On Wed, 24 Jan 1996, Ian Gresley-Jones wrote:
> In message <2 .
2 .
32 .
19960123170425 .
006ccd34 @
netcom .
com>, Dale Lancaster
> <dlancaster @
raptor .
com> writes
> >At 12:29 AM 1/23/96 +0100, Stefano Taino wrote:
> >>We are asked to warrant a >99,5% uptime for a firewall system in a financial
> >>organization. We're trying to figure out what's the best way to manage such
> >>a problem (a fault-tolerant hardware solution? A multiple firewall solution?
> >>other tricky configurations?).
> >>Has anybody out there already experienced and solved such a problem?
> >>
> >99.5% (presumably over one year) is not really all that high. Also, is it
> >99.5%, 7x24? Either way, worst case is somewhere around 40 hours per year.
> >That's a lot of downtime. I believe most workstation vendors would certify
> >a hardware uptime of 99.5%, so one platform should be sufficient.
> < snip >
>
>
> Both HP and IBM offer a high availability configuration (used to be
> the switchover system on HP but think has been renamed, HA-CMP on
> IBMs) of hardware, now surely it must be possible to run standard
IBM's HACMP requires some time to switch over. Also, depending on the
machine configuration, and changes to the volume groups, it can be
quite a while. Our tests took us out to 15-20 minutes as I recall
(though our configuration was "strange" to say the least).
If the SP2 had shared memory, it would be a better solution, but it
doesn't :(. I'd seriously look at a dual host setup, with heavily protected
BGP-4 routing outside both boxes. Separate physical networks, Network
Service providers, and possibly physical sites. I'm working on that
scenerio right now, it's not fun, but you get twice as many toys :)
Paul.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
Follow-Ups:
References:
|
|
