Re: Boot ISA from a SAN
- From: "Steve Thamasett" <steve.thamasett@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 7 Jan 2004 13:44:17 -0600
Bret,
Primarily I have seen Boot from SAN in situations where the client has a hot
spare server (sometimes at a different site) and the partitions are
replicated to another device (via SRDF or MirrorView depending on the gear)
so in case of a site failure the spare server can be brought up and assume
the identity of the downed box. Aside from those types of situations, I
typically recommend against Boot from SAN as long as you have the other
partitions on the CLARiiON. It's not that it won't work, but it can
introduce additional complexity, _especially_ with multihomed hosts like
firewalls. If you host your configs on the SAN and have a server image
somewhere, then it's probably a wash for recovery time since your
replacement server may not have all of the *exact* same hardware as the
failed box and Boot from SAN will get upset if the h/w is different.
From a SAN security standpoint, it's mainly about your zoning and knowing
what device can possibly access what disk.
Just my 2 cents,
Steve T.
-----Original Message-----
From: Bret Hanson [mailto:Bhanson@xxxxxxxxxx]
Sent: Wednesday, January 07, 2004 1:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN
http://www.ISAserver.org
The SAN uses a fiber channel HBA. It is set up and working perfectly - I
can restore from a snap shot taken yesterday. The OS and all ISA related
services run fine from snap shot restores. Also on the same SAN (different
LUNS) are our SQL servers and databases, web/intranet, all user data, and
other application servers. I guess I should have stated this in the first
place.
Because I am relatively new to major SAN devices, I am curious if I am
missing something by way of security with this hardware configuration.
Thank you,
bret
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 07, 2004 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN
http://www.ISAserver.org
Booting over any remote device, be it SCSI- or network-based is not a good
design for your firewall.
Booting from any SAN is (IMHO) not worth the setup and troubleshooting
hassles it causes...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Bret Hanson" <Bhanson@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 07, 2004 09:53
Subject: [isalist] Re: Boot ISA from a SAN
http://www.ISAserver.org
Its about recoverability at a point in time - the cost of a drive is not an
issue.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 07, 2004 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN
http://www.ISAserver.org
What's the point?
If you can afford one of those devices, you can certainly afford a local
drive for the ISA server.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Bret Hanson" <Bhanson@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 07, 2004 08:56
Subject: [isalist] Boot ISA from a SAN
http://www.ISAserver.org
Please forgive my ignorance, but would it be bad practice to boot an ISA
server that acts as our gateway, firewall, and web proxy from a SAN device.
More specifically an EMC Clariion.
Thanks,
bret
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bhanson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bhanson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.thamasett@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
