On Thu, Aug 23, 2007 at 10:51:52PM -0400, Roberto C. S?nchez wrote:
> On Thu, Aug 23, 2007 at 07:36:14PM -0700, Tom Eastep wrote:
> > On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote:
> > > "Nearly 100%"...yes.  Try up-selling that to management who wont even 
> > > give me 15 minutes of downtime on a weekend :P
> > > 
> > 
> > If your management demands that level of up-time then they surely must
> > provide you with one or more test firewalls where you can verify new
> > software releases in a semi-live environment.
> 
> Besides, hardware is cheap.  Have them get you a box on which you can
> install Xen, then setup some domUs in a configuration that you can test
> your firewall.  Identify some "critical" tasks or functions and make
> sure that those work.  If your management has a problem spending money
> on that, figure out how much an hour or a day of downtime costs them and
> then have them compare that to the price of a single machine.  Besides,
> a machine that can run Xen for the testing you need can easily be had
> for under US$3000. 

And for yet another option, with a managed (vlan-capable) switch and a
second box you can easily create a failover firewall (which is
necessary for that kind of uptime anyway - all hardware dies sooner or
later), and by switching them around you get more or less no downtime
while upgrading, along with an easy way to move back to the old
version if it's wrong.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to