Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 142
  • Last Modified:

Website and RDP Fault tolerance using multiple ISP's

We have two ISP's coming in to our network. We have a few internal websites and a couple RDP servers that users access from the outside.

We have been having some issue with one of the ISP's and it happens to be the one that we have most of the external DNS names for the websites and RDP servers pointed to.

My question is, what are others doing for fault tolerance for external services? do they have multiple entries in DNs using an external provider or something else?
0
msidnam
Asked:
msidnam
  • 5
  • 4
1 Solution
 
gheistCommented:
I think you misuse term "Fault tolerance".
Short wikipedia read will tell you. Do you have $XY00000 budget already assigned for fault tolerance?
0
 
msidnamAuthor Commented:
Ok, load balancing then. Either way we need a way where we can easily have a domain name, lets say login.company.com that points to 123.45.6.7 be re routed to 123.45.6.8 if the ISP that has 123.45.6.7 goes down.
0
 
gheistCommented:
If you put same webserver on 2 providers and set DNS to resolve to both IPs then one goes down and all browsers fail over to good side.
It will take more consideration to build database cluster and session synchronisation, keeping in mind lengthy isolation between locations.

For RDP? In 30s it will reconnect to same IP, 30s later to next IP. If you rig a windows server with 2 IPs within minute of one failure your users will be back at their sessions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
msidnamAuthor Commented:
Here is the situation. We have an MPLS line that connects all of our offices internally. We also have internet through our MPLS lines. We also have a Data Center that gives us an internet line where we have a physical firewall. Most of our RDP and webmail logins go through the MPLS internet. We have had issues in the past where our internet from our MPLS provider goes down (the inter office MPLs lines are still up and running).

When that happens we want to have the ability to somehow redirect the traffic from the MPLS internet to the data center internet. If we give our DNS provider two different public IP's it wont work because the Data Center internet is on a different subnet and I would need to change the gateway for those servers. I can do that in a downed situation but not if its going to one public IP one second and then the second public IP the next second.

Internally, i just tell my routers to send all traffic to the firewall in our DC and that will fix internal internet but not external users or clients trying to access servers.
0
 
gheistCommented:
What you describe is a job for BGP and ASNs... You can have DNS load balancing/failover without huge network overhaul
0
 
msidnamAuthor Commented:
ASN sounds like something I've heard before but I am not sure what it is.

As for BGP, i would guess that we would have a DNS entry for a site (login.mycompany.com) with two public IP's and then let the routers handle where it goes?
0
 
gheistCommented:
It is lower level infrastructure that all your providers know paths to your  AS network.
At no extra expense you an build infrastructure for servers behind DNS "load balancing"
0
 
msidnamAuthor Commented:
I found this as well per your suggestion of BGP and ASN

http://www.techrepublic.com/article/how-to-use-bgp-to-achieve-internet-redundancy/
0
 
gheistCommented:
As you see that is not free...
Say until setting next years budget do your best to not rise it.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now