Design- Connectivity to hosted facility

TGF_Cisco · ‎12-13-2012

Hi

The organisation has decided to outsource IT infrastructure to a hosted vendor. I am incharge of setting up network connections to the hosted site, whereever it is going to be and then to migrate services over to the hosted facility.

At the moment , we have the following

1. redundant 3750 switches acting as distribution switches that provides connectivity to the campus network

2. redundant 3750 switches acting as core switches for server farm connectivity

3, a pair of ASA 5520 hosting a number of front end servers on dmz, internet , lan , wifi

4. BC site connecting to the core through l2 links as a mere extension to the lan (not passing through firewall)

the question i have are the following in terms of the new design

1. what kind of links should the hosted site be connecting to from our main site ? Should we go for VPLS or similar services as I was thinking of using this links as a pure L2 link . Is it a good idea to leave them as L2 links ?

2. In terms of WAN design , we are planning to use the primary internet connectivity through the hosted facility and use the existing internet connectivity from our main building as a secondary internet link. So we would need to have a routing protocol for detecting the link outage between the hosted facility and the main site.

3. I am trying to understand what requirements we would need to spell out to the hosted vendor for establishing this connectivity. I believe that we need to mention about L2 VLANs to be made available for migrating the services over. This would require a L2 switch to be configured on the hosted vendor's end to establish connectivity back to our servers. Sorry if this is too vague. I can provide you with a diagram if required.

4. Firewall requirements- I beleive that we must copy firewall rules over at the hosted provideer's end since we will go in with managed firewall services from them as well.

The final design is expected to be a fairly simple one and needs to be followign best practises. We dont have much time to plan ..

thanks for helping me out.

Marwan ALshawi · ‎12-13-2012

Is the hosting provider will host your servers and Internet links with the Internet firewalls ?
For servers to be migrated with minimal impact L2 link with the required L2 vlans to extended between sites during the migration is a good approach but you need to consider L3 gateway service from where to be provided during this stage for the migrated servers

Sent from Cisco Technical Support iPhone App

TGF_Cisco · ‎12-17-2012

Hello

thank you. from a security stand point, how to make sure that the connectivity is secure . Does it matter ? since it is a mere extension of LAN (not going through the firewall)

we are planning to run a redundant pair of ethernet links between the two hosted sites and extending the vlans over to the hosted facility and terminating on a l2 switch. Is this a good design. I am attaching a diagram.

The basic file/print and other services like Wireless will remain and all other services are planned to move over.

I was planning to leave the pair of Firewalls here along with the internet links for user browing and then also use the internet links from the hosted provider for other types of web services.

Am I missing something?

Marwan ALshawi · ‎12-19-2012

Yes you can do that
But if you need to send web traffic to local firewall and other type of traffic to other firewalls then you may need to use PBR and here you need to consider CPU utilization

HTH

Sent from Cisco Technical Support iPhone App