I am in the process of implementing EMV (chip readers) in my RAMP environment. Here is my challenge. I currently have my firewall configured with multiple ISPs so that when my primary ISP fails everything switches over to my secondary ISP. While this breaks the connection to Tessitura it enables things to keep going just by relogging in. There so many things (finance system, email, server backups) being dependent on internet access I feel this has been a necessary solution. Along comes EMV and it requires that each workstation in the box office with an EMV reader to have it's own public IP address. This is fine as long as the primary ISP is working but losing ALL internet access for box office workstations is not good if the primary ISP goes down. I have thought about routing some 3 of the 6 box office PC's to the secondary ISP but that means it would be possible to have half of the PC's go down at a time. This doesn't sound good either.
I did find a companies that offer an SD-WAN solution that aggregate the ISP's and provide redundancy. The company would offer me 7 ip addresses 6 for my box office and another for ip for my firewall to NAT all the other workstations. The main company I am looking at now is called Big Leaf.
I hope someone can offer another solution.
Thanks,
Jason Song
Scottsdale Arts
IT Manager
T: 480-425-5340 C: 480-529-4653
JasonS@ScottsdaleArts.org
Scottsdale Arts, 7380 East Second Street, Scottsdale, Arizona 85251
This message, including files attached to it, may contain confidential information that is intended only for use of the ADDRESSEE(S) named above. If you are not an intended recipient, you are hereby notified that any dissemination or copying of the information contained in this message, or the taking of any action in reliance upon the information, is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete the message from your system. Thank you.
You are indeed in a difficult position. SD-WAN is one option to have fall over IP's if DNS can be used for EMV. Another option would be to look into BGP routing. This allows multiple pipes to carry the same ip subnetted group. It is the best practice in the implementation of HA pipes. You can work on getting your public AN AS from internet and own your ip's or work with a single carrier to use a private AS/AN number. if you use a private you are exposed to outage at the carrier's central office. This can be a very complex process. Feel free to reach out anytime if you wish to discuss. I'd be happy to assist in providing clarity.