Virtual DMZ with Multi-WAN

Research on how to create a virtual DMZ with Mutli-WAN (Multiple Internet Connections) for Inbound and Outband traffic.

The theory is that a user will hit a url called https://access.* which will have multiply A records pointing Public IP Address that are provided by different Internet Service Providers with NAT to the Datacenter Router, that are forwarded to virtual VIF. Setup a Subdomain with a HTML forwarder to a Dynamic DNS or Public IP address.

1. Subdomain HTML

2. [sourcecode language=”html”]
   <!DOCTYPE HTML>
   <html lang="en-US">
   <head>
   <meta charset="UTF-8">
   <meta http-equiv="refresh" content="1;url=DOMAIN.com">
   <script type="text/javascript">
   window.location.href = "http://DOMAIN.com"
   </script>
   <title>Page Redirection</title>
   </head>
   <body>
   <!– Note: don’t tell people to `click` the link, just tell them that it is a link. –>
   If you are not redirected automatically, follow the <a href=’unitycloud.com’>link to example</a>
   </body>
   </html>
   [/sourcecode]

3. Domain name Round Robin with public IP address for each Internet connection
4. ZoneEdit Failover – http://www.zoneedit.com/failover.html
5. Cisco 1841
6. Vyatta or pfSense configure Multi-WAN
   • Vyatta – http://www.vyatta.com/download/docdl?whence=
   • PfSense Multi-WAN – http://securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf
   • PfSense UTM – http://www.smallnetbuilder.com/security/security-howto/31451-build-your-own-utm-with-pfsense-part-2?start=3
   • http://blogs.citrix.com/2011/08/10/configuring-vyatta-router-for-use-with-my-lab-environment/
     • egress
     • ingress
     • Dynamic DNS
7. Active/Active NetScaler GSLB with Proximity and Site Roaming – http://support.citrix.com/servlet/KbServlet/download/28997-102-681498/XD%20-%20High%20Availability%20-%20Implementation%20Guide%20v2-2.pdf
   • NetScaler XenDesktop Site Roaming redirects a user’s virtual desktop request to an appropriate site.
   • Preferred Site – http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-override-static-proxim-by-using-preferred-locations-con.html
   • http://www.robinhobo.com/configure-citrix-netscaler-10-5-including-gateway-citrix-storefront-2-5-2/
   • http://blog.myvirtualvision.com/2014/07/14/creating-load-balanced-citrix-storefront-2-5-server-group-citrix-netscaler-10-5/
8. AAGEE vServer for Multi-Tenancy customer1.*** customer2.**
   • – http://pimpmyvdisk.com/?p=411
   • http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/how-citrix-netscaler-supports-virtualized-mult-tenant-datacenters.pdf
   • Error: 401- Unauthorized: Access is denied due to invalid credentials – http://support.citrix.com/article/CTX126883
   • How to Enable Connection Proxy Persistence when Using Web Interface on a NetScaler Appliance with the GSLB Feature – http://support.citrix.com/article/CTX130248
   • Citrix NetScaler Global Server Load Balancing Primer: Theory and Implementation –  http://support.citrix.com/article/CTX123976
9. IP, VM NICs and Switch Configuration Requirements
10. Data Replication – Synchronous
11. VM Replication – Asynchronous
12. Data Backup (email/file)
13. Data Archiving Cloud

 

Reference Active/Active Design

• http://blogs.citrix.com/2014/03/29/xendesktop-gslb-dr-everything-you-think-you-know-is-probably-wrong/