I am to install 2xCSS11503, one at each datacentre. The objective is to give datacentre resilience for Web clients.
However, the Web server (real server)is NOT in its own Vlan and it shares it with approx 30 other hosts. Some of these other hosts feed data into the Web server, but other hosts are nothing at all to do with this application.
Apparently to move the Web server (and associated database server) into their own separate Vlan is going to be a problem (or indeed moving the other hosts off this Vlan) - because of changing IP addresses etc.
The question is, can the Web server and database server remain in the same Vlan as these other hosts when depolying CSSs?
Thanks in anticipation to any responses.
it is better to have the CSS in setup such as that you have an outside(Internet) interface/vlan and an inside/private vlan.
This is because the CSS MUST see both flows of a connection - client -> server and server->client.
With a setup as mentioned, it is always the case since to get out, the servers must go through the CSS.
This is the reason why the servers need to be in their own vlan. But it does not mean they have to be alone in the vlan. It also does not mean they must be in a vlan directly attached to the CSS. It could several next-hops away. As long as the only exit is through the CSS.
This is what I explained in my previous post. If you share the vlan with other devices, and those devices need to use multicase [I'm not talking about the servers], then you will need a separate router to handle this traffic.