Let me premise, we are a mid-size production services company offering services in broadcasting, live event production, and film/television production. Some of the data we hold is wildly sensitive, and we utilize end to end encryption, disabling USB drives on edit bays, strict group policies, all the fun stuff to ensure nothing leaves this facility, and ensuring that nobody sees anything they are not permitted to.
That being said,
I need a low power router, hydro is expensive here, and our machine room is running out of power, I wanna keep it under 150w here so please no retired Cisco beasts that require their own 3 phase connection just to idle.
Router will be taking a gigabit WAN, with multiple VLANs, lots of very high bandwidth inter VLAN traffic on layer 2 switches (storage servers that are currently 4 gigabit LACP/LAGG but will become 10g in the future on one vlan, with multiple gigabit or in the future 10g storage server clients on a different VLAN), QOS for multiple VOIP SIPs.
I know my needs are a little intensive, if and when the storage server becomes 10g, and all the clients to said server become 10g, I will need to be able to place a firewall between the storage arrays and the clients, as the data on the servers is sometimes highly sensitive, but being a post production facility, the bandwidth for editing 4k+ footage in real time is a genuine need to our online suites, so I can't have any bottlenecks.
Now the real kicker, we have very little budget for this. I considered a poweredge r210 w/ pfSense, MicroTik RB3011, but with this 10g requirement looming over me, I am fearing that I may not be able to place a firewall between the VLANs without causing a serious bottleneck to the 10g network.
Suggestions? I am not a highly experienced sysadmin, and networking is a big weakness of mine. I am a senior staff member who has some IT skills so I may be doing some things wrong here, but its what the budget permits, and I know I'm gonna get a million responses saying "hire a professional" "you cant risk the lawsuit of data loss" and all that and I know, but at the end of the day its not my call, and I've tried, so your really wasting your breath.
No comments:
Post a Comment