LSL engineers have been working to upgrade our Internet Services for the last month. This was brought about by the need to update our infrastructure to fully modern 64bit Linux based servers across all systems, improve security, and update to the newest version of our favorite Linux Distribution.
In doing so we have created and installed a fully redundant High Availability Firewall System designed by our staff engineers. We have greatly expanded our number of supported systems, and we have slimmed down on the number and types of protocols we will support into the future, reducing our attack surface to the many attackers who regularly assault the systems.
We wanted to provide some background on where we were, why it had the design it did, and the new design moving forward.
Design pre-2016 to 2018:
The older design was a throw back to the limited number of available public IP Addresses available to us as a small company. Since we have always hosted all our services on our own equipment, we had to deal with limited resources. From 2012 through 2016 the servers were public facing, in 2016 the first set of HA Firewalls allowed us to bring them into a DMZ, shown below and begin the transition to a new distributed design.
Design 2019 Forward:
The new design with the HA Firewalls allows for an unlimited number of server resources to be used to provide distributed, fully redundant services while using a limited number of public IP addresses. This provides much needed processing improvements, increased flexibility, and much improved security over the last generation design. This new design is also required to fully implement our new MEGA Email System Architecture, which will provide a set of advanced anti-SPAM security improvements for small business email systems. When fully implemented the system will support a fully HA aware Fail2Ban type system ensuring overall security and dynamically reducing the attack surface of the entire system.