|Single Router/Firewall - Two Internet Circuits|
Congratulations! You are on the leading edge. You're blazing a trail into the future and leaving your competitors in the dust. Your company is saving buckets full of money on information technology by wholeheartedly embracing the cloud. You are even using the cloud for mission critical applications and data.
What if your connection to the Internet goes down?
It's not as if you haven't thought of this before. You may have even justified your plan to use the cloud by telling yourself and management, that if your Internet connection goes down, your road warriors and employees that work from home can still access their applications.
What if you have an office full of employees? You could send them home to work, or to your other office if you have one. But either way, production is going to suffer, opportunities will be missed, sales will be lost, and you are going to get behind schedule.
Fortunately, there are cost effective methods to protect your small business from Internet service outages. Even if your business is only using DSL or cable Internet, there are affordable ways to install a system that provides automatic fail over to a backup Internet circuit.
Building Internet Reliability
Business class Internet service
Building more reliable Internet connectivity, doesn't have to be complex or expensive. The first step is to upgrade to a business class Internet service if you are not already using one. Business class Internet circuits provide higher priority service levels than consumer class Internet services. They are more suitable for the up time requirements of a business. They also include dedicated IP addresses and greater upload speeds, for on-site web or email servers.
Internet circuit redundancy
There are a couple of different methods I have used for small business clients that work very well. Both methods require a second Internet circuit with a different ISP than your current connection.
Using a different ISP for your fail over circuit protects you, if your ISP has infrastructure or routing problems. If both circuits were with the same ISP, the fail over circuit would have the same issues as your primary circuit.
There are also methods to load balance your Internet traffic between the two circuits, but our primary goal here, is to provide automatic fail over to a secondary Internet circuit.
Method 1 - Single Router/Firewall - Two Internet Circuits
|Single Router/Firewall - Two Internet Circuits|
With this method, each ISP Internet circuit is connected to a single Internet router/firewall. In a typical configuration for a small business, one circuit is business class Internet service with your local cable TV/Internet company, and the other is business class Internet service using DSL provided by your local phone company.
If fail over redundancy is your primary concern, the "backup" link doesn't necessarily need to be as fast as your primary link. You may be able to use a slower, less expensive link, until your primary Internet circuit is functioning again.
The cost of deploying this solution includes the one time cost of an Internet router with fail over capability, and the monthly cost of the additional Internet circuit. Both Cisco and Dell SonicWALL offer affordable router/firewalls with fail over capability.
A backup, business class, DSL Internet connection in my area starts at $40/mo for a 3 mbps circuit, and goes to $120/mo for a 40 mbps circuit. My local cable TV/Internet company provides business class Internet starting at $80/mo for a 7 mbps circuit, and goes as high as $466/mo for a 100 mbps Internet circuit.
Method 2 - Two Router/Firewalls - Two Internet Circuits
|Two Router/Firewall - Two Internet Circuits|
With method 2, each ISP Internet circuit is connected to its own Internet router/firewall.
The advantages of using this method are the elimination of another single point of failure, and better overall Internet connectivity performance.
There are more options for configuring fail over with this method. If routers are already in place, you may be able to employ another routing configuration called OSPF (open shortest path first). In other words, if one router fails, computers on your private network will automatically use the other router to get to the Internet. This configuration is more complex, but it may save you the cost of new routers.
Method 3 - Two Locations -Two Router/Firewalls - Two Internet Circuits
|Two Locations -Two Router/Firewalls - Two Internet Circuits|
With method 3, like method 2, each ISP Internet circuit is connected to its own Internet router/firewall, but the router/firewalls are in different locations, and the locations are connected with a private WAN (wide area network) circuit.
There are also more options with this arrangement. As in method 2, you can configure the routers to use OSPF routing. If the WAN circuit fails, you can use a VPN (virtual private network) over the locations' existing Internet circuits, to keep your offices connected.
If you plan to host your own web or email server on-site, you will need a dynamic DNS provider. DNS is what translates a web address (domain name) like www.mydomain.com to an IP address.
Each ISP will assign you IP addresses from their respective networks. Because you will want your customers to reach your web server if one of your Internet circuits goes down, you will need a dynamic DNS service
A dynamic DNS provider will constantly monitor each of your Internet connections from multiple locations. If they detect that one of your circuits is down, they will change the corresponding IP address of your server's domain name to an address assigned by the ISP of the circuit that is still up.
Normally DNS changes can take a while to propagate to computers and other DNS servers, but dynamic DNS services will set the TTL (time to live) of your domain names to one minute. When a computer looks in its cached DNS records, it will see the one minute TTL, and request a new record from the DNS source of authority - your dynamic DNS service.
Two reliable dynamic DNS providers are zoneedit and Dyn. There are others, but many only provide services for home users that need to access their computers remotely.
The combination of router circuit fail over and dynamic DNS, will provide reliable Internet connectivity for your employees, web servers and mail servers. I have used this exact method with an organization that had over 100 users in two locations. Of course, they were using high speed circuits and not DSL or cable Internet, but the concepts are the same. While testing, I have walked into the wiring closets and unplugged the Internet circuit in both of their locations, and no one ever knew!
All of these methods are too complex for DIY (do it yourself). You will need to hire an IT network professional to spec, install and configure your equipment. They will need to work with your ISPs and DNS providers, to ensure the needed services are understood, delivered, and configured properly.
There many advantages of cloud computing:
- Access your systems and data from anywhere
- Savings from less IT infrastructure
- Rapid deployment of new systems and applications
- Ease of collaboration with remote employees and customers
The biggest concern of most businesses is their Internet reliability. The overall costs of deploying Internet fail over is small, compared to the savings and advantages businesses can get from using cloud computing.
If you would like to know more about Internet connection fail over,
South Side Tech can help you see if it's the right solution for your business.
For more information:
- Cisco 890 Series Integrated Services Routers
- TZ 215 Series Network Security UTM Firewall
- zoneedit - Advanced DNS Management (dynamic DNS)
- Dyn - Business Continuity (dynamic DNS)
- Network World - How to Quantify Downtime