Disaster Recovery White Paper



Similar documents
Technical White Paper

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

How To Configure SSL VPN in Cyberoam

Chapter 3 LAN Configuration

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Endpoint Security VPN for Mac

A Link Load Balancing Solution for Multi-Homed Networks

msuite5 & mdesign Installation Prerequisites

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

ExamPDF. Higher Quality,Better service!

CNS Implementing NetScaler 11.0 For App and Desktop Solutions

Chapter 6 Virtual Private Networking Using SSL Connections

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Best Practices: Pass-Through w/bypass (Bridge Mode)

LAN TCP/IP and DHCP Setup

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Cisco AnyConnect Secure Mobility Solution Guide

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

This course is intended for IT professionals who are responsible for the Exchange Server messaging environment in an enterprise.

Barracuda Link Balancer

WAN Traffic Management with PowerLink Pro100

Network Virtualization Network Admission Control Deployment Guide

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Connecting an Android to a FortiGate with SSL VPN

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Enterprise Broadband Customer Service Description

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Configuring Advanced Windows Server 2012 Services

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

To Configure Network Connect, We need to follow the steps below:

RemoteApp Publishing on AWS

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

Step-by-Step Configuration

WestermoConnect User Guide. VPNeFree Service

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

VMware vsphere Data Protection

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Configuring Advanced Windows Server 2012 Services MOC 20412

Kerio VPN Client. User Guide. Kerio Technologies

VMware vcloud Air Networking Guide

SonicOS Enhanced Release Notes

icrosoft TMG Replacement with NetScaler

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills, CA USA White Paper

Barracuda Link Balancer Administrator s Guide

How To Create A Virtual Private Cloud On Amazon.Com

Deploy Remote Desktop Gateway on the AWS Cloud

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Network Configuration Settings

Building Reliable, Scalable AR System Solutions. High-Availability. White Paper

Microsoft Active Directory Services with Windows Server

Course Outline: Course Configuring Advanced Windows Server 2012 Services

Cloud Computing Disaster Recovery (DR)

Configuring Failover

Application Note. SIP Domain Management

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Course Outline. Course 20412B: Configuring Advanced Windows Server 2012 Services. Duration: 5 Days

Advanced IPSec with GET VPN. Nadhem J. AlFardan Consulting System Engineer Cisco Systems

2X HTML5 Gateway v10.6

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers

NetSpective Global Proxy Configuration Guide

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

Cisco Easy VPN on Cisco IOS Software-Based Routers

Director of the IT Department Director of Strategic ICT Development Executive Committee Member of the UAE Higher Education CIO Council

IP Address and Pre-configuration Information

Using a VPN with CentraLine AX Systems

Fireware Essentials Exam Study Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

MS Configuring Advanced Windows Server 2012 Services

Configuring Advanced Windows Server 2012 Services Course 20412

Configuring Advanced Windows Server 2012 Services

Using a VPN with Niagara Systems. v0.3 6, July 2013

Lesson Plans Managing a Windows 2003 Network Infrastructure

Scenario: IPsec Remote-Access VPN Configuration

IBM Security Access Manager, Version 8.0 Distributed Session Cache Architectural Overview and Migration Guide

A Guide to New Features in Propalms OneGate 4.0

Active Directory Services with Windows Server 10969B; 5 days, Instructor-led

Planning and Maintaining a Microsoft Windows Server Network Infrastructure

Cisco Active Network Abstraction Gateway High Availability Solution

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Case Study for Layer 3 Authentication and Encryption

Configuration Guide BES12. Version 12.2

Mobile Session Persistence

Backup Exec Private Cloud Services. Planning and Deployment Guide

Savvius Insight Initial Configuration

Load Balancing Trend Micro InterScan Web Gateway

Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure

Training Name Installing and Configuring Windows Server 2012

VPN Only Connection Information and Sign up

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

IP Address, Domain and Hostname for IM and Presence Service on Cisco Unified Communications Manager, Release 9.1(1)

Transcription:

Introduction Remote access plays a critical role in successfully executing a business recovery plan both in terms of providing access for existing remote users and accommodating the potential increase in demand for displaced staff. The Recovery Time Objective (RTO) for key business processes can be adversely impacted by delays in providing access to recovered applications as user devices may need to be reconfigured and name server updates are propagated across the Internet. AccessMyLan addresses the key business recovery demands of rapid failover, enduser transparency and scalability without the cost and complexity associated with deploying duplicate equipment or enabling network resilience. Asavie Technologies Ltd. 24 Herbert Lane Dublin 2 Ireland w: www.accesssmylan.com e: sales@accessmylan.com t: +353 1 6763585 (Int) +1 866 576 9266 (USA) +44 158 263 5013 (UK)

