Complex Infrastructure Design Challenges

Hi
I need some advice on a infrastructure design. I am hoping someone can help or point me in the right direction.
Requirements are as follows
- Sharepoint 2013 3-Tier Design
-> Front-End Cluster
-> App Tier
-> SQL Cluster
Aside from the requirements from a server perspective which provides it's own challenges there needs to be Single-Sign On, however multi-domain support will be challenging since there will be two AD Forests with no trust relationship being allowed.
I have the following challenges:
- One of the two domains there will be full control on the service accounts and the management environment, but using the servers on that domain as the initial domain will be very limiting in it's own sense. The other domain there will be limited or no control
- Single sign on nightmare is that these two domains have no trust relationship and never will. How could I manage that with the above point also holding true. I saw an article on ADFS that will be able to provide the transparent authentication level but
what would be required from access perspective to have ADFS tied in with the domain which there will be no control over
- The servers is currently joined on the domain with the limited control the possibility to intall cluster services, sql services and sharepoint services is a bit limited. This can be switched to the domain with the complete control but the Single sign on
nightmare will be the ultimate deciding factor
Help, advice or any resource documents with examples of such scenario's would be helpful
Can someone point me in the direction I need to be. I am happy to read up on any knowledge articles if there are any

Starting with ADFS, you will want to establish ADFS Federation. This means that the domain you have no control over also has an ADFS server. The only requirements for that implementation is opening TCP/443 to the ADFS server (or ADFS proxy) and it must be
a member of the domain (an ADFS proxy does not).
Alternatively, you could provide Active Directory accounts to all of the users for the other domain in the domain you do have control over, but this likely isn't desirable.
As for the servers, you won't be able to just disjoin them and join another domain. Instead, you're going to have to build a brand new implementation and copy content over (e.g. copy the databases from the first implementation to the second).
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Similar Messages

New Network Infrastructure Design and Architecture Community

All,
I'm pleased to announce our new Network Infrastructure Design and Architecture Community. In this community we encourage everyone to share their knowledge and start conversations on design and overall network topology. All topics are welcome, including requirements and constraints of the network, tools and techniques, issues of hierarchy, leading practices, services, build strategies, architectures and solutions to solve business problems.
Who will be the first to make it on that leaderboard?
Cheers,
Dan

Mike,
Thanks for the kind words about the community. It's always nice to hear the things we do make a difference.
Launching a scripting community has come up a few times in the past and I'm open to it. Anyone else have thoughts on this?
On a separate note, you'll be thrilled to hear what one of our CSC booth give-aways will be at Cisco Live San Diego next week. Your best friend the cross-over-cable    For those of you out there attending the event be sure and stop by the CSC booth.
Cheers,
Dan

Infrastructure Design

Hi All,
I'm looking for a bit of advice around SQL Server infrastructure design. Currently we have around 35 instances of SQL Server installed in our organisation all on separate servers. Most instances have only a couple of database running on them although
there are a few which have more. When implementing new applications we are often told by vendors that they require a dedicated SQL Server for their applications to perform well. Going forward I'd like to implement a good quality robust infrastructure
for our SQL Servers that would see a reduction in the number of servers and more database per instance. Any advice on this and what other are doing within their organisations would be appreciated.
Cammie

Hi Cammie,
Yes I hear this all the time from vendors. We're using larger VMs with lets say 128gb of ram assigned with 16 processors and just using multiple SQL instances per VM. You just have to make sure you tune the instances correctly for proper sizing
on the CPU and memory side. The only problem you will really run into is if your dealing with a vendor that hasn't put much thought into their product line and can only operate out of the default SQL instance and over the default SQL port. Most
vendors take a different design approach and can deal with sqlservername\instance type installs and non standard ports.

Urgent Design Challenge

I would appreciate your feedback for this design challenge.
I have two tables: GROUP_TAB and ATTENDANCE_TAB. A GROUP_TAB has many ATTENDANCE_TAB records.
GROUP_TAB is the parent table, it consists of mbr_Key, mbr_name, and group_leader and the ATTENDANCE_TAB as the child table, consists of att_key, mbr_key,att_date, and attended(value are: Yes/No).
GROUP_TAB is populated once a year for each group. Each group has a leader. In designing the page for weekly meeting attendance for each group, I want to create a page that would display names of each member per group on the left side column of the page and display value for att_date and attended with a radiogroup for yes or No. on the right side. I want to also list these items by group. Every meeting date will have a new page all that the user will need to do is check Yes or No for each member on the Attended field. I have created a PL/SQL proc. to be executed by a button which a user will click. This proc will insert a new meeting date in the ATTENDANCE_TAB.att_date field behind the scene so that the user will not have to select date for each row. So what the user would do is just check Yes or NO in the attended field. And this action will update each row for each member in the ATTENDANCE_TAB table. Your help in how I can design this weekly attendance page in HTML DB will be greatly appreciated.

Thanks Scott for your suggestion. I want to create a time reporting or attendance page. Can anyone give me a suggestion about how I can create it. The page I want to create would display the names of people in each group on the left hand column and display updatable column (a check box or radiogroup on the right side of each name). The attendance record would be taken once a week. I hope my question is a bit clearer.

Techno Home Design Challenge

Ok Here's a creative techno design challenge. I live in a three story house with two Mac laptops, three hard drives, two printers, a Trendnet wirelessG router, AirPort Express and Airport Extreme n. My office is on the second floor where the printer/scanner is now, the cable enters on the main floor beside the HD tv and a cabinet that can house a printer and hard drives. What is the optimum arrangement to have the freest access to the internet, hard drives & printers?
I would greatly appreciate suggestions on this.

Unfortunately building materials can wreak havoc with any wireless signal and therefore it is extremely difficult to predict a configuration which will be guaranteed to work for you. Take a look at KB 58543, AirPort: Potential sources of interference.
Ignoring RF interference...
Either your AirPort Extreme base station (AEBS) or AirPort Express (AX) will need to be connected via Ethernet to the Trendnet router. Depending on how you want to run the Ethernet cable, it could be on a different floor than the Trendnet router.
The other Apple device can be placed on the other floor. The 2 Apple devices can be connected wirelessly using WDS.
If the printer/scanner uses a USB connection, it could be connected to either Apple device. Be aware that the scanning function will not be available if it is connected to the AX or AEBS via USB.
What do you mean by "...the freest access..."?

New to dreamweaver, complex web design.

hello, I'm a sports science student with a passion for helping people. I always get asked questions from novice gym users who don't know where or how to start. I'd like to create a website that allows them to find all they need to know In one place with all scientifically studied results and articles about supplements training etc. But also that based on a number of variables will give them a program to follow, free of charge. I downloaded dreamweaver and am at a loss about how to use it, I am very tech savi but not with web design.
I Have thought through a design.
The home/welcome page will be plain and simple with a introductory paragraph with a button saying 'get started' or a button saying 'I've already started' one will take them to a page that has variables such as height, weight, age, body fat, goals and experience, and through this information spit out a program, I know how to use all variables to create a routine (with my formula ofcourse) and obviously the other button will lead to there already created program. The program itself will allow for a befire photo and constant recent photoa to be uploaded, also a table for day to day weigh ins and progress check on weight lifted in the gym. On the far right of the page I want to have a seperate scroll down bar with titles of various articles about different areas of fitness.
I Know this seems like a lot but i have the contacts to get users on to the site but I need good design to keep them there. Is all of this possible on dreamweaver?
THank ink you for any help

When you use a complex web site there are several parts to it
- the HTML which controls the layout and the text
- the pictures (which can only be changed by the web designer, nobody else)
- the JavaScript, which can do certain things but cannot make permanent changes
- the web server, which will run scripts (programs) to do things
It is the web server which will run software to create programs, allow upload of pictures, remember status etc.
This is written by an experienced web programmer, who must be experienced in all the latest security issues. IT MUST NOT BE DONE BY A BEGINNER OR AMATEUR. I say this with pain because it used to be a great way to learn. But no longer, because the bad guys know all the tricks, and if a beginner does it, in no time at all, you will have porn hosted in your web site, it will be secretly sending spam, and all the personal information will be stolen. If you are in the EU, this last is particularly serious as you have an absolute responsibility to protect personal information, and there are unlimited fines.

DNS Server Infrastructure Design

Good day IT Folks,
Currently I'm on the planning stage of designing DNS infrastructure of our company. I've read a lot of reading materials available online about DNS. According to what I've gathered, two (2) DNS server is the minimum and three (3) is the recommended for the
usual set up of DNS. What I want to my DNS infrastructure is to have two (2) DNS servers for my LAN (internal network) and one (1) DNS for my LAN-to-Internet connection (external network).
The two (2) DNS servers will resolve LAN request and will forward requests to the another one (1) DNS server if internet-related sites is requested. I would like to ask for your help to give me insights how am I going to do this, where to start and what
are the things I should consider.
Thanks.
akosijesyang - the conqueror

You could go with a secure design such as the following (click on it to open a larger image in a new page):
See if the following threads help:
Technet Thread: Problem with Windows 2008 R2 Dns Server getting SERVFAIL resolving one domain, 1/18/2012
Includes a secure DNS forwarder in the DMZ image
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b00fc041-ba44-45b6-a8a1-a00374a20edf
Technet Thread: DNS Structure to rebuild efficiently - Question about the resolution process, 10/27/2011
Includes a secure DNS forwarder in the DMZ image
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/3a5fb6ac-6ab7-45b1-abab-e0d928a7e06c
Good discussion on DMZ secured resolver design, and the use of "Unbound DNS Resolver (http://unbound.net/) to use on your DMZ DNS server instead of Windows DNS. (Note: IMHO, for AD, I would rather use Windows DNS. - Ace)
Technet Thread: W2003 DNS cache snooping vulnerability for PCI-DSS compliance, 10/10/2011
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/67e9189b-606a-40d2-9944-8b4c7d084017/
And dealing with internal and external names:
Can't Access Website with Same Name (Split Zone or no Split Brain)
Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM 1278 0
Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
http://msmvps.com/blogs/acefekay/archive/2009/09/04/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-
name.aspx
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.

Complex architecture - design pattern?

I am trying to determine which architecture, or combination woudl best suite my application:
The core aspect is a client receiving data from a network at variable speeds - I have this working using a producer consumer loop (data) design pattern, that starts and stops by placing it inside a case structure with start button. I'd now like to combine this with an event driven user interface, which also uses the serial port to talk to external hardware every now and then. I have that working seperately with a producer consumer (event) design pattern. I'd like to combine them and include regular events (handshaking with the external hardware) to take place whilst the producer-consumer (data) reads from the network.
How can I mix the two design patterns?! I'm struggling to get my head 'round this.
Thanks

Here is an example of two Producer-Consumers in one vi. Notice the two queues. One is for commands to the event loops. The other is for the serial data loops. When certain data is received, you can send commands to the event loop (actually to Consumer loop, 2nd from top) to cause some action. So the user can initiate some action via event structure, and received data can also initiate some action.
This is complex and it might not do all you want. But its a start.
- tbob
Inventor of the WORM Global
Attachments:
DoubleProducerConsumer.vi ‏29 KB

MPLS network design challenge

Hi,
I have a design issue for which I really like your help.
In a MPLS network there are twoPOP gateway routers (G1,G2) peering with various MPLS VPN Service providers via B2B vrf eBGP peering are in 4 different ASN's. They inturn all peer via VPNv4 eBGP with the Core ASN which comprises of 2 Nos VPNv4 RR's and every site in the ASN haveing 2 P/PE per site. Every P/PE is peering via VPNv4- iBGP with the VPNv4 RR's. The RR's are not in the forwarding path of the traffic.
Every site has 2 Nos CE routers and each CE router does a vrf based ebgp peering with the P/PE's.
The P/PE routers import 2Nos RT exported by the 2 Nos POP G/w routers and inturn selects the best path and pass it to the CE routers.
Now it is seen that the P/PE of all sites is selecting the best path adverstised by G1 instead of G2 based on the AS PATH length and the shortest path is being adverstised by G1. So till a situation arises that the G1 is down till that time the P/PE's are forwarding the outbound traffic from the CE to G1 even also when the IGP cost is adding up high and when there is a direct link failure from the P/PE site to G1 site.
It therefore makes sense that if the direct physical link form a P/PE site to the site G1 is located goes down ,the P/PE's then should choose G2 via another path even when G1 is available.
Does these sort of requirements ever come in SP environments from customers ? if so what are the solutions ..
Thanks in advance
Kas

Hi kas,
This type of requirement come to providers and there are few options which provider can implement.
1- Play with local preference along with import map in vrf if requirement is customer specific. I mean if one customer want that G1 should be primary exit point and other customer want G2 as primary exit than he can use import map (which is similar to route-map )
ip vrf ABCD
rd XX
import map ABCD
route-target export XX
route-target import YY
route-map ABCD permit 20
set local-preference >100
2- Or you can play with As-path prepending option if you want to skip selection based on local preference.
it is in provider interest to provide you solution. as there are options of affecting traffic by using communities.
Please provide diagram and some config for complete solution.
Regards
Mahesh

