High Availability (HA) Inline Deployments
IT Security
Challenge: How do I add a redundant security solution?
Our team is tasked with architecting an Intrusion Prevention Systems (IPS) for two critical links in our network with High Availability (HA) or redundant designs. We were looking for the best way to effectively deploy and update these tools effectively, without creating a single point of failure for each device.
IT Teams may follow all the standard industry best practices, incorporating inline bypass and failsafe technology, but for some industries it isn’t enough. The financial and banking industries have to ensure sensitive user data isn’t compromised while providing a flawless user experience. So network downtime is not an option.
Network redundancy is a strategy where additional or alternate network devices are installed within network infrastructure, ensuring network availability in the case of a network device or path failure or unavailability.
Enterprise IT teams are often tasked with architecting redundant designs for their critical network links to combat this issue, while looking for the best way to effectively deploy and update these tools effectively, without creating a single point of failure for each device.
Solution
High availability (HA) inline bypass TAP deployments add additional layers of resiliency and reliability. In a high availability scenario, when the primary link goes down, traffic can automatically be triggered to a secondary tool or redundant link.
Garland offers two options for incorporating High Availability (HA) solutions into your network, Active/Standby and Active/Active. Active Standby (Or Active/Passive) deploys to a secondary tool, providing failover from primary device to backup appliance. The Active/Active Crossfire design incorporates a secondary tool and redundant link, providing the ultimate failover if either active device fails.
Instead of relying on a single bypass TAP for each device, Garland has specifically designed HA Bypass TAPs and Inline Security Packet Brokers that not only provide the same reliability and management controls of a standard bypass, but also provide the ability to manage multiple inline and out-of-band tools from the same device with packet broker functionality.