Now days we have deployed our organizational web proxy as explicit proxy.
We have two datacenters, one for production and one for redundancy. We have one web proxy on each datacenter. All users go to Internet through on proxy at a time (i.e. production web proxy in normal conditions).
Our core switch of the production DC is a Cisco Nexus 7000, and of the redundancy DC is a Cisco Catalyst 4500.
At mid days of november we will upgrade the core switch of the redundancy DC to a Cisco Nexus 9000.
Both datacenters are geographically dispersed.
By Active Directory GPO, we have set the proxy configuration on IE using a DNS name (A register) for the proxy hostname. We also manage the exceptions and other browser settings by GPO.
All the offices (headquarters and branches) are connected to the datacenter through WAN links.
On each office we have a Cisco ISR Router for the WAN link.
Current fail-over and fail-back methods:
When the production web proxy got offline or have to enter into maintenance, we manually change the IP address of the A register of the web proxy on the DNS for the IP address of the redundancy web proxy. And then we force the DNS zone replication between all the domain controllers through the entire network.
What we're planning to do:
We're planning to deploy the organizational web proxy using WCCP, in order to make it a transparent proxy.
Would you provide us with:
- Examples of how to set up an automatic or semi-automatic method for fail-over and fail-back compatible with our Cisco communication infrastructure; and,
- A pros-cons comparison between explicit proxy and and transparent proxy (WCCP).