Business networks are complex, and there are a lot of areas that can have issues that negatively impact network performance.
When we take over a business’s network, we find a few design flaws quite often. Some of the issues we see from these networks include security breaches, hardware failures, IP address conflicts, overloaded or out-of-date hardware, and VLAN or VPN problems. If these flaws are not addressed properly, they can wreak havoc on a business’s performance and security. Security breaches are less common but can occur especially when proper security measures are not taken. By configuring the network firewall properly and keeping its security services up to date, we decrease the risk of an outside threat. Having proper antivirus and monitoring in place as well as training employees on best practices can also improve your security. Hardware failures can and do happen rather frequently if systems are not upgraded or replaced before major issues occur. The key to avoiding major issues if a hardware failure were to occur is to have an adequate disaster recovery plan in place. Many IT providers run your local servers as a local install and rely on backups to an external hard drive. The problem with this is that external hard drives can fail and if you are swapping them out weekly, you could be risking that week of data being lost if not more. By virtualizing your systems and taking numerous snapshots throughout the day that we store both locally and offsite, the risk of losing your data is removed.
IP address conflicts are caused by improperly designed DHCP scopes and by statically assigning IP addresses on devices without having proper exclusions and reservations. DHCP is the protocol that hands out IP addresses to the devices on your network automatically. If you do not exclude a range of IP addresses in your subnet from the DHCP scope, then you cannot statically assign IP addresses on devices that might need it. Instead, if you exclude a range and set reservations when you statically assign the addresses, you remove the possibility of having IP address conflicts on your network.
Preventing overloaded or out-of-date hardware is as simple as tracking the age of the equipment on your network and planning for upgrades to prevent costly downtime. It can also be solved by purchasing the correct equipment upfront and by having warranties in place in case of failure. Part of the issue with failing hardware comes when data is being stored on local workstations, rather than the company server or on a cloud-hosted location. Cloud locations and company servers should be backed up to prevent data loss and so any important files should be stored on a share that resides in one of those locations. If you are storing files locally, you would need to add a backup of that local system to prevent possible file loss.
VLAN or VPN issues are also typically caused by misconfigured equipment. VPN issues can occur if the Local Area Network (LAN) at your office has the same IP address scheme as the network you are connecting from. The most common range of IP addresses is 192.168.0.1-254 and we often find that business networks were set up in this range. The issue is that most equipment you will find in a home network comes with this same range and so when you create a VPN between the two locations, you end up with a duplicate IP range, and conflicts can occur. By using a different range for your business, such as 172.16.21.1-254, you prevent the issue from happening.
VLANs are Virtual Local Area Networks and their purpose is to isolate LAN segments. One reason to do this is to prevent traffic on a guest network from reaching your secure LAN. This allows guests to use your Wi-Fi in your office without risking a security breach from malicious equipment connecting to it. Using VLAN tagging on all guest traffic creates a virtual security layer between the two networks. Improper configuration or configuring the VLAN on specific ports of a switch rather than tagging the traffic can cause performance issues and security risks. We design all of our systems in a way that all traffic is properly separated, without overcomplicating the setup.