Solved

high availability of internet access

Posted on 2013-11-15
1
591 Views
Last Modified: 2013-11-18
Can I ask from a low tech management standpoint -

- what should our audit and risk team be looking when reviewing high availability / best practice for uptime/availability of the organisations Internet service - i.e staffs availability to visit www.google.com from the corporate network.

- what pieces of the infrastructure need to be up to allow staff to visit the internet from corporate assets (i.e. servers and workstations), i.e. what can break in between user (on their coporate laptop) and the outside internet - that would mean the user didnt have internet access, i.e. we have a corporate proxy server with websense installed - whats the risk if that server fails? what else makes up the chain between client and the internet in corporate networks?

- what would constitute a poor design for corporate internet access, i.e. single point of failures/poor designs/lead to performance issues?

I am coming at this from a management risk angle, and not the most network tech proficient, so please bare in mind with your answers..
0
Comment
Question by:pma111
1 Comment
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
Comment Utility
We can consider the LAN and the WAN separately, both connecting to a  firewall device.

First lets talk WAN, in order to have HA you need to have two differnet ISP circuits running to your office, preferably not from the same provider. That is, you migh have one lease line type (Fios) and the other be a cable modem service. Then if one goes out you can "switch" to the other.

The next part is the firewall. The two ISP circuits will connect to the firewall, which will be configured with automatic failover between the two. Many firewall devices will do this, one example is Sonicwall. For true HA, you want to eliminate the firewall as the single point of failure, so you would have a second firewall configured as the HA backup to the first. A "hearbeat" would run between them, so if the primary failed the secondary (HA unit) would automatically take over.

Now on to your LAN. Unless you are willing to duplicate all cabling any one run can fail and possibly take your LAN down. However, the probability of a cable failing is low, and this can probably be ignored except for the most stringent cases. If switches are used, they are most likely a single point of failure as well. Duplicating such is more difficult, and a low tech solution is simply to have a spare device and swap in as needed.

Any single device or server providing a service like dns, proxy, file server etc can also be something to be considered. Whereas it may not bring down your network, it can severly cripple your ability to work. (No dns service for example.)

The most common consideration for HA is how much are you willing to spend to achieve the desired results. Most sites trade off dollars in consideration for just how much you can really tolerate being down.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now