Architectural rule No. 1: Segregate everything


Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld, IT World and Network World Learn more.

In the face of breakneck growth, you absolutely must maintain appropriate segregation of enterprise data networks, storage networks, and more

Enterprise IT infrastructures now face such an explosion of applications, devices, and data that just running in place is hard enough. Nobody seems to have the time or resources to design new systems that actually improve operations. Nonetheless, there's one step you can take to make life easier and your infrastructure stronger as you deal with rampant growth: introduce logical separation wherever you can.

It doesn't really matter whether you're talking about segregating compute bandwidth, storage capacity, networking gear, or different types of data; the reasoning is the same. Maintaining solid performance, tight security, high efficiency, and easy manageability all require thoughtful partitioning of different types of services and data -- partitioning that's often extremely difficult or even impossible to do after the fact.

The process will vary greatly depending upon which technology you're working with. But one common thread should run through every level of your infrastructure: Keep it separated.

Segregating the network
As you read this, chances are you're sitting behind a combination of network security hardware: firewalls, IDS/IPS, content filters, and the like. If your organization operates Internet-accessible services such as Web and email servers, those systems probably also include one or more DMZs that isolate those vulnerable services from the fleshy underbelly of the internal corporate network. Almost any IT pro is familiar with this kind of security-oriented network segregation -- and anyone who operates without it does so at his or her peril.

Security isn't the only reason to shove these different types of devices into their own protected subnets. By liberally segregating these kinds of systems, servers, and desktops, you can get a much better picture of how your network resources are being used. Consequently, you'll be in a much better position to monitor, isolate, troubleshoot, and diagnose network problems when they occur.

These days, if I'm redesigning a network for a client, even a relatively small one, I'll almost always introduce a significant amount of network segregation into the design. Even if it doesn't include any actual access controls to start with, just having the ability to easily add them if the need arises is extremely useful. I've been in more than one situation where a zero day virus outbreak was contained because the network was heavily segmented -- which would've been impossible had the segmentation not already been in place.

No matter why you do it, you can virtually guarantee that your network will get bigger (even if your company doesn't), not smaller. And the bigger it is, the harder it is to implement such measures you may need down the line.

Segregating storage
It's no secret that corporate data is growing at an amazing clip. Effectively dealing with this kind of data growth requires more than huge piles of storage hardware. For example, one of the largest sources of unstructured data growth is often something as simple as poor organization. When users aren't encouraged to store data in ordered, manageable ways, it can become next to impossible to determine who owns what and whether or not it's still needed -- leading to a situation where everything that's stored must be retained (or, if you're brave, tossed). If you've been in IT for a while, you've no doubt seen at least one of these infamous "public" file shares.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies