Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > 2 Domains, 1 Subnet

Reply
Thread Tools

2 Domains, 1 Subnet

 
 
TBone
Guest
Posts: n/a
 
      04-03-2009
After I wrote that I realized *what else* it might seem like...

Yet I'm hoping to get a serious answer...

I am simplifying our network, but I have an ongoing argument with the
owner of the company (who admits to knowing nothing about networking)
that our production domain and test domain should be on separate subnets
(ie. 10.1.1.x and and 10.1.2.x). He says that he wants the management of
the network to be simplified and therefore we should run both domains in
the same subnet. We have about 100 workstations and 10 servers, so this
is not a big network by any means.

I know it can be done either way. The reason I'm posting is to hopefully
call on the collective experience of the froup about the advantages of
doing this one way or the other.

Only caveat is users in the production domain will need to be able to
connect and work with servers in the test domain.

-------

Thanks,
T-Bone
MCNGP XL
 
Reply With Quote
 
 
 
 
James
Guest
Posts: n/a
 
      04-03-2009
TBone wrote:
> After I wrote that I realized *what else* it might seem like...
>
> Yet I'm hoping to get a serious answer...
>
> I am simplifying our network, but I have an ongoing argument with the
> owner of the company (who admits to knowing nothing about networking)
> that our production domain and test domain should be on separate subnets
> (ie. 10.1.1.x and and 10.1.2.x). He says that he wants the management of
> the network to be simplified and therefore we should run both domains in
> the same subnet. We have about 100 workstations and 10 servers, so this
> is not a big network by any means.
>
> I know it can be done either way. The reason I'm posting is to hopefully
> call on the collective experience of the froup about the advantages of
> doing this one way or the other.
>
> Only caveat is users in the production domain will need to be able to
> connect and work with servers in the test domain.
>
> -------
>
> Thanks,
> T-Bone
> MCNGP XL


Personally, I would split them up and only allow the access that is
necessary to perform testing. You could use ACLs to block access to
resources if needed during development, and then open them back up for
testing.

It is more work, but there are benefits. Then again, as long as you
have explained the pros and cons to management, it is their problem at
that point, and their responsibility. If the owner of a company wants
to do something against the recommendations of his trusted staff, at
some point you have to just comply.

Good luck,

JB
 
Reply With Quote
 
 
 
 
Lawrence Garvin [MVP]
Guest
Posts: n/a
 
      04-04-2009
"TBone" <reply2me@thenewsgroup> wrote in message
news:Xns9BE27505C480Areplyhere@207.46.248.16...

> I am simplifying our network, but I have an ongoing argument with the
> owner of the company (who admits to knowing nothing about networking)
> that our production domain and test domain should be on separate subnets
> (ie. 10.1.1.x and and 10.1.2.x). He says that he wants the management of
> the network to be simplified and therefore we should run both domains in
> the same subnet. We have about 100 workstations and 10 servers, so this
> is not a big network by any means.
>
> I know it can be done either way. The reason I'm posting is to hopefully
> call on the collective experience of the froup about the advantages of
> doing this one way or the other.
>
> Only caveat is users in the production domain will need to be able to
> connect and work with servers in the test domain.


This latter point is exactly the reason why they must be in the same subnet.

Or else, you'll need to install and maintain some sort of router
functionality so that traffic can get from subnet 'A' to subnet 'B'.

Truth be told, what you have here is two different network topologies, that
each should be evaluated independent of one another.

Domains are security boundaries for users and resources. If users in the
production domain need to connect and work with servers in the test domain,
then the test domain is going to have to trust the production domain. At
this point, it begs the question of what the value of a separate domain
actually becomes.

IP Subnets are logical (broadcast) boundaries to control network-level
traffic. If members of group 'a' routinely need to access resources in group
'b', and both groups are on the same *physical* LAN infrastructure, then the
complication of separate subnets most likely outweighs any perceived
disadvantage of having them all on one network.

The *only* reason I could justifiably see creating multiple subnets on the
same physical LAN is if one or the other group has more than 250 devices...
but even then, it's trivial to use CIDR masking and create a subnet with
>255 host addresses.


Without more information, I'm hard pressed to see the justification for
either a separate domain =or= a separate IP Subnet, and if your primary
objective is to simplify the network, then take a lesson from the earliest
"Active Directory Domain Services" training literature way back in 1999
which stated simply (and paraphrased): Unless you have a justifiable need
for more than one domain, ONE domain is what you should configure.

What you need for your test network is a separate =OU=.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

 
Reply With Quote
 
Gabe
Guest
Posts: n/a
 
      04-07-2009
In a small network its not likely going to be a performance problem. There
may be security issues related to your coworkers seeing things that have not
yet been released, perhaps even using things that are not ready to be used
yet...

Will your test environment be "poluted" by being connected to the same
subnet as the production environment? If so, your argument could be that it
would invalidate your testing.

--
MCSE since 2000
Systems Integration
Navy Reserves


"TBone" wrote:

> After I wrote that I realized *what else* it might seem like...
>
> Yet I'm hoping to get a serious answer...
>
> I am simplifying our network, but I have an ongoing argument with the
> owner of the company (who admits to knowing nothing about networking)
> that our production domain and test domain should be on separate subnets
> (ie. 10.1.1.x and and 10.1.2.x). He says that he wants the management of
> the network to be simplified and therefore we should run both domains in
> the same subnet. We have about 100 workstations and 10 servers, so this
> is not a big network by any means.
>
> I know it can be done either way. The reason I'm posting is to hopefully
> call on the collective experience of the froup about the advantages of
> doing this one way or the other.
>
> Only caveat is users in the production domain will need to be able to
> connect and work with servers in the test domain.
>
> -------
>
> Thanks,
> T-Bone
> MCNGP XL
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 1812 subnet to subnet NAT Amadej Cisco 1 09-04-2007 06:53 PM
Add a private subnet to existing real class C subnet bubbleserver@gmail.com Cisco 5 01-18-2007 04:59 PM
cannot ping from subnet A to subnet B for a specific host soup_or_power@yahoo.com Cisco 16 08-04-2006 02:30 PM
Subnet a subnet mask? Vass Computer Support 1 08-26-2005 01:02 PM
RE: Can anyone point me to some good subnet & subnet mask how tos..... Anonymous MCSA 0 04-02-2004 10:25 AM



Advertisments