It’s perhaps overkill for many scenarios, but if you’re truly trying for no-single-point-of-failure, buy UPSes from two different vendors, ideally using two different technologies. I’ve seen matched pairs of UPSes knocked out by the same power event, and more commonly I’ve seen matched sets of batteries fail without warning. To clarify, there are power events that will kill an APC SmartUPS whereas their BackUPS won’t even notice a problem; on the other hand, the SmartUPS will protect a power supply against some failure modes that a BackUPS cannot. And a full-online-conversion UPS, while ideal, costs an arm and a leg. All three will tolerate different amounts of input power phase mismatch (“Power Factor”).
It’s nearly impossible to design truly “uninterruptible” power; anyone who’s installed a mainframe can attest to this! You need capacitors on the circuit board to smooth ripples (micro-events), ultracapacitors or batteries to prop up the input power during sub-second (or even multi-second) outages, a traditional UPS to provide interim power, a generator to cover long outages, and a ground-zero-grade blast shelter to put it all in so it stays running in case of global thermonuclear war… and even then, we still don’t have a technology to work around the power outages anticipated when the heat death of the universe occurs. Yes, I’m being silly, but my point is that there’s no point in trying to design a “perfect” system. “Better than normal” is almost always what you’re really reaching for. Having CARP failover is level 1, dual power supplies is level 2, dual UPSes is level 3, how far do you plan to take this? What if your ISP goes down – are you also going to multi-home? Are the devices behind this firewall also multiply-redundant? I don’t mean to suggest there’s no point in increasing reliability, but even two UPSes is going far beyond the needs of most applications. “Carrier-grade” doesn’t even mean having redundant UPSes… at least, none of the telcos I work with in my region have redundant UPSes powering their phone switches! Anyway, like I said – if you’re going to run >1 UPS, use *different* UPSes to avoid hitting the identical problem at the identical time on all of them, which has actually happened to me. -Adam From: Hans Maes [mailto:h...@bitnet.be] Sent: Saturday, October 09, 2010 10:02 To: support@pfsense.com Subject: Re: [pfSense Support] Dual WAN + Firewall Redundancy + UPS Redundancy (?) at entrance On 10/08/2010 07:15 PM, Gerald A wrote: On Fri, Oct 8, 2010 at 4:55 PM, Andy Graybeal <andy.grayb...@casanueva.com> wrote: I'll have 2 firewalls, and 2 UPS's one for each firewall. Each firewall will have: 1. a hot swap raid array (only two HD's set to RAID 1, mirroring). 2. two hot swap power supplies. Is one UPS per firewall agreeable? I don't know how to do it otherwise. I can't imagine purchasing 4 UPS's, one for each power supply. Seems a little overkill. I welcome any input. Plug one hotswap supply from each firewall into both of the UPS boxes you have. That way, even if you have to service a UPS, you won't lose a firewall. I wouldn't dedicate a UPS to each firewall, because any UPS issue makes your bring down a box no matter what. True, but depending on your configuration, another way to hook this up is to bypass the UPS for one of the power supplies on each firewall: FW1 - Power supply 1 -> UPS1 FW1 - Power supply 2 -> straight to power grid FW2 - Power supply 1 -> UPS2 FW2 - Power supply 2 -> straight to power grid This way, you would still be up and running if both UPS systems fail for some reason. I've seen it happen! eg short circuit in a system connected to both UPS triggering both UPS to shutdown. (Try explaining complete power failure to your boss when all lights are still on in the entire building ;-) ) Agreed, during power grid failure, FW1 would go down if UPS1 fails, and FW2 would go down if UPS2 fails, but you got CARP to fix that. Just my 2 cents. Regards, Hans
