high availability of internet access

Can I ask from a low tech management standpoint -

- what should our audit and risk team be looking when reviewing high availability / best practice for uptime/availability of the organisations Internet service - i.e staffs availability to visit www.google.com from the corporate network.

- what pieces of the infrastructure need to be up to allow staff to visit the internet from corporate assets (i.e. servers and workstations), i.e. what can break in between user (on their coporate laptop) and the outside internet - that would mean the user didnt have internet access, i.e. we have a corporate proxy server with websense installed - whats the risk if that server fails? what else makes up the chain between client and the internet in corporate networks?

- what would constitute a poor design for corporate internet access, i.e. single point of failures/poor designs/lead to performance issues?

I am coming at this from a management risk angle, and not the most network tech proficient, so please bare in mind with your answers..
Who is Participating?
carlmdConnect With a Mentor Commented:
We can consider the LAN and the WAN separately, both connecting to a  firewall device.

First lets talk WAN, in order to have HA you need to have two differnet ISP circuits running to your office, preferably not from the same provider. That is, you migh have one lease line type (Fios) and the other be a cable modem service. Then if one goes out you can "switch" to the other.

The next part is the firewall. The two ISP circuits will connect to the firewall, which will be configured with automatic failover between the two. Many firewall devices will do this, one example is Sonicwall. For true HA, you want to eliminate the firewall as the single point of failure, so you would have a second firewall configured as the HA backup to the first. A "hearbeat" would run between them, so if the primary failed the secondary (HA unit) would automatically take over.

Now on to your LAN. Unless you are willing to duplicate all cabling any one run can fail and possibly take your LAN down. However, the probability of a cable failing is low, and this can probably be ignored except for the most stringent cases. If switches are used, they are most likely a single point of failure as well. Duplicating such is more difficult, and a low tech solution is simply to have a spare device and swap in as needed.

Any single device or server providing a service like dns, proxy, file server etc can also be something to be considered. Whereas it may not bring down your network, it can severly cripple your ability to work. (No dns service for example.)

The most common consideration for HA is how much are you willing to spend to achieve the desired results. Most sites trade off dollars in consideration for just how much you can really tolerate being down.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.