DR and HA design assistance with Co-lo

Hi
We are planning an HA/DR  solution. Currently, all our servers are in one central office. We have 3 small remote offices. Our plan is to use a co-lo to place our Front Edge Exchange 07 server and would also like a proxy server for web traffic. Our HA/DR site will be one of our remote offices. The plan is for external clients (for web access) and remote users (for OWA and activesync) to hit the co-lo and then the proxy would redirect to our main corp location. We will replicate all our servers to the HA site using DoubleTake into VM's. Does anyone have any recommendations? Also, I need a good corp level proxy server for the co-lo. Suggestions?
thx
LVL 1
dguillenAsked:
Who is Participating?
 
arnoldConnect With a Mentor Commented:
If I get the intent correctly, the purpose of the Co-lo is a gateway into the main office.
You could use DNS to direct visitor to one site or another.  If you have your own IP blocks that can be used at the main office and at the co-lo, you could use network devices i.e. F5 load balancers with BGP to advertise.

Why not put the external sites at the co-lo rather than have the same traffic traversing two paths.  This way you get isolation from attack.  You could use DNS to load balance the sites.  

There is a windows squid (squid-nt), for the purpose you outline, there is no administration needed.  You have the application listen on a specific port and directing all requests to a specific IP.
0
 
arnoldCommented:
A proxy server is of less importance than a VPN connection between the colo and the main office.

Do you control your companies IPs?

Note that the reverse proxy must be carefully configured to avoid having external access get through to the main office.
0
 
dguillenAuthor Commented:
We will have a direct point-to-point from co-lo to office and/or at least a 10mb lan-lan vpn. External access through the proxy will be redirected to our main office, but only web access and sync. Any reverse proxy software/hardware you recommend? Is there a better configuration that I should consider?
 
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
arnoldCommented:
With a dedicated point to point, you could use network devices to handle the traffic.
Squid is a good proxy.
You are trying to migrate from a HUB configuration into an HA/DR.

Are the external users part of the inside work force or are they external unaffiliated individuals?

Not sure when you mention a proxy server for the web traffic whether you mean that you will be accessing a corporate web site by way of the co-lo's internet connection.
0
 
dguillenAuthor Commented:
Our internal staff will be accessing all resources (intranet, files, email) directly from our corp site, NOT the col-lo. The proxy at the co-lo is ONLY for external clients (not our employees) to access secured websites. The co-lo will have our front edge exchange server as well. I saw Squid but I'm not a unix guy and i'd like something a bit more admin friendly.
0
 
dguillenAuthor Commented:
i'll consider that. We're still working ideas out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.