• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 710
  • Last Modified:

Firewall and Switch High Availability Design for SaaS Application

Hi, I have a SaaS application for which I want to build a high available network infrastructure that consists of two firewalls, two switches, two load balancers, and two web servers. The application is a flash application served to clients over the internet who log on and access their data. I have budget for only 1 line to the internet. How do I wire these devices together to minimize single points of failure with only 1 internet line, and what cisco device model's would you recommend?  The throughput is about 5-10mbps to the internet. The web server will be dual homed (1 connection to a front end vlan going to the internet, and the other connection to a backend vlan which should also be highly available and connecting the rest of the application). The servers will be Dell servers with DRACs connected. In total I will need approx 130 switch ports. I'm thinking two 6513's could handle both my front end and back end vlans, but I'm not sure. Your help would be greatly appreciated. Thanks.
0
cc007
Asked:
cc007
  • 3
  • 2
1 Solution
 
mikebernhardtCommented:
I don't think you need 6513, 6509s should be sufficient with 48-port line cards.

Since you can only have 1 internet connection, you obviously can't have redundant switches on the internet side. but a 6509 with 2 supervisors and 2 power supplies will be pretty redundant.
0
 
cc007Author Commented:
Thanks, but what are supervisors? And what about the backend switches?
0
 
mikebernhardtCommented:
>but what are supervisors? Supervisor modules; you need at least one but 2 gives you better reliability.

But let's back up a moment- you have a budget for 3 or 4 6500s or were you thinking of 2 total?  If you can buy 3, I would buy one as described above for your outside switch. Then tie both firewalls into that. Then on the inside of the firewalls, have 2 more 6500s and tie your web servers and load balancers into that. Since those switches are redundant you only need one supervisor each. You could probably do fine with 6504s on the inside, saving you money and rack space.

If you can get dual fiber connections from your ISP, you could even just get 2 3650 series Layer 3 switches or even a couple of routers for your outside switches, and put simple access lists on them for filtering the stupid stuff. Connect those to 2 6504s and follow the attached diagram for an idea.
Drawing1.jpg
0
 
mikebernhardtCommented:
You should probably dual-home the load balancers to the 2 switches for higher reliability to the outside. The diagram is just a basic concept, not a finished design.
0
 
cc007Author Commented:
I was looking for just a little bit more detail. But this is good. Thank you very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now