high availability of internet access

Posted on 2013-11-15
Medium Priority
Last Modified: 2013-11-18
Can I ask from a low tech management standpoint -

- what should our audit and risk team be looking when reviewing high availability / best practice for uptime/availability of the organisations Internet service - i.e staffs availability to visit www.google.com from the corporate network.

- what pieces of the infrastructure need to be up to allow staff to visit the internet from corporate assets (i.e. servers and workstations), i.e. what can break in between user (on their coporate laptop) and the outside internet - that would mean the user didnt have internet access, i.e. we have a corporate proxy server with websense installed - whats the risk if that server fails? what else makes up the chain between client and the internet in corporate networks?

- what would constitute a poor design for corporate internet access, i.e. single point of failures/poor designs/lead to performance issues?

I am coming at this from a management risk angle, and not the most network tech proficient, so please bare in mind with your answers..
Question by:pma111
1 Comment
LVL 20

Accepted Solution

carlmd earned 2000 total points
ID: 39651536
We can consider the LAN and the WAN separately, both connecting to a  firewall device.

First lets talk WAN, in order to have HA you need to have two differnet ISP circuits running to your office, preferably not from the same provider. That is, you migh have one lease line type (Fios) and the other be a cable modem service. Then if one goes out you can "switch" to the other.

The next part is the firewall. The two ISP circuits will connect to the firewall, which will be configured with automatic failover between the two. Many firewall devices will do this, one example is Sonicwall. For true HA, you want to eliminate the firewall as the single point of failure, so you would have a second firewall configured as the HA backup to the first. A "hearbeat" would run between them, so if the primary failed the secondary (HA unit) would automatically take over.

Now on to your LAN. Unless you are willing to duplicate all cabling any one run can fail and possibly take your LAN down. However, the probability of a cable failing is low, and this can probably be ignored except for the most stringent cases. If switches are used, they are most likely a single point of failure as well. Duplicating such is more difficult, and a low tech solution is simply to have a spare device and swap in as needed.

Any single device or server providing a service like dns, proxy, file server etc can also be something to be considered. Whereas it may not bring down your network, it can severly cripple your ability to work. (No dns service for example.)

The most common consideration for HA is how much are you willing to spend to achieve the desired results. Most sites trade off dollars in consideration for just how much you can really tolerate being down.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question