Service Architecture AccessMyLan is a hosted remote access service that enables access to corporate networks from remote PCs (VPN Client), mobile phones (ActiveSync), Mobile APN and from any web browser. Remote clients connect and authenticate with the service cloud before access is granted to the corporate network. The corporate network connectivity to the service cloud is established and maintained by VPN Agents installed on the corporate network. VPN Agents (hosted on any Windows platform) establish outbound SSL connections to the AccessMyLan service cloud which are mutually authenticated using digital certificates. This architecture removes any remote access dependency on the Internet DNS name and IP address of a site by routing remote user traffic via the SSL tunnels established by the VPN Agents. Routing and DNS Routing Architecture Upon startup, VPN Agents register with the AccessMyLan service cloud and notify the service of the subnets that are reachable by the VPN Agent. The VPN Agent automatically provides VPN routes to each subnet configured on the host machine. Additional 'static' routes can be configured to provide routes to other subnets which are available via gateways on the LAN. In a multi-site scenario, each deployed VPN Agent provides routes to the site subnets as shown in Figure 1 - Multi site routing below. 2

Site #1 Agent #1 Agent #2 Site #2 172.16.2.0/24 Figure 1 - Multi site routing to different address ranges In Figure 1 - Multi site routing, VPN Agent #1 provides a route to the subnet while VPN Agent #2 provides a route to 172.16.2.0/24. Remote clients have concurrent connectivity to both networks. Where sites share the same subnet IP address ranges, traffic is routed by default to the first VPN Agent that registers with the service. In the event of the first VPN Agent losing connectivity, traffic is automatically and transparently routed to the second VPN Agent. Site #1 Agent #1 Agent #2 Site #2 Figure 2 - Multi site routing to same address range The default routing can be configured to assign VPN Agent specific route 'costs' creating a primary/secondary configuration. VPN Agent routing can be further 3

controlled via VPN Agent access control lists (ACL) which allow traffic to be routed based on the application protocol. This dynamic routing is transparent to remote clients as all traffic is routed to the service cloud which then forwards traffic via the least cost route. DNS Integration VPN Agents serve as DNS proxies, forwarding remote client name resolution requests to either the DNS server configured on the host or to DNS server defined by the VPN Administrator. AccessMyLan updates the client DNS settings on login to a virtual DNS server in the service cloud which forwards requests to the VPN Agent for resolution. In a disaster recovery scenario, DNS resolution is transparent to the remote device as requests are forwarded to the virtual DNS server address in the cloud which will select the recovery site VPN Agent for DNS resolution. Integrating a Disaster Recovery site A recovery site is integrated with the remote access VPN by installing a VPN Agent at the recovery site. Upon installation, the recovery site VPN Agent will register with the service cloud and provide routing and DNS for the recovery site. The following examples show how remote access continuity is provided by AccessMyLan in a number of recovery scenarios. Recovery to an Exact Mirror In this scenario, the recovery site is an exact replica of the primary site with the same subnet IP addressing and host names configured on both sites. From an AccessMyLan VPN point of view, the service has two routes (provided by the VPN Agents) to the subnet and will route to the VPN Agent with the lowest cost. By default the lowest cost VPN Agent is the first Agent connected which may result in VPN traffic being routed to the recovery site if the recovery site VPN Agent is started before the primary site. To ensure that VPN traffic is only routed to the recovery site in the event of a disaster, the route costs for the secondary VPN Agent should be configured or alternatively the recovery VPN Agent can be stopped and started manually as part of the recovery process. The recovery VPN Agent will proxy DNS requests to the recovery site DNS server which replicates the namespace of the primary site. 4

In a recovery scenario, remote access clients will not require a VPN disconnect & reconnect as routing and DNS settings will not have changed. No reconfiguration of client applications is required although individual applications may require a restart to re-establish application context with the recovery site. Recovery to a Different Topology Many disaster recovery sites are provided by 3 rd parties where the subnets used to host recovery are not the same as the primary site. In this scenario, a VPN Agent installed at the recovery site will advertise routes to the recovery site subnet and provide DNS services from the recovery site DNS server. In a disaster recovery scenario, remote client DNS requests are forwarded to the recovery VPN Agent for resolution by the recovery DNS server. The requests are resolved to IP addresses of the application hosts on the recovery site providing total namespace transparency for remote clients. DNS caching on remote clients may cause application connect failures until the cached entries expire and are then resolved by the recovery DNS server. It is important that all remote application configurations use a server s DNS name rather than IP Address to ensure transparent failover to the recovery site. Coping with increased demand In a disaster situation, the primary physical workplace may not be available with staff being accommodated in alternative locations or working from home. With traditional VPN solutions, capacity has to be put in place to cope with the peak demand projected. With AccessMyLan, there is no limit to the number of subscribers that can be added so that there is no requirement to purchase idle capacity or prepurchase licences. Registered subscribers can use any access method to connect to the recovery site including VPN Client, Web Portal and Mobile Phone providing the widest possible device coverage. The Web Portal provides clientless access enabling rapid rollout to the user community. The VPN Client provides a self-install process which simplifies the rollout of full network access to remote users. Where an Internet connection at the recovery site reaches saturation, AccessMyLan provides the capability to split traffic based on protocol and/or destination host across multiple Internet circuits (which may be from different providers). This is achieved by deploying multiple VPN Agents at the recovery site on hosts configured with different Internet routes and implementing VPN Agent access control lists (ACLs) to split traffic across the VPN Agents as appropriate. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information