thanks much...except for the bunker...these are very good ideas too.
-----Original Message-----
From: Robert MacDonald <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]; <[EMAIL PROTECTED]>
Date: Friday, June 09, 2000 1:42 PM
Subject: Re: [FW1] DR and High Availability
Rick,
I love building stuff, where $$ is not a factor. I'll assume
your policy is all written up and approved, so you may
reference it :)
The best plans, are the ones that fit/exceed your needs
today and tomorrow - this is the ultimate goal.
Note: You'll find quickly, that somebody will poke a hole in
any design you come up with. You'll also find yourself
defending plans by throwing technology at it...
...resist this temptation. Keep it simple silly.
It appears that you don't want any single points of failure or
at least a greatly reduced points of failure. If we can't
eliminate points of failure(we can't), then you'll most likely
want to minimize downtime in those area's.
What are we protecting? This is a key question. Is this a
single site? Multiple site? How much data are we talking
about? HTTP, SSL & FTP based traffic? How much
SSL? Yada, yada, yada.
You can crank out some cool technology(so much for
KISS) with multiple ISP over diverse routes(no circuit follows
the same physical path, so we avoid the cable seeking
backhoes.) Multiple routers utilizing BGP. Multiple switches/hubs
to connect to the routers and the highly available multi-node
firewalls. Highly available load balancers nationally placed for
optimal customer speed and satisfaction. Build the whole
site(s) in layers for security blah blah, blah.
Of course all of the above is housed in a military grade bunker
with enough power & fuel to for a year.
There, I probably wasted billions of electrons stating the obvious.
Let us know about some of the questions above or let me know if
I've taken this down too far and you don't want it that granular.
Robert
(p.s. My wife chuckles everytime someone asks me for the time
and I go build a clock.)
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Rick Francis" <[EMAIL PROTECTED]> 6/9/00 1:54:17 AM >>>
>
>with needle and thread...with the need for immediate failover and
continuous
>support from firewalls and specifically from circuits (t1's to t3's to
>sonet), with costs set aside...will comments and high level architects
>discuss 'best' plans for building a completed fault tolerant, redundant,
>firewall/dmz platform. that only includes the circuits and infrastructure
>equipment necessary to 'in most cases' connect to web servers,
>authentication modules, mail servers, and backend db.
>
>some thoughts are co-lo's; multiple data centers..................thank
you.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
