Server farm aberrations : is it normal?

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,728
Location
Québec, Québec
In case anyone looks for it, I've realized that I did a mistake in the name of the Supermicro switch. It's the SSE-X3348TR, not the SSE-3348SR like I wrote many times above.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I wish I could convey how much better it has been since the equipment that I've worked on and managed had switched over to a fully virtualized environment. We rarely deploy a non virtualized machine these days. There hasn't been a compelling reason to use a bare metal setup in a long time. All of the products I test and work on are now all virtual appliances. This is what our customers are also buying.

I hope that you can convince your management to eventually go down this path some day. It will make your life easier.

I hope you one day get the chance to experience the IBM V7000. It is magical in its ability to do for storage resources what hypervisors have done for server resources. It is dreamy.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,916
Location
USA
I hope you one day get the chance to experience the IBM V7000. It is magical in its ability to do for storage resources what hypervisors have done for server resources. It is dreamy.

That would be fun to play with but I've never used IBM storage solutions. I haven't yet had much first-hand experience but we have what seems like a very similar product called EMC VPLEX. Essentially a virtualized storage setup making the back-end agnostic to the end user and also offers metro-campus distance active/active IO.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
I've found this document regarding clustered firewalls. It only covers the topic on surface, but it's a good start, I think, to get a general idea about the concept.

Regarding the guidance of our insurance company, with the cluster-fuck we currently have, I don't believe I can do worse.

Regarding firewalls, I don't know enough about your setup to make any firm recommendations, but two products I would suggest looking at are pfsense (a monowall fork) and Vyatta. pfsense or a Cisco ASA is typically what I would recommend for an office NAT deployment. Both support multiple WAN connections and can support hundreds of users (or servers), depending on the hardware specs of the box you use. Most of the time I'd recommend pfsense due to cost and ease of use, but the Cisco ASA does have application layer filtering for SIP and a few other protocols that I haven't seen anything else match. Both also support failover/clustering, but in general I would recommend a single firewall and a cold spare. The backup of either pfsense or an ASA is just a simple text file a couple pages long that can be transferred to new hardware in moments.

Vyatta is Linux with a Cisco/Juniper like CLI front end. Vyatta supports ISP scale routing (thousands to tens of thousands of devices). However, Vyatta's current push is in virtualization. They market installing vyatta in a VM on each VM server, having the virtual machines connect to Vyatta internally and then Vyatta connect to the rest of your network physically - basically moving network intelligence into the VM server similar to the software based Nexus products from Cisco.

Regardless of your firewall choice, if you have multiple WAN connections I strongly encourage using BGP with your own ARIN IP allocation; Anything else is just hocus pocus and will likely not reliably failover for servers or other services you are providing to internet users. Caution: This could be a real learning curve. As always, test your failover strategy on a weekend or after hours to see what might break - expect more to break when you actually do failover.
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,728
Location
Québec, Québec
pfsense would be better and easier to manage than our current OpenBSD 4.6-based firewall with its customized pf.conf file. Thanks for bringing it here.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
The minimum ip block size required to get your own ARIN numbers (/20) may be a strong barrier to keep you from hosting your own data.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
Depending on your ISP, they may also provide you with an LOA to announce ip ranges they've swip'd to you via BGP. This would require a minimum of a /24 assignment.

Pro: no arin red tape or annual reg fee
Cons: ISP may decide to renumber you later on, you are also stuck with that ISP or forced to renumber if you switch ISPs.
 
Top