high availability of internet access

Posted on 2013-11-15
Medium Priority
Last Modified: 2013-11-18
Can I ask from a low tech management standpoint -

- what should our audit and risk team be looking when reviewing high availability / best practice for uptime/availability of the organisations Internet service - i.e staffs availability to visit www.google.com from the corporate network.

- what pieces of the infrastructure need to be up to allow staff to visit the internet from corporate assets (i.e. servers and workstations), i.e. what can break in between user (on their coporate laptop) and the outside internet - that would mean the user didnt have internet access, i.e. we have a corporate proxy server with websense installed - whats the risk if that server fails? what else makes up the chain between client and the internet in corporate networks?

- what would constitute a poor design for corporate internet access, i.e. single point of failures/poor designs/lead to performance issues?

I am coming at this from a management risk angle, and not the most network tech proficient, so please bare in mind with your answers..
Question by:pma111
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 20

Accepted Solution

carlmd earned 2000 total points
ID: 39651536
We can consider the LAN and the WAN separately, both connecting to a  firewall device.

First lets talk WAN, in order to have HA you need to have two differnet ISP circuits running to your office, preferably not from the same provider. That is, you migh have one lease line type (Fios) and the other be a cable modem service. Then if one goes out you can "switch" to the other.

The next part is the firewall. The two ISP circuits will connect to the firewall, which will be configured with automatic failover between the two. Many firewall devices will do this, one example is Sonicwall. For true HA, you want to eliminate the firewall as the single point of failure, so you would have a second firewall configured as the HA backup to the first. A "hearbeat" would run between them, so if the primary failed the secondary (HA unit) would automatically take over.

Now on to your LAN. Unless you are willing to duplicate all cabling any one run can fail and possibly take your LAN down. However, the probability of a cable failing is low, and this can probably be ignored except for the most stringent cases. If switches are used, they are most likely a single point of failure as well. Duplicating such is more difficult, and a low tech solution is simply to have a spare device and swap in as needed.

Any single device or server providing a service like dns, proxy, file server etc can also be something to be considered. Whereas it may not bring down your network, it can severly cripple your ability to work. (No dns service for example.)

The most common consideration for HA is how much are you willing to spend to achieve the desired results. Most sites trade off dollars in consideration for just how much you can really tolerate being down.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question