I am in the process of implementing EMV (chip readers) in my RAMP environment. Here is my challenge. I currently have my firewall configured with multiple ISPs so that when my primary ISP fails everything switches over to my secondary ISP. While this breaks the connection to Tessitura it enables things to keep going just by relogging in. There so many things (finance system, email, server backups) being dependent on internet access I feel this has been a necessary solution. Along comes EMV and it requires that each workstation in the box office with an EMV reader to have it's own public IP address. This is fine as long as the primary ISP is working but losing ALL internet access for box office workstations is not good if the primary ISP goes down. I have thought about routing some 3 of the 6 box office PC's to the secondary ISP but that means it would be possible to have half of the PC's go down at a time. This doesn't sound good either.
I did find a companies that offer an SD-WAN solution that aggregate the ISP's and provide redundancy. The company would offer me 7 ip addresses 6 for my box office and another for ip for my firewall to NAT all the other workstations. The main company I am looking at now is called Big Leaf.
I hope someone can offer another solution.
Thanks,
Jason Song
Scottsdale Arts
IT Manager
T: 480-425-5340 C: 480-529-4653
JasonS@ScottsdaleArts.org
Scottsdale Arts, 7380 East Second Street, Scottsdale, Arizona 85251
This message, including files attached to it, may contain confidential information that is intended only for use of the ADDRESSEE(S) named above. If you are not an intended recipient, you are hereby notified that any dissemination or copying of the information contained in this message, or the taking of any action in reliance upon the information, is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete the message from your system. Thank you.
You are indeed in a difficult position. SD-WAN is one option to have fall over IP's if DNS can be used for EMV. Another option would be to look into BGP routing. This allows multiple pipes to carry the same ip subnetted group. It is the best practice in the implementation of HA pipes. You can work on getting your public AN AS from internet and own your ip's or work with a single carrier to use a private AS/AN number. if you use a private you are exposed to outage at the carrier's central office. This can be a very complex process. Feel free to reach out anytime if you wish to discuss. I'd be happy to assist in providing clarity.
Hi Jason and Ross,
I am working through these same issues compounded by the fact that we have a mobile box office that uses wifi. I would love to have a conversation around what you all are doing to support connectivity because we are having some major issues lately.
HQ
Hi Heidi, we have multiple mobile box offices and also run NSCAN at temporary venues by using Fortigate devices between the NSCAN and the WIFI.
A network engineer configued the FortiAP to route traffic back through our office Fortigate firewall which has a static IP. As long as I have a FortiAP connected to the WIFI I can run NSCAN or laptop with EFTPOS through the non static WIFI modems. The NSCAN or laptop connects to the WIFI on the FortiAP device. There are different sizes of FortiAP, We use the cheap 14c where the WIFI signal does not need to be strong and the more expensive 223c where we need strong WIFI. I use the same setup for TRBO. Cheers
Jason-
Have you figured this out yet?
I would presume that the server should be smart enough to retry multiple A records on a DNS entry, as this has been standard for a long time.
We are about to implement a similar scenario and I'd love any tips before signing a contract with a secondary ISP.