Brent Moore, Director of Customer Support
In our last quarterly newsletter, I discussed the concept of building redundancy into your IT budgets and I want to explore deeper into this topic. The premise for this article is to focus on planning for failure while minimizing operational impact. This article will discuss several recommendations for potential areas of redundancy and makes the case as to why this is pertinent to your future growth plans in IT.
- Building Redundancy into your Communications
First, let’s discuss building redundancy into your communications as this is an important aspect for your IT infrastructure. This leads to my first recommendation for redundancy – dual Internet connections. It is not uncommon to have an Internet outage but the next logical thing to consider is how this affects your institution. Currently, the buzzword is “cloud services” and we are seeing a shift from decentralized infrastructure toward a more centralized approach. This transition places a larger emphasis on bandwidth and more importantly Internet uptime. Some of the most common cloud services are hosted email and online data vaulting. Both of these services rely heavily on your Internet connection and if an Internet outage takes place, this will disrupt both services. Furthermore, regardless of whether your email is hosted or if you have an internal email server, email communication with clients is not possible without the Internet. What other aspects of your financial institution operations are affected by an Internet outage? I suggest you visit each functional area and consider how an Internet outage affects its day-to- day operations. As the needs regarding the Internet and banking operations grow daily, this will be inarguably a main area of focus for the future.
Now, how can you address this? Most current generation firewalls are capable of Internet failover and load balancing. For instance, let’s take a look at the Sonicwall NSA 2400 series firewall as this is a commonly seen firewall across our financial institution client base. This firewall has enough available ports that it can have an alternate WAN port configured. This enables a feature known as failover and failback technology. This means that if an Internet connection fails, the firewall will failover to another active Internet connection. This technology ensures continuous uptime during an outage and once an Internet connection has been reestablished, the firewall will automatically failback. Furthermore, duplicate WAN ports allow for load balancing. This technology allows a financial institution to share Internet traffic between Internet connections. This is often a popular method for maximizing the utilization of Internet resources while optimizing the end user experience. For example, some institutions choose to split email traffic, data vaulting, and normal web surfing between Internet connections. I do recommend that you consider your current bandwidth needs and future growth plans. I also suggest planning adequately when duplicating your Internet connection so that in the event of an outage, you can operate efficiently on the secondary Internet connection. In a perfect scenario, it would be best to have adequate bandwidth to operate fully on each Internet connection without consideration (or need) for the other.
In addition to Internet redundancy, it is important to consider duplicate firewall hardware. This would provide an active and passive firewall so in the event of hardware failure, the passive firewall would assume all responsibility for forwarding traffic. Additionally, with a firewall hardware failure, it is likely that your ability to safely traverse the Internet would be affected for several days, given you would have to expedite firewall hardware purchase and then reconfigure your newly purchased firewall.
- Building Redundancy into your Infrastructure and Data
Second, let’s discuss building redundancy into your infrastructure and data. To begin exploring this topic, I want to delve into virtualization and the benefits of converting physical hardware to virtual. This could be an article in itself, but I will only brush the surface of one inherent benefit of virtualization. Traditionally, most physical servers have very little room for recovery and/or ability for redundancy. For instance, if a physical server gets the BSOD (Blue Screen Of Death), your financial institution is down for the entire troubleshooting process. And if it is determined that we cannot resolve an issue the only other option would be to restore to additional hardware. With virtualization, the technology supports the ability to keep a redundant copy of the server in its entirety so that in the event a virtual server fails (BSOD etc.), a copy of that server could be spun up quickly, dramatically reducing your downtime. Meanwhile, we can continue to troubleshoot the other server while you remain operational. It is common to see server failure but one of the best benefits of virtualization is that it has the potential to literally reduce your downtime from hours (or even days) to minutes.
Next, I would like to discuss file level backups and focus on the importance of a local storage device. With data vaulting solutions, such as Safe Systems’ C-Vault or other solutions, the bottleneck in the restore process is your Internet bandwidth. That is, if you have a server failure or any need to restore files backed up to the vault, the time it takes to restore will be directly correlated to your Internet connection. So what is the purpose of a local storage device and why does this help? Local storage provides a duplicate copy of your protected data as your data is stored on the local storage device locally and also on the vault. This gives you the ability to restore from the local storage device and dramatically shorten recovery times because this is done over your LAN versus restoring over the Internet. In my experience with our clients, the local storage device should be a necessary and critical component for any data vaulting solution. In summary, it does this by providing redundancy in your protected data so that it is securely stored both locally and also offsite in the vault.
Over the last few paragraphs, I discussed building redundancy into your communications and your data. I encourage you to stay tuned as I will be doing a presentation at the Safe Systems National User’s Conference on this topic and I will elaborate further on the concept and give additional recommendations for building redundancy into your IT plans.