supports VLANs required? What configuration options are needed?
  • Security options. What security features does the router need to offer? Is a simple firewall acceptable, or do you require something that is highly configurable? Are additional security options available?

Once there is an understanding of the class and specifications that you are looking for, you can evaluate pricing and decide on a manufacturer. At this point, the options should have been narrowed down quite a bit.

Switches

The considerations for switches are similar to those for routers. First, define the class of the switch. Simple home office switches aren't very expensive. Enterprise-class switches are highly configurable and come at a much higher price.

Configuration options to consider include:

  • Manage or unmanaged? Switches that offer port-management features come at a higher cost than ones that don’t. While the added features of a managed switch are convenient, it may not be worth paying the higher price if your business doesn’t need the feature.
  • Speed capabilities. The slowest models on the market typically start at 100 Mbps, and the fastest go up to 10 Gbps. It’s hard to find a reason to purchase a switch that supports fewer than a 1 Gbps connection. Many businesses don’t need to pay the price for a 10 Gbps switch, but planning for future speeds is a good excuse.
  • VLAN configurations. Configuring VLANs on your network is a powerful tool, but it's not always necessary and can over-complicate things if you use them without really needing them.
  • The number of ports. Switches can come with several different available port configurations, starting at around 5, and up to around 48 ports in most cases. It’s generally a good idea to plan on having more ports than your network needs. This way, you are ready for future system upgrades.

Further reading Guide to Network Hardware Selection

Whitepaper icon

New call-to-action
Guide to Network Racks and Termination Points

Get tips for keeping your networks clean and well-organized, including:

  • Effective labeling practices
  • Tips on standard network sizing
  • Network cooling and heating, and more.

IP Addressing

Subnet Selection

Choosing an ideal subnet for a business may seem very simple, but your subnetting choices can make a big difference when everything is set up. Administrators must have an understanding of classified private IP address subnets, as well as how many devices will fit within your assigned subnet and how to assign subnets to different networks.

Here’s a breakdown of each of these items -

  • Classified IP address subnets. There are three “super subnets” that fit within the list of classified local subnets. Any local networks created should fall within these super subnets. These networks include:
    • Class A: 10.0.0.0/8
    • Class B: 172.16.0.0/12
    • Class C: 192.168.0.0/16
  • Amount of allowed hosts. You should keep in mind, both the number of hosts that lie on their network and the possible number of future hosts. The subnet chosen should be able to handle all of the hosts on the network, and then some more on top of it for future upgrades.
  • Multi-network subnet selection. Administrators that are planning on designing several different networks that will communicate with each other should verify that each network is distinct and doesn’t intersect. On top of that, many administrators prefer a logical, sequential pattern to their subnets for clarity.

Further reading Guide to Network Address Translation

  New call-to-action

VLANs

VLANs, as discussed earlier, should only be used if needed. If they are deemed necessary, a few decisions need to be made. These decisions include:

  • IP schemes. We discussed the topic of IP schemes above, but its importance cannot be understated. Administrators should choose logical IP schemes for separate VLANs. For simplicity, a sequence is also a good idea.
  • VLAN IDs. Each VLAN should have its numeric VLAN identifier or VLAN ID. As with IP addresses schemes, these identifiers should be logically sequenced.
  • Tagged or untagged. A tagged VLAN is one in which informational packet headers include the VLAN tag number. The necessity of this will depend on the situation.

Network VLANs are a very complicated, complex topic that cannot be explained fully in just a few paragraphs. The best rule of thumb, again, is to not use them at all unless you know you are in a situation where they are needed.

Further reading Guide to Subnets and IP Addressing

Network Services

DHCP

DHCP, or dynamic host configuration protocol, is now a standard on most network setups. When configuring a DHCP server, there are several considerations for administrators to evaluate:

  • Size of scope. Administrators should make sure that the DHCP scope will allow for all of these devices to be assigned leases at the same time, with some room for growth as well.
  • IP address pool. A logical process must be used to identify which IP addresses should fall within the DHCP pool. These addresses should be in one sequential order. Additionally, precautions must be taken to verify that any statically assigned or reserved addresses do not fall within this list.
  • Static reservations. Some network devices should be assigned IP addresses that never change. This is done via DHCP with static reservations. Determine which devices need reservations and leave aside a block of addresses for this purpose.

DNS

Some networks host their DNS (short for Domain Name System) servers. In many other situations, networks use public DNS servers. If the latter is chosen, it's a good idea to use DNS servers that you can trust. Here are a few to consider:

  • Google. 8.8.8.8, 8.8.4.4, and 4.4.4.4.
  • OpenDNS. 208.67.222.222 and 208.67.220.220.
  • Level 3. 4.2.2.1 through 4.2.2.6.

Further reading Sysadmin's Guide to Network Services

Security Considerations

You should design your network not just to be functional, but also secure. Here are a few best practices for network security to consider during the design phase:

  • Only allow devices with proper security software. Many routers can be configured to allow outbound access only to PCs running network-mandated security software. This is a good practice as it allows to prevent malicious software infiltrating the network.
  • Forbid untrusted DNS servers. Only allow devices using DNS servers that are whitelisted to access the Internet from your network.
  • Separate business networks from public networks. Guests or other personal machines should be forced to use a separate network from business devices. This can be done using router configurations or VLANs.
  • Disable unused network ports. On managed switches, ports that are not being used should be disabled. This way, unauthorized users are unable to access your network by plugging their devices into an open port.

Further reading Network Security Best Practices

Conclusion

A logically, intelligently designed network helps businesses communicate and operate with minimal interruption. To enjoy the benefits of a logical and intelligent network, you need to build these elements into the design stage.

Not only should the proper hardware for the network be purchased, but it should also be configured in a way that best fits the network. An appropriate IP address scheme should be selected, with considerations made for additional networks and VLANs. Network services, such as DHCP and DNS, should be configured to best fit your specific network. Security considerations should be addressed for all areas of your network as well.

Your network, like any other community of hosts, works best when it is designed intelligently.

FREE EBOOK
Network Admin Handbook

This eBook provides an overview of how to design an efficient and effective network:

  • How to choose routers and switches
  • Overview of DCHP and DNS
  • Guide to subnets and IP addresses, and more
New call-to-action
Whitepaper icon