Complex query design suggestions

Hi, I should first of all point out I'm new to pl/sql and struggling a bit so any help you can provide is really appreciated.
I have the requirements for a complex query the conditions of which are as follows
Four tables involved
ProductGroups, Products, Stock, StockMovements
Query requirements psudeocode (broken into bits to make things easier)
/* CODE */
Select distinct products
where productgroup.group between 'a' and 'z'
And stock.location = 'x'
And stock.qty > 0
For each product
     _myDate = currentdate - 1 year
     stkMvt= Select * from StockMovements where product = product
     If(select count(*) from stkMvt where code = 'A' and type = 'A' and source = 'A' and stkMvt.date > _myDate) > 0)
          -- exclude row / move next product
     End If
     If (select count(*) from stkMvt where code = 'B' and type = 'B' and source = 'B' and stkMvt.date> _myDate) > 0)
          -- exclude row / move next product
     End If
     If (select count(*) from stkMvt where code = 'C' and type = 'C' and source = 'C' and Qty > 0 and stkMvt.date> _myDate) > 0)
          -- exclude row / move next product
     End If
     If (select max(stkMvt.date) from stkMvt where code = 'D' and type = 'D' and source = 'D' < _myDate)
          If ( select max(stkMvt.date) from stkMvt where ((code = 'E' and type = 'E' and source 'E')
               Or (code = 'F' and type = 'F' and source = 'F')
               Or (code = 'G' and type = 'G' and source = 'G')) > _myDate )
               -- exclude row / move next product
          End If
     End If
     -- Get the fields to return
     Qty1 = Select coalesce(sum(qty),0) from stkMvt where code = 'H' and type = 'H' and source = 'H'
     Qty2 = Select coalesce(sum(qty),0) from stkMvt where code = 'I' and type = 'I' and source = 'I'
     Qty3 = Select coalesce(sum(qty),0) from stkMvt where code = 'J' and type = 'J' and source = 'J' and stkMvt.date between :fromDate and :toDate
     LastDate = Select max(stkMvt.Date) from stkMvt
     StkQty = Select Qty from Stock where product = product
     AllQty = Select AllQty from Stock where product = product
     FreeQty = StkQty - AllQty
     Value = Select value from Stock
     Select group, product , Qty1, Qty2, Qty3, LastDate, StkQty, AllQty, FreeQty, Value INTO table/cursor
Loop
Return table / cursor
/* CODE END */
Any guidance about the best way to achieve the above in an SP or Package would be massively helpful,
Thanks in advance
Scott.

