Enterprise Design¶

Design goal¶

Create a Windows infrastructure that starts simple but can scale into a multi-site enterprise without redesigning the foundation.

Initial design¶

flowchart TD
    Internet --> FW[HQ-FW01 OPNsense]
    FW --> MGMT[VLAN 10 Management]
    FW --> SRV[VLAN 20 Servers]
    FW --> WKS[VLAN 30 Workstations]
    SRV --> DC[HQ-DC01 AD DS / DNS / DHCP]
    MGMT --> ADM[HQ-MGMT01 Admin Workstation]
    WKS --> C1[HQ-W11-001 Client]

Enterprise design principles¶

• Single forest and single domain initially.
• Sites are used for geographic expansion.
• Separate infrastructure roles as the business grows.
• Avoid installing every service on the domain controller long term.
• Use documentation and automation to keep the environment reproducible.

Future enterprise components¶

• Second domain controller
• Dedicated DHCP server or DHCP failover
• Dedicated certificate authority
• NPS/RADIUS server
• File server with DFS
• Monitoring and logging
• Microsoft 365 hybrid identity
• Endpoint management with Intune