System disruption is one of the biggest pains an IT staff can experience. Companies need technology to maintain productivity high, and the moment a system becomes unavailable, the teams’ performance falls, while the number of helpdesk tickets increases.

And in times of frequent cyber threats, perimeter security systems can not fail to operate, otherwise users and sensitive information will be exposed to potential attacks.

 

What is high availability

Straight to the point: high availability (H.A) is the capacity to ensure continuity of services, even in times of failure (i.e. hardware, software, power outage etc.). That is, the system features can not be interrupted.

This is the case with the adoption of network security solutions.

Applied to your firewall implementation, this concept means that if a fault occurs (for example, your hardware suffers loss of functions because of a power outage), there will be a parallel system, with settings matching the original firewall, ready to take over traffic filtering within the perimeter of your company.

How is this possible?

This is possible because of Failover, a technique used by BLOCKBIT UTM(Unified Threat Management).

IT configures independent firewall devices that can work together and communicate during operation. When a fault is identified, whether in the software or in the physical connection, the alternate device can start to operate, assuming all functions of the equipment are inoperative.

There are two possible ways to deploy H.A. to maintain services: Active-Active and Active-Passive.

In the case of firewall implementation, in both formats one device actively works monitoring the network, while the second is in stand by and will only operate if the first device stops working. However, in Active-Active, connections and authentication sessions are replicated between the instances of devices, whereas in Active-Passive all connections need to be re-established by the user.

Failover operation can be configured in both hardware and virtual deployments. There is a possibility of operating in a hybrid way: the primary firewall can be implemented in physical appliance and redundant in virtual appliance, since the hardware characteristics are identical.

In any cases, the failover option is crucial to maintain the security of the environment by protecting users, devices and data.

What is redundancy

The concept of redundancy is tied to high availability implementations. Basically, it refers to the presence of the additional device to be adopted as back-up (in the active-passive case) or balancer (in the active-active case).

Why does my business need high availability?

This is a simple question to answer:

If your business needs to be connected to a public network (internet) to operate, then there are two scenarios that justify the high availability of the firewall:

  • Productivity: Of course your team uses web and cloud applications. The firewall can be adopted to filter content and allow/block access to applications used by your team, ensuring more productivity and adherence to the company’s security policy. However, usually a firewall is deployed between the local network and the Internet; if the device fails, users will not have access to the external network, which will create financial losses due to the unavailability of services and efforts to restore the service.

 

  • Security: The Internet is where all cyber threats flows. Without the protection of a redundant firewall, in case of failure, your environment will be exposed to a number of frequent threats (such as viruses, malware, ransomware, trojans, etc.) that are blocked by firewall protection. In addition, in cases of adoption of integrated services, many resources will be unavailable, such as encryption, protection against advanced threats, intrusion prevention, etc.

 

Want to know more about the high availability implementation of BLOCKBIT UTM? Click here and talk to our experts.