Our company is moving forward with a pilot project on implementing an SSL-based VPN that could turn into a production situation if all goes well. We are trying to decide what unit capacity to purchase, and we’re also looking at having redundancy as transparent as possible to the user in the final system. Suggestions? – Via the InternetOur company is moving forward with a pilot project on implementing an SSL-based VPN that could turn into a production situation if all goes well. We are trying to decide what unit capacity to purchase, and we’re also looking at having redundancy as transparent as possible to the user in the final system. Suggestions?– Via the InternetAfter looking at the different vendors’ products in this area, see which will loan you a unit for testing. Depending on the size of your final implementation and what type of success story your company could be used as, you should be able to find at least one vendor that would be willing to work with you in this way. If not, look at the unit that will give you the most capacity for the least cost, and one in which the money wouldn’t be considered wasted in the event you didn’t proceed with the project. You can get the redundancy you’re looking for in one of two ways; both require that some type of central authentication system, such as LDAP, RADIUS or TACACS, be supported. The first option involves the clustering concept. This allows for the SSL VPN hardware to handle load-balancing for you so if a unit fails or has to be taken out of service, all your users aren’t affected at the same time. This feature may come at a price that may make it more expensive than it’s worth depending on how important this is to you.The other option is something you can do yourself. Setting up a round-robin DNS to give out different IP addresses for the same host name request allows you to accomplish load balancing similar to clustering. With round-robin DNS, this may be a little harder to accomplish. You would need to have very short TTL values set for the records so if a unit failed you would be able to remove the A record containing the IP address of the downed unit, and get users up and running as quickly as possible. This would still not cover situations in which some ISP’s DNS systems wouldn’t get refreshed DNS info as quickly as they should. Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe