Andrew Suffield wrote:
> On Thu, Aug 23, 2007 at 10:51:52PM -0400, Roberto C. S?nchez wrote:
>> On Thu, Aug 23, 2007 at 07:36:14PM -0700, Tom Eastep wrote:
>>> On Fri, 2007-08-24 at 12:20 +1000, James Gray wrote:
>>>> "Nearly 100%"...yes.  Try up-selling that to management who wont even 
>>>> give me 15 minutes of downtime on a weekend :P
>>>>
>>> If your management demands that level of up-time then they surely must
>>> provide you with one or more test firewalls where you can verify new
>>> software releases in a semi-live environment.
>> Besides, hardware is cheap.  Have them get you a box on which you can
>> install Xen, then setup some domUs in a configuration that you can test
>> your firewall.  Identify some "critical" tasks or functions and make
>> sure that those work.  If your management has a problem spending money
>> on that, figure out how much an hour or a day of downtime costs them and
>> then have them compare that to the price of a single machine.  Besides,
>> a machine that can run Xen for the testing you need can easily be had
>> for under US$3000. 
> 
> And for yet another option, with a managed (vlan-capable) switch and a
> second box you can easily create a failover firewall (which is
> necessary for that kind of uptime anyway - all hardware dies sooner or
> later), and by switching them around you get more or less no downtime
> while upgrading, along with an easy way to move back to the old
> version if it's wrong.

Yep - agree 100% with everything you just said :)  I've just returned 
from a hellish 32 hour round-trip to a co-lo 400km from our main office 
to attempt the impossible on ancient hardware that died suddenly (and 
not necessarily "expectantly" either).  The technology isn't necessarily 
the problem where I work - it's the culture, and *that* takes a lot more 
effort and time to fix ;)

Cheers,

James

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to