How Vancl Built a Billion‑Yuan IT Infrastructure: Lessons for Operations Teams

1. Network Operations – The Foundation

Understanding the TCP/IP and OSI models provides the smallest knowledge atoms for network operations. The OSI model divides networking into seven layers, while TCP/IP consolidates them into four: Application, Transport, Network, and Network Interface (Data Link & Physical).

By extending the TCP/IP model, Vancl created a five‑layer information system architecture: Business Layer, Application System Layer, Basic System Layer, Network Layer, and Data Center Layer. Resource management, monitoring, auditing, and security span all layers, forming a practical IT model used in Vancl’s infrastructure.

Business Layer : Internal administration, finance, customer service, logistics, warehouses, and external websites.

Application System Layer : Technical implementations of business, such as OA, ERP, warehouse, logistics, customer service, and order systems.

Basic System Layer : DNS, DHCP, file, mail, account services.

Network Layer : Routers, switches, firewalls, dedicated lines, and fiber.

Data Center Layer : Physical servers, switches, and all related IT hardware.

This model helps operations staff view each layer from the perspective of their impact on daily work.

3. Basic Layer Design and Practice

3.1 DNS Design

High availability is critical for warehouse and call‑center operations. Vancl uses Windows Server DNS integrated with Active Directory (AD). Each site runs two DNS servers that replicate via AD, providing bidirectional synchronization superior to traditional master‑slave DNS.

Clients configure two local DNS addresses for redundancy. Internal and external domains are kept separate to avoid conflicts, and internal DNS is used for internal services while external DNS resolves public names.

3.2 DHCP Design

DHCP is deployed on two Windows servers per site, following a 5/5 split: the first half of the IP pool is served by one server, the second half by the other, preventing IP conflicts. Windows Server DHCP clusters are used, though they require a shared disk for arbitration, which introduces a single point of failure.

3.3 Windows File Services

File services rely on Windows file servers with domain‑joined clients. Permissions are group‑based rather than per‑user to simplify management. The solution integrates with corporate accounts and supports sharing links for download or upload.

3.4 Printing

Printing uses a standardized Windows file server approach. Paths follow the pattern

\\vancloa.cn\file<site><department>

. Disk quotas are applied per department, data is hot‑backed up, and role‑based permissions are enforced. Each site has two print servers named sitename‑prt‑<number> .

3.5 Email System

Vancl employs Microsoft Exchange Server 2010 for internal mail and high‑availability, complemented by Postfix for outbound bulk mail and spam filtering. Multiple domains (vancl.cn, vancl.com, vjia.com, rufengda.com) are handled. Exchange provides robust mobile sync and conference‑room integration.

3.6 Instant Messaging

Vancl integrates traditional telephony, IP telephony, PC, and mobile communication through a unified platform using SIPX, Microsoft Lync, and PSTN. The architecture ensures high availability and eliminates single points of failure.

3.7 Account and Permission Management

Windows Active Directory (AD) serves as the central account system. Permissions across all services are based on AD groups. Authentication for PCs, servers, network devices, and internal web applications uses LDAP, while custom WebService APIs handle authorization for internal systems.

3.8 AD Domain Design

AD Organizational Units (OUs) are flattened; all employee accounts reside under a single OU, simplifying automation and scaling to tens of thousands of accounts. Only two data‑center DCs are writable; the remaining sites host read‑only replicas, providing high availability and security.

3.9 IT Operations Automation

Automation is achieved through Microsoft System Center (SCCM 2012 R2). Standardized OS images are created for different business roles (warehouse, office, development, call‑center) and deployed via PXE. Software licensing is managed through an approval workflow, and remote assistance enables a single support engineer to service multiple sites.

3.10 Virtualization

All core services—including AD, Lync, SIPX, Exchange, SCCM, and file servers—run on virtual machines. Each site hosts redundant DNS/DHCP/domain controllers on separate physical hosts and power distribution units to avoid single points of failure.

4. Summary

Traditional enterprises face higher costs when building custom infrastructure compared to internet companies that rely heavily on open‑source components. Vancl’s experience shows that leveraging Windows AD, SCCM, virtualization, and selective open‑source tools (Redis, Zabbix, Nagios, etc.) can create a reliable, scalable, and cost‑effective IT foundation.