I need some suggestions to improve the network. Current infrastructure of the network along with the diagram is listed on the URL given below. Please visit this URL and reply me. http://faisalwaqar.freewebspace.com/

I like the setup. The idea of a single class C subnet is the way I like to do things. The only thing you can add is a BDC (backup domain controller}.

Oops....BDC is NT 4.0 (and earlier) nomenclature. What guapo means is you should add a second (redundant) DC. Other than that....things look pretty good. How are you planning on connecting the switches? I would go with a star topology myself. But without dual redundant core switches, you're going to have a single point of failure where they all connect...so if you go that route, keep a spare switch handy just in case the switch all other switches connect to fails.

i dont need a BDC coz i took weekly backup of my DC and also the data on the servers. What is "dual redundant core switch" please explain. Actually i want to place a router in this network and to create some sort of DMZ env for securing my servers from external as well as internal attacks and i think, by placing a router, i can apply policies and can manage the traffic in more efficient way. For VLANs, i'd have to replace my switches to managed switches which i cannot afford. I can just afford a router so please round up ur kind suggestions to a router based network. How about subnetting?

i dont need a BDC coz i took weekly backup of my DC and also the data on the servers. Well it's good you don't need one since there's no such thing in an Active Directory environment. Again, PDC/BDC is NT 4.0 and earlier nomenclature. If you don't know the proper words, chances are you're in over your head as it is! A redundant DC is an excellent idea. Let me tell you why. Once it's properly configured, should your first DC ever fail (and trust me, hardware DOES indeed fail) the second (redundant) DC will takeover without any downtime to your domain itself. User's will still be able to authenticate to the domain and access most, if not all, other resources contained on that DC. This is important in a industry where time is money. If you have a single DC and it fails, you're completely pooched until you've repaired it and brought it back up online. If it's a hard drive gone bad, your downtime is compounded by the amount of time it takes to fix the box, restore the backup and come back online....and and that's providing your backups are good (God help you if they're not). Backups are essential no matter what. But I wonder, have you tested yours? If not, they could be completely useless. So never rely on untested backups....make sure and test yours to ensure you can restore them and the data has kept it's integrity. What is "dual redundant core switch" please explain. google is your friend. Try using it. I'm sure you know what dual means. Now look up "redundant" and "core switch". Actually i want to place a router in this network and to create some sort of DMZ env for securing my servers from external as well as internal attacks A router is a great idea and should be between your external connection and your internal LAN. If you get a router that allows you to create a DMZ, so much the better for you. If you look at some of the SOHO routers available, you'll see many of them have DMZ capability. and i think, by placing a router, i can apply policies and can manage the traffic in more efficient way. In a small network like the one you've shown in your diagram a router will not be able to do much toward imrpoving traffic efficiency. You just won't have enough to cause any real bottlenecks so I wouldn't worry about that. For VLANs, i'd have to replace my switches to managed switches which i cannot afford. Just reread my previous post. I didn't mention VLAN tagging in it so I'm not sure where you came up with the above statement. Regardless, in a single subnet environment VLAN tagging is about as useful as shoes for a snake. I can just afford a router so please round up ur kind suggestions to a router based network. How about subnetting? Again, check into different SOHO routers. You'll find most are capable of delivering all that you need. As for subnetting, that depends on your needs and number of client connections. I suggest in your case, subnetting isn't really required.

Bad disign all together, what would happen, if someone from the Internet hacked into your Proxy server? what then, your whole network is now exposed, BAD IDEA, BAD design.. I would put the proxY server on a different subnet using a Inside - OutSide.. you should NEVER connect your firwall, unless at home, to your Production servers SUBNET PERIOD.

I have to agree with JackR. 1. MS recommends TWO Dcs minimum. Your backing it up doesn't do squat if your only server goes down hard. Do the math concerning downtime costs and what it costs to buy an additional server. You will find the server to be cheap in comparison. 2. Unmanaged switches - bad idea. Without them you have no ability to see inside the switch/traffic for troubleshooting. No vlans which you could use in the future. 3. Excellent suggestion concerning a core switch. Even if you only got a core managed switch and left the others unmanaged you would be way ahead of the game. "Regardless, in a single subnet environment VLAN tagging is about as useful as shoes for a snake" I run multiple vlans in a class c network for security reasons. In my case its used to provide internet to the desktop for some users while not providing it to others. Best regards. Example of Oxymoron: Person who is pro life and anti sex education. Education is key to prevention. Prevent conception you prevent abortion. Abstinence training clearly isn't working.