From a basic topology standpoint, I am trying to set up a my environment for internetworking and am hoping if someone could look at the topology I am thinking on using below was the way to go. Would this way be the best way to solve any connectivity, reliability, network management, and flexibility issues that may have come up?

Are there certain services and software packages needed? I am not really familiar yet with OSI so if someone can help out with that that would be great.

Could someone please feel free to point out the best setup of the 2 pics.

http://img169.imageshack.us/img169/657/internettingzt4.png

or

http://img353.imageshack.us/img353/3576/topologyzj8.png

The second one is much simpler and much easier to troubleshoot and maintain. I don't really see the need for the second switch though. I would use only one unless there will be a ton of workstations.

There first does provide more redundancy but much more complicated to troubleshoot and maintain. That's fine if the situation requires redundancy.

But I am still new at this internetwork stuff on a large scale, so don't hold it against me if I am wrong. :p

Hard to tell in the drawing, I use Visio and my layout is a little easier to read your representation looks to have three NICs in top servers, but you need to connect the two switches in the redundancy PIC. No load balancing will occur in that drawing either as normal Spanning tree will drop the second link and put it in a waite state unless you use PVST+ (cisco proprietary enabled by default on 802.1q trunk links) or MISTP you would then configure STP port priorities to allow VLAN 1-4 on one path and VLAN 5-8 on another as their primary and the the other path as a secondary (basicly per vlan balancing).

I would also not use a all in one firewall/router, rather a router then a firewall then switch. This allows for greater mitigation as you are ofloading processes on two devices routing is on router and firewall activities on hardware specificly designed for firewalling/VPN/IPS more scalable also.

No redundancy in second PIC.

If using VLANs you may concider end-to-end VLANs so any port in any switch can be in any VLAN so you would not have all PCs in one switch and servers in another rather a central bank of switches where any port can be in any VLAN (more efficient for port density, kinda old school).

almost forgot FTP server goes in DMZ, mail server web access server in DMZ (can be on web server), also if money provides their should be a front end mail server (like a relay/MTA) in DMZ that talks to the backed mail server that holds the actual databse talking to each other over SSL link through the firewall, That way your e-mail database is not directly accessible from the internet and only accepts e-mail that came through the front end mail server.

other opinions are welcomed as well.