Agreed, it is a mess and I was looking the other way when it was dumped into my lap to deal with unfortunately. Any pointers in the right direction would really be helping me out.
ok first the table structures, I'll include only the relevant fields to make things a bit easier.
CREATE TABLE "TEST"."CMGROUP"
(     "CMGRP_GROUP" CHAR(4 BYTE),
     "CMGRP_DESC" CHAR(30 BYTE)
CREATE TABLE "TEST"."CMPROD"
(     "CMP_PRODUCT" CHAR(20 BYTE),
     "CMP_DESC" CHAR(50 BYTE),
     "CMP_GROUP" CHAR(4 BYTE),
     "CMP_SPECIAL" CHAR(1 BYTE)
CREATE TABLE "TEST"."STOCK"
     "STK_PRODUCT" CHAR(20 BYTE),
     "STK_LOC" CHAR(5 BYTE),
     "STK_STKQTY" NUMBER,
     "STK_VALUE" NUMBER,
     "STK_ALLSTK" NUMBER
CREATE TABLE "TEST"."STMOVE"
     "STMOV_LOC" CHAR(5 BYTE),
     "STMOV_PRODUCT" CHAR(20 BYTE),
     "STMOV_DATE" DATE,
     "STMOV_TYPE" CHAR(1 BYTE),
     "STMOV_SOURCE" CHAR(1 BYTE),
     "STMOV_CODE" CHAR(1 BYTE),
     "STMOV_QTY" NUMBER,
     "STMOV_YEAR" NUMBER(5,0),
     "STMOV_PERIOD" NUMBER(5,0)
Relationships are as follows
CMGROUP.CMGRP = CMPROD.CMP_GROUP (One to Many)
CMPROD.CMP_PRODUCT = STOCK.STK_PRODUCT (One to Many)
STOCK.STK_LOC = STMOVE.STMOV_LOC (Many to Many)
STOCK.STK_PRODUCT = STMOVE.STMOV_PRODUCT (Many to Many)
As for the requirements well they aren't straightforward but the gist of it is to return a ref cursor to a crystal report from an oracle package. The ref cursor is to contain the following
select products that are
1) In stock
2) For a specific location
3) In a range of product groups
4) That either have a manual stock receipt movement within the last 12 months
5) Or do not have the following stock movement within the last 12 months
     a. PO Receipt
     b. WO Receipt
     c. Stock Acquisition Receipt
Of the results I need to
     1) Display the group
     2) Display the product
     3) Sum the Qty of WO Receipts from the 1st of the month (13 Months Ago) until today
     4) Sum the Qty of PO Receipts from the 1st of the month (13 Months Ago) until today
     5) Sum the Qty of Stock Transfers from the 1st of the month (13 Months Ago) until today
     6) Display the most recent stock movement date
     7) Display the current stock quantity
     8) Display the allocated stock quantity
     9) Display the available stock quantity
     10) Display the stock value
Movement code definitions as follows
Manual Stock Receipt
Stmov_type: O
Stmov_source: J
Stmov_code: G
Purchase Order Goods Receipt
Stmov_type: O
Stmov_source: R
Stmov_code: S
Stock Requisition Receipt (Positive stmov_qty value)
Stmov_type: G
Stmov_source: J
Stmov_code: L
Stock Requisition Issue (Negative stmov_qty value)
Stmov_type: G
Stmov_source: J
Stmov_code: L
Manual Stock Issue to GL Account (Issue to workshop)
Stmov_type: F
Stmov_source: J
Stmov_code: G
Works order issue
Stmov_type: F
Stmov_source: W
Stmov_code: G
Works order receipt
Stmov_type: 1
Stmov_source: W
Stmov_code: G
There are a few other conditions and requirements but I think that covers the basics. If there is anything I've left out let me know and I do my best to provide.
Thanks in advance
Scott.

Heavily concurrent design Challenge

Hello,
I'm having some kind of a design problem here, So I wondered whether the gurus here could give me answer.
Ok, so what I want to do is this. I need to be able to launch multiple asynchronous tasks (which are Remote Procedure Calls (RPC) (and are not implemented using java RPCs)). I also need to be able to get the results returned b y these tasks. So far so good, but here is a little more:
I also need to know when they end, in order to launch another asynchronous RPC, as soon as a particular one is finished (but not before, because I need its results).
And to complicate the matter, an RPC can be lauched by any class, and it's results must be retreivable by any Class (the former not necessarily beeing the same as the latter).
And one more constraint is that I do not want to use the Java Reflection API.
What I currently have is the following Design:
public class RPC implements Runnable{
    private EndTask endTask = null;
    public RPC(RPC.EndTask endTask){
        this.endTask = endTask;
        /** do something */
    public void run(){
        /** do something */
        this.end();
    public void end(){
        if(endTask != null){
            (new Thread(endTask)).start();
    public static void Execute(EndTask endTask){
        RPC rpc = new RPC(endTask);
        (new Thread(rpc)).start();
    public static abstract EndTask implements Runnable{
        private Object[] results = null;
        public setResult(Object[] result){
            this.results = result;
        public Object[] getResults(){
            return this.results;
}So basically, launching an RPC looks like this:
RPC.execute(new RPC.EndTask(){
        public void run(){
            someThingToDo();
            someThingThatNeedsTheResults(this);
    });or in fire and forget mode
RPC.execute(null);I was wondering what you think about this, and also if anyone could think of a better design. I like this one, but it might be a little complicated.
I look forward to reading your replies.
Nicolas Piguet

Well Actually, I'd love to, but I don't think this is possible, let me explain why.
I am devellopping an Peer-2-Peer database system as a research project. Those RPC's I mention are just UDP Datagrams sent on the network, which recieve UDP replies. All replies are received on the same listening port. As there are many of those "RPC" running simultaneously, I can't make it synchronous (At best, it would mean that the other RPCs would have to wait, at worst, it would mean missing incomming Datagrams).
If you can think of a way to make it synchronous knowing this, I'd be glad to hear it.

