How to Achieve Top Performance, Security, and Maximum Availability for Your Network.
Secure and highly available access to company data is essential for the success of any business. Accordingly, outsourcing this data into the cloud places high demands on networks and connections. Yanick Ulrich, Senior Network and Security Engineer, explains how network solutions designed to meet these requirements look like.
#Network as a Service #Security Strategy Architecture #Vulnerability Management
A state-of-the-art network setup offers the highest possible performance, availability, and security. The setup process begins by connecting a site using not one but several lines, for example an MPLS line and an Internet line, which should be routed into the premises via different building access points. This will significantly reduce the risk of downtime. Such interruptions could, for example, be triggered by construction work and consequent cable damage. MPLS (Multiprotocol Label Switching) enables a cross-location virtual private network that is operated by an ISP (Internet Service Provider) but is separated from the public Internet, making it a secure data transport route protected against DoS attacks. An MPLS line ensures lower latency times than conventional Internet lines and is usually used as a dedicated connection to the data center. Thus, the end user experience remains a high-quality one despite the outsourcing of application servers and data to the cloud.
Failover without negative implication
An implementation as described above involves the installation of a firewall cluster at the customer's site. It consists of two identical hardware components for redundancy and serves as a central routing point for local subnets. In terms of security, this allows zoning of local networks according to customer requirements and enables the isolation of unsafe network devices. A site-to-site VPN tunnel to the customer's dedicated firewall in the data center is established via a secondary Internet line; this provides redundancy for the connection of the site to the customer resources in the cloud. Failover from the MPLS line primarily used to access the data center to the site-to-site tunnel is accomplished in less than a second and with virtually no user interruption thanks to dynamic routing. Incidentally, this dynamic routing does not have to incur any additional costs - neither in terms of firewall licensing nor with the Internet provider.
Using the right ISP enables minimum latency
If the identical ISP is used for Internet access at both the company site and the data center, latency can be kept at a very low level even via the site-to-site tunnel. As a result, in the event of a failover, older applications or applications that are susceptible to latency can continue to be used without noticeable loss of performance. In addition, the Internet breakout at the data center can be used as a failover via MPLS if local Internet access fails. The automatic switchover will take place within seconds.
UMB networking specialists offer a wealth of practical experience and the highest level of competence when it comes to state-of-the-art networks. We would be pleased to work out a solution that meets your individual requirements.
Please contact me for further details or if you have additional questions about networking and security.
