Solved

high availability of internet access

Posted on 2013-11-15
1
596 Views
Last Modified: 2013-11-18
Can I ask from a low tech management standpoint -

- what should our audit and risk team be looking when reviewing high availability / best practice for uptime/availability of the organisations Internet service - i.e staffs availability to visit www.google.com from the corporate network.

- what pieces of the infrastructure need to be up to allow staff to visit the internet from corporate assets (i.e. servers and workstations), i.e. what can break in between user (on their coporate laptop) and the outside internet - that would mean the user didnt have internet access, i.e. we have a corporate proxy server with websense installed - whats the risk if that server fails? what else makes up the chain between client and the internet in corporate networks?

- what would constitute a poor design for corporate internet access, i.e. single point of failures/poor designs/lead to performance issues?

I am coming at this from a management risk angle, and not the most network tech proficient, so please bare in mind with your answers..
0
Comment
Question by:pma111
1 Comment
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 39651536
We can consider the LAN and the WAN separately, both connecting to a  firewall device.

First lets talk WAN, in order to have HA you need to have two differnet ISP circuits running to your office, preferably not from the same provider. That is, you migh have one lease line type (Fios) and the other be a cable modem service. Then if one goes out you can "switch" to the other.

The next part is the firewall. The two ISP circuits will connect to the firewall, which will be configured with automatic failover between the two. Many firewall devices will do this, one example is Sonicwall. For true HA, you want to eliminate the firewall as the single point of failure, so you would have a second firewall configured as the HA backup to the first. A "hearbeat" would run between them, so if the primary failed the secondary (HA unit) would automatically take over.

Now on to your LAN. Unless you are willing to duplicate all cabling any one run can fail and possibly take your LAN down. However, the probability of a cable failing is low, and this can probably be ignored except for the most stringent cases. If switches are used, they are most likely a single point of failure as well. Duplicating such is more difficult, and a low tech solution is simply to have a spare device and swap in as needed.

Any single device or server providing a service like dns, proxy, file server etc can also be something to be considered. Whereas it may not bring down your network, it can severly cripple your ability to work. (No dns service for example.)

The most common consideration for HA is how much are you willing to spend to achieve the desired results. Most sites trade off dollars in consideration for just how much you can really tolerate being down.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Update Isn't working 41 154
Fortigate 100D NTP Issue 4 78
cutting over to a new network 9 100
Unmanaged Switches for Optimized Network Speeds 7 39
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question