Need help in Complex report Design

Hi All
we got one requirement where the user wants to the see the report in a format showm below .
the relation is in a hireachy Oppourtunity ==> Cases==> Order items
They want a format shown below so that under Oppourtunity 1 it contains its corresponding cases and under each Case it shoul conatin its Order item . Each level will more details with them and they want diffrent format
in differnt level on a hole the format repeats for each Oppourtunity . How can we achieve this
Oppourtunity 1
CaseID 1
Details ……
Order item 1
Details …
Order Item n
Details …
CaseID n
Details ……
Order item 1
Details …
Order Item n
Details …
Oppourtunity n
CaseID 1
Details ……
Order item 1
Details …
Order Item n
Details …
CaseID n
Details ……
Order item 1
Details …
Order Item n
Details …
Surendra Thota

Hi Surendra_Thota,
According to your description, you want to create a report to display the records in a specific hierarchy (Opportunity->Case->Order). And you want to set format for different level group. Right?
In Reporting Service, we can use a group to organizes a view of a report dataset. All groups in a data region specify different views of the same report dataset. Groups are internally organized as members of one or more hierarchies for each data
region. So in this scenario, we just need to add a parent group for OrderItems (group on Case), then add a parent group for Case (group on Opportunity). And we can set different style and format for the textbox/column of different groups. We have tested
in our local environment with sample data. Here are some screenshots for your reference:
In this sample, we set different color and font size for each group.
The result looks like below:
Reference:
Understanding Groups (Report Builder and SSRS)
If you have any question, please feel free to ask.
Best Regards,
Simon Hou

Complex HSRP Design Issue

I work for a company and we want to implement HSRP. We are a small ISP and most of our customers come into a fastethernet port on subinterfaces. We have fastethernet 0/1.100 through 0/1.125. So 25 customers, each with their own network addressing come into this one port.
The problem is, some of these network are /30 so there is only room for two usable IP addresses....it doesnt seem like I can implement HSRP in this instance UNLESS I can make the Virtual HSRP (standby IP) address the current default gateway of the user and then put a completely different network address on the two physical ethernet interfaces.
Does that make sense? So if customer has the 10.0.0.0/30 network, then he is 10.0.0.1 and I am 10.0.0.2. Can I make the Standby IP of the router to be 10.0.0.2 and then change the physical address of the ethernet port on each router to be say on the 172.16.0.0/30 network?
If so, how would the routing work.
I have always gotten good feedback here, I hope it happens again.

My understanding is your customers come in on one physical subinterface. The customer router and provider router establish IP connectivity over the link using /30 addresses. Or are these IP work stations? Regardless, why would you want to implement HSRP over this link? I believe HSRP would be appropriate on the customer router interface facing the LAN. And you still would require another router at the customer site to act as the Hot Standby Router.
If you are adding another provider router into the mix utilize a routing protocol or static routes for fault tolerance.
In the scenario youre describing I dont see a need for a Hot Standby Router. There might be something Im missing. If you have any further information please provide.
Ryan

Welcome to the Design and Architecture Community

Welcome to the Network Infrastructure Design and Architecture Community. We encourage everyone to share their knowledge and start conversations on design and overall network topology. All topics are welcome, including requirements and constraints of the network, tools and techniques, issues of hierarchy, leading practices, services, build strategies, architectures and solutions to solve business problems.
Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
Cheers,
Dan BruhnCSC Community Manager

been waiting to see a forum like this. This forum should amalgamate all the other areas like R&S, security, DC design, and provide more quality , proven solns and discuss problems/challenges as well. Will be following this forum regularly
thanks dan for creating this community
Regards Kishore

Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about hierarchical network design.
Recommending a network topology is required for meeting a customer's corporate network design needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
A typical hierarchical topology is
A core layer of high-end routers and switches that are optimized for availability and performance.
A distribution layer of routers and switches that implement policies.
An access layer that connects users via lower-end switches and wireless access points.
Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions. Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
Remember to use the rating system to let Ahmad know if he has given you an adequate response.
Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

Dear Leo,
We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.
Two-Layer Hierarchy
In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
Three-Layer Hierarchy
A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
Aggregation—A three-layer hierarchy has two aggregation points:
At the edge of the access layer going into the distribution layer
At the edge of the distribution layer going into the core
At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
Now we are discussing that How Many Layers to Use in Network Design?
Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
Best regards,
Ahmad Manzoor

Complex Infrastructure Design Challenges

Similar Messages

Maybe you are looking for