SharePoint User Group UK

Hi,

I'm in charge of deploying a MOSS 2007 farm.

My farm consists of:

• 2 Web Front End servers WFE (x64) running on HP BL 480c
• 1 Application (Index) (x64) running on HP BL 480c
• 1 SQL Cluster (2 nodes of x64 servers running SQL Server 2005) on HP DL 380

The 2 WFE servers and the Application server are on the same VLAN.
However the SQL Server Cluster is on a different VLAN.

The blog past below seems to suggest that it is not supported.

http://paulgalvin.spaces.live.com/blog/cns!1CC1EDB3DAA9B8AA!1081.entry

Can anyone confirm that it is OK to have the SharePoint servers (WFE + Index) on a separate VLAN to the SLQ cluster?

and ideally explain if it could cause performance issues...

Cheers

---

Cédric Oster

Hi,

There is no reason for the SQL not to sit in a different VLAN, in fact I'd recommend it some cases (it's all down to segregation of traffic and security requirements). Typically your WFEs would be in a DMZ and the SQL cluster behind a firewall anyway.

Ideally, you should have the a fast connection from the WFEs to the SQL box, 1Gb or greater of you can. That doens't mean it can't go through multiple subnets (or vlans if you are using a single switch with vlan support).

So long as you can properly resolve and address the SQL-WFE relationship, and the bandwidth is adequate, you should not have any problems.

nb: I think in the post you refer to, there is confusion by suggesting that WFEs be on different Subnets. This is correct. All the WFEs need to be in the same subnet/vlan but the WFE to SQL relationship can span these boundaries.

---

Paul Leigh
---------------------------------------------
Designer of PhoPho & PhoTab, photograph frames that double up as tablet and smartphone stands.
www.jackdawdesigns.com

Just a quick agreement with Paul above, I'd heartily recommend that you seperate your SQL onto a seperate VLan whether you're in an extranet or intranet scenario anyhow. Does anyone remember how quickly that SQL Virus propagated through named pipes?

Not such an issue now, however if you tie your connectivity between the WFE's and SQL through known endpoints on a firewall, you're reducing the risk substantially without reducing perfomance (depending on your network infrastructure of course!)

The recommended practice as well is to tie the SQL connectivity into a network connection on your WFE that DOES NOT carry user traffic. My last implementation had two port redundant connection for the IIS traffic and two ports redundant for SQL.

Paul.

---

www.myfatblog.co.uk
twitter.com/@cimares

Thanks to both of you Paul(s).

The plan is actually to dedicate 2 NICs (teamed) to user traffic and the other 2 to SQL traffic as I've got 4 Network cards in the Blade servers. So it follows recommended practice.

Cheers and have a great week end.

---

Cédric Oster