1

Our current co-location facility provides a managed network environment (e.g. firewall, etc.) for our servers. We are considering a new co-location facility that offers us more rack space and higher bandwidth, but it doesn't come with all the managed services.

It seems like they will be letting us drink straight from the firehose, so-to-speak.

We have quite a bit of experience configuring network resources for our end-user facilities, but not much experience on the data center side of things since it has been managed in the past.

I guess I'm looking for a good list of things I should be concerned about with this change in configuration.

If we put a basic firewall product (say a SonicWall, for example) in place, what else are we missing? Are we making ourself more susceptible to DoS attacks? Is that something a managed facility would be able to thwart for us?

Thanks

Izzy
  • 8,214
  • 2
  • 30
  • 35
Joe Holloway
  • 1,829
  • 3
  • 19
  • 17

3 Answers3

2

For a start, you almost certainly want redundant firewalls/routers. There is nothing worse than taking down your entire network because one of your routers/firewalls has developed a hardware fault/crashed/needs to be rebooted. Which means you need something that can do CARP/VRRP/HSRP or the like. Unfortunately, that tends to cut out a lot of the basic products.

Cian
  • 5,777
  • 1
  • 27
  • 40
1

When doing it your self, you'll need to handle the security, load balancing and routing your self. This includes any load balancing between redundant network drops from the CoLo.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
0

Cian is correct - I would suggest peeking @ a project called PFSense. You can run 2 (or more) pfsense systems (even in vmware or another virtual project if your heart desires) to give you the fail over balance needed.

I would also suggest peeking at the new CloudFlare project as well. Blocking the DOS traffic before it hits your own firehose is huge - and they have offerings that are free

Bottom line is - always have a good relationship with your vendor. Your vendor should be able to react very quickly if you request a null route - MAKE SURE THIS IS THE CASE

being able to null route different traffic when needed is a huge ability that will save you tons and tons of heartache when it is needed.

Glenn Kelley
  • 1,294
  • 6
  • 10