Server Room Setup Design with Maintaining Proper Security Measures

Server Room Setup Design & Deployment: Secure, Scalable for an Edu-Tech Company

Project Overview

Project Summary

I designed and supervised the complete server room setup and network infrastructure for BacBon Ltd, an education-technology company in Dhaka. The project included end-to-end responsibilities: participating in procurement, selecting appropriate devices based on current and future needs, physical rack layout with proper airflow and security considerations, VMware ESXi hypervisor deployment on the Dell server, and configuring secure public accessibility.

The goal was to create a professional, secure, and maintainable on-premise data center environment that supports the company’s growing digital learning platforms while adhering to industry best practices for physical security, power redundancy, cooling, and network segmentation.

Server Room Setup Design Checklist

Key design decisions verified during planning:

• Rack location allocated with adequate clearance for maintenance (front/rear ≥ 1 meter)
• Hot-aisle / Cold-aisle layout implemented for optimal airflow
• Raised floor or proper cable management channels used
• Fire suppression (FM-200 or equivalent) and smoke/heat detectors installed
• Environmental monitoring (temperature, humidity, water leak) enabled
• Access control with biometric/electronic door lock and CCTV
• Dual power feeds with UPS and surge protection
• Future expansion space reserved (30%+ free rack capacity)

Server Room Layout Diagram

Procurement List

Devices and accessories procured based on performance, reliability, and total cost of ownership:

• Toten 42U Server Rack (600×1000×2055 mm) – vented doors, integrated cable management, 4× top fans
• Dell PowerEdge Server (2U) – dual CPU, 128 GB RAM, RAID storage for ESXi
• Cisco Catalyst Switch (48-port Gigabit, Layer 2/3)
• MikroTik CCR series Router/Firewall – for WAN edge and VPN/public access
• APC or equivalent Smart-UPS (3000 VA) with extended runtime
• Vertical PDUs (2×, 16A, with metering)
• Blanking panels, cable managers, patch panels, fiber/copper cabling
• IP KVM + environmental sensors

Rack Layout & Device Placement

Optimized rack elevation (bottom-to-top) for stability, cooling, and cable management:

1. Bottom (U1–U4) – UPS (heaviest component for low center of gravity)
2. U5–U8 – Dell PowerEdge Server (primary virtualization host)
3. U9–U10 – Cisco Network Switch (core switching)
4. U11 – MikroTik Router/Firewall
5. U12–U13 – Patch panel + cable management
6. U14+ – Reserved for future expansion + vertical PDUs mounted on sides

Rack Elevation Diagram

Sample Cable Management Notes (for documentation):

• All power cables routed via rear vertical PDUs
• Network cables color-coded (blue = LAN, red = WAN)
• Blanking panels used in empty U-spaces to prevent hot-air recirculation

Security Measures Implemented

Maintaining proper security was a core requirement. The following layered controls were applied:

• Physical Security
  • Biometric + RFID door access with audit logs
  • 24/7 CCTV coverage inside and outside the room
  • Rodent repellent system and raised flooring to prevent pest damage
• Network & Access Security
  • MikroTik firewall with strict input/forward chain rules
  • VLAN segmentation (Management, User, Server, Guest) on Cisco switch
  • Public accessibility restricted via port-forwarding + fail2ban
• Power & Environmental Security
• Dual UPS + generator-ready ATS
• Temperature/humidity alerts via PRTG or MikroTik scripting

Example MikroTik Firewall Rules (CLI):

# Allow only established/related traffic
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Allow established"
add chain=input action=drop in-interface=ether1 comment="Drop all other WAN input"

# Public service access (example: HTTPS to internal web server)
add chain=forward action=accept dst-address=192.168.10.10 dst-port=443 protocol=tcp in-interface=ether1 comment="Public HTTPS access"

VMware ESXi Setup on Dell Server

1. Installed latest ESXi 8.x on Dell PowerEdge hardware (verified HCL compatibility).
2. Created VMkernel ports for management, vMotion, and VM traffic.
3. Configured vSwitch with security policies (Promiscuous Mode = Reject, MAC Address Change = Reject).
4. Enabled public accessibility via NAT/port-forward on MikroTik for specific services (e.g., web portal, API).

Sample ESXi CLI Commands (post-install):

# Enable SSH temporarily for configuration
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1

# Set management network
esxcli network ip interface ipv4 set -i vmk0 -I 192.168.10.5 -N 255.255.255.0 -t static

# Add NTP for time sync
esxcli system ntp set --enabled true --servers 0.pool.ntp.org

Testing & Verification

• Full rack power-on and thermal validation (hot-aisle < 35°C)
• End-to-end connectivity and VLAN isolation tests
• Failover testing of UPS and public access services
• Security audit (port scan, penetration test simulation)
• Handover documentation and staff training completed

Challenges & Solutions