N+1 redundancy is a term that ensures system availability in the event of component failure. In this example, we are referring to a Datacenter environment where the components (N) have at least one independent backup component (+1). N+1 redundancy recognizes that only a small part of any infrastructure system has any chance of failing at once. 2N redundancy completely duplicates the operating infrastructure. If you need 2 generators for backup, you buy 4 generators. If you need 4 cooling units, you buy 8. N+1 redundancy recognizes that only a small part of any infrastructure system has any chance of failing at once. Odds are vanishingly small that you’re going to have 4 cooling units all fail at the same time. For N+1, you consider what are the odds of having more than 1 unit fail, the odds of having another unit fail before you can get the first failure repaired, and the potential impact.

If there is a small chance of 2 generators failing at the same time then go with N+1 while if there is a high probability of 2 generators failing at once then go with 2N. If not needed a 2N, while nice to have in place, would be a waste of time and money which is passed along to customers, goes against a green facility (if operating), or could be used elswhere in your operating budget. If you’re set up is design so absolutely no interruption is critical, such as power, you might run N+2 with 1 spare hot and the other 1 cold. To learn more about our experience with datacenter redundancy and N+1 and 2N cofiguration please visit http://www.20pullmancourt.com or email us at info@20pullmancourt.com.

Every day, servers are attacked. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. How can you protect your organization against such an attack. Under a large scale attack, your firewall is not going to be able to handle the amount of traffic forced at it. You need a Transit vendor with a large network presence in multiple cities. This means that incoming DDOS attacks arrive through different upstreams and peering connections. In each city, customers are placed behind a firewall and are able to set up their own policies and rules for their incoming traffic. This setup is similar to what many other ISPs do. During regular traffic levels or a low-scale DDOS, there is no real difference between a distributed setup and a normal isp-level shared firewall. But when a sustained DDOS larger than a pre-determined amount occurs, your vendor's network operation center (NOC) is notified. Once they have determined that the attack is sustained, you have the option of going into distributed mode. Once you are in distributed mode, the vendor takes the attacked subnet of IPs and redirects it to the firewall closes to the ingress point of the attack. This distributes the attack so that it is now spread out over the capacity of the entire network instead of targeted towards a single city location.

After the DDOS traffic hits a firewall, it is inspected and dropped if necessary. The legitimate 'scrubbed' traffic is then GRE tunneled back to the city where your servers reside, where it carries on to your network. Your online presence can function normally through most high-level DDOS attacks that would have otherwise crippled your network. The following information is what I need to set-up protection asap when the attack is occuring. Basically, all traffic good and malicious is routed to our routers, where we filter and determine if the traffic is legitimate. All malacious traffic is dropped during one of our many filtering layers, the rest is sent to you from one of our proxy servers. In essence, your web server only communicates with our servers and is hidden from the general internet.

• Step 1. Obtain a clean IP from your network provider/ISP, preferably one on  different network segment. This new IP Address will be known as your "origin server IP". Configure the fresh/new IP onto your server.
• Step 2. Let us know via email what your new origin IP is so we can setup the configuration on our side.
• Step 3. If you require SSL on this server, email us the cert and private key in .PEM format. This should be in plain text and may be copied and pasted and included in the "step-2" email.
• Step 4. If you have a firewall or other ACL's in your network please ensure that you allow those IP blocks access to your servers and I will need to forward you our IP Blocks so they will have access.
• Step 5. We will send you and IP Address. Make a DNS change to point your domain(s) to the IP Address we sent you. Ensure your TTL  is set to 5 minutes or less.
• Step 6. Remove the old IP Address from the server.

At this stage your traffic will start finding it's way to us where we will apply the required filters and send your server the legitimate traffic. One of our engineers will be in communication with you throughtout this process, to ensure everything is functioning as expected.

That's it. All things considered, the whole process should take about an hour. For more information visit http://www.20pullmancourt.com or email us at info@20pullmancourt.com.