IT Baseline Protection Manual S 6.53 Redundant arrangement of network components
S 6.53 Redundant arrangement of network components
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, Purchase Department
Central active network components need to remain highly available because a large number of users are generally dependent upon the smooth operation of a local network. To allow operations to be resumed as quickly as possible following the occurrence of a malfunction, a redundancy must be created for each area in accordance with the applicable availability requirements, so that a partial or complete failure of the related network components can be tolerated, whilst keeping the resources required for prevention within acceptable limits.
There are two different ways of achieving redundancy:
The redundant network components can be stored in a warehouse, in order to allow quick replacement in an emergency. If this is not done, long-drawn procurement routines will often be required before errors can be remedied. Alternatively, maintenance or delivery contracts can be concluded with the related manufacturers in order to guarantee a quick replacement of defective components (also refer to S 6.14 Replacement procurement plan). After that, the configuration backup data can be reloaded in order to minimise the downtime for the affected network segments (refer to S 6.52 Regular backup of configuration data of active network components).
Even during planning of the network, it is advisable to allow for a redundancy of network components. For example, all central switches and - depending on the protocols in use - all routers should be mirrored at least once in the network in order to achieve redundant server connections and redundant links between the individual network components (refer to Figure 1). Correct operation is to be guaranteed by means of a suitable, logical network configuration.
Figure 1: Redundant links between network components
If availability requirements also entail a redundancy of links to terminal devices, each terminal device should be equipped with two network adapters (refer to Figure 2).
Figure 2: Redundancy of terminal-device links
In each case, a check is required as to whether this technology is supported by the active network components and operating systems in use.
The power supply units of active network components constitute a frequent source of errors, as these units have to rely on a stable mains voltage. For this reason, many components can be retrofitted with redundant power supply units, or are already equipped with them before delivery. This lowers the failure susceptibility of individual network components without requiring their duplication. However, this measure does not increase the operational reliability of the network components as such.
In each case, a careful analysis is required to determine the actual availability requirements. As part of a detailed planning of the system and network architecture, a suitable redundancy concept must be developed to fulfil these requirements. In this context, also refer to S 6.18 Provision of redundant lines.
Additional controls:
Have network availability requirements been ascertained and documented?
Are all important network components replicated in a warehouse, or have delivery contracts been concluded in this context?
Has the redundancy of components been taken into account during planning of the network?