1 Reply Latest reply on Jan 14, 2013 1:41 PM by Joe Piotrowski

    Validation of a provisioning architecture

      I'm pondering what architecture to use in my organization when serving many different clients on seperate distinct VLAN's:

       

      Solution 1 : Decentralized

      Every client will have its proper provisioning components in order to provision physical servers.

      • Advantages : 
        • The physical target servers closer to the Datastore & provisioning compoenents (DHCP, PXE,TFTP).
        • Install the provisioning components on the repeater server in order save os/licensing costs.
      • Disadvantages :
        • Ports to open betwen VLANs :  9831, 1433, & 1080 (default)

       

       

       

      Or using the following architectures more suitable for what I am trying to achieve:

       

      Solution 2 : Dedicated VLAN

      • Every client would access a dedicated VLAN to connect to the different provisioning components.

       

      Solution 3 : Centralized

      • Every client connects to the Bladelogic VLAN (all servers are located in this VLAN - DB, AS, PXE/TFTP, DHCP, DS)
      • Advantages : 
        • A unique & a central area for provisioning. for all clients Therefore only one reference to maintain.
      • Disadvantages :
        • Difficult configuraiton of firewalls & routers  = > iphelper
        • A lot of port openings between client VLAN and Bladelogic VLAN
        • Heavt network bandthwidth between client VLAN and Bladelogic VLAN. (for os download)

       

      Solution 4 : Staging Area Dedicated

      • A dedicated VLAN where only the provisioning components (DHCP, PXE,TFTP) are installed. Once the OS is installed on the target server, the server is connected to its proper VLAN in production.
      • Advantages : 
        • A unique & a central area for provisioning. for all clients Therefore only one reference to maintain.
        • Ports to open betwen Bladelogic & Staging area VLAN's :  9831, 1433
      • Disadvantages :
        • Change to the proper VLAN once the OS installation is completed on the target server. Therefore a manual change is needed to continue the installation of the application stack. (install of applications, patches)