[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DR and HA design assistance with Co-lo

Posted on 2008-11-14
6
Medium Priority
?
323 Views
Last Modified: 2012-05-05
Hi
We are planning an HA/DR  solution. Currently, all our servers are in one central office. We have 3 small remote offices. Our plan is to use a co-lo to place our Front Edge Exchange 07 server and would also like a proxy server for web traffic. Our HA/DR site will be one of our remote offices. The plan is for external clients (for web access) and remote users (for OWA and activesync) to hit the co-lo and then the proxy would redirect to our main corp location. We will replicate all our servers to the HA site using DoubleTake into VM's. Does anyone have any recommendations? Also, I need a good corp level proxy server for the co-lo. Suggestions?
thx
0
Comment
Question by:dguillen
  • 3
  • 3
6 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 22967946
A proxy server is of less importance than a VPN connection between the colo and the main office.

Do you control your companies IPs?

Note that the reverse proxy must be carefully configured to avoid having external access get through to the main office.
0
 
LVL 1

Author Comment

by:dguillen
ID: 22979136
We will have a direct point-to-point from co-lo to office and/or at least a 10mb lan-lan vpn. External access through the proxy will be redirected to our main office, but only web access and sync. Any reverse proxy software/hardware you recommend? Is there a better configuration that I should consider?
 
0
 
LVL 81

Expert Comment

by:arnold
ID: 22980113
With a dedicated point to point, you could use network devices to handle the traffic.
Squid is a good proxy.
You are trying to migrate from a HUB configuration into an HA/DR.

Are the external users part of the inside work force or are they external unaffiliated individuals?

Not sure when you mention a proxy server for the web traffic whether you mean that you will be accessing a corporate web site by way of the co-lo's internet connection.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 1

Author Comment

by:dguillen
ID: 22980359
Our internal staff will be accessing all resources (intranet, files, email) directly from our corp site, NOT the col-lo. The proxy at the co-lo is ONLY for external clients (not our employees) to access secured websites. The co-lo will have our front edge exchange server as well. I saw Squid but I'm not a unix guy and i'd like something a bit more admin friendly.
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 22981723
If I get the intent correctly, the purpose of the Co-lo is a gateway into the main office.
You could use DNS to direct visitor to one site or another.  If you have your own IP blocks that can be used at the main office and at the co-lo, you could use network devices i.e. F5 load balancers with BGP to advertise.

Why not put the external sites at the co-lo rather than have the same traffic traversing two paths.  This way you get isolation from attack.  You could use DNS to load balance the sites.  

There is a windows squid (squid-nt), for the purpose you outline, there is no administration needed.  You have the application listen on a specific port and directing all requests to a specific IP.
0
 
LVL 1

Author Comment

by:dguillen
ID: 23253752
i'll consider that. We're still working ideas out.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Is your computer hacked? learn how to detect and delete malware in your PC
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month20 days, 2 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question