Announcement

Collapse
No announcement yet.

active/passive broadband connections to maintain various IT services

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • active/passive broadband connections to maintain various IT services

    plan to buy a firewall support active and passive internet connections, when active internet connection down, will failover to passive internet connection automatically, when active internet connection back on, will rollback to active internet connection automatically. Found a sonicwall should able to do this already.

    public ip, default gateway and dns are different for active and passive internet connections, so when failover or rollback, they will change as well

    IT services to maintain when active internet connection down are
    - office internet access
    - email service provided by exchange 2007
    - internal/external web-based erp service provided by apache tomcat

    office internet access
    - achieve by add passive internet connection DNS to Windows DNS forwarder

    email service provided by exchange 2007
    - smtp achieve by additional MX record with passive internet connection's public IP and larger Preference Number (lower priority)
    - http://en.wikipedia.org/wiki/MX_reco...C_and_priority

    internal/external web-based erp service provided by apache tomcat
    - By additional A record with passive internet connection's public IP for apache tomcat
    - http://en.wikipedia.org/wiki/Round_robin_DNS

    Any comments?

    Any idea what need to do to maintain Outlook Anywhere and Outlook Web Access? Just additional A record as well?

    Thx a lot!

  • #2
    Re: active/passive broadband connections to maintain various IT services

    If you try and round-robin your external DNS issues, it's going to cause intermittent failures.

    This is because it will randomly pick an IP each time it connects, and if you have an active/passive link, then it won't connect successfully over the passive link.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: active/passive broadband connections to maintain various IT services

      round-robin not suitable then, any other solution? thx!

      Comment


      • #4
        Re: active/passive broadband connections to maintain various IT services

        two separate DNS entries..

        Host.company.com and hostDR.company.com

        can't think of another, easy, way to do it

        Or, just edit the CName as soon as your connections siwtch. make srue your dns zone has a TTL as low as possible.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: active/passive broadband connections to maintain various IT services

          Round robin does not give high availability. DNS is unable to provide high availability in any shape or form because it has no concept of whether the host is available or not.

          While multiple MX records will give you some degree of high availability, the "cost" may as well be ignored. I only implement multiple MX records with equal cost. If you have a host with higher cost then it will specifically targeted by spammers.

          If you want to provide high availability then you need an load balancing appliance. This is probably a device that would sit in a data centre. Your DNS entries would point to the appliance, then the appliance would send the traffic to the hosts that are available. If a host becomes unavailable, then it doesn't get the traffic.

          Another option is to put an Exchange server and Domain controller in a data centre, then use site to site VPN to connect the two. Lose the Internet in the main office, the VPN fails over to the second connection. The end users do not know anything has changed.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: active/passive broadband connections to maintain various IT services

            thx! we plans to have backup on internet connection only, not physical server, so the two ways you mention may not apply to our case, but thx a lot!

            Comment


            • #7
              Re: active/passive broadband connections to maintain various IT services

              I don't think you understood my answer.

              A hardware load balancer has nothing to do with the servers. It is an appliance, rather than a software load balancer such as WNLB. All traffic goes to the appliance, which then sends it to the server based on availability and/or the rules that have been configured for that traffic.

              The fact that you have one server on two connections doesn't matter. As far as the Internet and a load balancer is concerned, that is two servers because they have two different IP addresses.

              DNS has no concept of service availability, so you have to use something that does. That means a load balancer.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: active/passive broadband connections to maintain various IT services

                You definitely need either load balancing or a failover site, rather than a failover WAN connection.

                I would also question the wisdom of both connections being broadband. IME it is pretty common for failures of broadband to be at the exchange, so even if you have 2 providers there's a good chance both will fail at the same time. I'd look at a leased line or cable connection or something like that as one of the options. This may of course not be relevant in your country, but here in the UK if BT has an issue then everyone has an issue because of the shared infrastructure.
                BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                sigpic
                Cruachan's Blog

                Comment


                • #9
                  Re: active/passive broadband connections to maintain various IT services

                  Originally posted by cruachan View Post
                  This may of course not be relevant in your country, but here in the UK if BT has an issue then everyone has an issue because of the shared infrastructure.
                  That is why I have a virgin media line as well as ADSL. The ironic thing is that my consumer Virgin Media line is faster and more reliable than my "business class" ADSL connection!

                  Ensuring there is no single point of failure is key though, because problems in the last mile are unusual, whereas problems further back in the national network are more common.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: active/passive broadband connections to maintain various IT services

                    understand what tehcamel said but not simon

                    All traffic goes to the appliance, which then sends it to the server based on availability and/or the rules that have been configured for that traffic.
                    there are 2 broadband for traffic goes to the appliance rather than there are more than one server (we have one exchange server and one erp server only, we don't plan to have 2 exchange servers or 2 erp servers for fault tolerance) the traffic the applicance may send to

                    cruachan, agree about failover site better but much more cost, both broadband not my idea, agree one broadband and one cable is better

                    Comment


                    • #11
                      Re: active/passive broadband connections to maintain various IT services

                      basically, what simon is suggesting is follows:

                      Setup a server in a data centre. This could be a VPS, or a co-hosted server or whatever.

                      The server would then function as a load balancer, so instead of your OWA server pointing to one of your internet connections, it points to the load balancer, all the time.
                      Then, the load balancer is configured to know and understand about the two internet connections at your office.
                      So, if one fails, the load balancer sends data to the other.
                      It's transparent, and automatic..

                      the load balancer could be a linux-type server, or it could probably even be an ISA firewall (a little more config is required there though)

                      you've still got a spof, however it's much less likely to fail in that environment
                      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                      Comment


                      • #12
                        Re: active/passive broadband connections to maintain various IT services

                        all undestand, but when one broadband fails, the load balancer doesn't help outsider to "reach http://owa.mycompany.com", some outsider can reach (those used working broadband ip resolved by dns), some outsider can't reach (those used failed broadband ip resolved by dns), right?

                        Comment


                        • #13
                          Re: active/passive broadband connections to maintain various IT services

                          if you have a load balancingh device, in a data centre, and owa.mycompany.com is pointed at that load device in the data centre, then a failure of your adsl connection won't matter, because the load balancer knows to route it to the other connection instead..
                          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                          Comment


                          • #14
                            Re: active/passive broadband connections to maintain various IT services

                            data center (location physical separated from main office)
                            - data center's internet connection with certain SLA
                            - our load balancer

                            in our main office
                            - two broadband
                            - one exchange server
                            - one apach server

                            - dns of exchange and apache always point to load balancer
                            - load balancer direct traffic between internet and exchange/apache
                            - when either broadband down, load balancer manage to direct traffic between internet and exchange/apache via the up broadband only

                            right?

                            Comment


                            • #15
                              Re: active/passive broadband connections to maintain various IT services

                              yes, that's rights

                              i will try and do a map for you later
                              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                              Comment

                              Working...
                              X