HOTSPOT
-
A security architect is tasked with designing a highly resilient, business-critical application. The application SLA is 99.999%.
INSTRUCTIONS
-
Select the network, power, and server components for the appropriate locations to achieve application resiliency.
A component should be selected for each location, and components may be selected more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Internet Firewall Firewall Layer 3 Device Active Router Layer 3 Device Active Router Load Balancer Web Server A Web Server B Power Supply A Power Supply A Power Supply B Power Supply B Generator UPS A UPS B
Hello, Could you please clarify this further or write it better on how to add it to the diagram? Thank you.
Does anyone have a link to a Diagram of the correct answer?
i think this is a better view:Internet ISP - ISP - 2 leased lines Active Firewall – Active Firewall - to filter traffic Active-active Router - main router Active-passive router -backup router Load Balancer - to balance traffic Web Server A Web Server B Power Supply A Power Supply B - different power supply for redundancy Power Supply A Power Supply B - same Generator UPS A UPS B - different usp for redundancy
Internet | v Load Balancers | v Cloud Service Provider |-----------------------| v v Active-Active Firewalls Layer 4 Firewall | v Datacenter |-----------------------| v v UPS A / Power Supply B Generator | v Active-Active Routers | v Server Supply A / B | v Proxy | v SOVIET Ring | v Layer 3 Device
graph TD Internet --> LB[Load Balancers] LB --> FW[Active-Active Firewalls] FW --> R[Active-Active Routers] R --> WS[Web Servers A & B] P1[UPS A] -.-> WS P2[UPS B] -.-> WS classDef power fill:#f9f,stroke:#333 class P1,P2 power style LB fill:#aef style FW fill:#faa style R fill:#afa style WS fill:#fea
Any chance you can show picture? The graph didn't display in this post. Trying to get a visual for reference. Thanks
Any chance you can show picture? The graph didn't display in this post. Trying to get a visual for reference. Thanks
I think I solved it, Using the OSI Model to position everything. Going to start from Internet going following down the lines. (Both lines will be the same answer since it going to follow to one line into the data center. From Internet >> Load Balancers >> Active-Active Firewall >> IPS >> Active Active Routers >> Layer 3 devices (Level 3 Switch) >> NIC (going to 2 different web servers A & B) || The 2 Web A&B servers going to have an SAN component & a Cloud Service Provider. Example how its going to look in the boxes [SAN] [Cloud Service Provider] [SAN] [Cloud Service Provider]. Next its going to connect to an UPS A for web server A and UPS B for web server B. And the last box connecting to the 2 UPS is an Generator.
So, Arrow going Right - Internet >> Load Balancer >> Active Active Firewall >> IPS Arrows going Left - Internet >> Load Balancer >> Active Active Firewall >> IPS From IPS >> Active Active Router >> Layer 3 Devices >> NIC (Web Server A&B) Web Server A >> SAN & CSP >> UPS A >> Generator Web Server B >> SAN & CSP >> UPS B >> Generator
The only thing I am unsure of is the IPS. Both for all the other slots I'm sure of. Having 2 different Web Server with their own SAN and CSP will increase redundancy. since if one fails the other web server can still operate
Alright Final answer So, Arrow going Right - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router Arrows going Left - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router From Active Active Router >> IPS >> Layer 3 Devices >> NIC (Web Server A&B) Web Server A >> SAN & SAN >> UPS A >> Generator Web Server B >> CSP & CSP >> UPS B >> Generator
Alright Final answer So, Arrow going Right - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router Arrows going Left - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router From Active Active Router >> IPS >> Layer 3 Devices >> NIC (Web Server A&B) Web Server A >> SAN & SAN >> UPS A >> Generator Web Server B >> CSP & CSP >> UPS B >> Generator
The only thing I am unsure of is the IPS. Both for all the other slots I'm sure of. Having 2 different Web Server with their own SAN and CSP will increase redundancy. since if one fails the other web server can still operate
Alright Final answer So, Arrow going Right - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router Arrows going Left - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router From Active Active Router >> IPS >> Layer 3 Devices >> NIC (Web Server A&B) Web Server A >> SAN & SAN >> UPS A >> Generator Web Server B >> CSP & CSP >> UPS B >> Generator
Discard everything I said this might be wrong. Might be Internet >> Firewall >> Load Balancer >> Router >> IPS >> Layer 3 Switch Now I am debating if web server A should have 2 SAN and the other web server have 2 CSP
Alright Final answer So, Arrow going Right - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router Arrows going Left - Internet >> Active Active Firewall >> Load Balancer >> Active Active Router From Active Active Router >> IPS >> Layer 3 Devices >> NIC (Web Server A&B) Web Server A >> SAN & SAN >> UPS A >> Generator Web Server B >> CSP & CSP >> UPS B >> Generator
1.active/active router 2. active/standby router x3 3. Load Balancer 4.Web Server A Web Server B 5.UPS A/UPS B Generator. Firewall has nothing to do with making network not fail.
No firewalls?
Internet > ISP & ISP > Active-Active Firewall & Active-Active Firewall > Active-Active Routers > Layer 3 Device > Load Balancers > Power Supply A & Power Supply B / Power Supply A & B > UPS A & UPS B > Generator
Okay, i've been doing this for a while and thought I'd help out the community b/c (in my opinion) if you take the selected answer, you'll get this wrong. You have to balance out real world experience with what is actually covered in the Security+ material. Since this is focusing on Web servers, forget anything about SAN. Also, this is not cloud so forget CSP. I could be wrong but Security+ doesn't cover SONET at all so ignore that as well. It's easier if you work your way up from the bottom so let's do that and you'll see the logic. Here is the flow: Utility ↓ Generator ↓ UPS A → Power Supply A (Web Server 1) → Power Supply A (Web Server 2) UPS B → Power Supply B (Web Server 1) → Power Supply B (Web Server 2) Web Server NICs ↓ Layer 3 Device ↓ Load Balancers ↓ Active-Active Firewalls ↓ Active-Active Routers (two paths) ↓ ISPs (two paths) ↓ Internet
Since this is web tier up, forget about internal network ... you need the routers above the firewalls since you have dual ISP's (for BGP)