Andrew Suffield wrote: > On Thu, Aug 23, 2007 at 10:51:52PM -0400, Roberto C. S?nchez wrote: >> On Thu, Aug 23, 2007 at 07:36:14PM -0700, Tom Eastep wrote: >>> On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote: >>>> "Nearly 100%"...yes. Try up-selling that to management who wont even >>>> give me 15 minutes of downtime on a weekend :P >>>> >>> If your management demands that level of up-time then they surely must >>> provide you with one or more test firewalls where you can verify new >>> software releases in a semi-live environment. >> Besides, hardware is cheap. Have them get you a box on which you can >> install Xen, then setup some domUs in a configuration that you can test >> your firewall. Identify some "critical" tasks or functions and make >> sure that those work. If your management has a problem spending money >> on that, figure out how much an hour or a day of downtime costs them and >> then have them compare that to the price of a single machine. Besides, >> a machine that can run Xen for the testing you need can easily be had >> for under US$3000. > > And for yet another option, with a managed (vlan-capable) switch and a > second box you can easily create a failover firewall (which is > necessary for that kind of uptime anyway - all hardware dies sooner or > later), and by switching them around you get more or less no downtime > while upgrading, along with an easy way to move back to the old > version if it's wrong.
Yep - agree 100% with everything you just said :) I've just returned from a hellish 32 hour round-trip to a co-lo 400km from our main office to attempt the impossible on ancient hardware that died suddenly (and not necessarily "expectantly" either). The technology isn't necessarily the problem where I work - it's the culture, and *that* takes a lot more effort and time to fix ;) Cheers, James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
