> Date: Mon, 29 Apr 1996 09:58:03 -0500
> From: Dave Stagner <david_stagner @
sys1 .
ic .
ncs .
com>
> Organization: National Computer Systems
> Content-Transfer-Encoding: 7bit
> Sender: firewalls-owner @
GreatCircle .
COM
>
> All this discussion of firewall performance is very interesting, but I
> think people are forgetting that there is more to performance than mere
> throughput. In particular, we should talk about robustness.
[ much text elided ]
> ... the PC running
> Linux? It took 15 minutes to get its filesystems back into a runnable
> state.
>
> The reason for this isn't software, it's hardware. The power supplies
> are designed to protect not only the hardware, but also the filesystems.
> When a power failure happens, the power supply notifies the operating
> system kernel, which immediately initiates a clean shutdown. The power
> supply has enough onboard capacitance to run the machine for the several
> seconds needed to at least sync the drives.
>
> PC hardware doesn't have this sort of support. Remember, it was
> designed with the DOS FAT filesystem in mind, which isn't sensitive to
> system states the way UNIX filesystems are. So whenever power is lost,
> the system loses state and the filesystems get horked.
That's what they make UPS for. I would not even consider running ANY criitical
resource on a network without one. I have seen at least three instances at
client locations where I have worked where systems and servers connected to
building power circuits were blown off the line by periodic building
maintenance operations (the worst being the quearterly carpet cleaners, those
big carper cleaners suck power like a beast). The cleaning contractor's worker
simply came into the office area after hours and plugged the carpet cleaner
into the nearest outlet, which just happened to be on the same circuit as one
of our servers. We lost power off that breaker panel and lost the systems on
all the workstations on the same circuit (this was older building and horribly
overloaded on electrical power), but the server shut itself down when the UPS
ran dry. The second time it happened, I was working late that night and
managed to get both the cleaning contractor and the client's power engineering
staff involved to prevent the problem from recurring. This involved getting
the contractor to instruct his people on which electrical circuits were safe to
use for his purposes and getting the power engineers to rework the circuits to
eliminate all wall outlets except for our computer outlets from the power
circuits that we ran our servers from.
Problems such as these are as much organizational and procedural as technical.
You have to recognize where the problem domain lies and then procede to address
the problem in that domain.
Technical arguements about which machines or types of systems are better able
to withstand power loss are less relevant than the procedures and practices
that you use to ensure that power loss is survivable problem. In the case at
hand, you put all critical machines on UPS with power-fail shutdown software
and ensure that the machines are set to reboot on return of commercial power.
Unless all your systems are connected to telco equipment with UPS or central
office power (and are essentially unstopable), then this is about as good as
you can get unless you want to invest in standby power generators and the
maintenance and operations staff to react quickly enough to long term power
outages.
Most outages I have seen are in the order of seconds to a few minutes or so,
anything longer and you usually have other problems to deal with. In that
case, often the computer is the least of your problems. (Where I grew up in
West Texas, the problem was whether or not the tornado had merely blown down
the power lines or had it gotten serious and taken the roof off.)
Just my $0.02 worth.
Just because it is a computer security problem, doesn't mean you have to solve
the problem with a computer.
Don
--
Don Ritchey <Don_Ritchey @
cabs .
ameritech .
com>
CDR Computer Services Inc. (Contracted to Ameritech Inc.)
Voice-Mail # (630) 643-1173) (Chicago, IL 60606)
"I wanted to call my company 'Rent-a-Guru, but then I recalled the Greek
sin of 'Hubris'. So, I just call it 'Rent-a-Geek' instead." - Me.
References:
|
|
