Re: Selecting OS for High-availability/mission-critical web p ortal



On Wednesday 13 December 2006 16:37, Syv Ritch wrote:
On Wed, 13 Dec 2006 09:05:50 +0100

"J. Simonetti" <jeroen@xxxxxxxxxxxx> wrote:
On Fri, 2006-12-08 at 20:13 +0100, Gruber Christoph wrote:
Hi all!

If you want to build up a web server with these requirements, you
won`t be satisfied with any distro.
I think you will need to build up your binaries on your own.
A critical server won`t have any paket manager at all.
And other reqs like a statically linked kernel build for your
hardware isn`t found in an distro.

High availability is a network design issue not an OS issue. All OSes
can be and are high availability. It does not matter how reliable are
these servers [Windows, Linux, FreeBSD, Solaris... are all reliable
today], if the network is down!

I'm sorry, but that's just not the case, even though the OP has specified that
this is for a Web portal. True, the network is hugely important. But it's
certainly not the only factor, and the request for help was about selecting
an OS, not network issues.

Availability gets exponentially harder as your requirements move from two
nines to, say, the horrendously difficult five nines. At three nines, you
have over one work shift per year of downtime. By the time you get to five
nines, you have five and half minutes.

Particularly because as you move into the higher numbers, your working
definition of 'available' becomes important, and can include response time
metrics. Which drags code speed into the equation. Delivering extreme numbers
is a black (and expensive) art.

At some point, you may be doing hot spares and automatic failover, and server
network quality will join cloud feed speed and reliability in importance,
though that's certainly not the only approach. But your spend, particularly
at higher availability numbers, is probably going to be directly related to
how often you need to restart systems due to, say, applying security patches.

The OS definitely matters. A lot. For instance, if you need HA at high loads,
and you go the cluster route, look at how many machines the MS cluster server
can handle. It's pretty weak. But that's just an example. The OS *always*
matters.

Having a couple of servers on the west coast and another couple on
the East coast on different carriers [if in North America], with
proper DNS configuration will make this a very high availability.

Definitely something you should do, depending upon required availability, any
response time modifiers to that, and any QoS agreements you may have with
whoever you get your feed from. In general, a very good idea.

Then comes: how are these servers protected? With a proper firewall,
or a they naked on the Internet [naked is my preference, because they
will be configured with the minimum of services.]

A simple packet filter isn't much of a service, except perhaps in the case of
the HP-UX firewall from a couple of years ago that could burn a quarter of
your CPU. But it's best to run without it, if you don't need it.

But this is for a portal. I can't remember what the OP might want for a CMS,
etc., for business reasons, but there are plenty of cases where at least a
basic packet filter is going to be required. It may go further. How good are
the coders? Do they need an 'application firewall' because they don't
understand SQL injection, etc.?

Using squid are a reverse proxy will enhance their security and
therefore availability.

Squid, to my mind, *is* a firewall. At any rate, the first software system
credited as a firewall was a proxy, and I'm not much into revisionist
history. To me, that division is driven mostly by oversimplification and
marketing. Although those terms may be synonymous...

What will you be running on these boxes? Apache, IIS, PHP, Perl,
Java, .Net. Any dayabase? ... This is far more important in
availability that which OS.

What's running is indeed extremely important. It's also one of the reasons
that I frapping *hate* the commercial db vendors for their EULAs which forbid
benchmark publication without their approval. I do not agree that apps
outweigh the OS in importance. They *can*, but this is not a place for
blanket statements. There are way too many factors to consider. Particularly
at higher availability numbers. It's a shame the OP didn't provide any
requirements.

There are many more things to look at. That why you need a good
consultant ie: $$$...

And you, of course, work for a network consulting company. With a Web site
whose side-bar navigation system mentions exactly two vendors--Microsoft and
and Cisco.

Imagine my surprise.

--
Greg Metcalfe



Relevant Pages

  • Re: Fully parallel Scheme-based language w/ evaluator
    ... Windows Server 2003 and networks in simple - and irreverent - terms. ... If networking really is a big deal, ... Concepts and Terminology in Part I, and The Design and Deployment of Network ...
    (comp.lang.misc)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)