DR and HA design assistance with Co-lo

Hi
We are planning an HA/DR  solution. Currently, all our servers are in one central office. We have 3 small remote offices. Our plan is to use a co-lo to place our Front Edge Exchange 07 server and would also like a proxy server for web traffic. Our HA/DR site will be one of our remote offices. The plan is for external clients (for web access) and remote users (for OWA and activesync) to hit the co-lo and then the proxy would redirect to our main corp location. We will replicate all our servers to the HA site using DoubleTake into VM's. Does anyone have any recommendations? Also, I need a good corp level proxy server for the co-lo. Suggestions?
thx
LVL 1
dguillenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
A proxy server is of less importance than a VPN connection between the colo and the main office.

Do you control your companies IPs?

Note that the reverse proxy must be carefully configured to avoid having external access get through to the main office.
0
dguillenAuthor Commented:
We will have a direct point-to-point from co-lo to office and/or at least a 10mb lan-lan vpn. External access through the proxy will be redirected to our main office, but only web access and sync. Any reverse proxy software/hardware you recommend? Is there a better configuration that I should consider?
 
0
arnoldCommented:
With a dedicated point to point, you could use network devices to handle the traffic.
Squid is a good proxy.
You are trying to migrate from a HUB configuration into an HA/DR.

Are the external users part of the inside work force or are they external unaffiliated individuals?

Not sure when you mention a proxy server for the web traffic whether you mean that you will be accessing a corporate web site by way of the co-lo's internet connection.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

dguillenAuthor Commented:
Our internal staff will be accessing all resources (intranet, files, email) directly from our corp site, NOT the col-lo. The proxy at the co-lo is ONLY for external clients (not our employees) to access secured websites. The co-lo will have our front edge exchange server as well. I saw Squid but I'm not a unix guy and i'd like something a bit more admin friendly.
0
arnoldCommented:
If I get the intent correctly, the purpose of the Co-lo is a gateway into the main office.
You could use DNS to direct visitor to one site or another.  If you have your own IP blocks that can be used at the main office and at the co-lo, you could use network devices i.e. F5 load balancers with BGP to advertise.

Why not put the external sites at the co-lo rather than have the same traffic traversing two paths.  This way you get isolation from attack.  You could use DNS to load balance the sites.  

There is a windows squid (squid-nt), for the purpose you outline, there is no administration needed.  You have the application listen on a specific port and directing all requests to a specific IP.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dguillenAuthor Commented:
i'll consider that. We're still working ideas out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.