Educause Security Discussion mailing list archives
Contingency Managment/Fault Tolerant Network Access Control Architectures
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 30 Mar 2005 11:05:39 -0500
On our campus, the communications infrastructure is centralized. That has allowed us to use what is basically a star distribution system emanating from two core routers. To help meet contingency and availability goals, we are adding additional machine rooms. To go along with that, it has been proposed to dedicate routers to those machines rooms, connect them in a mesh, and use Cisco's HSRP to provide automated fail over capabilities. Without going into too much detail on the list, our present network access controls depend a lot on large Cisco ACLs on several VLANS feeding the machine rooms. VLANs are defined for particular types of hosts with common security and access needs. In the past, we've trunked the same vlans to different machine rooms allowing us to use one ACL set for each vlan regardless of geographic location. With the proposed HSRP configuration, this will no longer be possible meaning multiple large ACL sets will need to be duplicated at each machine room router and expanded to provide the meshed access. This is looking very ugly and I'd like to look at alternatives. Complexity and the resulting mean-time-to-repair and mean-time-between-failures may hurt uptime more than potential failures. Any opinions on alternatives? ;) Some thoughts that come to mind: 1) Using discrete firewall appliances. Con - Expensive. Multiport boxes would be needed at each machine room and unless duplicated would ruin the fault tolerance we are trying to attain. 2) Collapse the different system definitions so that central systems would all be on the same network reducing the number of firewalls/ACL sets needed at each location. Con - various systems of varying sensitivity and trust would be on the same network. 3) Other network topologies that provide fault tolerant communications but still allow vlan trunking and presence in multiple geographic locations. 4) Cisco firewall blade in multiple HSRP routers in a fault-tolerant configuration. Con - expensive and complicated If you'd be willing to talk about how you are providing network access controls to your machine rooms, particularly if you have multiple machine rooms in a contingency management configuration, and how the scheme is working out for you that would be great. I know this is sensitive so off-line or telephone conversations are perfectly understandable as well as any reluctance to discuss this at all. But if you're willing to discuss it, I'd very much appreciate it. Thank you for any ideas. 540-568-2364 -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Contingency Managment/Fault Tolerant Network Access Control Architectures Gary Flynn (Mar 30)
- <Possible follow-ups>
- Re: Contingency Managment/Fault Tolerant Network Access Control Architectures Jamie A. Stapleton (Mar 30)