Architectural rule No. 1: Segregate everything

In the face of breakneck growth, you absolutely must maintain appropriate segregation of enterprise data networks, storage networks, and more

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Enterprise IT infrastructures now face such an explosion of applications, devices, and data that just running in place is hard enough. Nobody seems to have the time or resources to design new systems that actually improve operations. Nonetheless, there's one step you can take to make life easier and your infrastructure stronger as you deal with rampant growth: introduce logical separation wherever you can.

It doesn't really matter whether you're talking about segregating compute bandwidth, storage capacity, networking gear, or different types of data; the reasoning is the same. Maintaining solid performance, tight security, high efficiency, and easy manageability all require thoughtful partitioning of different types of services and data -- partitioning that's often extremely difficult or even impossible to do after the fact.

The process will vary greatly depending upon which technology you're working with. But one common thread should run through every level of your infrastructure: Keep it separated.

Segregating the network
As you read this, chances are you're sitting behind a combination of network security hardware: firewalls, IDS/IPS, content filters, and the like. If your organization operates Internet-accessible services such as Web and email servers, those systems probably also include one or more DMZs that isolate those vulnerable services from the fleshy underbelly of the internal corporate network. Almost any IT pro is familiar with this kind of security-oriented network segregation -- and anyone who operates without it does so at his or her peril.

To continue reading this article register now