Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1100
Views
0
Helpful
5
Replies

Network Design Campus + Data Center for Hospital

thenetadmin
Level 1
Level 1

‎09-26-2023 03:18 PM - edited ‎09-26-2023 03:22 PM

We are designing a network for a public healthcare customer that needs to support about 3,000+ users. It's a big building with 13 floors.

To keep it simple we proposed C9500 on the distro/core (collapsed core) and C9400 on the access layer. Keeping all L3 on the collapsed core and trunk L2 to IDFs 9400 access switches.We intend to adopt a three-tier architecture for the Datacenter, with all the SVIs for servers terminating at the Data Center Firewalls.

Purpose of Data Center Firewalls: Protecting servers from user. Isolating east-west traffic between servers. Discovering and preventing malware. Achieving compliant with regulatory requirement

Please check the initial design attached.

Would genuinely appreciate any insights, feedback, or suggestions to enhance the design.

Preview file
97 KB
0 Helpful
5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-26-2023 04:36 PM

@thenetadmin wrote:
We are designing a network for a public healthcare customer that needs to support about 3,000+ users. It's a big building with 13 floors.

It is also a very expensive exercise and should not be treated like a joke.  

Get a reputable systems integrator because they will know all the regulatory compliances and design a network appropriately. 

0 Helpful

thenetadmin
Level 1
Level 1
In response to Leo Laohoo

‎09-27-2023 03:27 AM

@Leo Laohoo 

The proposed design has been drafted by the system integrator.

I would like to also have a brainstorming discussion to ensure we're on the right path, as sometimes vendors might propose solutions that are excessively complex and overkill. It would be beneficial if our Cisco expert community could lend their insights on this matter.

0 Helpful

Rob Ingram
VIP
VIP
In response to thenetadmin

‎09-27-2023 03:43 AM

@thenetadmin in your diagram you look like you have single points of failures for the Internet Firewalls, ISE and the WLCs? Ideally should be dual-homed to different switches.

Are the DC firewalls scaled accordingly to cope with isolating east-west traffic between servers?

0 Helpful

thenetadmin
Level 1
Level 1
In response to Rob Ingram

‎09-27-2023 12:10 PM

Hello @Rob Ingram 

Apologies for the oversight, but while it might not be clearly depicted in the diagram, our Internet Firewalls are set up in an HA pair with dual-homed internet connections.

Additionally, both ISE and WLCs are in high availability and are connected to separate switches.

Our VAR has made sure to appropriately size the DC firewalls.

I have another question, do the DC firewalls positioned correctly in the network layout?

On another note: LAN cores will be set up using StackWise, and the Access Layer is connected to the Core via Etherchannels. The SVIs for user VLANs terminate on the LAN cores. Should we still consider revising the topology to L3 to avoid any STP potential issues?

0 Helpful

clovisug
Level 1
Level 1
In response to thenetadmin

‎10-31-2024 09:55 AM

how are you controlling LAN traffic to internet via perimeter firewall, and why dont you have your SVIs on the data center firewall as well

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card