I am in charge of implementing a infrastructure solution for a system of a web services and web applications in health sector. Currently, I am having the following system:
On the main site, I have my application servers, and database servers, which are accesible to clients through remote access server (which is OpenVPN Access Server). Every client is issued a set of configuration files and certificates, which he uses to connect to production network, and further on work on a web applications, or get a web service.
Now I need to implement a backup location, a rented server with ESXi 5.0 installed on it. I will have all the backup application and database servers virtualized as a backup system, so if anything in my primary location fails, the clients would be redirected to my backup location. One of those servers will be OpenVPN Access Server, which will have to accept incoming connections from clients if the primari VPN server fails. Maybe it is worth to say that these two sites will be connected over site-to-site VPN tunnel.
I would like to know if anyone had a similar problem, and how would it be possible to set it up in a way that all the clients would connect to a primary location, and ONLY connect to backup site if the primary is offline. Also, I need a reliable mechanism for clients to reconnect to primary site as soon as it comes back online.
I know that I could add another "remote xxx.xxx.xxx.xxx" directive to clients, so they will look for second vpn server, but I am not sure whether they will be dispersed between to VPN servers, since I need them to be connected to a primary location 99.99% of time.